3. Users' personal data are kept no longer than necessary to achieve the purpose of processing, i.e. until the consent is withdrawn if processing is based on such consent, until the statute of limitations for claims of the Administrator and the other party regarding the execution of concluded agreements (in the case of sales/service contracts, 2 years, counting to the end of the year), and until the execution of an inquiry directed by e-mail or until the completion of the processing of complaints. After this period, the Client's personal data will be processed by the Administrator on the basis of Article 6(1)(f) of the RODO, i.e. for the purposes of legitimate interests pursued for the purposes of marketing campaigns.
4. Fulfillment of the legal obligation set forth in Article 16 (1), (4), (5) and (6) of the DSA to:
   
   1. to accept from a report on the presence in the hosting service of information that, in the opinion of the reporter, constitutes illegal content, as defined in Article 3(h) of the DSA;
   2. consideration of the application;
   3. to inform about the decision made on the notification made;
   4. To inform about the possibility of appealing the decision referred to in paragraph 3).
5. Article 6(1)(c) of the RODO
   • Until informed of:
     
     1. the decision made by the Administrator on the application made;
     2. The possibility of appealing the decision referred to in paragraph 2).
   • name;
   • email address;
   • phone number;
   • address (street, house number, apartment number, postal code, city, country),
   • TAX ID;
   • company name.
6. The Administrator may use profiling for direct marketing purposes, but decisions made on its basis by the Administrator do not relate to the conclusion or refusal of a contract or the possibility of using electronic services. The effect of the use of profiling may be, for example, to grant a person a discount, send him or her a discount code, remind him or her of unfinished purchases, send a proposal for a product that may match the person's interests or preferences, or offer better terms compared to a standard offer. Despite the profiling, it is the person who freely decides whether to take advantage of the discount or better terms received in this way and make a purchase. Profiling involves the automatic analysis or prediction of a person's behavior on the Administrator's site, e.g. by adding a particular product to a shopping cart, browsing a particular product page, or by analyzing a person's past activity history on the site. The condition for such profiling is that the Administrator has the person's personal data in order to be able to then send him/her, for example, a discount code.
7. To the extent necessary for the proper functioning of the website, its functionality, the website may, during the use of the website by the User, collect other information, including but not limited to:
   
   1. IP address;
   2. device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising ["IDFA"] or advertising identifier on an Android device ["AAID"]),
   3. type of platform,
   4. settings and components,
   5. Internet browser data, including browser type and preferred language;
8. Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of different probability and severity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent unauthorized persons from obtaining and modifying, personal data sent electronically.

§ 3 Data sharing

1. The administrator ensures that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except when:
   
   1. the express consent of the subjects to such action is given beforehand, or
   2. if the obligation to provide such data results or will result from applicable laws, such as law enforcement agencies.
2. In addition, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
   
   1. service providers supplying the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct its business, including the website and electronic services provided through it (in particular, computer software providers, marketing agencies, e-mail and hosting providers, software providers for managing the company and providing technical assistance to the Administrator and product delivery operator) - the Administrator shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this Privacy Policy.
   2. Providers of accounting, legal and advisory services providing accounting, legal or advisory support to the Administrator (in particular, an accounting office, law firm or debt collection company) - the Administrator shall make the collected personal data of the Client available to the selected provider acting on its behalf only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this Privacy Policy. In the case of the Administrator's activities, such service is provided by:
      • Bank Millennium S.A. with its registered seat in Warsaw, ul. Stanisława Żaryna 2A, registered in the Register of Entrepreneurs of the National Court Register under KRS number 0000010186, conducted by the District Court in Warsaw - XIII Commercial Division of the National Court Register, with tax identification number (NIP) 5260212931 and fully paid-up share capital of PLN 1,213,116,777.
      • Apaczka service - Alsendo spółka z ograniczoną odpowiedzialnością seated in Warsaw (02-797), ul. Franciszka Klimczaka 1, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Economic Department of the National Court Register under KRS number: 0000678992, NIP: 8971840043, REGON: 367328934, share capital in the amount of PLN 17,412,500.00.
      • CASH - Biuro Rachunkowe CASH - BIURO RACHUNKOWE "CASH" ELŻBIETA FICHTNER-CHOROBOWICZ registered in the Central Register and Information on Business Activity of the Republic of Poland conducted by the minister responsible for economy, with its registered seat: 63 Tadeusza Kościuszki Street, 62-030 Luboń, NIP: 7771411288, REGON: 630401748.
      • Inmarketing Krzysztof Gorecki, headquartered at 3/6 Feliksa Nowowiejskiego Street, 61-731 Poznań, NIP 782-239-46-90, REGON: 367383347, registered in the Central Register and Information on Business Activity of the Republic of Poland.
      • Appstar Wojciech Piszora based in Rokietnica (62-090), 33 Mickiewicza Street, NIP: 7773159261, REGON: 380804480, registered in the Central Register and Information on Business Activity of the Republic of Poland.
      • CUK Ubezpieczenia - CUK Ubezpieczenia Spółka z ograniczoną odpowiedzialnością, 107 Grudziądzka Street, 87-100 Toruń, District Court in Toruń, VII Economic Division of the National Court Register, KRS No.: 0000974038, NIP: 9562047158, REGON: 871548350.
   3. Providers of payment gateways and solutions for executing payments on the Site - The Administrator shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this Privacy Policy. In the case of the Administrator's operations, such service is provided by:
      • PayPro Spółka Akcyjna with its registered seat in Poznań at Pastelowa 8, 60-198 Poznań, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court Poznań Nowe Miasto and Wilda, VIII Economic Department of the National Court Register under the KRS number 0000347935, NIP number 7792369887, with the share capital of PLN 5,476,300.00, fully paid up, entered in the register of national payment institutions kept by the Polish Financial Supervision Authority under the UKNF number IP24/2014.
      • PayPal - payments are handled by PAYPAL POLSKA SPÓŁKA Z O.O. KRS: 0000289372, NIP: 5252406419, REGON 14110822500000 with the registered office: 53 Emili Plater Street, 00-113 Warsaw,
   4. Fakturownia Sp. z o.o. (registered office: 6/8 Juliana Smulikowskiego St., 00-389 Warsaw, KRS: 0000572426, NIP: 5213704420) to assist the Administrator in handling invoices and financial documents.
3. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with third-party service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of the software providers, data may be transferred - subject to the principles of their protection - to third countries, however, providing standard contractual provisions approved by the European Commission for the processing of personal data or having the appropriate authority to do so on the basis of bilateral data processing entrustment agreements between the European Union and the third country in question, while not being a member of the European Economic Area. These entities in the case of the Administrator are:
   • Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a website or application, and to track actions performed by users on a website, Google Ads used to display sponsored links in Google search results and on Google AdSense collaborative sites, Google Workspace allowing comprehensive editing of a website and coordination of people working on it (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker studio);
   • Meta Platforms, Inc. (Headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future ads.
   • TikTok Technology Limited (registered office: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.) for the purpose of tracking conversions from TikTok portal ads, optimizing them based on collected data and statistics, and building a targeted audience list for future advertising.
4. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of collection.
5. The Administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed by him in a secure manner - ensuring, first and foremost, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
6. The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
7. The Administrator's website may use the functionality of Google Analytics, a web audience analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about visitors' use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Administrator's website are abbreviated. Only in exceptional cases is the complete IP address transferred to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, to compile reports on website traffic and to provide other services related to website traffic and Internet usage for website operators. In doing so, Google will not associate the IP address submitted as part of Google Analytics with any other data in its possession. For more information on how Google Analytics collects and uses data, please visit Google's official website at: www.google.com/policies/privacy/partners. In addition, any User can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
8. When sharing data with third parties, the Administrator shall make every effort to ensure that this is done only with entities that meet the criteria and requirements indicated under Article 46 or 49 of the RODO. Where applicable, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union on July 16, 2020, the Administrator continues to assess the legal regime of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.
9. With regard to data transferred to the United States, the Administrator, when sharing data with third parties, makes every effort to ensure that this is done, in accordance with the European Commission's decision of July 10, 2023, only to entities and organizations in the US that ensure compliance with the new "EU-US Data Privacy Framework." A list of these organizations has been published by the US Department of Commerce. Transfers of personal data from the EEA to organizations that have joined the "EU-US Data Privacy Framework" program and are on this list are possible without the need for additional authorizations or the use of such legal instruments as standard contractual clauses or binding corporate rules. However, in cases where a particular data importer in the US has not joined the "EU-US Data Protection Framework" program, transfers of personal data to it are possible and will take place upon compliance with the conditions set forth in Article 46 or 49 of the RODO. In such cases, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA.

§ 4 User rights

1. The user whose personal data is processed has the right to:
   
   1. Access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation.
   2. revoke consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation), then he/she has the right to revoke consent at any time without affecting the legality of the processing performed on the basis of consent before its revocation.
   3. lodge a complaint to a supervisory authority - a person whose data is processed by the Administrator has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
   4. Objection - the data subject has the right to object at any time - for reasons related to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. In such a case, the controller shall no longer be allowed to process such personal data, unless the controller demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
   5. Objection to direct marketing - if personal data is processed for the purposes of direct marketing (based on the legitimate interest of the Controller, not on the basis of the data subject's consent), the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. The exercise of the above rights is carried out on the basis of the user's request sent to the e-mail address kontakt@multiverse.pl. Such a request should include the user's name.
3. The user shall ensure that the data he/she provides or publishes on the site is correct.

§ 5 Cookies

1. By "cookies" we mean IT data, in particular text files, stored on the users' terminal devices (usually on the computer's hard drive or mobile device) for the purpose of saving certain settings and data by the user's browser in order to use the websites. These cookies allow to recognize the user's device and display the website accordingly, providing comfort during its use. The storage of "cookies" therefore allows the website and the offer to be properly prepared for the user's preferences - the server recognizes the user and remembers preferences such as visits, clicks, previous actions, among others.
2. "Cookies" include, in particular, the domain name of the website from which they originate, the time they are stored on the end device and a unique number used to identify the browser from which the connection to the website is made.
3. "Cookies" are used for the purpose of:
   
   1. Adapt the content of the websites to your preferences and optimize the use of the websites,
   2. creation of anonymous statistics, which by helping to determine how the user uses the websites enable improvement of their structures and content,
   3. to provide site users with advertising content tailored to their interests.
4. Cookies are not used to identify the user, and the user's identity is not established from them.
5. The basic division of "cookies" is their distinction into:
   
   1. Cookies of an essential nature - are absolutely necessary for the proper functioning of the website or the functionality you want to use, as without them we could not provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
   2. Functional "cookies" - are important for the operation of the website due to the fact that:
      • are used to enrich the functionality of the websites; without them, the website will work properly, but will not be customized to the user's preferences,
      • are used to ensure a high level of functionality of websites; without them, the level of functionality of a website may decrease, but their absence should not prevent you from using it completely,
      • serve the majority of website functionality; blocking them will result in selected features not working properly.
   3. Business "cookies" - enable the business model on the basis of which the website is provided; blocking them will not make all functionality unavailable, but may reduce the level of service provision due to the website owner's inability to realize the revenue that subsidizes its operation. This category includes, for example, advertising "cookies."
   4. Cookies for website configuration - allow you to set functions and services on websites.
   5. Cookies for the security and reliability of websites - allow verification of authenticity and optimization of website performance.
   6. Authentication cookies - allow to inform when the user is logged in, so that the website can show relevant information and functions.
   7. Session research "cookies" - allow recording information about how users use the website. They may relate to the most visited pages or possible error messages displayed on certain pages. "Session state" cookies help to improve services and enhance the browsing experience.
   8. "Cookies" that examine the processes of the site - allow the smooth operation of the website and the functions available on it.
   9. Advertising cookies - allow ads to be displayed that are more interesting to users and more valuable to publishers and advertisers; cookies can also be used to personalize advertising, as well as to display ads outside of websites.
   10. Location-accessing "cookies" - allow you to customize the information displayed to your location.
   11. Cookies that conduct analysis, research or audience auditing - allow the owner of websites to better understand the preferences of their users and, through analysis, improve and develop products and services. Typically, the website owner or research company collects information anonymously and processes trend data without identifying the personal data of individual users.
6. The use of "cookies" to customize the content of the websites to the user's preferences does not, as a rule, imply the collection of any information that identifies the user, although this information may sometimes have the nature of personal data, i.e. data that allows the attribution of certain behavior to a specific user. Personal data collected using "cookies" may be collected solely for the purpose of performing certain functions for the user. Such data is encrypted in a way that prevents unauthorized access to it.
7. The cookies used by this website are not harmful either to the user or to the end device used by the user, so in order for the website to function properly, it is recommended not to disable them in browsers. In many cases, web browsing software (web browser) allows by default to store information in the form of "cookies" and other similar technologies on the user's terminal device. The user can change the browser's use of "cookies" at any time. To do this, change the browser settings. How to change the settings varies depending on the software (web browser) you use. You will find relevant instructions on the subpages, depending on the browser you use.
8. "Cookies" are also used to facilitate logging into a user's account, including via social media, and to enable switching between subpages on websites without having to log in again on each subpage. At the same time, "cookies" are used to secure websites, such as preventing unauthorized access.
9. As part of its cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about how users use its services and how they respond to marketing messages sent by email. A pixel is a software code that allows an object, usually an image the size of a pixel, to be embedded on a page, which provides the ability to track user behavior on the web pages where it is deployed. When the appropriate consent is given, the browser automatically establishes a direct connection to the server that stores the pixel, so the processing of data collected by the pixel is done within the framework of the data protection policy of the partner that administers the aforementioned server.
10. The Administrator may use Internet log files (which contain technical data such as your IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud, and enforce the User Agreement.
11. While the Administrator informs you that the website does not respond to Do Not Track (DNT) signals, you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings on your browser or using our cookie consent tools (if applicable).
12. Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
    • Google Chrome
    • Mozilla Firefox
    • Microsoft Edge
    • Opera
    • Safari macOS
    • Safari iOS/iPad OS
13. For detailed information about managing cookies on your cell phone or other mobile device, please refer to the user manual for your mobile device.