Privacy Policy

The following Privacy Policy defines the rules for storing and accessing data on Users’ Devices when using the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing personal data voluntarily provided by Users through the tools available in the Service.

This Privacy Policy forms an integral part of the Terms of Service, which sets out the rules, rights, and obligations of Users of the Service.


§1 Definitions

  • Service – the website “u373110.stronazen.pl/” operating at https://decodethefuture.org/
  • External Service – websites of partners, service providers, or clients cooperating with the Administrator
  • Service / Data Administrator – the Administrator of the Service and of personal data (hereinafter: Administrator) is the individual “Ignacy Kwiecień,” residing in Kraków, providing electronic services through the Service
  • User – an individual for whom the Administrator provides electronic services through the Service
  • Device – an electronic device with software through which the User accesses the Service
  • Cookies – text data collected in the form of files placed on the User’s Device
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
  • Personal Data – information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person
  • Processing – any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
  • Restriction of Processing – the marking of stored personal data with the aim of limiting their future processing
  • Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements
  • Consent – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
  • Personal Data Breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed
  • Pseudonymisation – the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
  • Anonymisation – an irreversible process of operations on data that destroys or overwrites personal data, making it impossible to identify or link a given record to a specific user or natural person

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For all matters relating to data processing, including personal data, please contact the Administrator directly.


§3 Types of Cookies

  • Internal Cookies – files placed on and read from the User’s Device by the Service’s own IT systems
  • External Cookies – files placed on and read from the User’s Device by the IT systems of External Services. Scripts from External Services that may place cookies on Users’ Devices have been intentionally included in the Service through scripts and services installed therein
  • Session Cookies – files placed on and read from the User’s Device by the Service during a single session of that Device. These files are deleted from the User’s Device when the session ends
  • Persistent Cookies – files placed on and read from the User’s Device by the Service until they are manually deleted. These files are not automatically deleted when the Device session ends, unless the User’s Device is configured to delete cookies upon session termination

§4 Data Storage Security

  • Cookie Storage and Reading Mechanisms – The mechanisms for storing, reading, and exchanging data between cookies saved on the User’s Device and the Service are implemented through built-in browser mechanisms and do not allow retrieval of other data from the User’s Device or from other websites the User has visited, including personal data or confidential information. The transfer of viruses, trojans, or other worms to the User’s Device through this process is also practically impossible.
  • Internal Cookies – The cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that could pose a risk to personal data security or to the security of the User’s Device.
  • External Cookies – The Administrator takes all possible steps to verify and select Service partners with User security in mind, choosing well-known, large partners with global public trust. However, the Administrator does not have full control over the content of cookies originating from external partners and, to the extent permitted by law, bears no responsibility for their security, content, or lawful use by scripts installed in the Service from External Services. A list of partners is provided later in this Privacy Policy.
  • Cookie Control:
    • Users may at any time independently change their settings regarding the saving, deletion, and access to cookie data for any website
    • Information on how to disable cookies in the most popular desktop browsers is available at: jak wyłączyć cookie or from the following providers: Chrome, Opera, Firefox, Edge, Safari, Internet Explorer 11
    • Users may at any time delete all previously saved cookies using the tools available on the Device through which they access the Service
  • User-Side Risks – The Administrator applies all possible technical measures to ensure the security of data stored in cookies. However, security also depends on the User’s own actions. The Administrator accepts no responsibility for interception, session hijacking, or deletion of cookie data resulting from the User’s conscious or unconscious actions, or from viruses, trojans, or other spyware that may be or have been present on the User’s Device.
  • Storage of Personal Data – The Administrator ensures that all reasonable efforts are made to keep voluntarily provided personal data secure, with access limited and used in accordance with the intended purposes of processing. The Administrator also takes all reasonable steps to protect data from loss through appropriate physical and organisational security measures.
  • Password Storage – The Administrator declares that passwords are stored in encrypted form using the latest applicable standards and guidelines. Decryption of account passwords used in the Service is practically impossible.

§5 Purposes for Which Cookies Are Used

  • Improving and facilitating access to the Service
  • Personalising the Service for Users
  • Enabling login to the Service
  • Marketing and remarketing on external services
  • Ad-serving services
  • Affiliate services
  • Collecting statistics (users, visit counts, device types, connection speeds, etc.)
  • Serving multimedia content
  • Providing social media services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

  • Providing electronic services:
    • User account registration and maintenance, and related functionalities
    • Newsletter service (including sending promotional content with consent)
    • Commenting on / liking posts in the Service without registration
  • Communication between the Administrator and Users on matters related to the Service and data protection
  • Ensuring the Administrator’s legitimate interests

Anonymously and automatically collected data about Users is processed for one of the following purposes:

  • Statistical analysis
  • Remarketing
  • Serving ads tailored to User preferences
  • Affiliate programme management
  • Ensuring the Administrator’s legitimate interests

§7 External Service Cookies

The Administrator uses JavaScript scripts and web components from partners that may place their own cookies on the User’s Device. You can manage which cookies are allowed for individual websites in your browser settings. The following is a list of partners or their services implemented in the Service that may place cookies:

  • Multimedia services: YouTube
  • Social / integrated services (registration, login, content sharing, communication, etc.): Twitter, Facebook, Google+
  • Newsletter services: Mailerlite
  • Ad-serving and affiliate network services: Google AdSense
  • Statistics: Google Analytics

Services provided by third parties are outside the Administrator’s control. These entities may at any time change their terms of service, privacy policies, data processing purposes, and cookie usage methods.


§8 Types of Data Collected

Anonymously collected data (automatic): IP address, browser type, screen resolution, approximate location, subpages visited, time spent on each subpage, operating system type, previous subpage address, referring page address, browser language, connection speed, ISP

Data collected during registration: First and last name / username, login, email address, IP address (collected automatically)

Data collected during newsletter sign-up: First and last name / username, email address, IP address (collected automatically)

Data collected when adding a comment: First and last name / username, email address, website address, IP address (collected automatically)

Some data (excluding identifying data) may be stored in cookies. Some data (excluding identifying data) may be transmitted to statistical service providers.


§9 Third-Party Access to Personal Data

As a general rule, the only recipient of personal data provided by Users is the Administrator. Data collected in the course of service provision is not transferred or sold to third parties.

Access to data (typically under a data processing agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Service, namely:

  • Hosting companies providing hosting or related services to the Administrator
  • Companies through which the Newsletter service is provided

Newsletter data processing: The Administrator uses the services of a third party — Mailerlite — to provide the Newsletter service. Data entered in the newsletter sign-up form is transmitted to, stored, and processed by this external provider. Please note that this partner may modify its privacy policy without the Administrator’s consent.

Hosting / VPS / Dedicated Server data processing: The Administrator uses the services of an external hosting provider — Hostinger Group. All data collected and processed in the Service is stored and processed within the provider’s infrastructure located within the European Union. Access to data may occur as part of maintenance work carried out by the provider’s staff, and is governed by the agreement concluded between the Administrator and the provider.


§10 How Personal Data Is Processed

Personal data voluntarily provided by Users:

  • Will not be transferred outside the European Union, unless published as a result of the User’s own action (e.g. posting a comment), making it accessible to any visitor of the Service
  • Will not be used for automated decision-making (profiling)
  • Will not be sold to third parties

Anonymous data (without personal data) collected automatically:

  • May be transferred outside the European Union
  • May be used for automated decision-making (profiling) — however, such profiling does not produce legal effects or similarly significantly affect the individuals concerned
  • Will not be sold to third parties

§11 Legal Basis for Processing Personal Data

The Service collects and processes User data on the basis of:

  • GDPR (Regulation EU 2016/679):
    • Art. 6(1)(a) – the data subject has given consent to the processing of their personal data for one or more specific purposes
    • Art. 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract
    • Art. 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator or a third party
  • Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
  • Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
  • Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)

§12 Personal Data Retention Period

Personal data voluntarily provided by Users: As a general rule, data is retained only for the duration of the service provided by the Administrator. It is deleted or anonymised within 30 days of the end of service provision (e.g. deletion of a registered account, unsubscribing from the Newsletter, etc.).

An exception applies where further retention is necessary to protect the Administrator’s legitimate legal interests. In such cases, data may be retained from the date of the deletion request for no longer than 3 years, in the event of a breach or suspected breach of the Terms of Service by the User.

Anonymous data (without personal data) collected automatically: Anonymous statistical data, which does not constitute personal data, is retained by the Administrator for an indefinite period for the purpose of maintaining Service statistics.


§13 User Rights Regarding Personal Data Processing

  • Right of access – Users have the right to obtain access to their personal data, upon request submitted to the Administrator
  • Right to rectification – Users have the right to request that the Administrator immediately correct inaccurate personal data or complete incomplete personal data, upon request
  • Right to erasure – Users have the right to request the immediate deletion of their personal data. For user accounts, deletion involves anonymising data that enables identification of the User. The Administrator reserves the right to delay erasure in order to protect its legitimate interests (e.g. where a User has violated the Terms of Service or data was obtained through correspondence). For the Newsletter service, Users may independently delete their personal data via the link included in every email.
  • Right to restriction of processing – Users have the right to request restriction of processing in cases specified in Art. 18 GDPR, including where the accuracy of personal data is contested, upon request submitted to the Administrator
  • Right to data portability – Users have the right to receive their personal data in a structured, commonly used, machine-readable format, upon request submitted to the Administrator
  • Right to object – Users have the right to object to the processing of their personal data in cases specified in Art. 21 GDPR, upon request submitted to the Administrator
  • Right to lodge a complaint – Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection

§14 Contact

The Administrator can be contacted in the following ways:

  • Email: [email protected]
  • Contact form: available at https://decodethefuture.org/contact/

§15 Service Requirements

  • Restricting the saving of and access to cookies on the User’s Device may cause certain Service functions to malfunction.
  • The Administrator bears no responsibility for malfunctioning Service features if the User restricts cookie saving or reading in any way.

§16 External Links

The Service — in articles, posts, or User comments — may contain links to external websites with which the Service owner does not cooperate. These links and the pages or files they point to may be dangerous for your Device or pose a risk to your data security. The Administrator bears no responsibility for content located outside the Service.


§17 Changes to the Privacy Policy

  • The Administrator reserves the right to make any changes to this Privacy Policy without notifying Users with regard to the use of anonymous data or cookies.
  • The Administrator reserves the right to make any changes to this Privacy Policy with regard to the processing of personal data, in which case Users with accounts or Newsletter subscriptions will be notified by email within 7 days of the change. Continued use of the Service constitutes acknowledgement and acceptance of the updated Privacy Policy. If a User does not agree with the changes, they are required to delete their account or unsubscribe from the Newsletter.
  • All changes to the Privacy Policy will be published on this page of the Service.
  • Changes take effect upon publication.