Privacy Policy

Last update: June 2^nd, 2025

We respect your privacy, which is why we present below information on the processing of personal data, cookies and technologies used on the website https://oleksyandco.com  and all of its subpages. By using the website  https://oleksyandco.com, you accept the terms of this Privacy Policy.

We would like you to know that we care about the security of your personal data. We have applied appropriate technical and organizational measures to ensure their protection in accordance with all appropriate laws and regulations.

Personal Data Processing

The Privacy Policy describes the principles of using cookies or other similar technologies and the principles of processing personal data collected when using the website  https://oleksyandco.com by the User.

The Administrator collects User data to the extent necessary to provide individual services offered, as well as information about the User’s activity on the website, including the device IP, location data, Internet identifier and information collected via cookies and other similar technologies. Cookies and similar technologies do not identify the User and their identity is not determined. Cookies and similar technologies, when they do not allow for the identification of a natural person by themselves, may constitute personal data only when combined with other unique identifiers or other information allowing for the identification of that natural person.

Definitions

GDPR  – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Website  – the website at  https://oleksyandco.com and all its subpages, including all services provided in the domain, i.e. contact form, newsletter, comment form, etc.  

User –  a person who voluntarily uses the services available on the website and profiles created in social media

Personal data  – information about an identified or identifiable natural person, in particular by name, identification number, location data, internet identifier, one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person, such as: device IP, location data, internet identifier and information collected via cookies and other similar technologies.

Partner  – an entity with which the Administrator cooperates, providing marketing content tailored to the User or acting as an intermediary in the delivery of such content.

Administrator

The administrator of your personal data within the meaning of the GDPR regulations is Bright Idea sp.z.o.o.with its registered office in Kraków, ul. Rynek główny 28, 31-010 Kraków. NIP:6312694151 KRS:0000867849, REGON:387421977. You can contact us by sending an e-mail to the following address: hello@oleksyandco.com.

Legal bases and purposes of personal data processing

Your personal data may be processed on the basis of:

• Consent (Article 6, paragraph(1 A) of the GDPR) for the purpose of:

• Saving data in cookies, using cookies on the page and its subpages, and collecting data from the website   https://oleksyandco.com for marketing and analytics purposes.
• Handling your inquiries submitted via our contact form.

• Contractual necessity (Art. 6(1)(b) GDPR) for the purpose of:

• Managing contact requests and providing information or offers upon request.

• Legitimate interests (Art. 6(1)(f) GDPR) for the purpose of:

• Website improvement, marketing analytics, and ensuring security.

• Compliance with legal obligations (Art. 6(1)(c) GDPR) for the purpose of:

• Compliance with applicable laws, such as tax regulations and data protection requirements.

Recipients of personal data

We share your personal data with entities that support our business activities. We have selected external entities that guarantee the use of appropriate personal data protection and security measures.

Categories of recipients of your personal data

entities providing technical and IT support, including website hosting, storing data collected on the server, and operating the newsletter sending system,

entities providing services in social media, i.e. Facebook, Instagram, LinkedIn

We use the following GDPR-compliant third-party providers:

• Google: (https://policies.google.com/privacy?hl=en-US )
• Mailchimp (https://mailchimp.com/legal/ )
• Facebook Pixel (Facebook Privacy Policy)
• LinkedIn Pixel (LinkedIn Privacy Policy)
• Microsoft Clarity (Microsoft Privacy Policy)
• LH.pl sp.z.o.o. (https://www.lh.pl/regulaminy/5,polityka-prywatnosci)

We do not share your data with external third parties beyond these necessary service providers.

Transfer of personal data to a third country or an international organization

As a controller of personal data, we do not directly transfer personal data to a third country or an international organization. However, due to the use of third party services, in particular companies with an international reach, i.e. Facebook Inc., LinkedIn Corporation, Google LLC, UAB Mailerlite may result in your personal data being transferred to a third country, e.g. the United States of America. The above-mentioned international service providers apply the compliance mechanisms provided for in the GDPR, in particular standard contractual clauses.

Data retention

We will store your personal data for the time necessary to achieve the purpose for which it was collected, in particular:

• Personal data processed in connection with subscribing to the Newsletter (Mailchimp):

For the duration of the Newsletter or until the consent is withdrawn. 

• Personal data processed in connection with contact form queries:

For the period necessary to process the notification/query plus additional one year.

• Personal data processed in connection with the performance of legal obligations incumbent on the Administrator:

For the period required by law, including tax law – in relation to personal data related to the fulfilment of obligations arising from legal provisions

• Personal data processed in connection with the use of social media

including using the functionalities of the Facebook, Instagram, LinkedIn applications – for the duration of the existence of the Fanpage or account on the social networking site.

• Personal data processed for analytical purposes and in connection with the administration of the website.

 Will be processed until they become outdated or no longer useful, but no longer than for 3 years from the end of the year in which they were collected.

• Cookie data: maximum 24 months, managed via CookieYes plugin.

Your rights

In connection with the processing of your personal data, you have the following rights:

• The right to access personal data.
• The right to rectify incorrect data
• The right to delete data ( “Right to be forgotten”)
• The right to restrict the processing of personal data
• The right to object to the processing of your personal data when the processing of your data is based on a legitimate interest or for statistical purposes, and the objection is justified by the specific situation in which you find yourself.
• The right to transfer personal data
• The right to lodge a complaint regarding the processing of your personal data with the supervisory authority, which is the  Personal Data Protection Office.

Remember that your rights are not absolute and do not apply to all activities of processing your personal data. In order to exercise your rights, you can contact us as the Administrator via the address hello@oleksyandco.com indicating the scope of your requests.

Requirement to provide personal data

Providing your personal data is voluntary, but failure to provide certain information (i.e. email address) may result in the inability to perform a service. For example, providing personal data is necessary to use the contact form available on the website. If you do not want to use the services or functions available on the website, you do not have to provide your personal data.

Automated decision-making, including profiling

We do not engage in automated decision-making or profiling that significantly affects you.

Cookies

Through the website, information related to logging in can be collected, i.e. IP address, browser type, language, access hours and the address of the page from which the user was redirected (so-called cookies). For the purposes of managing the website and improving navigation, we use the following types of cookies on our website:

• Necessary cookies – are necessary to use the website and its functionality and to ensure the security of using the Service and to maintain your session. Without this type of cookie, it is not possible to provide you with many of the services we offer. This type of cookie does not collect information for marketing purposes.

• Analytical cookies – these cookies collect information about how you use the website, e.g. which subpages you visit most often and whether errors occur when visiting them, we can also check the sources of traffic – redirection directions. All information collected is anonymous and is used only to improve and enhance websites, adapt the website’s operations to user preferences and optimize the display of advertisements. We can also measure the effectiveness of advertisements.

• Advertising cookies – Our cookies and those of external suppliers enable content tailored to a specific group of recipients, are used to conduct marketing campaigns and remarketing campaigns. These files remember that you have visited our services and what activities you have performed on them, and the information collected in this way is transferred to external suppliers.

• Own cookies – are set by the web servers of our websites.
• Third party cookies – are set by web servers of websites other than ours.

The scope of use of cookies is limited solely to technical aspects (website functionality), statistical purposes and marketing of own products and services.

We manage cookies through CookieYes plugin, allowing you to manage preferences and consent.

Tools Used

The website uses plug-ins to improve the operation of the website.

• Contact form on the website

We use a contact form plugin. If you want to contact us via this form, you will need to provide your name, email address or phone number, and the subject of the message and the data provided in the message. This personal data will be processed by us in accordance with this Privacy Policy in order to contact you. 

• social media – Facebook fanpage, Instagram profile, Linkedin profile

Your personal data provided on the Facebook, Linkedin or Instagram will be processed for the purposes of administering and managing the Fanpage/Instagram, communicating with you, interacting, and creating a Fanpage/Instagram community.

The basis for their processing is your consent. You voluntarily decide to like/follow our Fanpage/Instagram. The rules governing the Fanpage are established by the Administrator, however, the rules for staying on the social networking site Facebook or Instagram result from the regulations of Facebook Inc. You can stop following our Fanpage/Instagram at any time. However, you will not then be able to see any content from us as the Administrator related to the Fanpage/Instagram. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

As an administrator, we see your personal data, such as your name, surname, or general information that you post on your profile as public. The processing of other personal data is carried out by the social networking site Facebook and under the terms and conditions contained in its regulations.

• Newsletter

If you decide and give your consent, we will process your personal data in the form of name and e-mail address. These fields are mandatory. Providing this personal data is voluntary, but necessary to send the newsletter. In order to add your e-mail address to the list of subscribers, we will ask you to confirm your subscription. If you do, your personal data will be added to the mailing list in order to send the newsletter.

By subscribing to our newsletter, you consent to receiving marketing and commercial information via electronic means of communication within the meaning of the Act of 18 July 2002 on the provision of services by electronic means, and you also agree to this Privacy Policy.

At the same time, by confirming your subscription to our newsletter, you consent to our use of telecommunications terminal equipment for the purpose of direct marketing of the Administrator’s products and services, as well as the transmission of commercial information in accordance with Article 172 paragraph 1 of the Telecommunications Law.

You may withdraw your consent at any time, which will result in the cessation of sending the newsletter in accordance with the principles contained in this Privacy Policy.

The mailing system we use to send the newsletter records all activity and actions taken by you in connection with the emails sent to you, including the date and time the message was opened, the click on links in the message or newsletter, the moment of unsubscribing, etc.

We use Mailchimp to manage our email marketing subscriber list and to send emails to subscribers. Mailchimp is a third-party vendor that may collect and process your data using industry standard technologies to help me monitor and improve the newsletter. In connection with the provision of our services, we use cookies, unique identifiers, web beacons, and similar tracking technologies. Mailchimp’s privacy policy is available at https://mailchimp.com/legal/

Server logs

Using the website involves sending queries to the server on which this website is located. Each query directed to the server is saved in the server logs, which include, among others, the public IP address of the computer from which the query came, the user name provided in the authorization process, the time of receipt of the query, information about the user’s browser, language, access hours and the address of the page from which the user was redirected, information about the web browser or information system you are using. The data referred to above is not associated with specific people using the service, but is used only as auxiliary material for administrative purposes. The Administrator does not use the server logs in any way to identify the User.

Children’s Data

Our services are intended solely for business users and not for minors under the age of 16. We do not knowingly collect or process children’s data.

Personal Data Security

The Administrator conducts ongoing risk analysis to ensure that personal data is processed by him in a secure manner – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Administrator ensures that operations on personal data are recorded and performed only by authorized employees and collaborators. We use SSL encryption for secure website data transfers.

The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.

Changes to the Privacy Policy

This Privacy Policy is valid from 02.06.2025 and is valid until updated. Changes may be caused by the development of Internet technology, changes in generally applicable law, or the development of the website. Any changes we make to the Privacy Policy in the future will be published and will apply only to the future. Information about any changes to the Privacy Policy will be made available on the website. We recommend that you always review the Privacy Policy before taking any action on the website.