Privacy Policy

This Privacy Policy defines the rules for storing and accessing data on Users’ Devices who use the Website in order to provide services electronically by the Administrator and the rules for collecting and processing Users’ personal data, which have been provided by them personally and voluntarily via tools available on the Website.

§1 Definitions

• Website – the “SUKHOTHAI Thai Massage” website operating at https://sukhothai.waybetter.dev/

• External Service – websites of partners, service providers or contractors cooperating with the Administrator

• Website / Data Administrator – the Administrator of the Website and the Data (hereinafter Administrator) is the company “SUKHOTHAI SUCHADA ZUREK”, operating at: ul. Miodowa 21/4, 31-055 Kraków, Poland, NIP: 6762412431, providing electronic services through the Website

• User – a natural person for whom the Administrator provides electronic services through the Website

• Device – an electronic device with software through which the User accesses the Website

• Cookies – text data collected in the form of files placed on the User’s Device

• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

• Personal Data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

• Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

• Restriction of Processing – means the marking of stored personal data with the aim of limiting their processing in the future

• Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

• Consent – consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

• Personal Data Breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

• Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

• Anonymisation – anonymisation of data is an irreversible process of operations on data that destroys or overwrites “personal data” making it impossible to identify or associate the data record with a specific user or natural person

§2 Data Protection Officer

According to Article 37 of GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

• Internal Cookies – files placed and read from the User’s Device by the Website’s IT system

• External Cookies – files placed and read from the User’s Device by the IT systems of External Services. Scripts of External Services which may place cookies on the User’s Devices are intentionally placed in the Website via scripts and services shared and installed on the Website

• Session Cookies – files placed and read from the User’s Device by the Website or External Services during one session of the Device. After the session ends, the files are deleted from the User’s Device

• Persistent Cookies – files placed and read from the User’s Device by the Website or External Services until they are manually deleted. Files are not deleted automatically after the session ends unless the User’s Device is configured to delete cookie files after each session

§4 Data Storage Security

• Mechanisms for storing and reading Cookie files – the mechanisms for storing, reading and exchanging data between Cookies placed on the User’s Device and the Website are implemented via built-in browser mechanisms and do not allow other data from the User’s Device or data from other websites visited by the User to be retrieved, including personal or confidential information. The transfer of viruses, trojan horses and other worms to the User’s Device is also practically impossible

• Internal Cookies – cookies applied by the Administrator are safe for Users’ Devices and do not contain scripts, content or information that may threaten the security of personal data or the Device used by the User

• External Cookies – the Administrator takes all possible steps to verify and select the Website’s partners in the context of Users’ security. The Administrator chooses well-known, large partners with global public trust. However, the Administrator does not have full control over the content of cookies from external partners. To the extent permitted by law, the Administrator is not responsible for the security of cookies, their content or their licensed use by scripts originating from External Services. A list of partners is provided in a later section of this Privacy Policy

• Cookie control

  • The User may, at any time, independently change the settings concerning the saving, deleting and accessing of cookies data for each website

  • Information on how to disable cookies in the most popular desktop browsers is available at: how to disable cookies or from the following providers:

    • Managing cookies in Chrome
    • Managing cookies in Opera
    • Managing cookies in Firefox
    • Managing cookies in Edge
    • Managing cookies in Safari
    • Managing cookies in Internet Explorer 11

  • The User may delete all previously saved cookies at any time using the tools of the User’s Device through which the User uses the Website

• User-side risks – The Administrator applies all possible technical measures to ensure the security of data placed in cookies. However, ensuring this security depends on both parties, including the User’s activities. The Administrator is not responsible for data interception, session impersonation or deletion as a result of conscious or unconscious User activity, viruses, trojans or spyware that may have infected the User’s Device. Users should follow recommendations for safe internet use

• Personal data storage – The Administrator ensures that every effort is made to keep the voluntarily provided personal data secure, access is limited and used in accordance with the intended purpose. The Administrator also ensures that all efforts are made to protect the data against loss, using appropriate physical and organizational safeguards

§5 Purposes for Using Cookies

• Improving and facilitating access to the Website
• Personalizing the Website for Users
• Enabling login to the Website
• Marketing, remarketing on external platforms
• Ad serving services
• Affiliate services
• Statistical tracking (users, visits, device types, connection types, etc.)
• Serving multimedia content
• Providing social services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Provision of electronic services:
  • User account registration and maintenance and related functionalities
  • Newsletter service (including sending advertising content with consent)
  • Sharing content from the Website on social networks or other websites
• Administrator’s communication with Users regarding the Website and data protection
• Ensuring the Administrator’s legitimate interests

Anonymous and automatically collected User data is processed for one of the following purposes:

• Statistical analysis
• Remarketing
• Serving ads tailored to User preferences
• Affiliate program support
• Ensuring the Administrator’s legitimate interests

§7 External Service Cookies

The Administrator uses JavaScript scripts and web components of partners who may place their own cookies on the User’s Device. Remember that in your browser settings, you can decide which cookies may be used by each website. Below is a list of partners or their services implemented on the Website that may place cookies:

• Multimedia services:
  • YouTube
• Social / integrated services:
  (Registration, Login, content sharing, communication, etc.)
  
  • Twitter
  • Facebook
  • Google+
• Newsletter services:
  • MailChimp
• Ad serving and affiliate networks:
  • MyLead
• Statistics:
  • Google Analytics

Services provided by third parties are beyond the Administrator’s control. These entities may change their terms of service, privacy policies, data processing purposes and ways of using cookies at any time.

§8 Types of Collected Data

The Website collects data about Users. Some data is collected automatically and anonymously, while some are personal data voluntarily provided by Users when signing up for specific services offered by the Website.

Anonymous data collected automatically:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Visited subpages
• Time spent on specific subpages
• Operating system
• Previous subpage address
• Referring page address
• Browser language
• Internet connection speed
• Internet service provider

Data collected during registration:

• First and last name / nickname
• Login
• Email address
• IP address (collected automatically)

Data collected during newsletter sign-up:

• First and last name / nickname
• Email address
• IP address (collected automatically)

Data collected when posting a comment:

• First and last name / nickname
• Email address
• Website address
• IP address (collected automatically)

Some data (without identifying information) may be stored in cookies. Some data (without identifying information) may be transmitted to statistical service providers.

§9 Access to Personal Data by Third Parties

As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected within the provided services is not transferred or resold to third parties.

Entities responsible for maintaining the infrastructure and services necessary to operate the Website may have access to data (usually based on a Data Processing Agreement), including:

• Hosting companies providing hosting or related services to the Administrator

Data Processing – Newsletter

To provide the Newsletter service, the Administrator uses a third-party service – MailChimp. Data entered into the newsletter subscription form is transferred to, stored, and processed by this external provider.

Please note that this partner may modify their privacy policy without the Administrator’s consent.

Data Processing – Hosting, VPS or Dedicated Servers

To operate the Website, the Administrator uses an external hosting, VPS, or Dedicated Server provider – AttHost sp. z o.o.. All data collected and processed on the Website is stored and processed within the provider’s infrastructure located in Poland. Access to data may occur during maintenance work performed by the provider’s staff. Access is regulated by a contract between the Administrator and the provider.

§10 Method of Personal Data Processing

Personal data voluntarily provided by Users:

• Personal data will not be transferred outside the European Union, unless published as a result of individual User action (e.g., posting a comment or entry), which makes the data available to any person visiting the Website.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be resold to third parties.

Anonymous data (without personal data) collected automatically:

• Anonymous data (without personal data) will be transferred outside the European Union.
• Anonymous data (without personal data) will not be used for automated decision-making (profiling).
• Anonymous data (without personal data) will not be resold to third parties.

§11 Legal Basis for Personal Data Processing

The Website collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR):
  • Article 6(1)(a)
    the data subject has given consent to the processing of their personal data for one or more specific purposes
  • Article 6(1)(b)
    processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract
  • Article 6(1)(f)
    processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• Act of May 10, 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
• Act of July 16, 2004 – Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
• Act of February 4, 1994 on copyright and related rights (Journal of Laws 1994 No. 24, item 83)

§12 Data Processing Duration

Personal data voluntarily provided by Users:

As a rule, such personal data is stored only for the duration of service provision by the Administrator. It is deleted or anonymized within 30 days from the end of service provision (e.g., deletion of a user account, unsubscription from the Newsletter, etc.).

Exceptions may apply where further processing is required to protect the Administrator’s legitimate interests. In such cases, data will be stored for up to 3 years from the moment of a User’s deletion request, in cases of violations or suspected violations of the Website’s regulations.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data not constituting personal data is stored by the Administrator for an indefinite period for Website statistics purposes.

§13 User Rights Regarding Personal Data

The Website collects and processes User data based on:

• Right to access personal data
  Users have the right to access their personal data, exercised by request to the Administrator.

• Right to rectify personal data
  Users have the right to request immediate correction of inaccurate or incomplete personal data by request to the Administrator.

• Right to delete personal data
  Users have the right to request the immediate deletion of their personal data by the Administrator.
  For user accounts, data deletion means anonymization of identifiable data. The Administrator reserves the right to delay data deletion to protect its legitimate interests (e.g., when the User has violated the Terms of Service or data was obtained during correspondence).
  For the Newsletter service, Users can independently delete their personal data using the unsubscribe link provided in every email.

• Right to restrict data processing
  Users have the right to restrict data processing in cases outlined in Article 18 of the GDPR, including contesting the accuracy of personal data, by request to the Administrator.

• Right to data portability
  Users have the right to obtain from the Administrator their personal data in a structured, commonly used, machine-readable format, by request to the Administrator.

• Right to object to data processing
  Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, by request to the Administrator.

• Right to lodge a complaint
  Users have the right to lodge a complaint with a supervisory authority for personal data protection.

§14 Contacting the Administrator

The Administrator can be contacted in one of the following ways:

• Postal address – SUKHOTHAI SUCHADA ZUREK, ul. Miodowa 21/4, 31-055 Kraków

• Email address – sukhothai@tajskimasazkrakow.pl

• Phone call – 573994499

• Contact form – available at: /kontakt

§15 Website Requirements

• Limiting the saving and access to Cookies on the User’s Device may cause some Website functions to malfunction.

• The Administrator is not liable for improperly functioning Website features if the User limits the ability to save and read Cookies.

§16 External Links

In the Website – in articles, posts, entries, or User comments – there may be links to external websites with which the Website Owner does not cooperate. These links and the sites or files they lead to may pose a risk to your Device or data security. The Administrator is not responsible for content located outside the Website.

§17 Changes to the Privacy Policy

• The Administrator reserves the right to modify this Privacy Policy at any time without notifying Users, regarding the use of anonymous data or Cookies.

• The Administrator reserves the right to modify this Privacy Policy regarding personal data processing, of which it will inform Users with accounts or subscribed to the newsletter, via email within 7 days of changes. Continued use of services constitutes acknowledgment and acceptance of the new Privacy Policy. If a User disagrees with the changes, they must delete their account or unsubscribe from the Newsletter.

• Changes to the Privacy Policy will be published on this Website subpage.

• Changes take effect upon publication.