Privacy Policy

1. Who is the Administrator of my personal data?

The administrator of your personal data, i.e. the entity that decides on the purposes and methods of their processing, is Dorota Ilczuk, Austrasse 28, 8045 Zurich, UID: CHE-308.780.863

2. How I can relate to you  come into contact with  matters relating to With personal  information?

If you wish to contact us regarding the processing of your personal data, you may do so: 

a) by e-mail at: hello@dorisilczuk.com 
b) In writing – by snail mail at: Dorota Ilczuk, Austrasse 28, 8045 Zurich

3. In what situations you process my personal information?

We process your personal data whenever:
– you use our Services and the Service, in particular when you create a User Account and order our Products and Free Products,
– you take part in the training, competitions and promotional actions we organize,
– you contact us by e-mail,
– we sometimes ask our customers to participate in market research. Any personal information used for research will only be used with your consent, we may use the information we collect to test, research, analyze and develop products. This allows us to improve and enhance the safety and security of our services, develop new features and products,
– in certain cases, there may be a need to use your data to resolve legal disputes, in the case of official proceedings, in matters related to compliance with the law,
– for this purpose, we may process certain personal data such as your name, surname, date of birth, data on the use of our services, if claims arise from the way you use our services, other data necessary to prove the existence of the claim, including the extent if the damage suffered,
– we may also process your personal data when we send you the Newsletter (provided you have given us prior consent),
– we also process your personal data when we send you marketing information about us or our business partners (provided you have given us prior consent).

4. Do I have to give you my data?

The provision of data is voluntary, but some of your data may be necessary for the use and proper provision of our services.
– In addition, some of your data is necessary so that we can comply with the requirements set by law, as mentioned below.
– If you enter into a contract with us, the provision of data is necessary for the performance of this contract.

5. What data are you processing?

We process only those data that are necessary for the purpose for which they were collected. Depending on the type of service provided, the scope of data may be different:
1) If you enter into a contract with us we process your personal data such as – name, contact details and payment details.
2) If you participate in contests we organize, we process, among other things, your name, phone, email address, and in some cases your bank account number if you have won a cash prize.
3) If you use our electronic services (create an account on the Website), we process your data to enable you to log into your User Account.
4) If you have given us permission to send you Newsletter and marketing information we process, among other things, your name and email address.
5) If we issue a sales document to you then we process such data as your name, surname, company address (registered office), PESEL number or NIP/KRS number.
6) If we communicate with you electronically or through the use of telecommunications terminal equipment and automatic calling systems (after your prior consent to such communication) then (depending on the form of communication) we process such data as: your name, telephone number, e-mail address.

6. For what purpose you process my data?

We process your personal data in order to take action at your request (e.g., to respond to an inquiry or demand), for the purpose necessary to conclude and perform a contract or provide service, including handling any complaints, grievances, or claims arising from concluded contracts.

The processing of some of your personal data is also necessary in order for us to fulfill our obligations under the law, such as those
relating to the obligation to store certain data for a certain period of time, the collection of certain information for the purpose of verification and identification of the user, or the transfer of data to authorized authorities or entities, such as those arising from:

1) Act of 29.09.1994 on accounting,
2) Law of 11.03.2004 on tax on goods and services,
3) Law of 16.11.2000 on prevention of money laundering and financing of terrorism,

If we decide to process your data for a different purpose than we collected it for, we will inform you of this and ask for your consent, if required by law.

7. Cookies

To a limited extent, we may collect personal information automatically through cookies on our websites.

Cookies are small text files stored on a user’s computer or other mobile device when the user uses websites. These files are used, among other things, for the use of various functions provided for on a given website or to confirm that a given user has seen certain content from a given website. Among cookies, we distinguish those that are necessary for the operation of dorisilczuk.com and dorisilczuk.pl websites.
– cookies with data entered by the user (session ID) for the duration of the session (user input cookies)
– authentication cookies used for services that require authentication for the duration of the session (authentication cookies)
– security cookies, such as those used to detect authentication abuse (user centric security cookies)
– multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies)
– persistent cookies used to personalize the user interface for the duration of the session or slightly longer (user interface customization cookies).
– cookies used for monitoring website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User, nor does it combine this information to enable identification.

By using the Site, you consent to the placement of the cookies described above on your computer or other device. However, it is possible to control and manage the installed cookies. Please note, however, that removing or blocking cookies may affect your use of the Site, as some areas of the Site may become inaccessible. The Administrator stipulates that after rejecting cookies, some of the functions offered by the Services may not work properly, and even in some cases it involves the complete inability to use the selected product.

8. On what basis legally you process my data?

We process Personal Data in accordance with applicable laws and regulations, in particular in accordance with the provisions of the Regulation (RODO) on Personal Data.

The legal basis for processing your data is:
– your consent or
– processing your application or request, or
– conclusion and execution of the contract, or
– realization of the legitimate interests of the Administrator or
– our fulfillment of our obligations under applicable laws and regulations.

9. How long will you process my data?

For individual cases, the processing time is as follows:
1) in case we process your data on the basis of a contract, the processing will last as long as the contract lasts and the statute of limitations for possible claims,
2) if you have consented to processing for a specific purpose, we will process your personal data until you revoke your consent, after which we will delete it immediately,
3) data that we process on the basis of the legitimate interest of the controller – the period of processing lasts until the aforementioned interest ceases to exist (e.g. the statute of limitations for civil law claims) or until the data subject objects to further such processing – in situations where such an objection is entitled under the law,
4) we will process data processed in order for us to comply with our obligations under applicable laws and regulations for as long as those laws and regulations require.

10. Who are the recipients of the data?

Recipients of the data are persons authorized by the Administrator to use the data in the performance of their official duties, to whom the Administrator orders such activities.

In certain situations, we have the right to transfer your data if necessary so that we can perform our services, meet our obligations and properly comply with applicable laws.

In performing some of the tasks (including document destruction, data storage, accounting and payroll services, legal services, marketing services, IT services), we use external entities. In justified cases, the relevant authorities will also receive them from us.

In this case, we entrust personal data to subcontracted entities in the performance of a specific purpose on our behalf (based on a Data Entrustment Agreement), while still remaining the Controller of your data and responsible for its security.

We will only provide data to three groups:
1) persons authorized by us, our employees and associates who need to have access to the data to properly perform their duties,
2) to processors to whom we outsource this task in fulfillment of a specific purpose (e.g., accounting office, law firm, IT company),
3) other recipients of data (e.g. law enforcement agencies, banks in the event of a request by them to provide information relying on the relevant legal basis in accordance with the provisions of applicable law).

11. Whether and to whom you make available my data?

We do not share your data with third parties or entities, except:
1) you have voluntarily consented to such sharing. The consent
previously given may be revoked by you at any time, just as easily as it was given.
2) sharing is necessary for the performance of the contract or the provision of the service.
3) in specific cases, your data may be made available to entities authorized to do so under generally applicable laws (e.g. law enforcement agencies, an auditor for the purpose of auditing
financial statements).
 
Each request for access is thoroughly investigated by us, and the transfer of data occurs only if, as a result of this analysis, we determine that there is a valid and effective legal basis for requesting disclosure of your data to these entities.

12. Do we transfer personal data outside of European Union countries?

Our partners are mainly based in Poland and other countries in the European Economic Area (EEA). Some of our suppliers are based outside the EEA. In connection with the transfer of your data outside the EEA, we have ensured that our suppliers provide guarantees of a high level of protection of personal data. We minimize the extent of data sent outside the EEA. At the same time, we verify in the case of application of the SCC whether there is a risk of a data breach by these entities outside the EEA, among other things, what their data security process is like and whether the shared data could potentially be of interest to third countries.

13. How do you protect my data?

The Administrator shall make every effort to provide physical, technical and organizational measures to protect personal data from accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable laws.

14. What are my entitlements and how can I use them?

The Administrator shall make every effort to provide physical, technical, and organizational measures to protect personal data from accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable laws.

What are my entitlements and how can I use them?
You have the following rights in connection with the processing of your personal data:

  1. Right to information regarding the processing of your personal data – the so-called information obligation (pursuant to Articles 12 and 13 of the RODO).
  2. Right of access to the content of your personal data (pursuant to Article 15 of the RODO).
  3. Right to rectification of your personal data (pursuant to Article 16 of the RODO) – correction of incorrect data and completion of incomplete data.
  4. Right to restrict processing of your personal data (pursuant to Article 18 of the RODO).
  5. Right to data portability – request the transfer of your personal data to another Controller (pursuant to Article 20 of the RODO).
  6. Right to object to the processing of your data on grounds related to your particular situation (pursuant to Article 21(1) of the RODO).This right is not absolute – despite your objection, we may still process your data if we demonstrate valid, legitimate grounds that override your rights and freedoms, or for the establishment, exercise, or defense of claims.
  7. Right to object to direct marketing – to the extent that the processing is related to such marketing. This objection requires no justification or conditions of effectiveness. In such a case, we will no longer process your personal data for direct marketing purposes.

    Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

  1. Right to erasure of your personal data (pursuant to Article 17 of the RODO) – the so-called right to be forgotten.
    You may exercise this right, for example, when:
    a) The Administrator processes your personal data unlawfully.
    b) You object to the processing of data for marketing purposes.
    c) The data must be deleted to comply with a legal obligation.

    How to exercise your rights:
    You can exercise the above rights by making a statement to us (the Data Controller):

    – By e-mail: hello@dorisilczuk.com
    – By mail:     Dorota Ilczuk, Austrasse 28, 8045 Zurich

  2. Right to lodge a complaint: You also have the right to file a complaint with the supervisory authority – the President of the Office for Personal Data Protection (formerly GIODO).

15. How do we update our privacy policy?

We may update this policy from time to time. If we make material changes, we will notify you by email. To the extent permitted by applicable law, your use of our services after such notification constitutes your consent to updates to this policy.

We encourage you to periodically review this policy for the latest information on our privacy practices. We also make previous versions of our privacy policy available for review.

The Policy is revised on an ongoing basis. The current version of the Policy was adopted and is effective as of January 01, 2025. Archived versions of this document can be found on our website.