PRIVACY POLICY

This Privacy Policy defines the rules for storing and accessing data on Users’ Devices when they use the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data submitted voluntarily through the tools available in the Service.

This Privacy Policy forms an integral part of the Service Terms and Conditions, which define the rules, rights, and obligations of Users of the Service.

§1 Definitions

Service – the online service "endlesshugs.com" operating at: https://endlesshugs.com
External Service – online services of partners, providers, or subcontractors cooperating with the Administrator
Service / Data Administrator – the Administrator of the Service and of personal data (“Administrator”) is Campeoni Michał Polak, registered at ul. Roztoki 3/25, 43-316 Bielsko-Biała, Poland, Tax ID (NIP): 5471991760, providing electronic services through the Service
User – a natural person using the Service and receiving electronic services from the Administrator
Device – an electronic device with software through which the User accesses the Service
Cookies – text data stored in files placed on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Personal Data – any information relating to an identified or identifiable natural person
Processing – any operation performed on personal data, whether automated or not
Restriction of processing – marking stored personal data to limit its processing
Profiling – automated processing of personal data to evaluate personal factors
Consent – voluntary, informed, and unambiguous agreement to process personal data
Personal data breach – a breach of security leading to accidental or unlawful loss, disclosure, modification, or unauthorized access
Pseudonymisation – processing data in a manner that prevents identification without additional information
Anonymisation – irreversible removal of personal identifiers, making identification impossible

§2 Data Protection Officer

Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For all matters related to personal data and processing activities, Users should contact the Administrator directly.

§3 Types of Cookies

Internal Cookies – placed and read by the Service
External Cookies – placed by external partners integrated with the Service
Session Cookies – stored during a single browsing session and deleted upon closing the browser
Persistent Cookies – stored until manually removed by the User

§4 Data Storage Security

The mechanisms used to store and read Cookies rely on standard browser functionality and do not enable the collection of additional data from the User’s Device. Internal Cookies used by the Administrator are safe and do not contain harmful code.

The Administrator strives to ensure that external partners placing Cookies through their scripts are reputable and trustworthy; however, the Administrator is not responsible for the content of Cookies originating from external services.

Users may configure their browser to manage or block Cookies at any time.

The Administrator applies technical and organizational measures to ensure that personal data is protected against loss, unauthorized access, or misuse. Passwords are stored in encrypted form following industry standards.

§5 Purposes of Using Cookies

Cookies may be used for:

• Improving and optimizing access to the Service

• Personalizing User experience

• Enabling login functionality

• Marketing and remarketing

• Advertising services

• Affiliate services

• Statistics and analytics

• Multimedia functionalities

• Social sharing services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users may be processed for:

• Account registration and maintenance

• Newsletter services (including marketing messages with consent)

• Social media sharing functions

• Communication between Administrator and Users

• Fulfilling legally justified interests of the Administrator

Automatically collected anonymized data may be processed for:

• Statistical analysis

• Remarketing

• Personalized advertising

• Affiliate programs

• Ensuring legitimate interests of the Administrator

§7 External Cookies

The Service uses third-party scripts and components that may store Cookies on Users’ Devices. These include, but are not limited to:

Social & Multimedia Services:

• Twitter

• Facebook

• Google+

Newsletter Services:

• MailChimp

Analytics:

• Google Analytics

Third-party providers control their own Cookies and may change their policies without notice.

§8 Types of Data Collected

Automatically collected anonymous data:

• IP address

• Browser type

• Screen resolution

• Approximate location

• Pages visited

• Time spent on individual pages

• Operating system

• Referring page

• Language settings

• Internet connection speed

• ISP information

Data collected during registration:

• Name / surname / pseudonym

• Username

• Email address

• Phone number

• IP address (automatic)

Newsletter subscription data:

• Name / surname / pseudonym

• Email address

• IP address

Commenting data:

• Name / surname / pseudonym

• Email address

• IP address

Some non-identifying data may be stored in Cookies or transferred to analytics providers.

§9 Access to Personal Data by Third Parties

Personal data is not sold or transferred to unrelated third parties.

Access to personal data may be granted to partners that support service operations, including:

• Newsletter service providers

• Online payment operators (e.g., Przelewy24)

• Courier and postal service providers (for product delivery)

Each such transfer is governed by a data processing agreement.

§10 Methods of Processing Personal Data

Voluntarily submitted personal data:

• Will not be transferred outside the EU unless published by the User (e.g., in comments)

• May be used in automated decision-making (profiling), but without legal or significant impact

• Will not be sold to third parties

Anonymous data:

• May be transferred outside the EU

• May be used for automated decision-making

• Will not be sold to third parties

§11 Legal Basis for Processing

The Service processes data under:

• GDPR Article 6(1)(a) – Consent

• GDPR Article 6(1)(b) – Contract performance

• GDPR Article 6(1)(f) – Legitimate interest

• Polish Data Protection Act (2018)

• Telecommunications Law (2004)

• Copyright Law (1994)

§12 Data Retention Period

Personal data:

Stored only for the duration of service use and deleted or anonymized within 30 days after termination.

In justified cases (e.g., regulatory or legal claims), the Administrator may retain data for up to 3 years.

Anonymous data:

Stored indefinitely for statistical purposes.

§13 User Rights

Users have the right to:

• Access their personal data

• Rectify inaccurate data

• Request deletion of data

• Restrict processing

• Transfer data in a machine-readable format

• Object to processing

• File a complaint with a supervisory authority

For Newsletter services, Users may unsubscribe at any time using the link provided in each email.

§14 Contact Information

Users may contact the Administrator via:

Email: contact@endlesshugs.com
Phone: +48 695 947 635

§15 Service Requirements

Blocking or limiting Cookies may cause the Service to malfunction. The Administrator is not responsible for improper operation caused by User-imposed restrictions.

§16 External Links

The Service may contain external links added by Users or authors. These may pose security risks, and the Administrator is not responsible for content outside the Service.

§17 Changes to the Privacy Policy

The Administrator may modify the Privacy Policy at any time with respect to anonymous data and Cookies.

If changes concern personal data processing, Users with accounts or Newsletter subscriptions will be notified by email within 7 days.

Continued use of the Service constitutes acceptance of the updated Policy. Users who do not agree must delete their account or unsubscribe.

Changes take effect upon publication on this page.