Privacy and Cookie Policy
Use of the website lightsenseitivity.com constitutes acceptance of the terms set forth in the Privacy Policy and Cookie Policy below. As a User, you are requested to familiarize yourself with these provisions. The table of contents below is intended to assist you in doing so. These Policies inform you how we protect Users’ Data, how we process it, to whom we entrust it, and other important matters relating to Personal Data. This document is a translation of the original Polish-language version. In the event of any discrepancy between this translation and the Polish original, the Polish original shall prevail.
This Privacy Policy and Cookie Policy set forth the rules for the Processing and protection of Personal Data provided by Users as well as for Cookies and other technologies used on the website available at www.lightsenseitivity.com.
1. The Administrator of the Website and of the Personal Data processed in connection therewith is Julia Trzcińska, residing at 55-095 Domaszczyn (Poland) , Wrocławska 69c, telephone number: (+48) 785 787 070, e-mail: kontakt@lightsenseitivity.com.
2. The Administrator processes Personal Data in accordance with the applicable law.
3. The Administrator exercises particular care to ensure respect for Users’ privacy and the protection of their interests, in particular by ensuring that Personal Data collected by the Administrator via the Website are processed only for specified purposes and are not subject to further processing incompatible with those purposes.
4. Users’ Personal Data are collected and processed solely on appropriate legal grounds, and the scope of the data processed depends on the type of services provided and is limited to what is strictly necessary.
5. In case of any doubts concerning the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator by e-mail at: kontakt@lightsenseitivity.com.
6. The Administrator reserves the right to amend the Privacy Policy and the Cookie Policy; every Website User is obliged to acquaint themselves with the current 7. Privacy Policy and Cookie Policy. Reasons for amendments may include, in particular, developments in internet technology, changes to generally applicable law, or the development of the Website (for example, through the Administrator’s adoption of new tools). The date of publication of the current Privacy Policy and Cookie Policy is indicated at the bottom of the Website.
7. Terms capitalized in this Privacy Policy and Cookie Policy shall have the meanings ascribed to them in §2 of the Privacy Policy.
8. The legal acts referred to in §2 constitute the basis for the formulation of the provisions of this document.
1. Administrator – Julia Trzcińska, residing at 55-095 Domaszczyn (Poland), telephone number: (+48) 785 787 070, e-mail: kontakt@lightsenseitivity.com.
2. User – any entity that visits and uses the Website.
3. Website – the website available at www.lightsenseitivity.com.
4. Personal Data or Data – any information relating to an identified or identifiable natural person, in particular: name and surname, identification number, location data, online identifier, or one or more specific factors concerning the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
5. Consent – a voluntary, specific, informed, and unambiguous indication of the data subject’s wishes by which the User, by statement or by a clear affirmative action, gives consent to the processing of Personal Data concerning them.
6. Form or Forms – locations on the Website that enable the User to enter Personal Data for the purposes indicated therein, e.g., for subscribing to the Newsletter, placing an order, or contacting the User.
7. Newsletter Terms – the terms and conditions available on the Website, which set out the rules for subscribing to and providing the Newsletter service.
8. Newsletter – a digital service provided electronically by the Administrator to the User through the transmission of electronic messages (e-mails), by means of which the Administrator informs about events, services, products and other items of interest to the Administrator and/or for the purpose of pursuing the Administrator’s legitimate interest, namely direct marketing, including the sending of marketing and commercial content with the User’s consent. Detailed information on Newsletter distribution is included further in this Privacy and Cookie Policy and in the Newsletter Terms.
9. Service – a system of cooperating IT devices and software that provides for the processing, storage, sending and receiving of data via telecommunications networks using an appropriate end device (the Internet); this term also covers the Website or parts thereof, the Shop or parts thereof, applications including mobile apps and other services provided by the Administrator (if applicable), as well as the Administrator’s social media accounts and channels operating within such media (if applicable).
10. GDPR (pol. RODO) – means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”).
11. Act on the Protection of Personal Data – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781, as amended).
12. Act on the Provision of Electronic Services – the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344, as amended).
13. Electronic Communications Law or PKE – the Act of 12 July 2024, Electronic Communications Law (Journal of Laws 2024, item 1221, as amended).
14. AI Act – Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 on the establishment of harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (the “AI Act”).
15. DSA – Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act, “DSA”).
16. Copyright Act – the Act of 4 February 1994 on copyright and related rights (Journal of Laws 1994 No. 24, item 83, as amended).
17. Act on the Protection of Databases – the Act of 27 July 2001 on the protection of databases (Journal of Laws 2001 No. 128, item 1402, as amended).
18. Act on Collective Management of Copyright and Related Rights – the Act of 15 June 2018 on collective management of copyright and related rights (Journal of Laws 2018, item 1293, as amended).
WHO IS THE CONTROLLER OF THE USER’S PERSONAL DATA?
The Controller of the User’s Personal Data is Julia Trzcińska, residing at 55-095 Domaszczyn (Poland), telephone number: (+48) 785787070, e-mail: kontakt@lightsenseitivity.com.
The Controller jointly controls Personal Data with the providers of social media platforms, namely:
– Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland [Facebook, Instagram];
– Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland [YouTube];
as indicated in this document, insofar as the Data of persons who use social media, follow the Controller’s profile on a given social media platform, and interact with the Controller are concerned. The Controller uses social plugins that link to the respective platforms, by means of which the User may proceed to access and use the given platform. The rules on joint controllership are set out below for each social media platform on which the Controller maintains a profile and processes Personal Data.
IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING IT?
Providing Personal Data is voluntary; however, failure to provide certain information — generally indicated as mandatory on the Controller’s pages — will result in the inability to perform the relevant service, to achieve the specified purpose, or to undertake certain actions.
Where the User provides Personal Data that is not mandatory, or provides excess data that the Controller does not need to process, this is done on the basis of the User’s own decision and, in such cases, processing is carried out on the legal basis set out in Article 6(1)(a) of the GDPR (consent). The User gives consent to the processing of those data and to the anonymization of any data that the Controller does not require and does not intend to process, but which the User nonetheless provided to the Controller.
FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DOES THE CONTROLLER PROCESS THE USER’S PERSONAL DATA PROVIDED WHILE USING THE WEBSITE?
The User’s Personal Data on the Controller’s Website may be processed for the following purposes and on the following legal grounds:
| No. | Purpose of processing | Legal basis for processing | Retention period |
|---|---|---|---|
| 1. | Performance of a service or execution of a concluded contract; sending an offer (e.g. promotional) at the User’s request | Article 6(1)(b) GDPR (necessary for the performance of a contract or to take steps at the data subject’s request prior to entering into a contract) | Data are processed for the duration of the contract / for the time necessary to send the offer and receive the User’s reply, and thereafter for the period of limitation of claims — 2 years or 6 years from performance of the contract depending on whether the User is an entrepreneur. |
| 2. | Granting discounts or informing about promotions and interesting offers of the Controller or recommended third parties, including sending the Newsletter | Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until withdrawal of consent; thereafter retained for 2 years for persons who withdrew consent, or for 6 months in case of Newsletter recipients with no activity. |
| 3. | Handling complaints or claims related to a contract | Article 6(1)(b) GDPR (necessary for performance of a contract) and Article 6(1)(c) GDPR (compliance with a legal obligation) | Data are processed for the duration of the procedure or claim, and for 1 year after the deadline for claim fulfilment, or 5 years from the end of the tax year for data retained pursuant to tax law. |
| 4. | Establishing, pursuing or defending claims | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until the lawful basis for processing ceases or until expiry of the limitation period — 2 years or 6 years from performance of the contract depending on whether the User is an entrepreneur. |
| 5. | Creating registers connected with the GDPR and other legal obligations | Article 6(1)(c) GDPR (legal obligation) and Article 6(1)(f) GDPR (legitimate interest) | Data are processed until the legal basis ceases or until they are no longer useful to the Controller. |
| 6. | Archiving for the purpose of securing information that may evidence facts | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until an objection is lodged or until they cease to be useful to the Controller, or until expiry of the limitation period — 2 years or 6 years from performance of the contract depending on whether the User is an entrepreneur. |
| 7. | Analytical purposes, including analysis of data collected automatically while using the website (e.g. Google Analytics cookies) | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until the cookies are deleted from the User’s browser. |
| 8. | Use of cookies on the Website and its subpages | Article 6(1)(a) GDPR (consent) | Data are processed until the cookies are deleted from the User’s browser. |
| 9. | Managing the Website and the Controller’s pages on other platforms | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until an objection is lodged or until the data cease to be useful to the Controller. |
| 10. | Measuring satisfaction with the services offered | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until an objection is lodged or until the data cease to be useful to the Controller. |
| 11. | Internal administrative purposes related to managing contact with the User | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until the lawful basis ceases or until expiry of the limitation period — 2 years or 6 years from performance of the contract depending on whether the User is an entrepreneur. |
| 12. | Tailoring content displayed on the Controller’s pages to individual needs and continuous improvement of service quality | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until an objection is lodged or until the data cease to be useful to the Controller. |
| 13. | Direct marketing addressed to the User of products or services or recommended third parties | Article 6(1)(f) GDPR (legitimate interest of the controller) | Data are processed until an objection is lodged or until the data cease to be useful to the Controller. |
| 14. | Administration of the Instagram profile and interaction with Users | Article 6(1)(f) GDPR (legitimate interest) and Article 6(1)(a) GDPR (consent) | Data are processed until consent is withdrawn, an objection is lodged, or the data cease to be useful to the Controller. |
| 15. | Administration of the YouTube profile and interaction with Users | Article 6(1)(f) GDPR (legitimate interest) and Article 6(1)(a) GDPR (consent) | Data are processed until consent is withdrawn, an objection is lodged, or the data cease to be useful to the Controller. |
| 16. | Administration of the TikTok profile and interaction with Users | Article 6(1)(f) GDPR (legitimate interest) and Article 6(1)(a) GDPR (consent) | Data are processed until consent is withdrawn, an objection is lodged, or the data cease to be useful to the Controller. |
| 17. | Targeting advertising on social media and websites (e.g. ads created with Facebook Ads Manager) and remarketing | Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest of the controller — promotion and advertising, including remarketing to persons subscribed to mailings or visiting a given website) | Data are processed until consent is withdrawn, an objection is lodged, or the data cease to be useful to the Controller. |
The provision by the User of Data that is not mandatory, or the provision of excessive Data that the Controller does not need to process, is based solely on the User’s decision. In such cases, the processing is carried out on the basis of the legal ground set out in Article 6(1)(a) of the GDPR (consent).
The User hereby gives consent to the processing of such Data, as well as to the anonymization of any Data that the Controller does not require and does not intend to process, but which the User has nevertheless provided.
METHOD OF DATA COLLECTION
Only the Data that the User voluntarily provides are collected and processed (with the exception of Data collected automatically in certain circumstances via cookies and log data, as described below).is
During a visit to the Website, Data concerning the visit itself are automatically collected, such as the User’s IP address, domain name, browser type, operating system type, etc. (“log data”). Automatically collected Data may be used for analysing User behaviour on the Website, compiling demographic information, or customising the Website’s content for improvement purposes.
Such Data are processed solely for the purposes of Website administration, efficient hosting services, or directing marketing content, and are not associated with any specific Users. These Data are generally anonymous and serve to ensure proper Website functionality. Further information regarding cookies is provided later in this Policy.
Data may also be collected through forms available on the Website, as detailed in the subsequent sections of this Privacy Policy.
INFORMATION SOCIETY SERVICES
The Controller does not intentionally collect Data of children. The User must be at least 16 years old to independently provide consent for the processing of Personal Data for the purpose of using information society services through the Website, including marketing purposes, or must obtain consent from their legal guardian (e.g., parent).
If the User is under the age of 16, they should not use the Website or the Service.
The Controller is entitled to take reasonable steps to verify whether the User meets the age requirement referred to above, or whether the person exercising parental authority or guardianship over a User under 16 has provided or approved such consent.
USER RIGHTS
The User has the rights provided for in Articles 15–21 of the GDPR, including:
a) the right of access to their Data;
b) the right to Data portability;
c) the right to rectification of Data;
d) the right to erasure of Data (“right to be forgotten”) where there is no lawful basis for processing;
e) the right to restriction of processing where processing is unlawful or lacks a legal basis;
f) the right to object to processing based on the Controller’s legitimate interest;
g) the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, Poland), if the User considers that the processing of their personal data violates the GDPR or other applicable data protection laws.
The Controller notes that these rights are not absolute and may not apply in all circumstances. For example, the right to obtain a copy of Data must not adversely affect the rights and freedoms of others, such as copyright or professional secrecy. For details on limitations of User rights, please refer to the provisions of the GDPR.
The User always retains the right to lodge a complaint with the supervisory authority:
President of the Personal Data Protection Office (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Tel: +48 22 531 03 00
E-mail: kancelaria@uodo.gov.pl
To exercise their rights, the User may contact the Controller by e-mail at: kontakt@lightsenseitivity.com, specifying the scope of their request. A response will be provided no later than 30 days from receipt of the request and its justification, unless an extension of that period is justified under the GDPR.
WITHDRAWAL OF CONSENT
Where the User has granted consent for a particular action, such consent may be withdrawn at any time. Withdrawal of consent will result in, for example, the removal of the User’s e-mail address from the Controller’s mailing list and the cessation of related processing activities.
The User may withdraw consent by clicking the “unsubscribe” or similar link contained within the Newsletter, which will redirect them to a confirmation page. Consent may also be withdrawn by sending a written declaration to the Controller’s e-mail address or business address, as specified in this Privacy Policy.
Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
In certain cases, Data may not be deleted entirely and may be retained for the purpose of defending against potential claims for a period consistent with the applicable civil law provisions, or for the fulfillment of legal obligations imposed on the Controller.
Each request submitted by the User will be duly reviewed, and the Controller will provide a justified explanation for any further processing based on legal obligations.
TRANSFER OF USER DATA TO THIRD COUNTRIES
Due to the use of external service providers (e.g., Meta Platforms Ireland Limited (Facebook and affiliated entities), Google, Microsoft, etc.), the User’s Data may be transferred to the United States of America (USA) in connection with storage on U.S.-based servers (in whole or in part).
In the case of Meta Platforms and Google, the transfer of Data to the USA is based on:
a) the European Commission Decision of 10 July 2023 recognising an adequate level of protection under the EU-U.S. Data Privacy Framework, issued pursuant to Regulation (EU) 2016/679;
b) Standard Contractual Clauses (SCCs) approved by the European Commission;
c) additional safeguards implemented by service providers (e.g., encryption, anonymisation).
In all other cases, Users’ Personal Data will only be transferred to recipients that ensure the highest level of Data protection and security, including through:
a) cooperation with entities processing Personal Data in countries for which an adequacy decision has been issued by the European Commission;
b) use of Standard Contractual Clauses issued by the European Commission;
c) use of Binding Corporate Rules approved by the competent supervisory authority; or
d) where the User has expressly consented to such transfer.
Detailed information is available in the respective privacy policies of the service providers, accessible on their websites, for example:
Google Ireland Limited: https://policies.google.com/privacy?hl=pl
Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation
UAB MailerLite: https://www.mailerlite.com/legal/privacy-policy
MailerLite may store part of the Data in the United States or use U.S.-based service providers; however, the Data is primarily processed within the European Union. Similarly, other providers may store certain Data on servers located in third countries.
The Controller carefully selects tool providers with whom Data Processing Agreements can be concluded and who, as a rule, do not transfer Data to third countries. Nevertheless, it should be noted that the use of modern, dynamically evolving tools may result in the transfer (typically anonymized) of Data to third countries by their providers.
HOW LONG DOES THE CONTROLLER STORE THE USER’S DATA?
The User’s Data shall be stored by the Controller for the duration of the performance of specific services/achievement of purposes indicated in the table above, and:
a) for the duration of the provision of the service and cooperation, as well as for the period of limitation of claims in accordance with applicable law, with regard to Data provided by contractors, clients, or Users,
b) for the period of conducting conversations and negotiations preceding the conclusion of a contract or the performance of a service, with regard to the Data provided in a request for quotation,
c) for the period required by law, including tax law, with regard to personal Data associated with the fulfillment of obligations arising from applicable legal provisions,
d) until an effective objection is lodged pursuant to Article 21 of the GDPR (RODO) – with regard to personal Data processed on the basis of the Controller’s legitimate interest, including for direct marketing purposes,
e) until withdrawal of Consent or achievement of the purpose of processing or business purpose – with regard to personal Data processed on the basis of Consent. After withdrawal of Consent, the Data may still be processed for the purpose of defending against potential claims in accordance with the limitation period for such claims or for a (shorter) period indicated to the User,
f) until the Data becomes obsolete or loses its usefulness – with regard to personal Data processed mainly for analytical or statistical purposes, for the use of cookies, and for the administration of the Controller’s Websites,
g) for a maximum period of 2 years in the case of persons who unsubscribed from the Newsletter, for the purpose of defending against potential claims (e.g. information about the date of subscription and unsubscription, number of Newsletters received, actions and activity related to received messages), or after 6 months of complete inactivity by a given subscriber, e.g. failure to open any message from the Controller.
The Data storage periods indicated in years are calculated at the end of each year in which Data processing commenced. This is intended to streamline the process of Data management and processing.
Detailed periods of personal Data processing, relating to individual processing activities, are included in the Controller’s Record of Processing Activities.
LINKS TO OTHER WEBSITES
The Website may contain links to other websites. These will open in a new browser window or in the same window. The Controller shall not be responsible for the content transmitted by these websites. The User is obliged to familiarize themselves with the privacy policy or terms of use of such websites.
SOCIAL MEDIA ACTIVITY – INSTAGRAM
The Controller manages the User’s Data on the profile under the name @light.sense.itivity, available at: https://www.instagram.com/light.sense.itivity/ (hereinafter referred to as the “Profile”).
The Controller is a joint controller of Data together with the provider of the social media platform Instagram, in particular with respect to Data of persons using the Instagram Portal and the Controller’s Profile, followers of the Profile, and persons interacting with the Controller. The scope of Data is defined below and also derives from Instagram’s privacy policy.
The User’s personal Data provided on the Profile shall be processed for the purposes of administering and managing the Profile, communicating with the User, engaging in interactions, directing marketing content to the User, and building the Profile’s community.
The legal basis for such processing is the User’s Consent and the Controller’s legitimate interest in interacting with Users and Followers of the Profile. The User voluntarily decides to like/follow the Profile.
The rules applicable to the Profile are established by the Controller; however, the terms of using the Instagram social media platform derive from the regulations of Instagram (Meta Platforms).
The User may unfollow the Profile at any time. In such a case, the Controller will no longer display to the User any content originating from the Controller related to the Profile.
The Controller can view the User’s personal Data, such as name, surname, and general information that the User makes public on their profile. The processing of other personal Data is carried out by Instagram under the terms of its regulations and privacy policy.
The User’s personal Data shall be processed for as long as the Profile exists, based on the Consent expressed by liking/following the Profile or interacting (e.g., posting comments, sending messages), and for the purpose of pursuing the Controller’s legitimate interests, i.e., marketing of its own products or services, or defending against claims.
The User’s Data may be shared with other recipients, such as cooperating advertising agencies or subcontractors servicing the Controller’s Profile, IT service providers, or virtual assistants if contact occurs outside of Instagram.
The User’s Data may be transferred to the United States of America (USA) in connection with storage on American servers (in whole or in part). In the case of Meta Platforms, Data transfer to the USA takes place on the basis of:
a) the European Commission’s Decision of 10 July 2023, establishing an adequate level of Data protection under the EU-U.S. Data Privacy Framework, adopted pursuant to Regulation (EU) 2016/679;
b) Standard Contractual Clauses (SCCs) approved by the European Commission;
c) Additional safeguards applied by service providers (e.g., encryption, anonymization).
Such Data may also be subject to profiling, which helps to better personalize advertising offers directed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (RODO) that could negatively affect the User’s rights or freedoms. Other User rights are described in this Privacy Policy.
Instagram privacy policy: https://help.instagram.com/519522125107875.
SOCIAL MEDIA ACTIVITY – TIKTOK
The Controller manages the User’s Data on the profile under the name @light.sense.itivity, available at: https://www.tiktok.com/@light.sense.itivity/ (hereinafter referred to as the “Profile”).
The Controller is a joint controller of Data with the provider of the TikTok social media platform, in particular with respect to Data of persons using the TikTok Portal and the Controller’s Profile, followers of the Profile, and persons interacting with the Controller. The scope of Data is defined below and also derives from the provider’s privacy policy.
The User’s personal Data provided on the TikTok Profile shall be processed for the purposes of administering and managing the account, communicating with the User, interacting, directing marketing content to the User, and building the Profile’s community.
The legal basis for such processing is the User’s Consent and the Controller’s legitimate interest in interacting with Users and Followers on TikTok. The User voluntarily decides to like or follow the Profile.
The rules applicable to the Profile are established by the Controller; however, the rules of using the TikTok platform derive from TikTok’s regulations.
The User may unfollow the Profile at any time. In such a case, the Controller will no longer display to the User any content originating from the Controller related to the Profile.
The Controller can view the User’s personal Data, such as name, surname, and general public information. The processing of other Data is carried out by TikTok under the terms of its regulations.
TikTok and the Controller act as Joint Controllers with respect to processing activities related to the achievement of common purposes, including the use of TikTok plug-ins on the Website and the processing of Data of visitors to the Profile.
The User’s personal Data shall be processed for as long as the TikTok account exists, based on Consent expressed by liking or following the Profile or interacting (e.g., commenting, sending messages), and for the purpose of pursuing the Controller’s legitimate interests, i.e., marketing of its own products or services, or defending against claims.
The User’s Data may be shared with other recipients, such as cooperating advertising agencies or subcontractors servicing the TikTok account, IT service providers, or virtual assistants, if contact occurs outside TikTok.
The User’s other rights are described in this Privacy Policy.
The User’s Data may be transferred to third countries outside the European Economic Area in accordance with TikTok’s terms of service. TikTok applies compliance mechanisms in the form of Standard Contractual Clauses adopted by the European Commission.
Data processed via TikTok will not be profiled and will not be subject to automated decision-making within the meaning of the GDPR (RODO).
TikTok privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=pl.
SOCIAL MEDIA ACTIVITY – YOUTUBE
The Controller manages the User’s Data on the profile under the name @light.sense.itivity, available at: https://www.youtube.com/@light.sense.itivity (hereinafter referred to as the “Profile”).
The Controller is a joint controller of Data with the provider of the YouTube social media platform, in particular with respect to Data of persons using the YouTube Portal and the Controller’s Profile, followers of the Profile, and persons interacting with the Controller. The scope of Data is defined below and also derives from the provider’s privacy policy.
The User’s personal Data provided on the Profile shall be processed for the purposes of administering and managing the Profile, communicating with the User, interacting, directing marketing content to the User, and building the Profile’s community.
The legal basis for such processing is the User’s Consent and the Controller’s legitimate interest in interacting with Users and Followers of the Profile. The User voluntarily decides to like or follow the Profile.
The rules applicable to the Profile are established by the Controller; however, the terms of using the YouTube platform derive from YouTube’s (Google’s) regulations.
The User may unfollow the Profile at any time. In such a case, the Controller will no longer display to the User any content originating from the Controller related to the Profile.
The Controller can view the User’s Data, such as name, surname, and general information made public by the User. Other Data is processed by YouTube under its own terms and policies.
The User’s Data shall be processed for as long as the Profile exists, based on Consent expressed by liking/following or interacting (e.g., commenting, messaging), and for the purpose of pursuing the Controller’s legitimate interests, i.e. marketing of its own products or services, or defending against claims.
The User’s Data may be shared with recipients such as YouTube, cooperating advertising agencies, subcontractors servicing the Profile, IT providers, or virtual assistants, if contact occurs outside YouTube.
The User’s other rights are described in this Privacy Policy.
The User’s Data may be transferred to third countries in accordance with YouTube’s (Google’s) privacy policy.
Such Data may also be subject to profiling to better personalize advertising offers addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (RODO) that could negatively affect the User’s rights or freedoms.
YouTube privacy policy: https://www.youtube.com/intl/ALL_pl/howyoutubeworks/user-settings/privacy/
The Controller uses the following types of Forms on the Website:
1. Newsletter Subscription Form – requires entering one’s name and e-mail address in the designated fields. These fields are mandatory. The User must then confirm their intention to subscribe in order for their e-mail address to be added to the Controller’s subscriber database. The Data obtained in this manner is added to the mailing list for the purpose of sending the Newsletter.
Subscribing/registration means that the User agrees to this Privacy Policy and gives Consent to receive marketing and commercial information via electronic communication means, such as the provided e-mail address.
By subscribing to the Newsletter, the User also gives Consent for the Controller to use the User’s telecommunications terminal equipment (e.g., phone, tablet, computer) for the purpose of direct marketing of the Controller’s products and services, as well as presenting commercial information to the User.
The above Consents are voluntary but necessary to use the Newsletter delivery service, including to receive information about services, new blog entries, products, promotions, and discounts offered by the Controller or by third parties recommended by the Controller. The User may withdraw Consent at any time, which will result in the cessation of Newsletter delivery in accordance with the rules set out in this Privacy Policy.
The Newsletter is sent for an indefinite period, from activation until Consent is withdrawn. After withdrawal of Consent, the User’s Data may still be stored in the newsletter database for up to 2 years to demonstrate that the User gave Consent for communication via the Newsletter, to record the User’s activity (e-mail open rates), the moment of Consent withdrawal, and any related claims. This constitutes the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).
The sending of the Newsletter may be discontinued if the User shows no activity for at least 6 months from the start of the Newsletter service or from the last opened e-mail (sent Newsletter). In such a case, the Controller will delete the User’s Data from the Newsletter sending system (service provider). The User will not receive any further messages from the Controller unless they decide to subscribe again via the Newsletter Form or contact the Controller in another chosen way.
The mailing system used for sending the Newsletter records all activity and actions taken by the User related to the received e-mails (date and time of message opening, link clicks, unsubscription, etc.).
The Controller may also conduct remarketing based on Article 6(1)(f) of the GDPR (the Controller’s legitimate interest consisting in promoting and advertising services directed to Newsletter subscribers). This is done by uploading subscribers’ e-mail addresses into a marketing tool provided by Meta Platforms Ireland Limited (so-called Ads Manager). Then, an advertisement created by the Controller or authorized persons is displayed to these subscribers through the Controller’s advertising account, provided that the Newsletter subscribers are also users of the Facebook platform (i.e., have an account there).
Each time, such Data is deleted after the advertising campaign ends. In the case of another advertising campaign, an updated subscriber database is uploaded to the tool.
Detailed information about so-called Custom Audiences, data hashing rules, and the processing of such Data is available in Facebook’s privacy policy at:
https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing.
The Controller recommends that each User and subscriber review these terms.
2. Contact Form – allows the User to send a message to the Controller and communicate electronically. Personal Data such as name, surname, e-mail address, and any Data provided in the message content are processed by the Controller in accordance with this Privacy Policy for the purpose of contacting the User and with the User’s Consent.
After the communication with the User is concluded, the Data may be archived, which constitutes the Controller’s legitimate interest.
The Controller cannot determine the exact period of archiving, and therefore of message deletion. However, the maximum period shall not exceed the limitation periods for claims resulting from applicable legal provisions, unless further contact occurs with the User or processing takes place on another legal basis (e.g. until Consent is withdrawn).
§5 RULES FOR THE PROCESSING OF PERSONAL DATA BY ARTIFICIAL INTELLIGENCE SYSTEMS
Within the Website, we may use tools based on artificial intelligence (hereinafter referred to as AI Systems or AI) for data analysis, automation of customer service processes, content personalization, and improvement of the services provided. The use of AI takes place in accordance with the principles set out in the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (AI Act).
AI Systems may process Users’ personal data for the following purposes:
a) User preferences and adjusting the offer accordingly (e.g., within behavioral marketing),
b) automatic handling of User inquiries (e.g., chatbots),
c) fraud detection and prevention of irregularities in transactions,
d) statistical analysis aimed at improving services.
The processing of data by AI occurs solely to the extent necessary for the achievement of specific purposes and is based on appropriate legal grounds, such as the User’s consent (Article 6(1)(a) GDPR) or the Controller’s legitimate interest (Article 6(1)(f) GDPR).
If you have any doubts or questions regarding the areas of application of AI systems or technologies used by the Controller on the Website, please contact us. Contact details can be found at the beginning of this Policy.
TRANSPARENCY AND AUTOMATED DECISION-MAKING
When using artificial intelligence systems that automatically process Users’ personal data, we ensure full transparency of the process. We hereby inform that:
a) we do not use automated decision-making that could have a significant impact on the rights or freedoms of Users without their explicit consent,
b) in the event of profiling (e.g., for the purpose of content or marketing personalization), the User has the right to object and to obtain an explanation of the mechanism by which their data is processed.
If an AI System makes automated decisions, the User has the right to:
a) obtain explanations regarding the logic applied within the AI System,
b) object to a decision made in an automated manner,
c) request human verification of the decision.
To exercise these rights, the User may contact the Controller in any of the ways indicated in this Privacy Policy.
DATA MINIMISATION AND RETENTION PERIOD
The AI Systems we use are designed in accordance with the data minimization principle, which means that:
a) We process only the data necessary for the achievement of a specific purpose,
b) the retention period of the data is adjusted to the purpose of processing and does not exceed the time necessary for its fulfillment,
c) Upon completion of the processing, the data is anonymized or deleted, unless the User provides consent for its further processing or another legal basis for processing applies.
PERSONAL DATA PROTECTION IN AI SYSTEMS
Our AI Systems are designed in accordance with the privacy by design and privacy by default principles, which means that we implement appropriate technical and organizational measures to protect personal data at every stage of processing.
We ensure that:
a) full compliance with the GDPR and the AI Act is maintained,
b) encryption and pseudonymization mechanisms are applied where possible,
c) access to data is limited exclusively to authorized persons and entities,
d) regular compliance audits and Data Protection Impact Assessments (DPIA) are conducted in relation to AI tools.
1. Nature of Published Content
The content presented on the Website does not constitute legal, tax, financial, or other professional advice (including educational advice) and does not refer to any specific factual circumstances. If the User wishes to obtain assistance regarding a specific matter, they should contact a person authorized to provide such advice or contact the Administrator using the contact details provided herein.
The Administrator shall not be liable for any use of the content contained on the Website or for any actions or omissions taken on its basis.
2. Protection of Copyright and Related Rights
The content published on the Website, including texts, graphics, photographs, video recordings, educational materials, source code, and any other publications, is protected under the Act on Copyright and Related Rights.
The Administrator does not consent to copying, reproducing, distributing, or otherwise using such content, in whole or in part, without the Administrator’s prior express consent. Exceptions apply only in cases permitted by law, such as fair personal use or quotation within the limits set by applicable regulations.
When quoting fragments of content published on the Website, it is required to:
– indicate the author or source of the content,
– specify the full name of the Administrator,
– include an active, clickable link to the original material on the Administrator’s Website.
Any violation of the above principles may result in civil or criminal liability under applicable law. The Administrator reserves the right to pursue claims for infringement of copyright, including the right to seek appropriate compensation.
3. Text and Data Mining (TDM)
Text and data mining (TDM), understood as analysis carried out exclusively by automated techniques for analyzing text and data in digital form to generate specific information, including patterns, trends, and correlations, may be subject to restrictions on the Website and require the Administrator’s prior consent.
If the content available on the Website is used for data mining for commercial purposes, the User is obliged to obtain the Administrator’s prior consent.
Text and data mining may be permitted without the Administrator’s consent solely for scientific and research purposes, provided that such use does not infringe copyright and is not performed for the purpose of obtaining direct or indirect financial gain.
4. Administrator’s Liability as an Online Service Provider
The Administrator exercises due diligence to detect and remove user-generated content (e.g., comments, posts) that infringes third-party copyrights within the Website. This also applies to the User’s activity on social media platforms referred to in this Policy.
If a User publishes content on the Website that they do not own or for which they do not hold appropriate rights, they bear full responsibility for any infringement of law resulting therefrom.
In the event of a copyright infringement report, the Administrator may:
– remove the infringing content,
– block access to it,
– forward information regarding the infringement to competent authorities or to the copyright owner.
The User has the right to appeal against the decision regarding the removal of their content in accordance with the procedure established by the Administrator.
By commenting on and publishing content on the Administrator’s social media profiles, the User grants the Administrator a non-exclusive licence to use such content within the scope resulting from the functionality of the respective platform and for the duration of the publication of such content, until it is deleted by the User.
The Administrator may moderate, hide, or remove Users’ comments or content if such content:
violates the social media platform’s terms of service,
contains offensive, vulgar, misleading, or unlawful material,
constitutes advertising, spam, or promotes illegal activities,
infringes copyright, including by copying the Administrator’s content without consent.
Users who repeatedly violate the publication rules may be blocked and deprived of the ability to comment or interact with the Administrator’s Website.
The Administrator shall not be liable for content published by Users on social media profiles but may remove content that breaches platform rules or report violations to the platform provider.
Social media platforms (Meta, YouTube, LinkedIn) are obliged to comply with copyright protection laws and to remove content infringing the Administrator’s copyrights.
The Administrator may report such infringements to the platforms, and in the absence of action, may pursue their rights before a court or under the procedures provided in the platforms’ terms of service.
Users must comply with the social media platforms’ terms regarding copyright and must not publish content that may infringe the rights of others.
5. The content published on the Website is current as of the date of publication, unless otherwise indicated.
§7 TECHNICAL REQUIREMENTS
In order to use the Administrator’s Website, the following are required:
a) Access to the Internet and a compatible device such as a desktop computer, laptop, or other mobile device, including equipment enabling communication and completion of necessary forms within the Website (e.g., a functioning keyboard);
b) A properly configured and up-to-date web browser supporting, among other things, cookie files, such as Microsoft Edge, Opera, Mozilla Firefox, Safari, or Google Chrome, and enabling the display of websites;
c) An active and properly configured e-mail account. The Administrator recommends that the User verify whether messages sent from the Website’s domain are not directed to folders such as “spam,” “promotions,” or any folder other than “inbox.” The Administrator has no influence over this, as it depends on the User’s e-mail settings and/or the configuration of their e-mail service provider;
d) Software enabling the reading of content provided in the supported formats, such as PDF, video, MP3, or MP4.
§8 COOKIES POLICY
1 Like most websites, the Administrator’s Website uses so-called tracking technologies, i.e., cookies, which make it possible to improve the Website according to the needs of its Users.
2. The Website does not automatically collect any information other than that contained in cookies.
3. Cookies are small text files stored on the User’s device (e.g., computer, tablet, smartphone) when the User visits the Website.
4. Cookies may be first-party cookies (originating directly from the Website) or third-party cookies (originating from other websites).
5. Cookies allow for the customization of Website content to the individual needs of Users and other visitors. They also enable the creation of statistics showing how Users use and navigate the Website. This helps the Administrator improve the Website, its structure, content, and appearance.
6. Users have the right to manage their consent to cookies and other tracking technologies in accordance with the Digital Services Act (DSA) and the AI Act, if the Website uses tools based on artificial intelligence.
7. Categories of cookies used by the Administrator:
a) Necessary – required for the proper functioning of the Website.
b) Analytical – e.g., Google Analytics.
c) Marketing – e.g., Meta Pixel.
d) Personalization – adjusting content to the User’s preferences.
Details regarding cookies can be found below and in the cookie consent management tool.
8. The Administrator uses the following third-party cookies and tools within the Website:
a) Google Analytics (Statistics and Performance)
An embedded Google Analytics tracking code is used to analyze Website statistics. Google Analytics uses its own cookies to collect data about how Users interact with the Website (e.g., the page from which the User arrived). These cookies help improve the Website.
The tool is used under a contract with Google Ireland Limited, while the service is provided by Google LLC. Activities involving Google Analytics are based on the Administrator’s legitimate interest in creating and using statistics to enhance services and optimize the Website.
The Administrator does not process any User Data that would enable identification.
Users are encouraged to read more about Google Analytics, how to disable tracking, and Google’s privacy policy at:
https://support.google.com/analytics#topic=3544906
https://policies.google.com/privacy
b) Social Media Plugins (Instagram, TikTok, YouTube, Facebook)
When a User clicks a social media plugin (e.g., Facebook, Instagram, TikTok, YouTube), they are redirected to the external provider’s website and can, for example, “Like” or “Share” content.
From that moment, personal data may be processed by the social media platform (e.g., Meta/Facebook), which becomes an independent data controller. The Administrator has no control over the processing of such data.
Cookies from these platforms may also be placed on the User’s device when visiting the Website and may be linked with data collected by those platforms.
Profiles maintained by the Administrator:
Instagram: https://www.instagram.com/light.sense.itivity/
TikTok: https://www.tiktok.com/@light.sense.itivity/
YouTube: https://www.youtube.com/@light.sense.itivity
c) Google Ads (Advertising and Remarketing Tools)
The Website may use Google Ads tools to assess campaign effectiveness and for remarketing purposes, which constitutes the Administrator’s legitimate interest.
The Administrator does not collect data that would allow for personal identification of Users.
Details on Google Ads and privacy options can be found at: https://adssettings.google.com/authenticated.
d) Embedded Content from External Providers
The Administrator may embed content from third-party services such as YouTube, Vimeo, or SoundCloud.
These providers may record data about how Users interact with embedded content.
Users who do not wish this to occur should log out of their accounts on these platforms before visiting the Website or refrain from playing embedded content.
SoundCloud: Privacy Policy, Cookies Policy, Terms of Use
YouTube (Google Ireland Limited): Privacy Policy, Terms of Service
e) Affiliate Links and Partner Programs
The Website may include affiliate links to third-party products or services as a way of monetizing content, which is otherwise made available free of charge. Clicking an affiliate link does not generate any cost for the User.
If the User purchases a product through such a link, the Administrator may receive a commission.
The Website may also display ads via Google AdSense. The Administrator has no control over the content or appearance of these ads, which are determined by Google’s algorithm.
Users can modify their ad preferences via:
https://adssettings.google.com/authenticated.
f) Cookiebot (Cookie Consent Management Tool)
The Administrator’s Website uses Cookiebot to manage cookie consent.
This tool enables Users to:
a) provide consent for specific categories of cookies,
b) reject non-essential cookies,
c) modify their consent at any time.
When visiting the Website for the first time, the User is shown a cookie banner allowing them to select their preferences. These settings can later be changed via the “Cookie Settings” tab in the Website footer.
Data controller: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Privacy Policy: https://www.cookiebot.com/en/privacy-policy/
Cookiebot stores the User’s consent decision for 12 months, after which the User is asked to renew it.
Users have the right to:
a) change their cookie settings at any time,
b) file a complaint regarding Cookiebot’s data processing,
c) withdraw consent without affecting the lawfulness of processing prior to withdrawal.
Upon first visiting the Website, the User must give consent to cookies or take other available actions indicated in the notification in order to continue using the Website’s content. Continuing to use the Website is considered as giving consent. If the User does not wish to provide such consent, they should leave the Website.
The User may also, at any time, change their browser settings, disable, or delete cookies. Necessary guidance on managing cookies is available in the “Help” section of the User’s browser.
Using the Website involves sending requests to the server on which the Website is hosted.
Each request directed to the server is recorded in server logs. The logs include, among other things: the User’s IP address, the server date and time, information about the User’s web browser and operating system. Server logs are stored on the server. Server logs are used for Website administration, and their contents are not disclosed to anyone except persons or entities authorized to administer the server.
The Administrator does not use server logs to identify the User in any way.
Policy publication date: 31.10.2025
Last update date: 31.10.2025
Previous versions of the Privacy Policy: 31.10.2025
Legal notice:
This Privacy Policy was prepared by the law firm #Legalny Biznes Online (legalnybiznesonline.pl). Do not copy it, either in whole or in part, as this would violate copyright and may lead to legal claims. Obtain your own legal license by contacting the law firm or using their legal store at legalnybiznesonline.pl or legalnastrefabiznesu.pl. We operate legally because we care about our Clients, our reputation, and the highest quality of the services we provide for you! 🙂