Privacy Policy​

1. General Information

1. This policy applies to the Website operating at the URL: bisc.krakow.pl
2. The operator of the service and the Personal Data Administrator is: BRITISH INTERNATIONAL SCHOOL OF CRACOW LIMITED LIABILITY COMPANY, Smoleńsk 25, 31-108 Kraków, NIP: 6762062787, KRS: 0000120946
3. The operator’s contact email address: school@bisc.krakow.pl
4. The Operator is the Administrator of your personal data with respect to the data voluntarily provided in the Service.
5. The Service uses personal data for the following purposes:
   • Running a newsletter
   • Operating a classified advertisements system
   • Debt collection
   • Handling inquiries through the contact form
   • Providing ordered services
   • Presenting offers or information
6. The Service performs functions of obtaining information about users and their behavior in the following ways:
   1. Through data voluntarily entered in forms, which are entered into the Operator’s systems.
   2. By storing cookies on end-user devices (so-called “cookies”).

2. Selected Data Protection Methods Used by the Operator

1. Login areas and places where personal data is entered are protected in the transmission layer (SSL certificate). As a result, personal data and login data entered on the website are encrypted on the user’s computer and can only be read on the target server.
2. User passwords are stored in hashed form. The hashing function operates in a one-way manner – it is not possible to reverse it, which is currently the modern standard for storing user passwords.
3. To minimize the risk of unauthorized access to data, the Operator uses complex passwords containing lowercase and uppercase letters, numbers, and special characters, with a minimum length of 8 characters.
4. An important element of data protection is the regular updating of all software used by the Operator for processing personal data, which in particular means regular updates of programming components.

3. Hosting

1. The Service is hosted (technically maintained) on the operator’s server: seohost.pl
2. The hosting company maintains server-level logs to ensure technical reliability. The following may be recorded:
   • resources identified by URL (addresses of requested resources – pages, files),
   • time of request arrival,
   • time of response sent,
   • client station name – identification performed via HTTP protocol,
   • information about errors that occurred during HTTP transaction execution,
   • URL of the page previously visited by the user (referer link) – if access to the Service occurred via a link,
   • information about the user’s browser,
   • information about the IP address,
   • diagnostic information related to the process of ordering services independently via recorders on the website,
   • information related to the handling of e-mail correspondence addressed to the Operator and sent by the Operator.

4. Your Rights and Additional Information on the Use of Data

1. In order to fulfill obligations arising from personal data protection regulations and to ensure real protection of data, the Operator has appointed a Data Protection Officer.
2. The Data Protection Officer is: Artur Domagała, electronic contact: bhp.iod.domagala@o2.pl
3. In certain situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform a contract concluded with you or to fulfill obligations incumbent on the Administrator. This applies to such groups of recipients:
   • hosting companies under a data processing agreement
   • postal operators
   • law firms and debt collection agencies
   • payment operators
   • authorized employees and associates who use data to achieve the website’s operational objectives
   • insurers
   • banks
   • public authorities
   • online chat solution operators
   • companies providing marketing services to the Administrator
4. Your personal data processed by the Administrator will not be stored longer than necessary to perform activities related to them specified by separate regulations (e.g., accounting regulations). In relation to marketing data, the data will not be processed for longer than 3 years.
5. You have the right to request from the Administrator:
   • access to your personal data,
   • rectification,
   • deletion,
   • restriction of processing,
   • and data portability.
6. You have the right to object to processing indicated in point 3.3 c) regarding the processing of personal data for the purpose of legitimate interests pursued by the Administrator, including profiling. However, the right to object cannot be exercised if there are valid legitimate grounds for processing overriding your interests, rights, and freedoms, particularly the establishment, pursuit, or defense of claims.
7. You have the right to lodge a complaint against the Administrator with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
8. Providing personal data is voluntary but necessary to use the Service.
9. Automated decision-making processes, including profiling, may be applied to you in order to provide services under the concluded agreement and for direct marketing conducted by the Administrator.
10. Personal data may be transferred to third countries within the meaning of personal data protection regulations. This means that we may transfer them outside the European Union.

5. Information in Forms

1. The Service collects information voluntarily provided by the user, including personal data, if provided.
2. The Service may record information about connection parameters (timestamp, IP address).
3. In some cases, the Service may store information facilitating linking the data in the form with the email address of the user completing the form. In such a case, the user’s email address appears within the URL of the page containing the form.
4. Data provided in the form is processed for the purpose resulting from the function of the specific form, e.g., to handle a service request, commercial contact, service registration, etc. Each time, the context and description of the form clearly indicate its purpose.

6. Administrator Logs

1. Information about user behavior on the website may be logged. This data is used for website administration.

7. Important Marketing Techniques

1. The Operator uses statistical analysis of website traffic through Google Analytics (Google Inc., USA). The Operator does not transfer personal data to the operator of this service, only anonymized information. The service is based on the use of cookies on the user’s device. Regarding information about user preferences collected by the Google advertising network, users can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/
2. The Operator uses the Facebook Pixel. This technology allows Facebook (Facebook Inc., USA) to know that a registered person uses the Service. It is based on data for which Facebook itself is the administrator; the Operator does not transfer any additional personal data to Facebook. The service is based on the use of cookies on the user’s device.
3. The Operator uses remarketing techniques that allow advertising messages to be tailored to the user’s behavior on the website, which may give the impression that the user’s personal data is used to track them. In practice, however, no personal data is transferred from the Operator to advertising operators. The technological condition for such activities is enabled cookie support.
4. The Operator uses solutions automating the operation of the Service in relation to users, e.g., sending an email to a user after visiting a specific subpage, provided that the user has consented to receiving commercial correspondence from the Operator.
5. The Operator may use profiling within the meaning of personal data protection regulations.

8. Information About Cookies

1. The Service uses cookies.
2. Cookies are IT data, in particular text files, stored on the user’s device and intended for use with the website. Cookies usually contain the name of the website they originate from, the time they are stored on the user’s device, and a unique number.
3. The entity placing cookies on the user’s device and accessing them is the Service operator.
4. Cookies are used for the following purposes:
   1. maintaining a user session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage;
   2. implementing the purposes specified above in the section “Important marketing techniques”.
5. Within the Service, two main types of cookies are used: “session cookies” and “persistent cookies”. Session cookies are temporary files stored on the user’s device until logging out, leaving the website, or closing the browser. Persistent cookies are stored on the user’s device for the time specified in the cookie parameters or until deleted by the user.
6. Web browsing software (internet browser) usually allows cookies to be stored on the user’s device by default. Users of the Service can change these settings. The browser allows cookies to be deleted and also automatically blocked. Detailed information can be found in the browser’s help or documentation.
7. Restrictions on the use of cookies may affect some functionalities available on the Service’s website.
8. Cookies placed on the user’s device may also be used by entities cooperating with the Service operator, in particular companies such as Google (Google Inc., USA), Facebook (Facebook Inc., USA), and Twitter (Twitter Inc., USA).

9. Managing Cookies – How to Express and Withdraw Consent in Practice?

1. If the user does not want to receive cookies, they can change browser settings. Please note that disabling cookies necessary for authentication, security, and maintaining user preferences may make it difficult or, in extreme cases, impossible to use the website.
2. To manage cookie settings, select the browser you use from the list below and follow the instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

   Mobile devices:

   • Android
   • Safari (iOS)
   • Windows Phone