PRIVACY POLICY OF THE DESCRIBEA SERVICE

effective from April 18, 2025

Dear User and Customer,

We make every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you visit our website and when you contact us by phone, email, subscribe to our newsletter, or visit our social media channels. We operate in accordance with the law, including the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as “GDPR”).

In this document, we want to present you with the most important information about the processing of your personal data. For simplicity, we have compiled them in the form of questions and answers. All this so that you know for what purpose, on what basis, and for how long we process your data, as well as who may have access to them and what rights you are entitled to.

HOW DO WE OBTAIN YOUR PERSONAL DATA?

When using the DescribeA service (hereinafter: the “Service”), you may be asked to provide your personal data. Providing data is voluntary, but in certain situations, it may be necessary. For example, without providing an email address, you will not receive our newsletter, we will not register your account, nor will we reply to you via email to a question asked through the contact form.

Some data is collected automatically through cookies during your visit to the Service (e.g., IP address, browser type, operating system type, etc.). They are used for website administration, hosting service provision, and creating appropriate marketing content. However, you can freely block and limit the installation of cookies through your browser settings or with the help of other (free) solutions.

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is Mateusz Janowski MJanowskiDev based in KUJAWSKO-POMORSKIE voivodeship, Grudziądz county, Grudziądz commune, Grudziądz city, 23 Stycznia Avenue, no. 54B, apt. 19, 86-300 NIP:8762455602, REGON:524622902

If you have any questions or concerns, you can contact us electronically at the following email address: contact@mjanowski.dev

FOR WHAT PURPOSE, ON WHAT LEGAL BASIS, AND FOR HOW LONG DO WE PROCESS YOUR DATA?

We process your personal data for the purpose of:

1. concluding and performing a service agreement (registering and maintaining a user account, placing orders for free and paid services, contract execution):

   • the legal basis is the necessity of processing for the performance of a contract or taking actions at the request of the data subject before entering into a contract (Art. 6(1)(b) GDPR),
   • data will be processed until the end of service provision (deletion of the user account, termination of the service agreement);

2. fulfilling tax obligations (issuing invoices, storing accounting documentation):

   • the legal basis is our legal obligation (Art. 6(1)(c) GDPR),
   • data will be processed until the expiry of tax liability limitation periods;

3. fulfilling obligations regarding personal data protection:

   • the legal basis is our legal obligation (Art. 6(1)(c) GDPR),
   • data will be processed until the expiry of limitation periods for claims for violation of personal data protection regulations;

4. establishment, pursuit, and defense of potential claims:

   • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in taking actions aimed at protecting our rights in proceedings before courts and other state authorities,
   • data will be processed until the expiry of limitation periods for claims resulting from applicable law;

5. ensuring the proper functioning of the Service and analyzing user activity on the Service:

   • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in conducting analyses and statistics on the use of individual Service functionalities
   • data will be processed until effective objection is raised or the purpose of processing is achieved;

6. maintaining a Facebook page and a group called DescribeA and interacting with users of these social media:

   • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in promoting the Service and adapting its functionalities to current needs,
   • data will be processed until the expiry of limitation periods for claims resulting from applicable law;

7. providing you with answers to questions directed to us by phone or electronically, including through the form available through the Service and online chat:

   • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in communicating with our customers and answering questions from our potential customers or other persons interested in our products and services,
   • data will be processed until the expiry of limitation periods for claims resulting from applicable law;

8. marketing (promotion of our goods and services):

   • the legal basis is our legitimate interest (Art. 6(1)(f) GDPR), which we have in maintaining business relationships with customers and examining their satisfaction, taking care of our own interests and image, or accordingly, the voluntary consent of the person who expressed it for a specific purpose (Art. 6(1)(a) GDPR),
   • data will be processed until effective objection is raised or the purpose of processing is achieved, and in the case where the basis for processing is consent - until the consent is withdrawn (whereby withdrawal of consent does not affect the legality of data processing before its withdrawal).

If you receive our newsletter, you can unsubscribe from it at any time in two ways:

• by clicking the “unsubscribe” link or similar, available in the footer of each email containing the newsletter,
• by sending an email to contact@mjanowski.dev with the information “I unsubscribe.” Unsubscribing from the newsletter complies with GDPR regulations and will be processed promptly.

REMEMBER! We process personal data for as long as necessary to achieve the above-mentioned purposes, unless you submit a valid and correct request to delete your personal data. Moreover, the processing period may depend on the content of applicable legal provisions, e.g., in the case of storing financial documents or limitation periods for claims.

WHO CAN BE THE RECIPIENT OF YOUR PERSONAL DATA?

In some situations, if it proves necessary to achieve the purposes of data processing, we use the support and assistance of external entities. However, each time, before transferring personal data, we require their recipients to guarantee their appropriate protection and confidentiality.

Recipients of your personal data may be:

• entities participating in the performance of our contracts, e.g., accounting office, IT service providers, hosting service providers, payment system providers,
• entities whose assistance and services we use in the scope of our business activity based on separate agreements, e.g., providers of tools for analyzing activity in the Service and direct marketing, providers of tools for creating landing pages and collecting leads, providers of office systems, providers of project management software, providers of communication software,
• authorized state authorities under applicable law,
• other entities whose request for data transfer is justified under applicable law.

DO WE TRANSFER PERSONAL DATA TO THIRD COUNTRIES?

As a rule, we do not transfer personal data to countries outside the European Union and the European Economic Area (EEA). However, if in connection with the provision of services such a need arises, we will assess the circumstances and ensure an adequate level of data security so that processing takes place in compliance with applicable legal regulations.

When operating the Service, we use services and technologies offered by entities such as Mailerlite, which have their headquarters in the United States and may partially process personal data using servers located outside the European Economic Area (EEA). In light of GDPR provisions, these are so-called entities located in third countries, for which it is necessary to demonstrate the provision of an adequate level of protection or a mention of appropriate safeguards.

We assure that the above-mentioned entities apply compliance mechanisms provided for by GDPR (e.g., certificates) or standard contractual clauses adopted by the European Commission (Art. 46(2)(c) GDPR). More information about the principles of data processing by the above-mentioned entities can be found on the websites of these service providers.

DO WE PROFILE YOUR PERSONAL DATA?

Within the Service and applied technologies, we may perform profiling. It consists of using user data (i.e., gender, age, interests, approximate location, behavior in the Service) to assess their activity and potential interest in services.

Profiling enables personalizing offers and advertisements directed to users, but it does not affect the rules and conditions of concluded service agreements. The processed information is anonymous and is not associated with the user ordering services. Therefore, we do not make any automated decisions that could have legal effects on individuals or could affect them in a similarly significant way.

DO WE USE COOKIES?

Our website does not use cookies to track users or collect personal data. We do not install any cookies that would monitor your activity on our or other websites.

Some basic technical functions of the website may involve temporarily storing certain data in your browser, but these are not used for tracking and do not allow for user identification.

Due to the absence of tracking cookies, there is no need to manage cookie settings in the context of our website.

HOW DO WE PROTECT YOUR DATA?

To ensure a high and consistent level of protection, we apply safeguards appropriate to the processing of the IT environment, as well as technical and organizational measures, among which are:

• TLS protocol encryption,
• creating security copies,
• equipping data centers with data protection mechanisms,
• conducting regular security level tests,
• monitoring personal data security,
• minimizing the risk of potential abuses and quickly responding in case they occur,
• implementing data protection policy,
• ensuring continuous confidentiality, integrity, availability, and resilience of processing systems and services,
• enabling access to personal data only to authorized persons,
• creating and regularly changing access passwords to systems where personal data is processed.

WHAT RIGHTS DO PERSONS WHOSE DATA WE PROCESS HAVE?

Persons whose data we process have the right to:

• access their personal data;
• rectify personal data;
• delete personal data;
• restrict the processing of personal data;
• object to the processing of personal data;
• transfer personal data;
• withdraw consent to data processing (if the basis for processing is consent).

The above-mentioned rights are not absolute and in some situations, after analysis, we may legally refuse to fulfill them.

We also inform you that withdrawing consent for data processing will not affect the legality of data processing that took place on the basis of the consent given before its withdrawal.

If you submit a request to us to exercise any of the above rights, we will respond to it promptly, but no later than within a month from the date of receipt. If, due to the complexity of the request or the number of requests, we are unable to fulfill your request within a month, we will fulfill it within the next two months. However, we will inform you in advance about the intended extension of the deadline.

HOW CAN IRREGULARITIES IN PERSONAL DATA PROCESSING BE CHALLENGED?

If you believe that your personal data is being processed by us contrary to applicable law, you can file a complaint with the President of the Office for Personal Data Protection.

DOES USING THE SERVICE INVOLVE SENDING LOGS TO THE SERVER?

Using the Service involves sending queries to the server where the site is stored. Each query directed to the server is recorded in server logs and stored on the server. The logs include, among others, IP address, server date and time, information about the internet browser and operating system.

Data recorded in server logs are not associated with specific persons using the site and are not used by us for your identification.

Server logs constitute only auxiliary material used for administering the site, and their content is not disclosed to anyone except persons authorized to administer the server.

CAN WE CHANGE OUR PRIVACY POLICY?

Yes. Personal data protection is a process that we adapt to current needs and changing technology. Therefore, our Privacy Policy may be supplemented or changed, which we will inform you about by posting information in the Service, and in the case of significant changes, we will send separate notifications electronically to registered users.