Dear User,

On May 25, 2018, the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the free movement of such data, as well as repealing Directive 95/46/EC (referred to as „GDPR”), came into effect. In connection with this, we would like to inform you about the processing of your data and the principles on which it is carried out after May 25, 2018.

This privacy policy applies to the website https://g4d.pl/.

WHAT DATA ARE WE TALKING ABOUT?

We are talking about personal data entered by you in forms and collected while using our service, including those stored in Cookies.

WHO WILL BE THE ADMINISTRATOR OF YOUR PERSONAL DATA?

The administrator of your data will be GRAFFITI FILMS Sp. z o.o., Górnośląska 16/21, 00-432 Warsaw, Poland, NIP 5213632531.

WHY DO WE WANT TO PROCESS YOUR PERSONAL DATA?

We process your personal data in order to:

• allow you to contact us through forms
• provide greater service security, detect robot activities, fraud, and abuse, as well as to conduct measurements that enable us to create better, more tailored services for you.

WHO WILL YOUR PERSONAL DATA BE SHARED WITH?

Data will only be shared with external entities within the legally allowed limits. Data will not be transferred to external entities.

User data may be transferred outside the European Union – to third countries.

Since the Administrator uses external service providers such as Facebook, Google, Microsoft, Apple, etc., the User’s data may be transferred to the United States of America (USA) as a result of their storage on U.S. servers (in whole or in part). Google and Facebook use compliance mechanisms provided by the GDPR (e.g., certifications) or standard contractual clauses in relation to their services. They will only be shared with recipients who guarantee the highest protection and security of data, including through:

• cooperation with entities processing personal data in countries for which a relevant decision has been issued by the European Commission,
• the use of standard contractual clauses issued by the European Commission (as is the case with Google),
• the use of binding corporate rules approved by the relevant supervisory authority, or those to whom the User has consented to the transfer of personal data.

Detailed information is available in the privacy policies of each service provider, available on their websites. For example:

• Apple (PL): https://www.apple.com/pl/legal/privacy/
• Google LLC: https://policies.google.com/privacy?hl=pl
• Facebook Ireland Ltd.: https://www.facebook.com/privacy/explanation

Currently, services offered by Google and Facebook are mainly provided by entities located within the European Union. However, it is recommended to always check the privacy policy of these providers for up-to-date information on personal data protection.

LEGAL BASES FOR DATA PROCESSING

Personal data are processed in accordance with the applicable regulations:

• in part a) based on Article 6(1)(a) of the General Data Protection Regulation of April 27, 2016 (the data subject has given consent for their personal data to be processed for one or more specific purposes),
• in part b) based on Article 6(1)(f) of the General Data Protection Regulation of April 27, 2016 (processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, especially when the data subject is a child).

FOR HOW LONG WILL YOUR DATA BE PROCESSED?

We will process your personal data for the time necessary to achieve the designated purpose or until you withdraw your consent.

RIGHTS OF DATA SUBJECTS

Under the GDPR, you have the following rights:

a) the right to access your data and receive a copy of it; b) the right to rectify (correct) your data; c) the right to delete personal data; d) the right to limit or object to the processing of data; e) if you believe that we have violated the rules of processing your personal data in any way, you have the right to file a complaint directly with the supervisory authority, the President of the Personal Data Protection Office.

To exercise this right, you should provide a full description of the situation and indicate what action you believe violates your rights or freedoms. The complaint should be filed directly with the supervisory authority at: ul. Stawki 2, 00-193 Warsaw.

Contact for data matters: hello@g4d.pl.

HOW EXACTLY IS DATA COLLECTED?

The service performs user data and behavior collection functions in the following ways:

1. INFORMATION IN FORMS.

The service collects information voluntarily provided by the user. The service may also store information about connection parameters (time stamp, IP address). The data in the form is not shared with third parties unless the user consents to it. The data provided in forms is processed for the purpose resulting from the function of a specific form, e.g., to contact us. The data provided in forms may be transferred to entities technically performing some of our services.

2. INFORMATION ABOUT COOKIES.

The service uses cookies. We inform you that we use cookie technology on our websites to record information about which pages you visited and what you did on them. Cookies are simply information stored by your web browser. Thanks to cookies, websites remember your preferences and settings, such as setting a city in the weather forecast. Cookies do not allow the identification of personal data. They do not affect your software or hardware. These files are used for:

• Authentication – primarily identifying the logged-in user, for example, to display the correct information relevant to their interests;
• Security – necessary to support security mechanisms on the website, such as protecting against data leaks;
• Research and analysis – we may use cookies to examine and analyze the performance of the website and mobile applications. This also serves to improve their functionality.

We may use popular software such as Google Analytics, where the website places a special code on the user’s computer that allows data collection. However, the user can disable data collection by Google Analytics at any time by adjusting their browser settings.

We inform you that web browsers generally allow users to control cookies through their settings. Limiting cookies in these settings may result in reduced website functionality.

3. SERVER LOGS.

Information about certain user behaviors is logged at the server level. These data are used only for the purpose of administering the website and ensuring the most efficient service provision. The viewed resources are identified by URLs. Additionally, the following may be logged:

• time of request,
• time of sending the response,
• client station name – identification through the HTTP protocol,
• information about errors that occurred during the HTTP transaction,
• URL of the previously visited page (referer link) – in cases where access to the service occurred through a hyperlink,
• information about the user’s browser,
• IP address.

These data are not associated with specific individuals browsing the site.

These data are used only for server administration purposes.

MANAGING COOKIES – HOW TO EXPRESS AND WITHDRAW CONSENT IN PRACTICE?

You can disable or limit the collection of cookies on your computer by selecting the appropriate settings in your browser. Please note that disabling cookies essential for authentication, security, and user preference maintenance may hinder or, in extreme cases, prevent the use of websites.

To manage cookie settings, choose your browser/system from the list below and follow the instructions:

• Internet Explorer
• Microsoft Edge
• Chrome
• Safari
• Firefox
• Opera