GDPR information

Information on Data Processing

The following information provides a concise, understandable, and transparent summary of the details included in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights related to this processing, in the form required to fulfill the information obligation under the GDPR. Detailed information about the processing methods and the entities involved in this process is available in the Privacy Policy.

Who is the Data Controller?

The Data Controller (hereinafter referred to as the “Controller”) is “ZP20 Piotr Markowski”, conducting business at Al. KEN 36 / 112B, WARSAW, with the assigned Tax Identification Number (NIP): 9482256434, providing services electronically via the Website.

How can you contact the Data Controller?

You can contact the Controller using one of the following methods:

Postal Address: ZP20 Piotr Markowski, Al. KEN 36 / 112B, WARSAW
Email Address: office@zp20.pl
Phone Call: +48 733 644 002
Contact Form: Available at: /contact

Has the Controller appointed a Data Protection Officer (DPO)?

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data from, and what are their sources?

Personal data are obtained from the following sources:

Directly from the individuals to whom the data pertain
When registering via social media platforms, with the explicit consent of the individuals, from those social media platforms
In case of service purchases via Premium SMS, from the micro-payment operator specified in the Terms of Service

What types of personal data do we process?

The Website processes standard personal data, voluntarily provided by individuals to whom they relate (e.g., name, username, email address, phone number, IP address, etc.).

The detailed scope of the processed data is available in the Privacy Policy.

What are the purposes of processing personal data?

Personal data voluntarily provided by Users are processed for one of the following purposes:

Provision of electronic services:

User account registration and maintenance within the Website and related functionalities
Newsletter services (including the delivery of advertising content with consent)
Commenting/liking posts in the Website without the need for registration
Automated dream interpretation service using AI

Communication between the Controller and Users regarding the Website and data protection

Securing the Controller’s legitimate interests

What are the legal bases for data processing?

The Website collects and processes User data based on:

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR):
- Article 6(1)(a):
  The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Article 6(1)(b):
  Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
- Article 6(1)(f):
  Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
The Act of May 10, 2018, on Personal Data Protection (Journal of Laws 2018, item 1000, Polish Law)
The Act of July 16, 2004, Telecommunications Law (Journal of Laws 2004, No. 171, item 1800, Polish Law)
The Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83, Polish Law)

What legitimate interests does the Controller pursue?

For the establishment, exercise, or defense of legal claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) in protecting our rights, including but not limited to:
Assessing the risk of potential clients
Evaluating planned marketing campaigns
Conducting direct marketing activities

How Long Do We Process Personal Data?

As a general rule, the specified personal data is stored only for the duration of the service provided by the Controller within the Website. The data is deleted or anonymized within 30 days of the termination of the service (e.g., account deletion, unsubscribing from the Newsletter, etc.).

In exceptional cases, in order to protect the legitimate interests of the Controller, this period may be extended. In such a situation, the Controller will retain the data, following a User’s request for deletion, for no longer than 3 years in cases where a violation or suspected violation of the Website’s Terms of Service by the data subject occurs.

Financial data is stored for a maximum period of 6 years (not less than 5 previous fiscal years).

Who Are the Recipients of the Data, Including Personal Data?

As a general rule, the only recipient of the data is the Controller.

However, data processing may be entrusted to other entities providing services to the Controller for the purpose of maintaining the Website’s operation.

Such entities may include, among others:

Hosting providers offering hosting or related services for the Controller
Companies providing Newsletter services
Companies offering payment processing services, such as Premium SMS providers
Accounting service providers
Companies providing AI-based functionalities

Will Your Personal Data Be Transferred Outside the European Union?

Personal data will not be transferred outside the European Union, unless they are published as a result of the User’s individual action (e.g., submitting a comment or post), making them publicly available to anyone visiting the Website.

Will Personal Data Be Used for Automated Decision-Making?

Personal data will not be used for automated decision-making (profiling).

What Are Your Rights Regarding the Processing of Personal Data?

Right of Access to Personal Data

Users have the right to access their personal data, which can be done via:

The user panel, available after logging in
Tools allowing account access recovery in case of a forgotten password

Right to Rectification of Personal Data

Users have the right to request that the Controller rectify incorrect personal data and/or complete incomplete personal data.
This right can be exercised through:

The user panel, available after logging in
Tools allowing account access recovery in case of a forgotten password

Right to Erasure of Personal Data (“Right to Be Forgotten”)

Users have the right to request the immediate deletion of their personal data.
This can be done via:

The user panel, available after logging in
Tools allowing account access recovery in case of a forgotten password

For user accounts, data deletion consists of anonymizing the data that could identify the User.

For the Newsletter service, Users can unsubscribe and delete their data by clicking the unsubscribe link included in every email.

Right to Restriction of Processing of Personal Data

Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR (e.g., disputing the accuracy of personal data).
This right can be exercised via:

The user panel, available after logging in
Tools allowing account access recovery in case of a forgotten password

Right to Data Portability

Users have the right to receive their personal data from the Controller in a structured, commonly used, and machine-readable format.
This can be done via:

The user panel, available after logging in
Tools allowing account access recovery in case of a forgotten password

Right to Object to the Processing of Personal Data

Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR.
This can be done by submitting a request to the Controller.

Right to Lodge a Complaint

Users have the right to lodge a complaint with the data protection supervisory authority.