Privacy Policy & Cookies Policy

I. Scope and Purpose of the Privacy Policy

This Privacy Policy applies to all cases in which APR Corporation is the data controller.

The Privacy Policy is intended to enable you to familiarize yourself with the most important information regarding the processing of personal data by APR Corporation.

The Privacy Policy will provide you with information about the purposes of data processing and the period of data retention. You will learn about the categories of entities that may have access to your personal data. You will also learn what rights you have and how you can exercise them. In the section titled “Cookies and Tools Implemented on the Website,” you will gain knowledge about data saved on your device while using the Administrator's services, hereinafter referred to as Websites or web pages.

Personal data means any information relating to an identified or identifiable natural person whose data is concerned. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.

This fulfills the fundamental information obligation referred to in Article 13 and Article 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR. The information contained herein will allow you to better exercise control over your personal data.

II. Data Controller

The controller of your personal data and operator of the Websites is APR Corporation, with its registered office in Warsaw, Poland, address: Obozowa 20/107, 01-161 Warszawa, Poland, KRS: 0000821201. You can contact the Controller in writing by traditional mail to our registered office address or by email at: support@omgplatform.com.

III. Definitions

1) Administrator — APR Corporation, with its registered office in Warsaw, Poland, address: Obozowa 20/107, 01-161 Warszawa, Poland, KRS: 0000821201.

2) Client — a natural person who has reached the age of 18 and has full legal capacity, not conducting business activity, or a natural person conducting business or professional activity in their own name, but only when the contract concluded with the Administrator is directly related to their business activity and when the content of the contract shows that it does not have a professional character for that person; a person placing an order and concluding an agreement with the Administrator, including through Websites and by email and telephone, on their own behalf or on behalf of the Participant.

3) Participant — a person enrolled in a course organized by the Administrator.

4) Business Client — a natural person, legal entity, or organizational unit referred to in Article 33¹ § 1 of the Civil Code, conducting business or professional activity in their own name, who concludes a civil law agreement with the Administrator directly related to their business activity.

5) Contractor — a natural person, legal entity, or organizational unit referred to in Article 33¹ § 1 of the Civil Code, conducting business or professional activity in their own name, who concludes a civil law agreement with the Administrator directly related to their business activity.

6) User — a natural person using materials made available on the Administrator's Website.

7) Websites — internet platforms created and operated by the Administrator, through which it is possible to contact the Administrator, reserve Services and Products offered by them, and purchase Services and Products.

8) Online Store — an internet platform created and operated by the Administrator within the Website, where it is possible to purchase products and services offered by the Administrator.

IV. Purposes of Personal Data Processing, Legal Basis for Processing

The Administrator processes your personal data in connection with:

1. Contacting you — Article 6(1)(a) GDPR (consent to respond to a message) and Article 6(1)(f) GDPR (ensuring communication between the Administrator and the User). Scope: email address, first and last name, data contained in the message content, phone number, other data provided by you in the correspondence.

2. Placing and processing an order for products and/or services — Article 6(1)(b) GDPR (performing actions to conclude and execute an agreement). Scope: residential address, email address, phone number, first and last name; for Clients, Business Clients, Contractors additionally: Tax ID (NIP), data on conducted business activity.

3. Issuing an invoice and fulfilling tax settlement obligations — Article 6(1)(c) GDPR (fulfillment of legal obligations). Scope: business activity data, first and last name, address, Tax ID (NIP).

4. Processing complaints and processing withdrawal from the agreement — Article 6(1)(b) GDPR (contract performance) and Article 6(1)(c) GDPR (legal obligations). Scope: data contained in the complaint, first and last name, residential address, phone number, email address, bank account number.

5. Marketing purposes (including sending newsletters) — Article 6(1)(a) GDPR (consent to receive commercial information) and Article 6(1)(f) GDPR (legitimate interest — marketing purpose of own services and products). Scope: email address, first and last name, Instagram account name.

6. Establishing, pursuing, or defending against claims — Article 6(1)(f) GDPR (legitimate interest). Scope: all data mentioned in points 1 to 5 above.

7. Securing information that may serve to demonstrate facts — Article 6(1)(f) GDPR (legitimate interest). Scope: all data mentioned in points 1 to 5 above.

8. Website management, analyzing data related to website use — Article 6(1)(f) GDPR (legitimate interest — website optimization). Scope: IP, behavior on the website.

9. Managing the Administrator's social media profiles — Article 6(1)(f) GDPR (legitimate interest), Article 6(1)(a) GDPR (consent). Scope: data related to the use of a given social media platform.

10. Using cookies on the website — Article 6(1)(a) GDPR (consent). Scope: IP, user behavior on the website.

11. Fulfilling personal data protection obligations — Article 6(1)(c) GDPR (legal obligations). Scope: in accordance with legal provisions.

V. Principles of Personal Data Processing, Data Processing Period

1. The Administrator processes personal data with appropriate security measures meeting the requirements of applicable law, in particular in accordance with GDPR. In compliance with the principles relating to the processing of personal data, the Administrator ensures that data is: processed lawfully, fairly, and transparently for the data subject; collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes; adequate, relevant, and limited to what is necessary for the purposes for which it is processed; accurate and, where necessary, kept up to date; kept in a form which permits identification of data subjects for no longer than is necessary; processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

2. The Administrator processes personal data of minors with the utmost care to ensure that such data is adequately secured.

3. The Administrator collects data for specified, explicit, and legitimate purposes and does not further process it in a manner incompatible with those purposes. In cases where the Administrator loses the purpose of processing, it immediately permanently deletes the data, unless the right to further processing results from generally applicable laws.

4. The Administrator processes data in a manner adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

5. The Administrator ensures that the data it processes is accurate and, where necessary and possible, updated.

6. Data may be transferred to public authorities and entities performing public tasks, to the extent and for the purposes resulting from generally applicable law, as well as to other entities that, on the basis of appropriate agreements, process personal data as a processor (e.g., advisory, accounting, IT services).

7. The Administrator will not process data in an automated manner, and the data will not be subject to profiling, excluding data of persons processed within the Websites and courses offered by Avant.

8. The period of processing personal data complies with applicable laws. Data is processed only for the time needed to achieve the designated purpose. After this period, personal data will be irreversibly deleted or destroyed.

Data retention periods

3 or 6 years + 1 year — for personal data processed to establish, pursue, or defend claims; the choice of 3 or 6 years depends on whether both parties are entrepreneurs or not.

Until an effective objection is raised or the purpose of processing is achieved — for personal data processed on the basis of the controller's legitimate interest.

Until it becomes outdated or loses its usefulness — for personal data processed mainly for website administration purposes.

Until consent is withdrawn or it loses its usefulness — for personal data processed on the basis of your consent.

VI. Rights Related to Personal Data Processing

1. Every data subject has the right to:

1.1. Access to data — to obtain confirmation whether personal data concerning them is being processed, and to access it and obtain information about the purposes of processing, the categories of personal data, the recipients, the period of data storage, and other rights (Article 15 GDPR).

1.2. Receipt of a copy of data — the first copy is free of charge; for subsequent copies, the Administrator may charge a reasonable fee (Article 15(3) GDPR).

1.3. Rectification — to request rectification of inaccurate personal data or completion of incomplete data (Article 16 GDPR).

1.4. Erasure of data — to request erasure of personal data if the Administrator no longer has a legal basis for processing them or if the data is no longer necessary (Article 17 GDPR).

1.5. Restriction of processing — to request restriction of processing under Article 18 GDPR (data accuracy contested, unlawful processing, defending claims, objection pending).

1.6. Data portability — to receive personal data in a structured, commonly used, machine-readable format and to request transmission to another Administrator (Article 20 GDPR).

1.7. Objection — to object to the processing of personal data for the legitimate purposes of the Administrator, including profiling (Article 21 GDPR).

1.8. Withdrawal of consent — at any time. Withdrawal does not affect the lawfulness of data processing that took place before the withdrawal. Withdrawal requires sending an email directly to the Administrator's address indicated above.

2. Every data subject has the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office, when they believe that the processing of personal data concerning them violates the regulations. Complaints can be submitted: 2.1. in writing to the address ul. Stawki 2, 00-193 Warsaw, Poland; 2.2. electronically via the ePUAP platform.

3. Providing personal data is voluntary, but for: 3.1. Clients, Participants, Business Clients, Users — it is a condition for responding to a question and/or for the performance of a civil law agreement; 3.2. Administrator's Associates — same; 3.3. Contractors — same. Refusal to provide data will prevent the Administrator from performing the agreement.

4. Providing personal data is mandatory if the requirement to provide them results from legal provisions.

5. More information about applicable rights can be obtained by contacting the personal data processing Administrator.

VII. Data Recipients

1. Personal data may be transferred to third parties with whom the Administrator cooperates or whose services it uses in connection with operating the website and the Administrator's profiles on social media.

2. Third parties process data within the European Economic Area and outside the European Economic Area. In the case of transferring personal data outside the EEA, entities that carry out such processing maintain an appropriate level of data protection consistent with EU standards, including through the use of standard contractual clauses adopted by the European Commission.

3. List of entities whose services we use:

• WooCommerce, Smarthost, Imker — IT system maintenance and hosting services. Service handling Product and Service sales.
• PayU SA — Fast online payment provider.
• Stripe, Inc. — Online payment service provider (USD, international).
• GetResponse Spółka Akcyjna — Newsletter provider.
• Genesis Digital LLC — Webinar service provider.
• Facebook (Meta) — Marketing tool.
• Manychat Inc. — Marketing tool for automating messages on social media.
• Instagram (Meta), Google LLC, Circle — Marketing tools. Platform supporting the Course.

VIII. Automated Decision-Making and Profiling

1. Based on your personal data, the Administrator may perform profiling, i.e., automatic assessment of certain personal characteristics concerning you. The data analyzed in this way is anonymous.

2. The purpose of profiling is direct marketing of the Administrator's own products and services. The legal basis is the legitimate interest of the controller. Thanks to profiling, you will probably receive less information, but better tailored to your preferences.

3. Data is not used for automated decision-making that could affect your legal situation or produce other similar effects on you.

4. The Administrator will stop processing your data used for direct marketing purposes, including profiling and analytical purposes, if you previously submit an objection or withdraw your consent.

IX. Social Media

1. The website contains plugins redirecting to the Administrator's profiles on social media platforms. Data provided to the Administrator (first name, last name, nickname, etc.) is processed mainly for the purpose of managing our profile, creating a community, and interacting with followers.

2. The social media platform may obtain information that you are using our website, especially when you are logged in as its user.

3. You have the ability to prevent social media portals from obtaining information about your activity. To do this, log out of profiles and use the browser in incognito mode.

4. The rules applicable on the platform and the rules for data processing are determined by the provider of a given social media platform. We do not process data collected by social media platforms for our own purposes.

5. Privacy policies of platforms on which we have profiles: Instagram @gosialeitner. Platform privacy policy: help.instagram.com.

X. Newsletter

1. For the purpose of sending the newsletter, based on consent granted to the Administrator, we process your data such as: first name, last name, email, and your Instagram name. This data was provided by you in the newsletter subscription form. Subscribing to the newsletter requires your confirmation, which will be possible after receiving the first message. Personal data provided to the Administrator for the purpose of sending the newsletter will not be transferred by the Administrator to a third country outside the European Union.

2. The newsletter service provider is: GetResponse Spółka Akcyjna, with its registered office in Gdańsk, at al. Grunwaldzka 413, 80-309 Gdańsk. The provider's privacy policy is available at getresponse.pl/informacje-prawne/polityka-prywatnosci.

3. The provider's system records your activity related to the newsletter subscription.

4. Providing data in the newsletter subscription form is voluntary and occurs on the basis of your consent. However, it is necessary for the Administrator to send the newsletter, and to send you information about marketing of own products or services based on the Administrator's legitimate interest.

5. The termination of sending the newsletter to you will occur in connection with the Administrator's decision to terminate sending the newsletter or when you terminate your subscription, which requires you to click on the active link with the information “Unsubscribe from the newsletter.” Data related to the newsletter subscription will be stored for the period necessary for the defense of the Administrator's interest against potential claims.

6. The termination of sending the newsletter may also occur in case of no subscriber activity for 1 year. In such a case, the subscriber will be removed from the list of subscribers.

7. With regard to data processed in connection with the newsletter subscription, you retain all rights indicated in Section VI.

XI. Cookies and Tools Implemented on the Website

1. In accordance with the provisions of the Telecommunications Law Act of July 16, 2004 (as amended), we inform you that the website uses so-called “cookies” technology.

2. Cookies are small files, in particular text files, stored on the end devices of visitors intended for use with websites. Websites have access only to those cookies that they themselves have created. These files are in no way harmful to your device and do not change its settings or the settings of the software installed on it. The content of these files can only be read by the server that created them.

3. Cookies are used for the following purposes: creating statistics that help understand how Users use the website; maintaining the session (after logging in); determining User profiles in order to display customized marketing offers; observing User behavior on the website in order to facilitate their navigation.

4. Information about the use of cookies is displayed during the first visit to the website. The operation of cookies always requires their acceptance by you. Most web browsers have permission to use cookies set by default. You have the right to change cookie settings from your browser or to delete them.

5. Tracking technologies used by our website: social plugins redirecting to our profiles; analytical and marketing tools such as Google Analytics, META (Facebook) Pixel, ManyChat.

XII. META (Facebook) Pixel

1. META (Facebook) Pixel is a short code placed on a website that allows measuring the effectiveness of ads based on the analysis of actions taken by users on the website.

2. META (Facebook) Pixel is used by us as an analytical tool. It allows us to direct marketing activities to people who have visited our website or are interested in our activities.

3. The data we collect using this tool is anonymous (location, gender, age, internet activity). The provider may combine data collected by us with data it has collected about you as part of your use of its platform.

4. META (Facebook) Pixel supports the Administrator in assessing the effectiveness of ads, allows reaching a specific target audience, and shows audience reactions to the Administrator's activities.

5. More information: facebook.com/business/help.

XIII. Google Analytics

1. Google Analytics is a Google service that provides statistics and basic analytical tools for measuring user behavior on a website and in applications.

2. Google Analytics uses cookies that are saved on the computer and enable analysis of how the User uses the website.

3. The data collected by Google Analytics is anonymous (location, gender, age, internet activity). The provider may combine data collected by us with data it has collected about you.

4. The Administrator uses Google Analytics to analyze the use of the website by its Users and to improve the website in accordance with Users' preferences.

5. More information: analytics.google.com.

6. Details regarding data protection by Google: policies.google.com/privacy.

XIV. ManyChat

1. We use ManyChat as a tool to support communication optimization with recipients on social media (Instagram) during marketing activities. This tool allows sending automatic messages to recipients interested in these contents and materials.

2. Depending on the purpose of use, ManyChat may act as a data controller and a data processor. More: DPA, Privacy, Service Providers.

3. ManyChat's data processing rules are an integral part of the agreement with the tool provider (Terms of Use).

4. ManyChat may process: identification data (first name, last name, email address); publicly available information in social media profiles; linked pages and accounts; IT data (IP addresses, geographic location, usage data, cookie data, browser data); other.

5. The source of the indicated data is the registration process and use of the service by the Administrator and the End User, including communication with subscribers and integration of pages connected by the Administrator (e.g., Facebook, Instagram).

6. The Administrator cannot send you messages and materials using ManyChat without your consent. The process of granting such consent takes place during the first message sent using ManyChat. To receive a message from the Administrator sent via ManyChat, you must click on the “Subscribe to our updates” message or another with the same meaning at the beginning of communication with ManyChat.

7. Personal data in connection with the Administrator's use of ManyChat may be transferred outside the European Economic Area on the basis of Standard Contractual Clauses. ManyChat applies appropriate security measures for data processing.

8. ManyChat processes data until the termination of the agreement, and as a controller until the resignation from receiving marketing communications and the expiry of the legally required storage period, including until the limitation of claims.

XV. Information Clause for Persons Visiting Facebook and Instagram Profiles

1. Personal data of persons visiting the Administrator's profiles on Meta services will be processed in accordance with the requirements of the Personal Data Protection Act of May 10, 2018, and in accordance with GDPR.

2. We obtained this data from Meta Platforms Ireland Ltd., (4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland) and from your public profile on the Facebook or Instagram internet platform.

3. We process personal data of persons who: subscribed to the fanpage by clicking the “Like” or “Follow” icon; used the option of sending a message or chat to contact the Administrator; reacted to a post, story, reel, or published their comment under any of the posts.

4. Personal data will be processed for the following purposes: to manage this fanpage on the Facebook and Instagram social network and to inform through it about our activity, promote various events, campaigns, actions that we organize, and our brand, products, and services, build and maintain a community, and communicate via available functionalities (basis under Article 6(1)(f) GDPR — legitimate interest); for statistical purposes (Article 6(1)(f) GDPR); for the possible establishment, pursuit, or defense of claims (Article 6(1)(f) GDPR); to take actions aimed at concluding a contract due to interest in our services (Article 6(1)(b) GDPR).

5. We will process the following categories of Users' personal data: basic identification data (first and last name) to the extent published by Users on their own profile; other data published by Users on the Facebook or Instagram profile, including image (profile photo); other data published by Users during a conversation conducted through the Messenger application or chat; anonymous statistical data about Users visiting the fanpage collected through cookies.

6. The data processing period is related to the purposes and bases of their processing: data processed on the basis of the Administrator's legitimate interest will be processed until an effective objection is raised; data processed for the purpose of pursuing or defending claims will be processed for a period equal to the limitation period; personal data collected by Facebook and Instagram is subject to retention on the terms specified in the regulations of these platforms.

7. Personal data may be transferred to third parties processing data on behalf of the Administrator.

8. The entities referred to above process data on the basis of an agreement with the Administrator and only in accordance with the Administrator's instructions.

9. You have the right to access data, the right to request rectification, erasure, or restriction of processing, as well as the right to object.

10. You also have the right to lodge a complaint with the supervisory authority for personal data protection (President of the Personal Data Protection Office).

11. We inform you that you will not be subject to a decision based solely on automated processing that would produce legal effects concerning you or similarly significantly affect you.

12. Given the international nature of data flow within the Facebook and Instagram platform, Meta Platforms Ireland Ltd. may transfer data outside the European Economic Area in accordance with the rules set forth by Facebook and Instagram. Meta has declared that it has implemented standard contractual clauses between processors.

XVI. Content from External Services

The Administrator has the right to place content from external services on its website, which services may also record information about your playback of content on the Administrator's website. If you do not want the service to know about your playback of content within the Administrator's website, log out of your account before playing this content, if you have one in the service.

XVII. Server Logs

1. Using the Administrator's website involves sending requests to the server on which the website is located.

2. Each request directed to the server is saved in server logs, which include, for example: IP address, date and server time, information about the web browser and operating system you use.

3. Data saved in server logs is not associated with specific persons using the service and is used as auxiliary material for administrative purposes.

4. The content of server logs is not disclosed to anyone except persons authorized to administer the server.

XVIII. Final Provisions

1. The content placed on the Administrator's website and in the supported social media services of the Administrator is a manifestation of its own intellectual creativity. Therefore, it is subject to the Administrator's copyrights.

2. The content placed on the Administrator's website is of an educational nature and does not constitute or replace individual expert advice.

3. The Administrator does not consent to copying content in whole or in part without the express, prior consent of the Administrator.

4. Using the available content beyond permitted personal use may result in the risk of criminal and civil liability.

5. You are obligated to use the Administrator's website in a manner consistent with the law and good customs, with respect for personal rights and intellectual property rights of third parties.

6. If you have any doubts as to the legal nature of the available content and how you can legally use it, send a message to the Administrator's email address (support@omgplatform.com), and you will receive a response.

7. The content of this Privacy Policy may change. The update date of the Privacy Policy is given at the beginning of the document.