Privacy Policy

The following Privacy Policy sets forth the rules for saving and accessing data on Users’ Devices using the Website, for the purpose of providing services electronically by the Administrator, as well as the rules for collecting and processing Users’ personal data voluntarily provided by them via tools available on the Website.

This Privacy Policy is an integral part of the Website’s Terms of Service, which defines the principles, rights, and obligations of Users utilizing the Website.

§1 Definitions

Website – The “Tomf-Media” website operating at https://tomf-media.com

External Website – Websites of partners, service providers, or clients collaborating with the Administrator.

Website/Data Administrator – The Administrator of the Website and Data (hereinafter Administrator) is an individual, “Michał Szczesny,” residing in Warsaw, providing electronic services through the Website.

User – An individual for whom the Administrator provides electronic services via the Website.

Device – An electronic device with software, through which the User accesses the Website.

Cookies – Text data collected in the form of files placed on the User’s Device.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data – Information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more specific factors concerning the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing – An operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying.

Restriction of Processing – Marking stored personal data with the aim of limiting its future processing.

Profiling – Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Consent – A data subject’s consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Pseudonymization – Processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable natural person.

Anonymization – A process whereby personal data is irreversibly modified in such a way that a data subject can no longer be identified, either directly or indirectly.

§2 Data Protection Officer

In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters concerning data processing, including personal data, Users should contact the Administrator directly.

§3 Types of Cookies

Internal Cookies – Files placed and read from the User’s Device by the Website’s IT system.

External Cookies – Files placed and read from the User’s Device by the IT systems of External Websites. Scripts from External Websites, which may place Cookies on the User’s Devices, are deliberately integrated into the Website through scripts and services provided and installed in the Website.

Session Cookies – Files placed and read from the User’s Device by the Website during a single session of that Device. After the session ends, the files are deleted from the User’s Device.

Persistent Cookies – Files placed and read from the User’s Device by the Website until manually deleted. These files are not automatically deleted after the Device session ends unless the User’s Device settings are set to delete Cookies at the end of each session.

§4 Data Storage Security

Mechanisms for Storing and Reading Cookies – Mechanisms for storing, reading, and exchanging data between Cookies stored on the User’s Device and the Website are implemented via built-in browser mechanisms and do not allow the retrieval of other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. Transferring viruses, trojans, and other worms onto the User’s Device is practically impossible.

Internal Cookies – Cookies applied by the Administrator are safe for the User’s Devices and do not contain scripts, content, or information that could threaten personal data security or the security of the Device used by the User.

External Cookies – The Administrator makes every effort to verify and select partners of the Website with regard to User security. The Administrator selects known, large partners with global public trust for collaboration. However, it does not have full control over the contents of Cookies from external partners. The Administrator does not assume responsibility for the security of Cookies, their content, or use in compliance with the license by scripts installed in the Website from External Websites, to the extent permitted by law. The list of partners is included later in this Privacy Policy.

Control of Cookies

The User may change settings regarding saving, deleting, and accessing Cookies stored by any website at any time.

Information on how to disable Cookies in the most popular computer browsers is available on the page: how to disable cookies or through one of the indicated providers:

  • Manage Cookies in Chrome
  • Manage Cookies in Opera
  • Manage Cookies in Firefox
  • Manage Cookies in Edge
  • Manage Cookies in Safari
  • Manage Cookies in Internet Explorer 11

The User may delete all saved Cookies at any time using the Device tools used to access the Website services.

User-Side Risks – The Administrator employs all possible technical measures to ensure data security placed in Cookies. However, note that ensuring this data’s security depends on both parties, including User activity. The Administrator is not liable for interception of these data, impersonation of the User’s session, or deletion as a result of deliberate or unintentional User activity, viruses, trojans, or spyware that the User’s Device may or may have been infected with. To protect themselves from these threats, Users should follow internet usage guidelines.

Personal Data Storage – The Administrator ensures that all efforts are made to keep personal data voluntarily entered by Users secure, with access limited and realized per its purpose and processing objectives. The Administrator also strives to secure stored data against loss by applying appropriate physical and organizational security measures.

Password Storage – The Administrator declares that passwords are stored in an encrypted form, using the latest standards and guidelines in this regard. Decryption of account access passwords entered in the Website is practically impossible.

§5 Purposes of Cookie Usage

  • Improving and facilitating access to the Website
  • Personalizing the Website for Users
  • Enabling login to the Website
  • Marketing and Remarketing on external sites
  • Advertising services
  • Affiliate services
  • Statistics (user count, visit count, device types, connection, etc.)
  • Multimedia services
  • Social services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

Electronic services, including:

  • Registration and account maintenance services in the Website and related functionalities
  • Newsletter services (including sending advertisements with consent)
  • Commenting/Liking posts on the Website without the need for registration
  • Sharing information about the content on the Website in social networks or other sites
  • Administrator communication with Users on matters related to the Website and data protection
  • Ensuring the legitimate interests of the Administrator

Anonymously and automatically collected data about Users are processed for one of the following purposes:

  • Conducting statistics
  • Remarketing
  • Serving ads customized to User preferences
  • Managing affiliate programs
  • Ensuring the Administrator’s legitimate interests

§7 External Websites’ Cookies

The Administrator uses JavaScript scripts and web components from partners in the Website, who may place their own Cookies on the User’s Device. Please remember that in the browser settings, you can decide on the allowed Cookies that may be used by each website. Below is a list of partners or their services implemented in the Website, which may place Cookies:

Multimedia Services:

  • YouTube

Social Services/Combined Services: (Registration, Login, content sharing, communication, etc.)

  • Facebook
  • Google+
  • LinkedIn

Content Sharing Services:

  • Instagram

Newsletter Services:

  • MailChimp

Statistics Services:

  • Google Analytics

Services provided by third parties are outside the Administrator’s control. These entities may change their terms of service, privacy policies, data processing purposes, and Cookie use without the Administrator’s consent.

§8 Types of Collected Data

The Website collects data about Users. Some data is collected automatically and anonymously, while some are personal data voluntarily provided by Users when subscribing to specific services offered by the Website.

Automatically Collected Anonymous Data:

  • IP Address
  • Browser type
  • Screen resolution
  • Approximate location
  • Opened subpages of the Website
  • Time spent on specific subpages
  • Operating system type
  • Previous page address
  • Referring page address
  • Browser language
  • Internet connection speed
  • Internet Service Provider

Data Collected During Registration:

  • First and last name/username/nickname
  • Email address
  • Profile picture
  • IP address (collected automatically)

Data Collected During Newsletter Subscription:

  • First and last name/username/nickname
  • Email address
  • IP address (collected automatically)

Data Collected During Comments Posting:

  • First and last name/username/nickname
  • Website address
  • Email address
  • Profile picture
  • IP address (collected automatically)

Some data (without personally identifiable data) may be stored in Cookies.

 

§9 Access to Personal Data by Third Parties

In general, the only parties with access to Users’ personal data are the Administrator and, in specific cases, trusted partners necessary for the operation of the Website and service provision. These include entities that assist in advertising, analytics, affiliate programs, social media services, or newsletter management. In each instance, access is limited to the data necessary for these services.

Service Providers – The Administrator collaborates with third-party entities that may have access to data as part of service provision, including:

  • Hosting providers
  • Analytical service providers, e.g., Google Analytics
  • Social media platforms
  • Newsletter platforms, e.g., MailChimp
  • Marketing service providers

These entities process data according to their privacy policies and are subject to their jurisdictions’ data protection laws.

§10 Rights of Data Subjects

In accordance with the GDPR, the Administrator ensures that Users can exercise their rights regarding their personal data, which include:

  1. Right of Access – Users have the right to access their personal data.
  2. Right to Rectification – Users can correct or update their data.
  3. Right to Erasure – Users can request the deletion of their data, subject to certain legal conditions.
  4. Right to Restriction of Processing – Users can request the limitation of processing of their personal data.
  5. Right to Data Portability – Users can request their data in a machine-readable format.
  6. Right to Object – Users can object to the processing of their personal data in specific situations.
  7. Right to Withdraw Consent – Where processing is based on consent, Users may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.
  8. Right to Lodge a Complaint – Users have the right to file a complaint with a supervisory authority.

§11 Changes to the Privacy Policy

The Administrator reserves the right to amend this Privacy Policy as needed to comply with current legal requirements or if any changes are made to the Website’s functionality. Users will be informed of any significant changes to this Privacy Policy through prominent notices on the Website or via email for those subscribed to newsletters.

§12 Contact

For any questions regarding this Privacy Policy or Users’ rights concerning their data, Users may contact the Administrator using the following details:

Administrator: Michał Szczesny
Email: contact@tomf-media.com
Address: Warsaw, Poland

Last Update: 12.11.2024

This Privacy Policy is compliant with GDPR and serves to inform Users about their rights and obligations while using the Website.

§13 Final Provisions

  1. Protection of Personal Data – The Administrator applies appropriate technical and organizational measures to ensure the protection of processed personal data from unauthorized disclosure.


TOMF Socials

Facebook Instagram