Privacy Policy

The following Privacy Policy sets forth the rules governing the storage and access to data on Users’ Devices utilizing the Service for the purpose of providing electronic services by the Administrator. It also defines the principles for collecting and processing Users’ personal data, which they voluntarily and personally provide via tools available on the Service.

§1 Definitions

Service – The website “khyenkong.pl” operating under the address https://khyenkong.pl.

External Service – Websites of partners, service providers, or service recipients collaborating with the Administrator.

Data Administrator – The Data Administrator (hereinafter referred to as the “Administrator”) is the organization “Khyenkong Karma Kagyu Poland”, registered at Mozarta 3/311, 02-736 Warsaw, REGON: 540064312, NIP: 5214093711. Registered under number 1211 in the association register of Warsaw. Contact: tel. 666 359 308, e-mail: kontakt@khyenkong.pl.

User – A natural person to whom the Administrator provides electronic services via the Service.

Device – An electronic device, including software, through which the User accesses the Service.

Cookies – Text data files stored on the User’s Device.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data – Information about an identified or identifiable natural person (“data subject”). An identifiable person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing – Any operation or set of operations performed on personal data or sets of personal data, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction.

Restriction of Processing – The marking of stored personal data to limit its future processing.

Profiling – Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that person.

Consent – Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or clear affirmative action, signify agreement to the processing of personal data relating to them.

Personal Data Breach – A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Pseudonymization – The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures preventing its attribution to an identified or identifiable natural person.

Anonymization – An irreversible process of transforming data that removes or replaces “personal data” so that it is no longer possible to identify or associate a particular record with a specific user or individual.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. Matters related to data processing, including personal data, should be directed to the Administrator.

§3 Types of Cookies

Internal Cookies – Cookies placed and read from the User’s Device by the Service’s telecommunication system.

External Cookies – Cookies placed and read from the User’s Device by external service providers’ systems whose scripts and services are embedded within the Service.

Session Cookies – Cookies stored and read from the User’s Device by the Service during a single session. These cookies are deleted upon ending the session.

Persistent Cookies – Cookies stored and read from the User’s Device by the Service until manually deleted. These are not automatically deleted unless the User’s browser settings are configured to do so.

§4 Data Storage Security

The mechanisms for storing and reading cookies are handled through browser-based features that do not allow for the collection of other data from the User’s Device or other websites visited by the User, including personal and confidential information.

The Administrator’s internal cookies do not contain scripts, content, or information that may threaten the User’s Device or data security.

The Administrator undertakes all reasonable efforts to verify and select trusted partners for the external services embedded in the Service. However, the Administrator does not have full control over the content of cookies from third-party services and, as such, is not responsible for them as permitted by law.

Cookie Control:

Risks on the User’s Side – The Administrator uses all possible technical measures to ensure the security of data stored in cookies. However, it should be noted that the security of this data depends on both parties, including the activities of the User. The Administrator is not responsible for the interception of this data, session hijacking, or its deletion, due to the intentional or unintentional actions of the User, viruses, Trojan horses, or other spyware that may have infected the User’s Device. To protect against these threats, Users should follow recommendations for safe internet usage: https://nety.pl/cyberbezpieczenstwo/.

Storage of Personal Data – The Administrator ensures that all efforts are made to protect personal data voluntarily provided by Users, ensuring that access to this data is restricted and used in accordance with its purpose and processing goals. The Administrator also ensures that all necessary measures are taken to protect the stored data from loss, including appropriate physical and organizational security measures.

§5 Purposes of Cookies Usage

Marketing and remarketing activities on external services.

Advertising services.

Affiliate services.

Statistical analysis (user counts, visit counts, device types, etc.).

Multimedia content services.

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for the following purposes:

  • Providing electronic services such as content availability.
  • Administrator’s communication with Users regarding the Service and data protection.
  • Ensuring the legitimate interests of the Administrator.

Anonymized and automatically collected user data is processed for:

  • Statistical analysis.
  • Remarketing purposes.
  • Personalized advertising.
  • Affiliate program management.
  • Ensuring the Administrator’s legitimate interests.

§7 Cookies of External Services

The Administrator uses JavaScript scripts and web components from partners on the Service, who may place their own cookies on the User’s Device. Remember, you can decide in your browser settings which cookies can be used by individual websites. Below is a list of partners or their services integrated into the Service, which may place cookies:

Multimedia Services:
YouTube

Social/Integrated Services:
(Registration, Login, content sharing, communication, etc.):
Facebook
LinkedIn
Instagram

Content Sharing Services:
Instagram
Pinterest

Statistics Management:
Google Analytics

Services provided by third parties are outside the Administrator’s control. These entities may change their service terms, privacy policies, data processing purposes, and methods of using cookies at any time.

§8 Types of Collected Data

The Service collects data about Users. Some of the data is collected automatically and anonymously, while some data consists of personal information voluntarily provided by Users when registering for specific services offered by the Service.

Automatically collected anonymous data:

  • IP address.
  • Browser type.
  • Screen resolution.
  • Approximate location.
  • Opened subpages of the Service.
  • Time spent on a specific subpage of the Service.
  • Operating system type.
  • Address of the previous subpage.
  • Referring page address.
  • Browser language.
  • Internet connection speed.
  • Internet Service Provider.

Data collected during registration:

  • First name / last name / pseudonym.
  • Email address.
  • Phone number.
  • IP address (collected automatically).

Some of the data (without identifying information) may be stored in cookies. Some data (without identifying information) may be passed to the statistical service provider.

§9 Access to Personal Data by Third Parties

As a general rule, the only recipient of personal data provided by Users is the Administrator. The data collected as part of the provided services is not transferred or sold to third parties.

Access to data (most often based on a data processing agreement) may be granted to entities responsible for maintaining infrastructure and services necessary to run the Service, such as:

  • Hosting companies providing hosting or related services to the Administrator.

The Administrator uses the services of an external hosting provider, VPS, or Dedicated Servers. All data collected and processed on the Service is stored and processed within the provider’s infrastructure. There may be access to this data during maintenance work conducted by the service provider’s personnel. Access to this data is regulated by the agreement between the Administrator and the Service Provider.

§10 Methods of Processing Personal Data

Personal data voluntarily provided by Users:

  • Personal data will not be transferred outside the European Union, unless published due to the individual actions of the User (e.g., submitting a comment or post), making the data available to anyone visiting the Service.
  • Personal data will not be used for automated decision-making (profiling).
  • Personal data will not be sold to third parties.

Automatically collected anonymous data (without personal data):

  • Anonymous data (without personal data) may be transferred outside the European Union.
  • Anonymous data (without personal data) will not be used for automated decision-making (profiling).
  • Anonymous data (without personal data) will not be sold to third parties.

§11 Legal Basis for Processing Personal Data

The Service collects and processes User data based on:

  • Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • Article 6(1)(a) – the data subject has consented to the processing of their personal data for one or more specific purposes.
    • Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
    • Article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator or a third party.
  • Act of May 10, 2018, on the Protection of Personal Data (Journal of Laws 2018, item 1000)
  • Act of July 16, 2004, Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
  • Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Data Retention Period

Personal data voluntarily provided by Users:

As a rule, the specified personal data is stored only for the duration of the Service provided by the Administrator. The data is deleted or anonymized within 30 days of the service completion.

An exception applies if there is a need to secure legally justified goals for further processing by the Administrator. In such cases, the Administrator will store the data for no longer than 3 years from the request for deletion in the case of violation or suspected violation of the Service’s regulations by the User.

Automatically collected anonymous data (without personal data):

  • Anonymous statistical data, which is not personal data, is stored by the Administrator to maintain the Service’s statistics for an indefinite period.

§13 Users’ Rights Related to Personal Data Processing

The Service collects and processes User data based on:

  • Right of Access to Personal Data: Users have the right to access their personal data upon request submitted to the Administrator.
  • Right to Rectification: Users have the right to request the Administrator to promptly rectify any inaccurate personal data or supplement incomplete personal data.
  • Right to Erasure of Personal Data: Users have the right to request the Administrator to promptly erase their personal data. In the case of user accounts, data erasure involves anonymizing data that can identify the User. The Administrator reserves the right to suspend the execution of the erasure request to protect the legitimate interest of the Administrator (e.g., if the User has violated the Terms of Service or data was obtained through correspondence).
  • Right to Restriction of Personal Data Processing: Users have the right to restrict the processing of their personal data in cases specified in Article 18 of the GDPR, such as disputing the accuracy of personal data.
  • Right to Data Portability: Users have the right to receive their personal data from the Administrator in a structured, commonly used, and machine-readable format, upon request submitted to the Administrator.
  • Right to Object: Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR.
  • Right to Lodge a Complaint: Users have the right to file a complaint with the supervisory authority responsible for personal data protection.

§14 Contact with the Administrator

You can contact the Administrator in one of the following ways:

  • Postal address – Stowarzyszenie zwykłe Khyenkong Karma Kagyu Poland, located in Warsaw, ul. Mozarta 3/311, 02-736.
  • Email address – kontakt@khyenkong.pl.
  • Phone – 666 359 308.

§15 Service Requirements

Limiting the recording and access to cookies on the User’s device may cause some functions of the Service to not work properly.

The Administrator is not responsible for any malfunctioning of the Service if the User restricts in any way the ability to save and read cookies.

§16 External Links

The Service – in articles, posts, entries, or comments by Users – may contain links to external websites, with which the Service Owner does not cooperate. These links, as well as the pages or files they point to, may be dangerous for your device or pose a threat to the security of your data. The Administrator is not responsible for the content outside of the Service.

§17 Changes to the Privacy Policy

The Administrator reserves the right to change this Privacy Policy at any time without the obligation to inform Users regarding the use and application of anonymous data or the use of cookies.

The Administrator reserves the right to make changes to this Privacy Policy regarding the processing of Personal Data, and will inform Users with user accounts or those subscribed to the newsletter service via email within 7 days of any changes. Continued use of the services means acceptance of the changes made to the Privacy Policy. If a User disagrees with the changes, they must delete their account from the Service or unsubscribe from the Newsletter service.

The changes made to the Privacy Policy will be published on this subpage of the Service.

The changes take effect immediately upon publication.

This service uses cookies.

The Service uses cookies, among other things, to improve accessibility, personalization, user account management, and to collect data related to website traffic. Everyone can decide whether to allow cookies by adjusting their browser settings. For more information, please refer to the Privacy Policy and the GDPR information obligations.

Check our Privacy Policy to learn how we process your data. You can request changes or deletion of your data at any time.

Scroll to Top