I. INTRODUCTION

This Privacy Policy defines the rules for processing personal data of users of the website www.pawelsarota.com and the use of cookies. The purpose of this document is to provide transparent information on the scope, purposes, and legal bases of data processing, as well as users’ rights regarding the protection of their privacy.

The Administrator implements technical and organizational measures to ensure the security of processed personal data and to protect them from unauthorized access.

This Privacy Policy applies to all users of the website.

II. DEFINITIONS

  1. Administrator – SAROTA STUDIO Sp. z o.o., headquartered in Kraków, ul. Ojcowska 88, 31-344 Kraków, NIP: 9452305369, REGON: 540770487, KRS: 0001152632, email address: biuro@pawelsarota.com.
  2. Personal Data – any information related to an identified or identifiable natural person.
  3. Service – the website www.pawelsarota.com.
  4. Processor – an entity that processes data on behalf of the Administrator.
  5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  6. User – any individual visiting the Service.
  7. Cookies – IT data, text files stored on users’ devices (e.g., computers, phones), transmitted by the Service.

III. DATA CONTROLLER

The data controller is SAROTA STUDIO Sp. z o.o., headquartered in Kraków, ul. Ojcowska 88, 31-344 Kraków, NIP: 9452305369, REGON: 540770487, KRS: 0001152632.

Contact regarding data processing: biuro@pawelsarota.com.

IV. SCOPE AND PURPOSE OF DATA PROCESSING

The Administrator processes users’ personal data for the following purposes:

  1. Handling inquiries and contact – data provided via the contact form or email, including name, surname, email address, phone number, and message content, are processed.
  2. Contract execution – processing of data necessary to conclude and perform a contract (e.g., for photography services).
  3. Marketing activities – sending commercial information based on the user’s consent.
  4. Analyzing website traffic and improving functionality – the Administrator uses analytical and statistical tools that may collect data about user activity on the website.
  5. Ensuring security and preventing abuse – to protect the website and its users from unlawful activities.

The legal basis for processing personal data is:

  • Article 6(1)(b) of the GDPR – contract execution or steps taken before entering into a contract.
  • Article 6(1)(f) of the GDPR – the legitimate interests of the Administrator (e.g., website traffic analysis, security measures).
  • Article 6(1)(a) of the GDPR – user consent for specific processing purposes (e.g., marketing).

V. DATA RECIPIENTS

Personal data may be shared with entities cooperating with the Administrator to the extent necessary for service provision, including:

  1. Providers of analytical and marketing tools (Google, Meta).
  2. Hosting providers and IT service providers.
  3. Accounting and legal service providers (where required by law).
  4. Public authorities if required by applicable law.

The Administrator uses tools provided by Google (e.g., analytics, advertisements, email services).

Data may be transferred to countries outside the European Economic Area (EEA) when using Google and Meta services. In such cases, the Administrator applies EU standard contractual clauses to ensure an adequate level of data protection.

VI. COOKIES

  1. The Service uses cookies for statistical, functional, and marketing purposes.
  2. Cookies are categorized as:
    • Necessary – ensuring the proper functioning of the Service.
    • Statistical – enabling analysis of website traffic (Google Analytics).
    • Marketing – enabling personalized advertising (Google Ads, Meta).
  3. Users can manage cookie settings in their web browser preferences.

If the Administrator implements a consent management tool (e.g., Cookiebot), users will be able to choose their preferred categories of cookies through a dedicated settings panel.

VII. DATA RETENTION PERIODS

  1. Contact data – stored indefinitely based on the Administrator’s legitimate interest (archiving contact history, potential future collaboration). The user has the right to request data deletion at any time.
  2. Contract-related data – stored for the period required by tax and accounting regulations (5 years).
  3. Marketing data – stored until the user withdraws their consent.
  4. Analytical and cookie data – stored for up to 24 months.

VIII. USER RIGHTS

Users have the following rights regarding their data:

  1. Accessing their personal data.
  2. Correcting inaccurate data.
  3. Deleting their data (“right to be forgotten”).
  4. Restricting data processing.
  5. Objecting to data processing.
  6. Transferring their data to another controller.
  7. Filing a complaint with the President of the Personal Data Protection Office.

To exercise these rights, users should contact the Administrator at biuro@pawelsarota.com.

IX. CHANGES TO THE PRIVACY POLICY

The Administrator reserves the right to modify this Privacy Policy if required by changes in legal regulations or the operation of the Service.