Privacy Policy

The following Privacy Policy defines the principles of storing and accessing data on Users’ Devices using the Website for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data provided voluntarily and personally by them via the tools available on the Website.

This Privacy Policy constitutes an integral part of the Website’s Terms of Service, which defines the rules, rights, and obligations of Users using the Website.

§1 Definitions

Website – the “Noctis” website operating at https://noctis-bdsm.com/

External Service – websites of partners, service providers, or service recipients cooperating with the Administrator

Website / Data Administrator (Administrator) – The Administrator of the Website and the Data Administrator (hereinafter: the Administrator) is the company “F.H.U.P Adam Żaba ‘Chemal’”, operating at Orzeszkowej 5, 42-242 Rędziny, Poland, with tax identification number (NIP): 5730029036, providing electronic services via the Website.

User – a natural person for whom the Administrator provides electronic services via the Website.

Device – an electronic device with software through which the User accesses the Website

Cookies – text data collected in the form of files placed on the User’s Device

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation)

Personal Data – means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person

Processing – means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction

Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future

Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements

Consent – means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed

Pseudonymization – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

Anonymization – Anonymization of data is an irreversible process of operations performed on data that destroys or overwrites “personal data,” making it impossible to identify or associate a specific record with a specific user or natural person.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters concerning data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

Internal Cookies – files placed and read from the User’s Device by the Website’s IT system

External Cookies – files placed and read from the User’s Device by IT systems of External Services. Scripts from External Services that may place cookies on Users’ Devices have been intentionally placed on the Website via scripts and services installed on the Website.

Session Cookies – files placed and read from the User’s Device by the Website during a single session of a given Device. After the session ends, the files are deleted from the User’s Device.

Persistent Cookies – files placed and read from the User’s Device by the Website until manually deleted. The files are not automatically deleted after the Device session ends unless the User’s Device is configured to delete cookies at the end of the Device session.

§4 Security of Data Storage

Mechanisms for storing and reading Cookies – Mechanisms for storing, reading, and exchanging data between Cookies saved on the User’s Device and the Website are implemented through built-in web browser mechanisms and do not allow downloading other data from the User’s Device or data from other websites visited by the User, including personal or confidential information. The transfer of viruses, trojans, and other worms to the User’s Device is practically impossible.

Internal Cookies – Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could threaten the security of personal data or the security of the Device used by the User.

External Cookies – The Administrator takes all possible steps to verify and select the Website’s partners regarding Users’ security. The Administrator chooses well-known, large partners with global social trust for cooperation. However, it does not have full control over the content of Cookies originating from external partners. To the extent permitted by law, the Administrator is not responsible for the security of Cookies, their content, or the lawful use of cookies from External Services’ scripts installed on the Website. A list of partners is provided later in this Privacy Policy.

Cookie Management

The User may, at any time, independently change the settings regarding the storage, deletion, and access to data saved in Cookies for any website.

Information on how to disable cookies in the most popular web browsers is available at the following pages or from respective providers:

Managing cookies in Chrome

Managing cookies in Opera

Managing cookies in Firefox

Managing cookies in Edge

Managing cookies in Safari

Managing cookies in Internet Explorer 11

The User may delete all previously saved cookies at any time using tools of the User’s Device through which the User uses the Website’s services.

Risks on the User’s side – The Administrator uses all possible technical measures to ensure the security of data stored in cookies. However, it should be noted that ensuring the security of this data depends on both parties, including the User’s actions. The Administrator is not responsible for data interception, impersonation of the User’s session, or deletion resulting from the conscious or unconscious actions of the User, viruses, trojans, or other spyware that may have infected or have been present on the User’s Device. Users should follow internet safety recommendations to protect themselves against these risks.

Storage of personal data – The Administrator ensures that it makes every effort to keep the personal data voluntarily entered by Users secure, access to such data is limited and carried out in accordance with their purpose and processing objectives. The Administrator also ensures that all efforts are made to secure the possessed data against loss through appropriate physical and organizational safeguards.

§5 Purposes for Using Cookies

Improving and facilitating access to the Website

Personalizing the Website for Users

Affiliate services

Statistics (users, number of visits, device types, connections, etc.)

Providing social networking services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users are processed for one of the following purposes:

Providing electronic services:

Services for sharing information about content posted on the Website in social media or other websites.

Communication between the Administrator and Users regarding the Website and data protection

Ensuring the Administrator’s legitimate interests

Anonymous data automatically collected about Users are processed for one of the following purposes:

Statistics

Affiliate program management

Ensuring the Administrator’s legitimate interests

§7 Cookies from External Services

The Administrator uses JavaScript scripts and web components of partners on the Website, who may place their own cookies on the User’s Device. Remember that you can manage which cookies are permitted for specific websites in your browser settings. Below is a list of partners or their services implemented on the Website that may place cookies:

Social networking / integration services:

Facebook

Content sharing services:

Instagram

Analytics services:

Google Analytics

Other services:

Google Maps

Services provided by third parties are beyond the Administrator’s control. These entities may change their terms of service, privacy policies, data processing purposes, and methods of using cookies at any time.

§8 Types of Data Collected

The Website collects data about Users. Some data is collected automatically and anonymously, while other data consists of personal data voluntarily provided by Users when signing up for particular services offered by the Website.

Anonymous data collected automatically:

IP address

Browser type

Screen resolution

Approximate location

Website subpages opened

Time spent on a specific subpage

Type of operating system

Referrer page address

Referring site address

Browser language

Internet connection speed

Internet service provider

Data collected during service provision:

First and last name

Email address

Residential address

Telephone number

IP address (collected automatically)

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of the personal data provided by Users is the Administrator. Data collected as part of provided services is not transferred or sold to third parties.

Access to data (most often based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Website, i.e.:

Hosting companies providing hosting or related services to the Administrator

Companies intermediating online payments for goods or services offered via the Website (in case of purchases made on the Website)

Courier companies providing transport services through the Administrator, performed at the customer’s request

Data Processing by Hosting, VPS, or Dedicated Server Services

The Administrator uses the services of an external hosting, VPS, or Dedicated Server provider – Hostinger International Ltd. – to operate the Website. All data collected and processed on the Website is stored and processed in the provider’s infrastructure located within the European Union. There is a possibility of access to data due to maintenance work performed by the provider’s personnel. Access to such data is regulated by a contract concluded between the Administrator and the service provider.

Data Processing in the Case of Online Payments

In the case of online payments, all payment data is transmitted directly by the User to the entity processing the payment. Selected data necessary to complete the transaction is subsequently transferred by this entity to the Administrator. The transfer of data is regulated by a contract concluded between the Administrator and the service provider.

§10 Method of Processing Personal Data

Personal data voluntarily provided by Users:

Personal data will not be transferred outside the European Union.

Personal data will not be used for automated decision-making (profiling).

Personal data will not be resold to third parties.

Anonymous data (without personal data) collected automatically:

Anonymous data (without personal data) may be transferred outside the European Union.

Anonymous data (without personal data) will not be used for automated decision-making (profiling).

Anonymous data (without personal data) will not be resold to third parties.

§11 Legal Grounds for Personal Data Processing

The Website collects and processes Users’ data based on:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)

Art. 6(1)(a) – the data subject has given consent to the processing of his or her personal data for one or more specific purposes

Art. 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract

Art. 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

The Personal Data Protection Act of 10 May 2018 (Polish Journal of Laws 2018, item 1000)

The Telecommunications Law Act of 16 July 2004 (Polish Journal of Laws 2004 No. 171, item 1800)

Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)

§12 Personal Data Processing Period

Personal data voluntarily provided by Users:

As a general rule, the specified personal data is stored only for the duration of the Service provided via the Website by the Administrator. It is deleted or anonymized within 30 days after the service ends (e.g. deletion of a registered user account, unsubscribing from the Newsletter, etc.).

An exception is made in situations where further data processing is required to protect the Administrator's legitimate legal interests. In such cases, the Administrator may store the specified data for no longer than 3 years after the User requests its deletion, especially in case of a violation or suspected violation of the Website's Terms of Use by the User.

Anonymous data (non-personal data) collected automatically:

Anonymous statistical data that does not constitute personal data is stored indefinitely by the Administrator for the purpose of compiling website statistics.

§13 User Rights Related to Personal Data Processing

The Website collects and processes Users' data based on:

Right of access to personal data

Users have the right to obtain access to their personal data upon request submitted to the Administrator.

Right to rectify personal data

Users have the right to request immediate correction of inaccurate personal data and/or completion of incomplete personal data, upon request submitted to the Administrator.

Right to erasure of personal data

Users have the right to request immediate deletion of their personal data. For user accounts, this means anonymization of data that could identify the User. The Administrator reserves the right to delay the deletion request in order to protect its legitimate interests (e.g. if the User has violated the Terms of Use or the data was obtained during correspondence).

For the Newsletter service, the User can remove their personal data independently via a link included in every email.

Right to restrict processing of personal data

Users have the right to request restriction of processing in cases specified in Article 18 of the GDPR, e.g. if the accuracy of the data is contested, upon request submitted to the Administrator.

Right to data portability

Users have the right to receive their personal data from the Administrator in a structured, commonly used, machine-readable format, upon request.

Right to object to personal data processing

Users have the right to object to the processing of their personal data in cases outlined in Article 21 of the GDPR, upon request.

Right to lodge a complaint

Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.

§14 Contacting the Administrator

You may contact the Administrator in one of the following ways:

Postal address – F.H.U.P Adam Żaba "Chemal", Orzeszkowej 5, 42-242 Rędziny

Email address – noctisbdsm@gmail.com

Phone number – 735 367 906

Contact form – available at: https://noctis-bdsm.com/kontakt

§15 Website Requirements

Limiting the saving and access to Cookies on the User’s device may result in certain Website functions not working correctly.

The Administrator assumes no responsibility for improperly functioning Website features if the User restricts the ability to store or read Cookies.

§16 External Links

The Website – including articles, posts, entries, or user comments – may contain links to external websites not affiliated with the Website Owner. These links and the pages or files they lead to may be harmful to your device or pose a security risk to your data. The Administrator bears no responsibility for content found outside the Website.

§17 Changes to the Privacy Policy

The Administrator reserves the right to change this Privacy Policy at any time without notifying Users, specifically regarding the use of anonymous data or Cookies.

The Administrator also reserves the right to change the Privacy Policy regarding the processing of Personal Data, and will notify Users who hold accounts or are subscribed to the newsletter via email within 7 days of the change. Continued use of the services constitutes acknowledgment and acceptance of the updated Privacy Policy. If the User disagrees with the changes, they are obliged to delete their account or unsubscribe from the Newsletter.

Changes to the Privacy Policy will be published on this subpage of the Website.

The changes take effect upon their publication.