1 General information
This policy applies to the website, which operates at the url: https://mecooks.com.
The Operator of the service and the Administrator of personal data is: MeCooks Culinary Blog
Operator's e-mail contact address: firstname.lastname@example.org
The Operator is the Administrator of your personal data in relation to the data provided voluntarily in the Service. The Service uses your personal data in order to provide the ordered services. The Service performs the functions of obtaining information about users and their behaviour in the following way:
- through the data voluntarily entered in the forms, which are entered into the Operator's systems;
- by saving cookies (so-called "cookies") in the terminal equipment.
2 Selected data protection methods used by the Operator
The login and entry points for personal data are protected in the transmission layer. This ensures that the personal and login data entered on the website are encrypted on the user's computer and can only be read on the target server. Personal data stored in the database is encrypted in such a way that only the operator holding the key can read it. This protects the data in case the database is stolen from the server. The Operator periodically changes his administrative password.
An important element of data protection is regular updating of all software used by the Operator to process personal data, which in particular means regular updates of programming components.
The service is hosted (technically maintained) on the operator's server: linuxpl.com
Registration data of the hosting company: H88 S.A. Roosevelta Street 22, 60-829 Poznań, KRS 0000612359, REGON 364261632, NIP 7822622168.
- applies data loss protection measures (e.g. disk arrays, regular security copies);
- has adequate measures in place to protect processing sites in the event of fire (e.g. special fire-fighting systems);
- apply adequate measures to protect processing systems in the event of a sudden power failure (e.g. dual power lines, generators, UPS backup systems);
- apply physical measures to protect access to processing sites (e.g. access control, monitoring);
- take measures to ensure adequate environmental conditions for servers as part of the data processing system (e.g. environmental conditions control, specialised air conditioning systems);
- apply organisational arrangements to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.);
- has appointed a Data Protection Officer.
In order to ensure technical reliability, the hosting company maintains logs at server level. Logs may be recorded:
- resources defined by a URL identifier (addresses of requested resources - pages, files);
- the time of arrival of the request;
- time of response;
- client station name - identification provided by the HTTP protocol;
- information about errors that occurred during the execution of HTTP transactions;
- URL of the page previously visited by the user (link referer) - if the access to the Service was made via a link;
- information about the user's browser;
- information about the IP address;
- diagnostic information related to the process of self-ordering services through the site's recorders;
- information related to the handling of electronic mail directed to the Operator and sent by the Operator.
4. your rights and additional information on the use of your data
In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary for the performance of the contract concluded with you or for the fulfilment of the Administrator's obligations (this also applies to payment operators). Your personal data is processed by the Administrator no longer than it is necessary to perform the related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will not be processed for more than 3 years. You have the right to request from the Administrator:
- access to personal data concerning you;
- rectify them;
- limitations of processing;
- and the transfer of data.
You have the right to object to the processing of your personal data in order to exercise your legitimate interests pursued by the Administrator, including profiling, but the right to object will not be exercised if there are valid legitimate grounds for processing, interests, rights and freedoms overriding your interests, in particular to establish, assert or defend claims. The Administrator's actions may be complained about to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw. Providing personal data is voluntary, but necessary to operate the Service. Activities consisting in automated decision making, including profiling, may be undertaken with respect to you in order to provide services under the concluded agreement and to conduct direct marketing by the Administrator. Personal data is not transferred from third countries within the meaning of data protection regulations. This means that we do not send them outside the European Union.
5. information in the forms
The service collects information voluntarily provided by the user, including personal data, if any. The service may save information about the connection parameters (time stamp, IP address). The service may, in some cases, save information to facilitate linking the data in the form with the e-mail address of the user filling in the form. In this case, the user's e-mail address appears inside the url of the page containing the form. The data provided in the form are processed for the purpose resulting from the function of a particular form, e.g. to handle the service request or business contact, register services, etc. Each time the context and description of the form clearly indicate what it is used for.
6 Administrator's logs
Information about user behavior on the site may be subject to login. This data is used to administer the service.
7 Important marketing techniques
The Operator uses remarketing techniques that allow for matching advertising messages with the user's behaviour on the website, which may give the illusion that the user's personal data is used to track the user, but in practice there is no transfer of any personal data from the Operator to the advertising operators. The technological condition for such actions is that cookies are enabled.
The Operator uses a solution that investigates user behaviour by creating heat maps and recording behaviour on the website. This information is anonymized before it is sent to the service provider so that he does not know which individual it concerns. In particular, passwords and other personal data are not recorded.
The Operator uses a solution that automates the operation of the Service in relation to users, e.g. it can send an e-mail to the user after visiting a particular subpage, provided that he has agreed to receive commercial correspondence from the Operator.
The Operator may use profiling within the meaning of personal data protection regulations.
8. information about cookies
Cookies (so-called "cookies") are IT data, in particular text files, which are stored in the final device of the Service User and are designed to use the Website's websites. Cookies usually contain the name of the website from which they come, the time they are stored on the terminal equipment and a unique number. Entity placing on the terminal equipment of the Service User cookies and obtaining access to them is the operator of the Service.
Cookies are used for the following purposes:
- maintaining the Service User session (after logging in), so that the user does not have to re-enter the login and password on each page of the Service;
- to achieve the objectives specified above in the section "Important marketing techniques".
Two basic types of cookies are used within the Service: "session" cookies (session cookies) and "permanent" (persistent cookies). Session" cookies are temporary files, which are stored in the user's terminal device until logging out, leaving the website or turning off the software (web browser). "Persistent" cookies are stored in the User's terminal equipment for the time specified in the parameters of cookies or until they are deleted by the User.
Cookie files placed in the final device of the Service User may also be used by entities cooperating with the Service Operator, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
9. management of cookies - how to give and withdraw consent in practice?