Privacy Policy 1 — ONE.STORY.HERO

For starters, it's great you visited our website www.onestoryhero.com and that you are not indifferent to the way we process your personal data. Below you will find the purposes, legal bases and the duration of personal data processing, described separately for each purpose of processing. To begin with, we want to underline that your data is safe with us. We ensure the confidentiality of all personal data transferred to us, protect it from unauthorized users’ access and take adequate security and data protection measures required by regulations on personal data protection.

1. General information

1.1. The Administrator of your personal data is Rafał Bojar. Should you have any doubt regarding privacy policy, you may contact us at any time using this e-mail address: info@onestoryhero.com.

1.2. The GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) grants to you the following rights related to the processing of your personal data:

a) the right to access your data and receive its copy,

b) the right to amend (correct) your data,

c) the right to erase your data (if in your opinion there is no legal basis for further processing of your data, you can ask us to erase you data),

d) the right to request the limitation of processing your data (you can request the restriction of data processing for the sole purpose of their storage or performance of actions agreed with you),

e) the right to object to processing the data (you have the right to object to processing the data on the basis of a legitimate interest; you should indicate a particular situation - covered by your objection, that justifies, in your opinion, ceasing data processing. We will cease to process your data for these purposes, unless we demonstrate grounds for the processing which override your rights or unless we need your data for the establishment of and pursuing legal claims as well as for the defence against your legal claims .

f) the right to transfer your data (you have the right to receive the personal data, which you provided to us upon a contract or your consent, in a structured, commonly used and machine-readable format; you can instruct us to transmit this data to another subject),

g) the right to lodge a complaint with a supervising authority (if you come to conclusions that we are processing your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).

The procedure of exercising these rights have been provided in detail in sections 16 – 21 of the GDPR. Please remember that you can ask us to provide you the information about the data we already possess and the purposes of its processing. Just send a message to the following e-mail info@onestoryhero.com..

1.3. Your personal data can be processed by the entities whose services we use. Those entities may have access to your personal data if the services they provide us with are or may be related to the processing of personal data. This concerns, in particular, entities such as the hosting provider, e-mail service providers, website technical service providers, law firms, marketing service providers, accounting offices, cloud software providers, etc. Remember that your data is safe and processed only to the necessary extent. In addition, if necessary, your personal data may be made available to entities, bodies or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, public prosecutor's offices, as well as tax offices, to the extent necessary to fulfill tax, billing and accounting obligations.

1.4. We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in the third countries, in particular in the USA. The providers of these tools guarantee the appropriate level of personal data protection through the adequate compliance mechanisms provided for in the GDPR or the use of standard contractual clauses. Personal data is stored on servers located in third countries within Google services (described in this Privacy Policy) which are provided by Google Ireland Limited and as part of the mailing system Squarespace.

1.5. We use tools that can operate in a specific manner depending on information gathered with tracking technologies (profiling and behavioral advertising). However, in our opinion these mechanisms do not affect you as they do not differentiate your situation as a client, they do not impact the terms of contract that you can conclude with us.

2. Purposes and processing activities of personal data

2.1. Contact.

Processed data: name, e-mail address and alternatively data contained in the message (providing data is voluntary, however it is necessary to make contact).

The purpose of processing: making contact

Duration of data processing: The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.

Legal basis: art. 6 (1) (f) of GDPR, which is our legitimate interest. The legal basis of data processing after contract termination is also our legitimate purpose of archiving correspondence for internal needs (art. 6 (1) (f) of GDPR).

Entitlement: You have the right to request access to the correspondence history that you conducted with us (if it was archived) and demand to erase it, unless archiving this data is justified due to our overriding interests, e.g. protection against potential claims on your part.

2.2. Newsletter

Processed data: name, e-mail address (providing data is voluntary, however it is necessary to subscribe to a newsletter).

The purpose of processing: sending the newsletter. The mail system we use tracks your activities undertaken in connection with the messages sent to you. Therefore, we have information about messages you opened, messages you used in terms of the links contained in them etc.

Duration of the processing: the time of providing newsletter services and archiving data in order to prove in the future that you consented to receiving the newsletter.

The content of the correspondence can be archived and it cannot be precisely determined when it will be deleted.

Legal basis: consent (art. 6 (1) (f) of GDPR) expressed when subscribing to the newsletter.

Entitlements: You can unsubscribe from the newsletter at any time by clicking on the link provided in every message sent as a part of the newsletter or simply by contacting us. You can amend your data or object to processing of your personal data. Considering our legitimate interest (art. 6 (1) (f) of GDPR) we will not erase your data from our database. Erasing such data would prevent us from demonstrating, if necessary, the fact that in the past you have agreed to receive the newsletter.

2.3. User account.

Processed data: e-mail address and password (providing this data is voluntary, however it is necessary to create and account. As a part of editing your account details, you can provide your further details).

The purpose of processing: providing you with the electronic service consisting in possibility of using the user account.

Duration of the processing: You can delete your account at any time. If you choose to do this, your data will be stored in the database, so in the future we can identify you as a returning user, if you decide to use the website again as a registered user. In this regard, the legal basis for the processing of your personal data is our legitimate interest – art. 6 (1) (f) of GDPR.

Legal basis: the contract concluded on the terms indicated in the regulation - art. 6 (1) (b) of GDPR).

2.4. Orders

Processed data: data necessary to process the order, which is name and surname, billing address, company details, e-mail address, telephone number, tax identification number. Providing data is voluntary, however it is necessary to place an order.

The purpose of processing: the performance of the contract concluded upon placing an order, issuing an invoice and including it in the accounting documentation, archiving and statistical purposes as well as direct marketing of our own products and services.

Duration of the processing: The time necessary for order completion and then until the expiry of the limitation period for the claims under the contract.

After this expiry date, data can be still processed for the archiving and statistical purposes – e.g. for purposes of identifying returning clients as well as for the direct marketing purposes of own products and services until the objection is filed.

Legal basis: performance of the contract concluded upon placing an order (art. 6 (1) (b) of GDPR), issuing an invoice (art. 6 (1) (c) of GDPR), including invoice in the accounting documentation, direct marketing of own products and services (art. 6 (1) (f) of GDPR) as well as archiving and statistical purposes (art. 6 (1) (f) of GDPR).

Entitlements: You do not have a possibility to rectify order data after the order was processed. You also cannot object to the data processing and demand the erasure of the data until the expiry of the limitation period for the claims under the contract. Similarly, you cannot object to the data processing and demand the erasure of the data contained in invoices. You can object to the data processing for the purposes of direct marketing of your own products and services.

2.5. Recovery of abandoned shopping carts

Processed data: e-mail address.

The purpose of processing: the possibility of finalising the order (for this purpose your personal data gathered by us is processed in connection with the commencement of placing your order).

Duration of the processing: You can object to the processing of your personal data for the recovery of abandoned shopping carts purposes by clicking a link provided in the message sent as a part of recovering abandoned shopping carts.

Legal basis: legitimate interest (art. 6 (1) (f) of GDPR).

2.6. Contract withdrawal and complaints

Processed data: name and surname, address, telephone number, e-mail address, bank account. Providing this data is voluntary, however it is necessary to make a complaint or withdraw from the contract.

The purpose of processing: performance of the complaint or contract withdrawal procedure.

Duration of the processing: Time necessary to complete the procedure of complaint or the procedure of contract withdrawal. Complaints and the statements on withdrawal of the contract can also be archived for the purposes of demonstrating in the future the course of complaint or contract withdrawal procedure.

Legal basis: for the purposes of the implementation of the complaint or contract withdrawal procedure and then for archiving purposes, which is our legitimate interest (art. 6 (1) (f) of GDPR).

Entitlements: You cannot amend the data contained in the complaints and in the statements on withdrawal of the contract. Also, you cannot object to data processing and you cannot demand the erasure of the data until the expiry of the limitation period for the claims under the contract. After the expiry date of the limitation period for the claims under the contract you can, however, object to the processing of your data and demand to erase your data from the database.

3. Cookies

3.1. Cookies and other tracking technologies. Our website uses cookies.

Cookies are small pieces of text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our communication and information system (own cookies) or the communication and information systems of third parties (third-party cookies). Some cookies used by us are deleted after the end of the browsing session, that is after the browser is closed (session cookies). Other cookies are stored on your end device and enable us to recognise your browser the next time you visit the website (persistent cookies).

3.2. Cookie Consent

● During the first visit to our website, the information about the use of cookies together with a question about a consent to the use of these files is displayed.

● You can always change the cookie settings in your browser or delete cookies altogether. Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings.

● You can also manage cookie settings by downloading a special add-on enabling you to control cookies.

● Disabling or limiting the use of cookies may cause difficulties in using our website, as well as many other websites that use cookies.

3.3. Server Logs

● Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.

● Server logs typically include your IP address, the date and time of the server, information about the web browser and the operating system you use.

● Logs are saved and stored on the server. The data saved in the server logs is not associated with particular persons using the website and is not used by us to identify you.

● The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorised to administer the server.

3.4. Google Analytics.

● We use the Google Analytics tool provided by Google LLC based in the USA.

● The purpose is to create statistics and their analysis in order to optimise websites.

● The collected data is personal data and it does not enable your identification. The information we have access to as a part of Google Analytics is in particular: information about the operating system and the web browser you use, the subpages you are viewing as a part of our website, time spent on the website and its subpages, the source directing you to our website.

● As a part of Google Analytics, we use Advertising Features such as demographic and interest reports, age range, gender, approximate location, interests expressed through online activities.

● In order to use Google Analytics, we have implemented a unique Google Analytics tracking code in the code of our website. The tracking code uses Google LLC cookies for the Google Analytics service.

3.5. Google Ads.

● We use the Google Ads advertising program operated by Google LLC.

● The purpose is to conduct advertising campaigns, including remarketing, and the legal basis is the legitimate interest, consisting of marketing of our own products and services.

● The collected data is personal data and it does not enable your identification.

● When visiting our website, a Google remarketing cookie is automatically set on your device, which, with the help of a pseudonymous identifier (ID), based on the pages you visit, enables targeted ads corresponding to your interests.

● Further data processing takes place only if you give Google your consent to combine browsing and app usage history with your account and to use your Google account information to personalise advertisements displayed on websites.

● In such a case, if you are logged in to Google while visiting our Website, Google will use your data together with Google Analytics data to create and define target group lists for remarketing purposes on various devices. For this purpose, Google temporarily combines your personal data with Google Analytics data to create target groups.

● In order to use Google Ads, we have implemented a special Google Ads conversion pixel in the code of our website. The pixel uses Google LLC cookies for the Google Ads service. You can disable these cookies from our website using the managing cookies mechanism. You can manage ad settings directly on the Google website: https://adssettings.google.com/.

● Details related to data processing under Google Ads are available on the website: https://policies.google.com/privacy.

3.6. Facebook Ads and Insights.

● We use the marketing and analytical tools available on Facebook.

● The purpose is the marketing of our products and services as well as carrying out analysis and preparing statistics.

● We have implemented Facebook Pixel on our pages, which automatically collects information on your use of our Website in terms of pages browsed, for the purposes of targeted ads concerning your activities on our website,

● Information collected as part of Facebook does not allow us to identify you. Thanks to it, we can only learn what activities you have taken on our website. We can also check your age range, gender, where you are connecting to the Internet.

● you may look for relevant information directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation.

3.7. Social tools

● Our website uses plug-ins and other social tools provided by social networks such as Facebook, Instagram, Twitter.

● By displaying our website containing such a plugin, your browser will establish a direct connection to the servers of social network administrators (service providers). The content of the plugin is transmitted by a given service provider directly to your browser and integrated into the website. This integration allows service providers to be informed that your browser has displayed our website, even if you do not have a profile with the service provider or you are not logged in. This information (and your IP address) is sent directly by your browser to the server of a given service provider (some servers are located in the USA) and stored there. If you have logged in to one of the social networking sites, this service provider will be able to directly associate your visit to our website with your profile on that social networking site.

● You can also prevent plugins from being loaded on the website completely by using appropriate extensions for your browser, e.g. blocking scripts.

● If you do not want the social networking sites to associate the data collected during your visit to our website directly with your profile in a given social networking site, you must log out of that site before visiting our website

● If you use a plugin, e.g. if you click on the “Like” or “Share” button, the relevant information will also be sent directly to the server of a given provider and stored there.

● The purpose and scope of data collection and further processing and use of the data by service providers, as well as your contact details and rights and settings to protect your privacy are described in the service providers’ privacy policies. Facebook - https://www.facebook.com/legal/FB_Work_Privacy, Instagram - https://help.instagram.com/155833707900388. ,Twitter- https://twitter.com/en/privacy

3.8. Content from external websites.

● Content from external services is provided on our website, in particular the videos available on YouTube.

● Therefore, Google LLC cookies related to the YouTube service are used, including DoubleClick cookies.

● It is possible to prevent the assignment of the data collected during playing videos or reading other content available on our website directly to your profile in given internet service, by logging out of this service before visiting our website, as well as, for example, by blocking scripts.

● YouTube-related cookies are not loaded until the movie is played, so refraining from watching the movie will prevent them from loading.

● The purpose and scope of data collection and its further processing and use of the data by service providers, as well as your contact details and rights and settings to protect your privacy are described in the service providers’ privacy policies.

Please note that if any information provided by us regarding the privacy policy or cookies is unclear to you, you can contact us via e-mail.