Amber Diverse Sp. z o.o. is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data. By using our website or services, you agree to the practices described in this Privacy Policy.

1. General information

1. This policy concerns the website www, operating at the url address: amberdiverse.pl

2. The operator of the service and the administrator of personal data is: Amber Diverse Sp. z o.o. Pl. Kaszubski 8 / 311, 81-350 Gdynia, Polska

3. Operator's email contact address: info@amberdiverse.com.

4. The operator is the administrator of your personal data concerning voluntarily provided data on the website.

5. The service may use personal data for the following purposes:

   • Newsletter management

   • Handling inquiries through the form

   • Handling orders for goods - preparation, packaging, shipping

   • Execution of ordered services

   • Handling relevant accounting documents

   • Debt collection

   • Presentation of offers or information

   • Performance by the data controller of legally binding obligations under art. 6 sec. 1 lit. c) GDPR to the extent provided for by specific regulations (e.g., accounting).

6. The service performs the function of obtaining information about users and their behaviour in the following way:

   1. By voluntarily entered data in forms, which are entered into the Operator's systems.

   2. By saving cookie files (so-called "cookies") on end devices.

2. Selected methods of data protection used by the Operator

1. Places for logging in and entering personal data are protected in the transmission layer (SSL certificate). As a result, personal data and login data entered on the website are encrypted on the user's computer and can only be read on the target server.

2. Personal data stored in the database is encrypted in such a way that only the Operator who has the key can read it. As a result, data is protected in the event of theft of the database from the server.

3. User passwords are stored in a hashed form. The hashing function works one way - it is not possible to reverse its operation, which is currently the modern standard for storing user passwords.

4. The service uses two-factor authentication, which is an additional form of protection for logging into the Service.

5. The Operator periodically changes its administrative passwords.

6. Regular updating of all software used by the Operator to process personal data is an essential element of data protection, particularly regular updates to software components.

3. Hosting

1. The service is hosted (technically maintained) on the servers of the operator: framer.com

2. The hosting company, to ensure technical reliability, keeps logs at the server level. The following may be subject to recording:

   • resources specified by the URL identifier (addresses of requested resources - pages, files), time of receipt of the query,

   • response time,

   • the name of the client station - identification performed by the HTTP protocol,

   • information about errors that occurred during the execution of the HTTP transaction,

   • the URL address of the page previously visited by the user (referer link) - in the case of switching to the Service via a link,

   • user's browser information,

   • IP address information,

   • diagnostic information related to the process of self-ordering services through registrars on the site,

   • information related to the handling of e-mail addressed to the Operator and sent by the Operator.

4. Your rights and additional information about the use of data

1. In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to such groups of recipients:

   • hosting company on the basis of entrustment postal operators authorized employees and associates who use data to achieve the purpose of the site's operation.

2. Your personal data processed by the Administrator will not be processed for longer than is necessary to perform the activities related to them specified by separate regulations (e.g., on accounting). Regarding marketing data, the data will not be processed for more than 3 years.

3. You have the right to request from the Administrator:

   • access to your personal data,

   • their correction, deletion,

   • processing restrictions,

   • and data transfer.

4. You have the right to object to the processing referred to in point 3.2 regarding the processing of personal data for the purposes of legitimate interests pursued by the Administrator, including profiling, however, the right to object cannot be exercised in the case of the existence of important legitimate grounds for processing overriding your interests, rights, and freedoms, in particular the establishment, investigation, or defense of claims.

5. The actions of the Administrator are subject to a complaint to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

6. Providing personal data is voluntary, but necessary to use the Service.

7. Actions involving automated decision-making, including profiling, may be taken against you in order to provide services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.

8. Personal data is transferred to third countries within the meaning of the provisions on the protection of personal data. This means that we use them inside EU but also we send them outside the European Union.

5. Information in forms

1. The service collects information voluntarily provided by the user, including personal data, if provided.

2. The service may record information about connection parameters (time stamp, IP address). In some cases, the service may record information facilitating the association of data in the form with the user's email address completing the form.

3. In such a case, the user's email address appears within the URL of the page containing the form.

4. Data provided in the form is processed for the purpose arising from the specific form function, e.g., to process service requests or business contacts, registration of services, etc. Each time, the context and description of the form clearly inform what it is used for.

6. Administrator Logs

Information about user behavior on the website may be logged. This data is used for website administration purposes.

7. Key Marketing Techniques

1. The operator uses statistical analysis of website traffic through Google Analytics (Google Inc. headquartered in the USA). The operator does not transmit any personal data to the service provider, only anonymized information. The service relies on the use of cookies on the user's end device. Regarding user preference information collected by the Google advertising network, users can view and edit cookie-related information using the tool: https://www.google.com/ads/preferences/

2. The operator uses remarketing techniques, allowing for the customization of advertising messages based on user behavior on the website. This may create the illusion that the user's personal data is being used for tracking purposes, but in practice, no personal data is transmitted from the operator to advertising operators. The technological condition for such actions is the enabled support of cookies.

3. The operator uses Facebook pixel. This technology enables Facebook (Facebook Inc. headquartered in the USA) to know that a particular registered user is using the Service. In this case, it relies on data for which it is the administrator, and the operator does not provide any additional personal data to Facebook. The service relies on the use of cookies on the user's end device.

4. The operator employs a solution for analysing user behaviour through heat mapping and recording behaviour on the website. This information is anonymized before being transmitted to the service provider so that they do not know which specific individual the data pertains to. In particular, passwords and other personal data are not subject to recording.

5. The operator utilizes a solution to automate the operation of the Service concerning users, e.g., sending an email to the user after visiting a specific subpage, provided the user has consented to receiving commercial correspondence from the operator..

8. Information about Cookies

1. The website uses cookies.

2. Cookies (so-called "cookies") are computer data, particularly text files, which are stored on the end device of the Service User and are intended for using the website of the Service. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.

3. The entity placing cookies on the end device of the Service User and accessing them is the operator of the Service.

4. Cookies are used for the following purposes:

   • maintaining the user session of the Service (after logging in), allowing the user to not have to re-enter their login and password on every page of the Service;

   • achieving the goals specified above in the "Key Marketing Techniques" section;

5. Two main types of cookies are used within the Service: "session" cookies and "persistent" cookies. "Session" cookies are temporary files that are stored on the end device of the User until logging out, leaving the website, or turning off the software (web browser). "Persistent" cookies are stored on the end device of the User for the time specified in the cookie parameters or until they are deleted by the User.

6. Web browsing software (web browser) usually allows cookies to be stored on the end device of the User by default. Service Users can change their settings in this regard. The web browser allows for deleting cookies. It is also possible to automatically block cookies. Detailed information on this topic is provided in the help or documentation of the web browser.

7. Limitations on the use of cookies may affect some functionalities available on the website of the Service.

8. Cookies placed on the end device of the Service User may also be used by entities cooperating with the operator of the Service, particularly companies such as Google (Google Inc. headquartered in the USA), Facebook (Facebook Inc. headquartered in the USA), Twitter (Twitter Inc. headquartered in the USA).

9. Managing Cookies – How to Express and Withdraw Consent in Practice?

1. If a user does not wish to receive cookies, they can change their browser settings. Please note that disabling the use of cookies necessary for authentication processes, security, and maintaining user preferences may hinder, and in extreme cases, prevent the use of websites.

2. To manage cookie settings, select the internet browser you are using from the list below and follow the instructions:
   
   

   • Edge

   • Internet Explorer

   • Chrome

   • Safari

   • Firefox

   • Opera

Mobile devices:

• Android

• Safari (iOS)

• Windows Phone

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The revised policy will be posted on our website.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at info@amberdiverse.com.