Privacy policy

The following Privacy Policy defines the rules for storing and accessing data on Users' Devices using the Service for the purpose of electronic services provided by the Administrator, as well as the rules for collecting and processing Users' personal data provided by them personally and voluntarily through the tools available in the Service.

The following Privacy Policy is an integral part of the Service Terms and Conditions, which define the rules, rights, and obligations of Users using the Service.

§1 Definitions

Service - the website operating at https://calensist.com and https://app.calensist.com
External Service - websites of partners, service providers, or service recipients cooperating with the Administrator
Service/Data Administrator - the Service and Data Administrator (hereinafter the Administrator) is the company REXOFT Mirosław Szajner, operating at the address: 38-322 Łużna 868, with the assigned tax identification number (NIP): 5632103754, providing electronic services through the Service
User - a natural person for whom the Administrator provides electronic services through the Service
Device - an electronic device with software through which the User gains access to the Service
Cookies - text data collected in the form of files placed on the User's Device
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Personal Data - means information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Processing - means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction
Restriction of processing - means the marking of stored personal data to limit their processing in the future
Profiling - means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects concerning the natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements
Consent - consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
Personal data breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed
Pseudonymization - means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Anonymization - Data anonymization is an irreversible process of transforming data that destroys/overwrites "personal data" making it impossible to identify or associate a given record with a specific user or natural person

§2 Data Protection Officer

Based on Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters regarding data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

Internal Cookies - files placed and read from the User's Device by the Service's IT system
External Cookies - files placed and read from the User's Device by IT systems of external services. Scripts of external services that may place Cookies on the User's Device have been deliberately included in the Service through scripts and services made available and installed in the Service
Session Cookies - files placed and read from the User's Device by the Service during a single session of that Device. After the session ends, the files are deleted from the User's Device
Persistent Cookies - files placed and read from the User's Device by the Service until they are manually deleted. The files are not deleted automatically after the session ends unless the User's Device configuration is set to delete Cookies after the session ends

§4 Data Storage Security

Mechanisms for storing and reading Cookie files - The mechanisms for storing, reading, and exchanging data between Cookies stored on the User's Device and the Service are implemented through built-in web browser mechanisms and do not allow the collection of other data from the User's Device or data from other websites visited by the User, including personal data or confidential information. It is also practically impossible to transfer viruses, trojans, and other worms to the User's Device.
Internal Cookies - Cookies used by the Administrator are safe for the Users' Devices and do not contain scripts, content, or information that could threaten the security of personal data or the security of the Device used by the User.
External Cookies - The Administrator takes all possible actions to verify and select the Service's partners concerning the Users' security. The Administrator selects known, large partners with global social trust for cooperation. However, he does not have full control over the content of Cookies from external partners. The Administrator is not responsible for the security of Cookies, their content, and their lawful use by Scripts installed in the Service from external Services, as far as the law permits. The list of partners is included in the further part of the Privacy Policy.
Cookie Control
- The User can, at any time, independently change the settings for storing, deleting, and accessing data stored in Cookies from any website.
- Information on how to disable Cookies in the most popular computer browsers is available on the browser providers' websites:
  - Internet Explorer
  - Chrome
  - Safari
  - Firefox
  - Opera
  - Android
  - Safari (iOS)
  - Windows Phone
  - Blackberry
- The User can, at any time, delete all Cookies stored so far using the tools of the User's Device through which the User uses the Service's services.
Threats on the User's side - The Administrator uses all possible technical measures to ensure the security of data placed in Cookies. However, it should be noted that the security of this data depends on both parties, including the User's activity. The Administrator is not responsible for data interception, session impersonation, or deletion due to the User's conscious or unconscious activity, viruses, trojans, and other spyware that may be or have been infected on the User's Device.
Storage of personal data - The Administrator ensures that all efforts are made to secure the personal data voluntarily provided by Users, restrict access to them, and ensure their intended use and processing purposes. The Administrator also ensures that all efforts are made to secure the data from loss by using appropriate physical and organizational security measures.
Password storage - The Administrator declares that passwords are stored in an encrypted form, using the latest standards and guidelines in this regard. Decryption of the passwords provided in the Service is practically impossible.

§5 Purposes for which Cookies are used

Streamlining and facilitating access to the Service
Personalizing the Service for Users
Enabling login to the Service

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

Provision of electronic services:
- Services for registering and maintaining a User account on the Service and related functionalities
Communication between the Administrator and Users regarding the Service and data protection
Ensuring the legitimate interest of the Administrator

Data about Users collected anonymously and automatically is processed for one of the following purposes:

Ensuring the legitimate interest of the Administrator

§7 Cookies from External Services

The Administrator uses JavaScript scripts and web components from partners on the Service, who may place their own cookies on the User's Device. Remember, you can control the allowed cookies for individual websites through your browser settings. Below is a list of partners or their services implemented on the Service that may place cookies:

Registration and login services:
- Google
- Microsoft

Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, data processing purposes, and ways of using cookies at any time.

§8 Types of Data Collected

The Service collects data about Users. Some of the data is collected automatically and anonymously, while some are personal data voluntarily provided by Users during registration for various services offered by the Service.

Anonymously collected data:

IP address
Browser type
Screen resolution
Approximate location
Pages viewed within the service
Time spent on each page
Type of operating system
Previous page URL
Referring page URL
Browser language
Internet connection speed
Internet service provider

Data collected during registration:

First and last name
Email address
Avatar / Profile picture
IP address (collected automatically)

Some data (excluding identifying data) may be stored in cookies. Some data (excluding identifying data) may be transferred to statistical service providers.

§9 Access to Personal Data by Third Parties

Generally, the sole recipient of personal data provided by Users is the Administrator. The data collected in connection with the services provided are not transferred or sold to third parties.

Access to the data (usually based on a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary for operating the Service, such as:

Hosting companies providing hosting or related services for the Administrator
Companies facilitating online payments for goods or services offered through the Service (in the event of transactions made in the Service)

Delegation of Personal Data Processing - Hosting, VPS, or Dedicated Server Services

To operate the Service, the Administrator uses the services of an external provider of hosting, VPS, or Dedicated Servers - Spring Data Center Sp. z o.o. All data collected and processed in the Service are stored and processed within the infrastructure of the service provider located in Poland. Access to the data may occur as a result of maintenance work carried out by the provider's personnel. Access to these data is regulated by an agreement between the Administrator and the Service Provider.

Data Processing for Online Payments

In the case of online payments, all payment-related data is directly provided by the User to the payment processor - LemonSqueezy. Selected data necessary for completing the transaction are then forwarded by this entity to the Administrator. The transfer of data is regulated by an agreement between the Administrator and the Service Provider.

Compliance with Google API Services User Data Policy

Processing of data received or sent from/to Google APIs will be in accordance with the Google API Services User Data Policy, including the limited use requirements.

§10 Method of Processing Personal Data

Personal data voluntarily provided by Users:

Personal data will not be transferred outside the European Union, unless published as a result of individual actions taken by the User (e.g., posting a comment or entry), which will make the data accessible to anyone visiting the service.
Personal data will not be used for automated decision-making (profiling).
Personal data will not be sold to third parties.

Anonymous data (without personal data) collected automatically:

Anonymous data (without personal data) will not be transferred outside the European Union.
Anonymous data (without personal data) will not be used for automated decision-making (profiling).
Anonymous data (without personal data) will not be sold to third parties.

§11 Legal Bases for Processing Personal Data

The Service collects and processes Users' data based on:

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
- Article 6(1)(a)
  The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Article 6(1)(b)
  Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
- Article 6(1)(f)
  Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
Act of May 10, 2018, on the Protection of Personal Data (Journal of Laws 2018, item 1000)
Act of July 16, 2004, Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Retention Period for Personal Data

Personal data voluntarily provided by Users:

As a rule, the specified personal data is retained only for the duration of the Service provided by the Administrator within the Service. It is deleted or anonymized within up to 30 days from the end of the service provision (e.g., deletion of a registered user account, unsubscribing from the newsletter, etc.).

An exception is made for situations that require securing legally justified purposes for further processing of this data by the Administrator. In such cases, the Administrator will retain the specified data, from the time of the User's request for its deletion, for no longer than 3 years in the event of a breach or suspected breach of the Service's regulations by the User.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, which does not constitute personal data, is retained by the Administrator for the purpose of conducting service statistics for an indefinite period.

§13 Users' Rights Related to Personal Data Processing

The Service collects and processes Users' data based on:

Right of Access to Personal Data
Users have the right to obtain access to their personal data, which is provided upon request made to the Administrator.
Right to Rectify Personal Data
Users have the right to request that the Administrator promptly correct any inaccurate personal data and/or complete any incomplete personal data, which is done upon request made to the Administrator.
Right to Erasure of Personal Data
Users have the right to request the Administrator to promptly delete their personal data, which is done upon request made to the Administrator. For user accounts, data deletion involves anonymizing data that can identify the User. The Administrator reserves the right to withhold data deletion requests to protect the Administrator's legally justified interests (e.g., if the User has violated the Terms of Service or if the data was obtained through correspondence).
For the Newsletter service, Users can independently delete their personal data by using the link provided in each email message sent.
Right to Restrict Processing of Personal Data
Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, such as disputing the accuracy of personal data, which is done upon request made to the Administrator.
Right to Data Portability
Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used, and machine-readable format, which is done upon request made to the Administrator.
Right to Object to Data Processing
Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, which is done upon request made to the Administrator.
Right to Lodge a Complaint
Users have the right to lodge a complaint with the supervisory authority responsible for data protection.

§14 Contact Information for the Administrator

You can contact the Administrator in one of the following ways:

Postal Address - REXOFT Mirosław Szajner, 38-322 Łużna 868, Poland
Email Address - mirek@calensist.com
Phone - +48 18 479 1 497

§15 Service Requirements

Restricting the saving and access to cookies on the User's device may cause some features of the Service to function improperly.
The Administrator is not responsible for any malfunctioning features of the Service if the User restricts in any way the ability to save and read cookies.

§16 Changes to the Privacy Policy

The Administrator reserves the right to make any changes to this Privacy Policy without the need to inform Users regarding the use and application of anonymous data or the use of cookies.
The Administrator reserves the right to make any changes to this Privacy Policy concerning the processing of Personal Data. Users with accounts or those subscribed to the newsletter will be informed of such changes via email within 7 days of the amendment. Continued use of the services signifies acceptance of the updated Privacy Policy. If a User disagrees with the changes, they are required to delete their account from the Service.
Changes to the Privacy Policy will be published on this page of the Service.
Changes take effect upon publication.