Iluxa Web Logo

PRIVACY POLICY

The following Privacy Policy sets out the rules for storing and accessing data on Users’ Devices who use the Service, as well as the rules for collecting and processing Users’ personal data provided voluntarily via the tools available within the Service.

Service: https://iluxa-web.com

§1 DEFINITIONS

  • Service – the online website operating at the address: https://iluxa-web.com
  • External Service – online services of partners, providers, or contractors cooperating with the Administrator
  • Service / Data Administrator – Illia Yanukovich, conducting business activity (sole proprietorship ILUXA WEB), NIP: 7831940318, REGON: 543133663, VAT: PL7831940318, providing electronic services through the Service
  • User – a natural person for whom the Administrator provides electronic services via the Service
  • Device – an electronic device together with software through which the User gains access to the Service
  • Cookies – text data collected in the form of files placed on the User’s Device
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016...
  • Personal Data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly...
  • Processing – any operation or set of operations performed on personal data...
  • Restriction of Processing – the marking of stored personal data with the aim of limiting their processing in the future
  • Profiling – any form of automated processing of personal data...
  • Consent – any freely given, specific, informed, and unambiguous indication...
  • Personal Data Breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data...
  • Pseudonymization – processing of personal data so that they can no longer be attributed to a specific data subject without additional information...
  • Anonymization – an irreversible process that destroys or overwrites personal data, preventing identification of a specific person

§2 DATA PROTECTION OFFICER

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. In matters related to data processing, including personal data, contact should be made directly with the Administrator.

§3 TYPES OF COOKIES

  • Visitor Preferences (Necessary) – remembers whether the user has accepted the cookie policy.
  • Analytical (Optional) – used solely for internal statistics and service improvement (Google Analytics 4). These files are activated only after consent is granted in the cookie banner. Consent can be changed at any time in “Cookie Settings.”

§4 COOKIES USED

  • Internal Cookies – placed and read from the User’s Device by the Service’s teleinformation system.
  • External Cookies – placed and read from the User’s Device by teleinformation systems of external services. Scripts of external services may place cookies via scripts installed in the Service.
  • Session Cookies – stored during a single session; deleted after the session ends.
  • Persistent Cookies – stored until manually deleted (unless the Device is configured to remove cookies after each session).

§5 DATA STORAGE SECURITY

  • Mechanisms for storing and reading Cookies – implemented through built-in browser mechanisms; they do not allow retrieval of other data from the User’s Device or data from other websites; transferring malware is practically impossible.
  • Internal Cookies – safe for Users’ Devices; do not contain scripts or content that could threaten security.
  • External Cookies – the Administrator selects reputable partners, but does not have full control over third-party cookie content; to the extent permitted by law, bears no responsibility. Partners are listed later in this Policy.
  • Cookie Control
    • The User may change settings related to storing, deleting, and accessing cookies for any website at any time.
    • Guides for popular browsers: Managing cookies in Chrome, Opera, Firefox, Edge, Safari.
    • The User may delete all cookies saved so far using tools available on the User’s Device.
  • User-side risks – security also depends on User actions. The Administrator is not responsible for interception, session impersonation, or deletion resulting from user actions or malware.
  • Storage of personal data – all efforts are made to keep voluntarily provided personal data secure, restrict access, and process for intended purposes; data are protected against loss via appropriate safeguards.

§6 PURPOSES FOR WHICH COOKIES ARE USED

  • To improve and facilitate access to the Service.
  • To conduct visit statistics and analyze traffic using Google Analytics 4 – only after consent to analytical cookies has been granted.

§7 PURPOSES OF PERSONAL DATA PROCESSING

Data provided in the contact form (name, email address, phone number, company name, short project description) are processed for the following purposes:

  1. To respond to an inquiry, conduct correspondence, and perform actions preceding the potential conclusion of a contract – legal basis: Article 6(1)(b) GDPR.
  2. To pursue the legitimate interest of the Administrator consisting of documenting correspondence and establishing or defending against claims – legal basis: Article 6(1)(f) GDPR.

Data collected automatically through analytical cookies are used to compile statistics and analyze the functioning of the Service – legal basis: User consent, Article 6(1)(a) GDPR.

Direct marketing by electronic or telephone means will be conducted only after obtaining separate consent in accordance with the Act on Rendering Electronic Services and the Telecommunications Law.

§8 COOKIES OF EXTERNAL SERVICES

Data recipients may include entities providing maintenance and development of the Service and communication systems: hosting provider, email service provider, and Google Ireland Limited (Google Analytics 4) – to the extent necessary for the purposes specified in this Policy.

The Administrator has concluded data processing agreements with these entities. As part of analytical services, external cookies may be placed only after consent for analytical cookies.

§9 TYPES OF DATA COLLECTED

The Service collects data about Users. Some data are collected automatically and anonymously, while other data are personal data voluntarily provided by Users.

Anonymous data collected automatically:

  • IP address
  • Browser type
  • Screen resolution
  • Approximate location
  • Pages visited within the service
  • Time spent on a specific subpage
  • Operating system
  • Address of the previous subpage
  • Referring page address
  • Browser language
  • Internet connection speed
  • Internet service provider

Data from the contact form:

  • Email address
  • Phone number
  • First name
  • Company name
  • Short project description

§10 ACCESS TO PERSONAL DATA BY THIRD PARTIES

As a rule, the only recipient of the personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or resold to third parties.

Entities responsible for maintaining the infrastructure and services necessary to operate the Service may have access to data (most often on the basis of data processing agreements), including the hosting provider, the email service provider, and the provider of analytical tools (Google Ireland Limited – GA4).

§11 METHOD OF PROCESSING PERSONAL DATA

  • Personal data are not sold to third parties.
  • No decisions are made in an automated manner, including profiling.
  • In connection with the use of GA4, data may be transferred outside the EEA under Google’s legal mechanisms (e.g., SCC / EU-US DPF). GA4 is activated only after consent to analytical cookies.

§12 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The Service collects and processes Users’ data based on:

  • Regulation (EU) 2016/679 (GDPR), in particular:
    • Article 6(1)(a) – consent of the data subject.
    • Article 6(1)(b) – performance of a contract or steps prior to entering into a contract.
    • Article 6(1)(f) – legitimate interests pursued by the controller or a third party.
  • The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
  • The Telecommunications Law of 16 July 2004 (Journal of Laws 2004, No. 171, item 1800)
  • The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§13 PERIOD OF PERSONAL DATA PROCESSING

Personal data voluntarily provided by Users: as a rule, stored for the period necessary to conduct correspondence and handle the matter, and then (to protect against potential claims) for no longer than 24 months from the end of correspondence, unless a longer period results from legal regulations or pursuing claims.

Anonymous data collected automatically: anonymous statistical data that do not constitute personal data are stored according to Google Analytics 4 retention settings or until consent for analytical cookies is withdrawn.

§14 USERS’ RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

  • Right of access – obtain access to personal data upon request to the Administrator.
  • Right to rectification – request prompt rectification and/or completion of personal data.
  • Right to erasure – request prompt erasure; for accounts, deletion consists of anonymizing identifying information. The Administrator may withhold deletion to protect legitimate interests. For Newsletter, the User may delete data via the link in each email.
  • Right to restriction – restrict processing in cases indicated in Article 18 GDPR.
  • Right to data portability – receive personal data in a structured, commonly used, machine-readable format.
  • Right to object – object to processing in cases specified in Article 21 GDPR.
  • Right to withdraw consent – withdraw consent (for analytical cookies) at any time.
  • Right to lodge a complaint – with the supervisory authority responsible for personal data protection.

§15 CONTACT WITH THE ADMINISTRATOR

§16 SERVICE REQUIREMENTS

  • Restricting cookie storage/access on the User’s Device may cause certain functions to operate incorrectly.
  • The Administrator is not responsible for malfunctioning functions if the User restricts the ability to save/read cookies.

§17 EXTERNAL LINKS

The Service may contain links to external websites not affiliated with the Owner. These links may be unsafe for your Device or pose a risk to your data. The Administrator is not responsible for content outside the Service.

§18 CHANGES TO THE PRIVACY POLICY

  • The Administrator may change this Privacy Policy at any time (regarding anonymous data/cookies) without notifying Users.
  • Changes regarding personal data processing will be notified by email within 7 days to Users with accounts or subscribed to the newsletter. Continued use of the Service constitutes acceptance of the changes; otherwise, delete the account or unsubscribe.
  • Changes will be published on this subpage and take effect upon publication.