Privacy Policy

I. General Information

This Policy has been issued by the Data Controller – Optimum Process Spółka z ograniczoną odpowiedzialnością, seated in Poland, Warsaw (02-222), al. Jerozolimskie 181B, NIP 5213786607, KRS 0000684901, REGON 367693875, and is addressed to all users (hereinafter: “Users”) of the website www.celebrio.app and the application https://online.celebrio.app/ (hereinafter: “Website”).

This Policy may be amended and updated to reflect changes in the Data Controller’s Personal Data Processing practices or changes in applicable law. We encourage you to read this Policy carefully and to check it regularly to verify any changes the Data Controller may introduce in accordance with the provisions of this Policy.

II. Processing of Users’ Personal Data

We bear no responsibility for any photos/videos/media uploaded to your account. It is your responsibility to ensure that all media uploaded to your digital wall/shared album are safe, appropriate, and compliant with applicable law and trademarks.

Collection of Personal Data: The Data Controller may collect Users’ Personal Data such as: first name, last name, email address, and phone number. The Data Controller may collect Users’ Personal Data, in particular, in the following cases:

  1. When Personal Data is provided by Users (e.g. via email, phone, contact form, or any other means).
  2. When Personal Data is collected as a result of conducting business relations / entering into or performing a contract – fees for the use of the Service at https://online.celebrio.app/
  3. When Personal Data is collected or Users are asked to provide it during visits to the Data Controller’s websites or when using any features or resources available on or through the Website. When Users visit the Website, their devices and browsers may automatically share certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connections to the Website, and other technical communication data), some of which may constitute Personal Data. During a visit to the Website, no Personal Data will be stored by the Data Controller without the prior, explicit consent of Users. However, the temporary storage of log files and cookies facilitates the use of our Website. Providing such consent is optional and does not affect the ability to use the Website. In some cases, without providing such consent, the ability to use our Website may be limited to some extent.

Personal Data Processed: The categories of Users’ Personal Data processed by the Data Controller may include:

  1. Personal details: first name(s), last name(s).
  2. Contact details: phone number, email address.
  3. Payment data: bank account number, account holder’s name, credit card number.
  4. Message content: messages stored in the Service solely to the extent required for their secure storage by the User.

Processing of Personal Data on social media: The Data Controller may use fanpage profiles on social media platforms. Public data shared by social media users may be used for the purpose of:

  1. Responding to private messages directed to the Data Controller.
  2. Conducting discussions in the comments section under individual posts.
  3. Sharing posts with people following the fanpage.
  4. Marketing purposes – informing about the Data Controller’s services through posts, including sponsored posts displayed to a wider audience.
  5. Statistical purposes – presenting data on post views, reach, number of interactions, and demographic data of followers; data presented by social media platform owners constitutes statistical data created based on the observation of user behavior on the fanpage.

Legal bases for Processing Personal Data: When processing Users’ Personal Data for the purposes set out in this Policy, the Data Controller may rely on one or more of the following legal bases:

  1. Processing is based on the User’s prior, freely given, specific, informed, and unambiguous consent.
  2. Processing is necessary for the performance of a contract to which the User is a party, or in order to take steps at the User’s request prior to entering into a contract.
  3. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.
  4. Processing is necessary in order to protect the vital interests of any natural person.
  5. Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller and does not override the interests or fundamental rights and freedoms of the User.

Purposes of Processing Personal Data: The Data Controller may process Users’ Personal Data for the following purposes:

  1. Data Controller’s Website: operating and managing the Website, presenting its content, publishing advertisements and promotional information, and communicating with clients, suppliers, and potential employees or collaborators.
  2. Offering products and services: presenting the Website and other services, and communicating in relation to the Data Controller’s services.
  3. Marketing communications: presenting (including via email, phone, text message, social media, mail, and personal contact) messages and information that may be of interest to Users, including the distribution of newsletters and other commercial information, following the prior receipt of Users’ consent.
  4. IT communications and operations: managing communication systems, operating for IT security purposes, and conducting IT security audits.
  5. Financial management: sales, finance, audit, and sales management.
  6. Improving products and services: identifying issues with existing products and services, planning improvements, and developing new products and services.

III. Sharing Personal Data with Third Parties

The Data Controller may share Users’ Personal Data with:

  1. Administrative or judicial authorities, upon their request, for the purpose of reporting an actual or suspected violation of applicable law.
  2. Auditors, lawyers, and PR agencies, subject to a confidentiality obligation arising from a contract or imposed on such entities by law.
  3. Third-party data processors processing entrusted data on behalf of the Data Controller, in accordance with the requirements set out in this Section III.
  4. Any authority competent for the purposes of preventing, investigating, detecting, or prosecuting criminal offenses or enforcing criminal penalties, including safeguarding against and preventing threats to public security.
  5. Any acquiring entity, in the event of a sale or transfer of any organized part of the Data Controller’s business or shares in its share capital (including in the case of reorganization, dissolution, or liquidation).

Notwithstanding the above, the Website may use plugins or content provided by third parties. Should Users choose to use them, their Personal Data may be shared with third parties or social media platforms. The Data Controller recommends reviewing the privacy policy of the relevant third party before using its plugins or content.

If the Data Controller engages a third party to process Users’ Personal Data, under a data processing agreement concluded with such party, the Data Processor will be required to: (i) process only the Personal Data specified in the Data Controller’s prior, written instructions; and (ii) implement all measures necessary to protect the confidentiality and security of Personal Data and ensure compliance with all other applicable legal requirements.

The entity processing Users’ Personal Data collected via the Website is Optimum Process Spółka z ograniczoną odpowiedzialnością, the creator of this Website. This entity stores and processes Users’ Personal Data collected during their use of the Website. The Data Processor ensures full security of Users’ Personal Data by applying appropriate and up-to-date technical and organizational measures. The Data Processor may not use the Users’ Personal Data made available to it for any purpose other than those for which it was entrusted by the Data Controller.

IV. International Transfer of Personal Data

At present, the Data Controller does not transfer and does not intend to transfer any Users’ Personal Data to third countries that are not members of the European Union, or to international organizations. Should such a need arise, this Policy will be modified, and the transfer of Personal Data will only be possible on the basis of standard contractual clauses implemented by the Data Controller prior to the transfer. In such a case, Users will be entitled to request a copy of the standard contractual clauses applied by the Data Controller, using the contact details provided in Section XI below.

V. Data Security

The Data Controller has implemented appropriate technical and organizational measures to protect Personal Data, including in particular safeguards against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law. The Data Controller is not responsible for the actions or omissions of Users. Users are responsible for ensuring that all Personal Data is transmitted to the Data Controller in a secure manner.

VI. Data Accuracy

The Data Controller takes all appropriate measures to ensure that:

  1. Users’ Personal Data processed by the Data Controller is accurate and, where necessary, kept up to date.
  2. Any Users’ Personal Data that is inaccurate (having regard to the purposes for which it is processed) will be erased or rectified without undue delay.

The Data Controller may at any time ask Users to confirm the accuracy of their Personal Data being processed.

VII. Data Minimization

The Data Controller takes all appropriate measures to ensure that the scope of Users’ Personal Data processed is limited to data that is adequately required for the purposes set out in this Policy.

VIII. Data Retention

The Data Controller retains copies of Users’ Personal Data in an identifiable form only for as long as necessary to achieve the purposes set out in this Policy, unless applicable law requires a longer retention period. The Data Controller may in particular retain Personal Data for the entire period necessary to establish, exercise, or defend legal claims.

IX. Users’ Rights

Under the provisions of the General Data Protection Regulation, Users have the following rights with regard to their Personal Data processed by the Data Controller:

  1. The right of access to personal data.
  2. The right to rectification of personal data.
  3. The right to erasure of personal data.
  4. The right to restriction of processing of personal data.
  5. The right to data portability.
  6. The right to object to the processing of personal data.
  7. The right not to be subject to a decision based solely on automated processing.

Where the processing of Personal Data is based on consent, Users have the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

In the event of unlawful processing of Personal Data, Users have the right to lodge a complaint with the competent national data protection supervisory authority – in Poland, the President of the Personal Data Protection Office (UODO).

To exercise one or more of the above rights, or to obtain information about these rights or any other provisions of this Policy, please contact us using the details provided in Section XI below.

X. Cookies

The Data Controller operates the following websites: https://online.celebrio.app/ and https://celebrio.app.

When using the Website, certain data about the User is collected automatically, such as: IP address, domain name, browser type, and operating system type. This data may be collected via cookies, the Google Analytics system, and may be stored in server logs.

Cookies are small text files sent to the User’s computer or other end device when browsing the Website. Cookies store User preferences, which allows us to improve the quality of our services, enhance search results and the relevance of displayed information, personalize the website, and generate statistics.

Users may opt out of cookies by selecting the appropriate settings in their web browser.

Users provide consent to the storage of or access to cookies during their first visit to the Website by accepting all cookies or selecting specific cookie types. Users may change their cookie preferences at any time through the settings of the browser installed on their device.

The Data Controller uses the following types of cookies:

  1. Technical cookies – essential cookies that enable Users to navigate the Website and use its features, such as access to secure areas.
  2. Performance cookies – collect information about how Users use the Website and which parts of it they visit most frequently.
  3. Functional cookies – record choices made by Users (such as username, language, or region).

Data provided by Users or collected automatically is used by the Data Controller for the purposes of:

  1. Proper functioning, configuration, security, and reliability of the Website.
  2. Monitoring session status.
  3. Tailoring displayed information to User preferences.
  4. Analytics, statistics, research, and auditing of Website traffic.

Any additional questions regarding the use of cookies should be directed to: info@celebrio.app. The principles set out in this Policy are governed by Polish law.

XI. Contact Details

For any questions, concerns, or comments regarding the information contained in this Policy or any other matters related to the processing of Users’ Personal Data by the Data Controller, including to exercise the rights referred to in Section IX, please contact us at: info@celebrio.app.

XII. Definitions

  1. Data Controller – the entity that determines the purposes and means of processing Personal Data and is responsible for ensuring that processing complies with applicable data protection law.
  2. Personal Data – any information relating to an identified or identifiable natural person. Examples of Personal Data that the Data Controller may process are listed in Section II above.
  3. Process / Processing / Processed – any operation or set of operations performed on Personal Data, whether or not by automated means, such as: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  4. Data Processor – any person or entity that processes Personal Data on behalf of the Data Controller (other than an employee of the Data Controller).

XIII. Data retention periods (EN)

Personal data is retained for the duration of the contract and after its termination for the period required by law or until the limitation period for claims expires. Marketing data is processed until consent is withdrawn.

XIV. Data processors and technologies (EN)

Personal data may be processed by external service providers such as hosting providers, cloud providers (e.g., AWS), CDN providers, and payment operators (e.g., Stripe). The Administrator enters into appropriate data processing agreements with such entities.

XV. Transfers outside the EEA (EN)

Personal data may be transferred outside the European Economic Area due to the use of global service providers. Such transfers are carried out based on standard contractual clauses in accordance with GDPR.

XVI. Payment data (EN)

Payment data is processed by external payment operators. The Administrator does not store full payment card details.

XVII. User content (photos and materials) (EN)

The User remains the owner of the uploaded content. The Administrator processes such content solely for the purpose of providing the service and enabling its functionality.

XVIII. Profiling (EN)

The Administrator does not use profiling or automated decision-making that produces legal effects concerning users.