Personal Data Processing and Protection Policy
GENERAL PROVISIONS
1.1 This Policy regarding the processing and protection of personal data (hereinafter — the “Policy”) defines the procedure for processing personal data and measures to ensure the security of personal data by Alex Glushanin (hereinafter — the “Operator”, “we”) for the purpose of protecting the rights and freedoms of individuals when processing their personal data, including the right to privacy and protection of personal data.
This Policy has been developed in accordance with:
For the purposes of this Policy, the following terms shall have the meaning set out below:
Personal Data — any information relating to an identified or identifiable natural person (“data subject”), including name, contact details, identification data, address, email address, telephone number, financial information, and any other information that may directly or indirectly identify a person.
Processing — any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, restriction, erasure or destruction.
Confidentiality of Personal Data — an obligation to prevent unauthorized disclosure or access to personal data.
Website — an information resource available on the Internet at:
https://grafix-school.com/ (including subdomains).
Cookies — small text files stored on the user’s device that enable recognition of the user and improve functionality of the Website. Cookies may be session-based or persistent.
All other terms are interpreted in accordance with Polish law, GDPR, and established legal practice within the European Union.
1.2 Purpose of the Policy
This Policy establishes the procedure for collection, recording, organization, storage, use, transfer, restriction, erasure, and destruction of personal data processed by the Operator when providing services.
1.3 Scope
This Policy applies to all online resources operated by the Operator, including:
By using the Website or purchasing services, the data subject confirms that they have read and understood this Policy and, where required by law, consent to the processing of their personal data for the purposes described herein.
1.5 Objection
If a data subject disagrees with the terms of this Policy, they must discontinue use of the Website and services.
1.6 Legal Basis for Processing
The legal basis for processing personal data includes:
2.1 Personal data is processed in accordance with GDPR and applicable Polish legislation.
2.2 Processing is carried out:
2.4 The Operator may use third-party service providers (e.g., website hosting, educational platforms, payment providers) for the purposes of providing services. Such providers process personal data under data processing agreements compliant with Article 28 GDPR.
2.5 The Operator applies appropriate technical and organizational measures to ensure data security, including:
2.7 Where required by law, personal data may be disclosed to competent Polish authorities (e.g., tax authorities, courts, regulatory bodies).
3. CATEGORIES OF PERSONAL DATA
The Operator processes personal data of:
The Operator does not process special categories of data (Article 9 GDPR) unless explicitly required and lawfully justified.
4. SECURITY OF PERSONAL DATA
The Operator implements appropriate technical and organizational measures in accordance with Article 32 GDPR.
In the event of a personal data breach, the Operator shall notify the competent supervisory authority in Poland (President of the Personal Data Protection Office – UODO) without undue delay and, where required, notify affected data subjects in accordance with Articles 33–34 GDPR.
5. RIGHTS OF DATA SUBJECTS
Data subjects have the right to:
6. LIABILITY
The Operator is liable for violations of data protection obligations in accordance with GDPR and Polish law.
7. APPLICABLE LAW
This Policy is governed by the laws of the Republic of Poland and the European Union.
8. FINAL PROVISIONS
The Operator may amend this Policy. The updated version becomes effective upon publication on the Website.
If any provision of this Policy is held invalid, the remaining provisions shall remain in full force and effect.
9. COMPANY INFORMATION
Grafix
Online Design Learning Platform
Owner:
Alex Glushanin
Legal Form:
Sole Proprietorship
Registered Address
WeWork
Grzybowska 62
00-844 Warsaw
Poland
Business Meetings & Workshop Locations
(WeWork venues – rented spaces for meetings and events)
WeWork
Kurfürstendamm 11
10719 Berlin
E-mail:
hello@grafix-school.com
Tax Identification Number:
245209678380
Social Media
LinkedIn: https://www.linkedin.com/company/grafix-education/
Instagram: https://www.instagram.com/grafix_school
1.1 This Policy regarding the processing and protection of personal data (hereinafter — the “Policy”) defines the procedure for processing personal data and measures to ensure the security of personal data by Alex Glushanin (hereinafter — the “Operator”, “we”) for the purpose of protecting the rights and freedoms of individuals when processing their personal data, including the right to privacy and protection of personal data.
This Policy has been developed in accordance with:
- the Constitution of the Republic of Poland,
- the Civil Code of the Republic of Poland,
- the Act of 18 July 2002 on the Provision of Electronic Services,
- the Act of 10 May 2018 on the Protection of Personal Data,
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR),
- and other applicable laws and regulations of the Republic of Poland and the European Union.
For the purposes of this Policy, the following terms shall have the meaning set out below:
Personal Data — any information relating to an identified or identifiable natural person (“data subject”), including name, contact details, identification data, address, email address, telephone number, financial information, and any other information that may directly or indirectly identify a person.
Processing — any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, restriction, erasure or destruction.
Confidentiality of Personal Data — an obligation to prevent unauthorized disclosure or access to personal data.
Website — an information resource available on the Internet at:
https://grafix-school.com/ (including subdomains).
Cookies — small text files stored on the user’s device that enable recognition of the user and improve functionality of the Website. Cookies may be session-based or persistent.
All other terms are interpreted in accordance with Polish law, GDPR, and established legal practice within the European Union.
1.2 Purpose of the Policy
This Policy establishes the procedure for collection, recording, organization, storage, use, transfer, restriction, erasure, and destruction of personal data processed by the Operator when providing services.
1.3 Scope
This Policy applies to all online resources operated by the Operator, including:
- websites,
- social media accounts,
- messaging platforms (Telegram, WhatsApp, Instagram, etc.),
- and any other digital platforms referencing this Policy.
By using the Website or purchasing services, the data subject confirms that they have read and understood this Policy and, where required by law, consent to the processing of their personal data for the purposes described herein.
1.5 Objection
If a data subject disagrees with the terms of this Policy, they must discontinue use of the Website and services.
1.6 Legal Basis for Processing
The legal basis for processing personal data includes:
- Article 6(1)(a) GDPR — consent of the data subject;
- Article 6(1)(b) GDPR — performance of a contract;
- Article 6(1)(c) GDPR — compliance with legal obligations;
- Article 6(1)(f) GDPR — legitimate interests of the Operator;
- Polish national legislation, including the Act of 10 May 2018 on the Protection of Personal Data.
- public offer published on the Website;
- concluded civil law contracts;
- explicit consent given by the data subject.
2.1 Personal data is processed in accordance with GDPR and applicable Polish legislation.
2.2 Processing is carried out:
- on the basis of consent,
- for performance of a contract,
- to comply with legal obligations,
- or on the basis of legitimate interests.
2.4 The Operator may use third-party service providers (e.g., website hosting, educational platforms, payment providers) for the purposes of providing services. Such providers process personal data under data processing agreements compliant with Article 28 GDPR.
2.5 The Operator applies appropriate technical and organizational measures to ensure data security, including:
- restricted access control,
- internal confidentiality policies,
- data encryption where applicable,
- employee awareness measures,
- secure hosting solutions.
2.7 Where required by law, personal data may be disclosed to competent Polish authorities (e.g., tax authorities, courts, regulatory bodies).
3. CATEGORIES OF PERSONAL DATA
The Operator processes personal data of:
- Clients (individual customers),
- Users of the Website,
- Contractors (individual service providers).
- full name,
- contact details (email, phone number),
- billing information,
- IP address,
- cookie data,
- contractual and transactional data.
The Operator does not process special categories of data (Article 9 GDPR) unless explicitly required and lawfully justified.
4. SECURITY OF PERSONAL DATA
The Operator implements appropriate technical and organizational measures in accordance with Article 32 GDPR.
In the event of a personal data breach, the Operator shall notify the competent supervisory authority in Poland (President of the Personal Data Protection Office – UODO) without undue delay and, where required, notify affected data subjects in accordance with Articles 33–34 GDPR.
5. RIGHTS OF DATA SUBJECTS
Data subjects have the right to:
- access their personal data (Art. 15 GDPR),
- rectification (Art. 16 GDPR),
- erasure (“right to be forgotten”, Art. 17 GDPR),
- restriction of processing (Art. 18 GDPR),
- data portability (Art. 20 GDPR),
- object to processing (Art. 21 GDPR),
- withdraw consent at any time,
- lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland.
6. LIABILITY
The Operator is liable for violations of data protection obligations in accordance with GDPR and Polish law.
7. APPLICABLE LAW
This Policy is governed by the laws of the Republic of Poland and the European Union.
8. FINAL PROVISIONS
The Operator may amend this Policy. The updated version becomes effective upon publication on the Website.
If any provision of this Policy is held invalid, the remaining provisions shall remain in full force and effect.
9. COMPANY INFORMATION
Grafix
Online Design Learning Platform
Owner:
Alex Glushanin
Legal Form:
Sole Proprietorship
Registered Address
WeWork
Grzybowska 62
00-844 Warsaw
Poland
Business Meetings & Workshop Locations
(WeWork venues – rented spaces for meetings and events)
WeWork
Kurfürstendamm 11
10719 Berlin
E-mail:
hello@grafix-school.com
Tax Identification Number:
245209678380
Social Media
LinkedIn: https://www.linkedin.com/company/grafix-education/
Instagram: https://www.instagram.com/grafix_school
Alex Glushanin processes cookies in accordance with the Privacy Policy, including the transfer of data specified in the policy to third parties. By clicking the “Agree” button, you consent to the use of cookies. You can disable cookie processing in your browser settings.