Privacy Policy (GDPR, US, and UK Compliance)

Effective from January 1, 2024
§1. Identity of the Data Controller

The Data Controller of the personal data provided during the use of the service at insideoutrenewalplan.com is Ewa Poplawska, located at Olszewskiego 18, 80-234 Gdansk, Poland. Contact details: email: ewa@insideoutrenewalplan.com.

Data is processed in accordance with the applicable laws, including:

  • General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679
  • California Consumer Privacy Act (CCPA)
  • UK Data Protection Act 2018

     

     

This Privacy Policy covers the processing of data from users of the website, as well as data collected through email contact or traditional correspondence, and from those who like and/or follow the Data Controller’s social media pages.

§2. Definitions

The following definitions are used in this policy:

  • Service: The website accessible at insideoutrenewalplan.com through which users can browse content, contact the data controller (via forms), and subscribe to marketing information (newsletter).
  • Data Controller: Ewa Poplawska, located at Olszewskiego 18, 80-234 Gdansk, Poland. Contact details: email: ewa@insideoutrenewalplan.com
  • User: An individual whose data is processed and who uses the services available on the Service.
  • Personal Data: Any information that can lead to the identification of an individual, including identification, address, and contact information.
§3. Purposes of Processing Personal Data

The Data Controller processes personal data only when permitted by law, including:

  • To use the digital product, based on Article 6(1)(b) GDPR.
  • To take action upon the request of the data subject, such as responding to questions via electronic communication or handling traditional correspondence, based on Article 6(1)(b) GDPR.
  • To send requested marketing information electronically (newsletter) to the provided email address, based on the data subject’s consent (Article 6(1)(a) GDPR).
  • For the marketing of the Data Controller’s products and services through traditional means, based on the legitimate interests of the Data Controller (Article 6(1)(f) GDPR).
  • To pursue legal claims, based on Article 6(1)(f) GDPR.


Providing personal data is necessary to perform a distance contract, including providing the digital product, pursuing claims, and responding to inquiries. Providing data in other areas is voluntary but necessary for specific activities.

§4. Methods of Data Collection

Personal data is collected directly from data subjects through:

  • Completing a contact form on the website.
  • Signing up for the newsletter.
  • Providing data to prepare and conclude a contract.
  • Direct contact with the Data Controller using contact details available on the website.
§5. Scope of Processed Data

The scope of processed personal data is limited to the minimum necessary to provide services:

  • Contact form inquiries or direct contact: phone number, email address, name, and any additional data provided voluntarily.
  • Newsletter subscription: name and email address.
§6. Data Processing Period

The processing period depends on the purpose for which the data was collected:

  • For sending electronic marketing information (newsletter) until consent is withdrawn, without affecting the lawfulness of processing based on consent before its withdrawal.
  • For answering inquiries via contact form or phone, for no longer than 6 months unless a contract is concluded with the Data Controller.
  • For pursuing claims, according to the local statutes of limitations, typically six years, or three years for periodic claims and those related to business activities.
§7. Data Recipients

User personal data may be entrusted to other entities to perform services on behalf of the Data Controller, including:

  • Website hosting providers.
  • IT system maintenance and automation of newsletters.
  • Office service providers.


Personal data may also be shared with entities supporting the Data Controller, such as online payment processors, if necessary for order handling or contract performance.

Data may be processed outside the European Economic Area, particularly in the United States, due to the use of IT solutions with servers located outside the EEA. The basis for such processing will be the European Commission’s Standard Contractual Clauses.

§8. Social Media Pages
  1. The Data Controller is also a joint controller of the data of their followers on social media pages. The primary controller of social media data is the respective social media platform (e.g., Meta Platforms Ireland Limited for Facebook).
§9. Data Subject Rights

Individuals whose data is processed have the right to:

  • Access their personal data, including obtaining a free copy of the data.
  • Rectify their data.
  • Erase their data, unless other laws require the Data Controller to archive the data.
  • Transfer their data, if the processing is based on a contract or consent and is carried out automatically.
  • Withdraw consent for data processing, without affecting the lawfulness of processing before the withdrawal.
  • Object to data processing based on legitimate interests, and to restrict processing.
  • Not be subject to automated decision-making, including profiling.
  • Control data processing and obtain information about the Data Controller and the purpose, scope, and method of processing.


To exercise these rights, contact the Data Controller.

Individuals also have the right to lodge a complaint with the relevant data protection authority in their country (e.g., the Information Commissioner’s Office in the UK, or the Federal Trade Commission in the US) if data processing violates applicable data protection laws.

§10. Final Provisions

Changes to this Privacy Policy will be implemented as required by technical solutions or changes in privacy laws and will take effect 14 days after being published on the Service’s website.

Copyright 2024 InsideOutRenewalPlan.com – Privacy PolicyDisclaimer