Script Spell Limited

Privacy Policy

Due to the need to fulfill the information obligation in accordance with Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we would like to inform you that : :

    1. General Information on Personal Data Protection

  • This policy applies to the website operating at the following url address:
  • The website operator and personal data administrator is SCRIPT SPELL LIMITED
  • E-mail contact address of the operator:
  • The Operator is the Administrator of your personal data in relation to data provided voluntarily on the Website.
  • The website uses personal data for the following purposes: maintaining a newsletter, conducting online chats, handling inquiries via the form
  • The website performs the function of obtaining information about users and their behavior through data voluntarily entered in forms, which are entered into the Operator's systems, by saving cookies on end devices (so-called "cookies")
  • The Administrator has appointed a Data Protection Inspector who supervises the correct processing of personal data.
  • The Administrator and the Data Protection Officer designated by him can be contacted by sending a postal letter to the Administrator's registered office address given above or via contact form.

    2. Selected Data Protection Methods

  • Places for logging in and entering personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login details entered on the website are encrypted on the user's computer and can only be read on the target server.
  • Personal data stored in the database are encrypted in such a way that only the Operator who has the key can read them. Thanks to this, the data is protected in case the database is stolen from the server.
  • User passwords are stored in hashed form. The hash function works in one direction - it is impossible to reverse its operation, which is currently the modern standard for storing user passwords.
  • The website uses two-factor authentication, which is an additional form of protection for logging in to the website.
  • The operator periodically changes its administrative passwords.
  • In order to protect data, the Operator regularly makes backup copies.
  • An important element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of programming components.

    3. Hosting

  • The website is hosted (technically maintained) on the operator's servers

    4. Your Rights

  • In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill the obligations imposed on the Administrator. This applies to such groups of recipients as authorized employees and collaborators who use data to achieve the purpose of the website
  • Your personal data processed by the Administrator no longer than is necessary to perform related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will not be processed for longer than 3 years.
  • You have the right to request from the Administrator access to your personal data, rectification, deletion, limitation of processing and transfer of data.
  • You have the right to object to the processing indicated in point 3.3 c) to the processing of personal data for the purposes of legitimate interests pursued by the Administrator, including profiling, but the right to object will not be possible in the event of legally valid legitimate grounds for processing, interests, rights and freedoms that override you, in particular the establishment, exercise or defense of claims.
  • A complaint may be lodged against the Administrator's actions to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa.
  • Providing personal data is voluntary, but necessary to operate the Website.
  • Activities involving automated decision-making may be undertaken in relation to you, including profiling, in order to provide services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.
  • Personal data is not transferred from third countries within the meaning of personal data protection regulations. This means that we do not send them outside the European Union.

    5. Information in Forms

  • The website collects information provided voluntarily by the user, including personal data, if provided.
  • The website may save information about connection parameters (time stamp, IP address).
  • In some cases, the website may save information that makes it easier to link the data in the form with the e-mail address of the user completing the form. In this case, the user's email address appears inside the URL of the page containing the form.
  • The data provided in the form is processed for the purpose resulting from the function of a specific form, e.g. in order to process a service request or a commercial contact, register services, etc. Each time, the context and description of the form clearly inform what it is used for.

    6. Administrator Logs

  • Information on user behavior on the website may be subject to logging. This data is used to administer the website.

    7. Important Marketing Techniques

  • The Operator uses statistical analysis of website traffic via Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to the operator of this service, only anonymized information. The service is based on the use of cookies on the user's end device. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool:
  • The Operator uses remarketing techniques that allow advertising messages to be matched to the user's behavior on the website, which may give the illusion that the user's personal data are used to track him, but in practice, no personal data is transferred from the Operator to advertising operators. The technological condition for such activities is that cookies are enabled.
  • The operator uses the Facebook pixel. This technology allows Facebook (Facebook Inc. based in the USA) to know that a given person registered there uses the Website. In this case, it is based on data for which it is itself the administrator; the Operator does not provide any additional personal data to Facebook. The service is based on the use of cookies on the user's end device.
  • The operator uses a solution that examines user behavior by creating heat maps and recording behavior on the website. This information is anonymized before it is sent to the service operator so that it does not know which natural person it relates to. In particular, entered passwords and other personal data are not recorded.
  • The Operator uses a solution that automates the operation of the Website for users, e.g., which can send an e-mail to the user after visiting a specific subpage, provided that the user has agreed to receive commercial correspondence from the Operator.

    8. Final Information

  • Personal data processed by the Administrator may be made available to third parties cooperating with him, based in Poland, in European Union member states and in third countries not belonging to the European Economic Area.
  • The operator will store this data in its files and process it for the period necessary to provide services
  • The Operator may make automated decisions based on the processed personal data, including profiling referred to in Art. 22 section 1 and 4 GDPR.
  • All natural persons whose data the Operator processes in its files have the right to request from the Administrator access to this data, rectification, deletion or limitation of processing, to object to the processing, as well as the right to transfer the data to another administrator.
  • To exercise these rights, please contact the Administrator or the Data Protection Inspector designated by him in the manner indicated in point 1.
  • In the event of a violation of applicable provisions regarding the processing of personal data, persons whose data the Operator processes in its files have the right to lodge a complaint with the supervisory authority.
  • The Operator makes every effort to provide all physical, technical and organizational measures to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable regulations.