Privacy Policy

I. General Information

  1. This Privacy Policy defines the principles of processing and protection of personal data by Stellatarum sp. z o.o. (Polish Limited Liability Company).
  2. Whenever the Privacy Policy refers to "GDPR", it means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

II. Data Controller

The Data Controller is Stellatarum sp. z o.o. (Polish Limited Liability Company), with its registered office at Aleja Jana Pawła II 27, 00-867 Warsaw, Poland, registered in the Register of Entrepreneurs under number 0001131450 by the District Court for the Capital City of Warsaw, XIII Commercial Division of the Polish National Court Register (KRS), VAT-UE: PL5273134015, REGON: 529894031, with a share capital of 5000.00 PLN.

III. Security

  1. The Data Controller has implemented adequate technical and organizational measures to ensure the security of personal data processing. The Data Controller assures that the collected data is:
    1. processed lawfully, fairly, and in a transparent manner,
    2. collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes,
    3. accurate and relevant to the purposes for which they are processed,
    4. kept for no longer than necessary for the purposes of processing,
    5. processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  2. Security measures implemented by the Data Controller are continuously monitored and updated, while taking into consideration current technological best practices and the nature, scope, and purposes of processing.
  3. The Data Controller regularly tests, assesses, and evaluates the effectiveness of technical and organizational measures for ensuring the security of processing.

IV. Purposes and Scope of Data Collection

The Data Controller processes your personal data in the following ways:

  1. With your consent (legal basis: Article 6(1)(a) GDPR) for the purpose of:
    1. contact via remote communication tools, in particular: telephone, email, or applications,
    2. participation in webinars or online training,
    3. marketing of products and services of the Data Controller and the Data Controller's partners,
    4. sending Newsletters,
    5. storing data in cookies, as well as using cookies for proper website functioning.
  2. Based on Article 6(1)(b) GDPR for the purpose of:
    1. fulfillment of agreements and contracts,
    2. performing actions at the request of the data subject before or after contract conclusion, particularly regarding warranty rights, complaints, or withdrawal from distance contracts.
  3. Based on Article 6(1)(c) GDPR for the purpose of:
    1. issuing and storing invoices, bills, or fulfilling other tax and accounting obligations (archival obligation regarding accounting documents),
    2. creating registers and other documentation required by GDPR provisions.
  4. Based on Article 6(1)(f) GDPR (legitimate interest of the Data Controller) for the purpose of:
    1. proper contract execution, to be processed for the duration of the contract and resulting rights, e.g., right to complaint,
    2. operating the website stellatarum.com,
    3. ensuring website security, management, and operations,
    4. conducting website traffic statistics and analysis,
    5. direct marketing,
    6. settling claims made by or against the Data Controller,
    7. contacting you,
    8. managing Facebook, LinkedIn, TikTok, YouTube, Instagram, GitHub, X accounts and interacting with users of these platforms.

V. Data Retention Period

  1. The period for which the Data Controller processes data depends on the type of service provided and the purpose of processing. As a rule, data is processed for:
    1. the duration of service provision,
    2. until consent withdrawal,
    3. until an effective objection is raised against data processing in cases where the legal basis for data processing is the legitimate interest of the Data Controller.
  2. The data processing period may be extended when:
    1. processing is necessary for the establishment and pursuit of potential claims or defense against claims,
    2. it is required by applicable law provisions.
  3. After the processing period expires, the data is irreversibly deleted or anonymized.

VI. Rights of Data Subjects

  1. You have the following rights:
    1. right of access to data,
    2. right to rectification of the data,
    3. right to erasure of the data,
    4. right to restriction of data processing,
    5. right to data portability,
    6. right to withdraw consent to data processing,
    7. right to object to data processing,
    8. right to lodge a complaint with your local data protection supervisory authority in your country of residence.

VII. Information about Voluntary Data Provision

  1. Providing personal data is:
    1. voluntary for processing for marketing purposes,
    2. necessary for contract conclusion and execution of services provided by the Controller,
    3. required by law for accounting and tax documentation.
  2. Failure to provide data may result in:
    1. inability to provide services by the Data Controller,
    2. inability to issue accounting documents,
    3. inability to receive marketing information.

VIII. Data Transfer

  1. Your personal data may be transferred to the following categories of recipients:
    1. accounting office - to the extent necessary for accounting services and settlements,
    2. IT and hosting service providers - for maintaining technical infrastructure and data storage,
    3. law firms and legal service providers - for legal advice and pursuit of claims,
    4. banks and payment operators - for payment processing and settlements,
    5. marketing companies and advertising agencies - only with consent for marketing activities and to the extent necessary for these activities,
    6. correspondence and marketing materials shipping service providers - for communication activities.
  2. Data transfer takes place in accordance with the following principles:
    1. processing occurs only to the necessary extent,
    2. each entity processing data on behalf of the Data Controller provides appropriate security guarantees,
    3. all data processing entities are obligated to maintain confidentiality,
    4. an appropriate data processing agreement is concluded with each entity,
    5. the Data Controller requires cooperating entities to maintain an appropriate level of personal data protection security, compliant with GDPR and other data protection regulations.

IX. Transfer of Personal Data Outside the European Economic Area

  1. The Controller informs that due to the international nature of some technological solutions used, personal data may be transferred outside the European Economic Area (EEA).
  2. Considering that the level of personal data protection outside the EEA may differ from standards provided by European law, the Controller transfers personal data outside the EEA only when necessary, maintaining appropriate legal and organizational safeguards.
  3. The Controller ensures an adequate level of data protection through:
    1. cooperation with entities from countries for which the European Commission has issued an adequacy decision regarding personal data protection,
    2. implementation of standard contractual clauses approved by the European Commission in accordance with Article 46 of GDPR,
    3. application of Binding Corporate Rules approved by appropriate supervisory authorities and compliant with international certification standards.
  4. In special cases, personal data may be transferred outside the EEA based on your explicit consent, after prior information.

X. Automated Decision-Making and Profiling

  1. The Data Controller uses automated processing methods, including profiling, for marketing purposes which helps us deliver more relevant and personalized content. This means that:
    1. we analyze interests and preferences provided in contact and newsletter forms,
    2. based on this analysis, we automatically adjust marketing content sent to declared interests,
  2. The scope of profiling includes:
    1. interest categories declared in forms,
    2. interactions with previously sent content,
    3. preferences regarding types of products or services.
  3. Legal basis for profiling:
    1. processing is based on explicit consent (Article 6(1)(a) GDPR),
    2. you can withdraw consent at any time by:
      1. clicking the unsubscribe link in any marketing message,
      2. contacting privacy@stellatarum.com.
  4. Consequences of profiling:
    1. profiling only affects the type and frequency of marketing content received,
    2. does not affect service availability or prices,
    3. does not make fully automated decisions that would produce legal effects or similarly significantly affect you.
  5. Your rights related to profiling:
    1. right to object to profiling at any time,
    2. right to request human intervention,
    3. right to express your point of view,
    4. right to contest any automated decision.

XI. Contact Regarding Data Protection

For matters related to personal data protection, you can contact the Data Controller by sending an email to: privacy@stellatarum.com.

XII. Changes to the Privacy Policy

The Data Controller reserves the right to change this Privacy Policy. We will inform you about any changes through updates published on our website and, if you have consented to email communications, also through this medium.

Stellatarum sp. z o.o. (Polish Limited Liability Company)

Registered in the Register of Entrepreneurs under number 0001131450 by the District Court for the Capital City of Warsaw, XIII Commercial Division of the Polish National Court Register (KRS)

Registered office: Aleja Jana Pawła II 27, 00-867 Warsaw, Poland

VAT-UE: PL5273134015

REGON: 529894031

Share capital: 5000.00 PLN