§1 Identity of the data controller
The administrator of personal data provided when using the Website’s services under the name Tiny Sleepyhead (www.tinysleepyhead.com) is Tiny Sleepyhead with its registered office at: Pijnackerstraat 22-2 1072 JT, Amsterdam (The Netherlands).
The data is processed in accordance with the applicable law; i.e. Regulation of the European Parliament and of the Council of the EU 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter: GDPR), the Act of on May 10, 2018 on data protection, as well as the Act of July 18, 2002 on the provision of electronic services.
§2 Definitions used
The following definitions apply in this policy:
Website – the website available at www.tinysleepyhead.com through which the user can: view its content (blog), contact the data administrator (contact form), order commercial and marketing information (newsletter), arrange a consultation or visit (online registration).
The administrator of personal data – the entity that decides about the purpose and means of data processing, in this policy means: Tiny Sleepyhead based in: Pijnackerstraat 22-2 1072 JT, Amsterdam (Netherlands).
User – a natural person to whom the data relate and who uses the services available on the Website.
Cookies – small files that are downloaded and stored on a computer or other device of the user, associated with information on how to use the website.
Personal data – any information that can lead to the identification of a natural person, including their identification, address and contact details, without excessive time and cost.
§3 Purposes of data processing
The personal data administrator processes personal data for the following purposes:
performance of a contract to which the data subject is a party or to take action at the request of the data subject, i.e. to discuss a consultation or visit,
nswering the question asked via the contact form or via contact details available on the Website,
marketing of own products and services of the data administrator by traditional means,
sending commercial and marketing information of the data administrator to the e-mail address provided by the user when subscribing to the newsletter, with the consent of the data subject,
asserting rights and claims by the data administrator or the data subject.
Providing data is necessary to complete the order, perform the contract, and provide a response. Providing other data is voluntary. Failure to provide the required data prevents the performance of services, including ordering and contacting, as well as sending the newsletter.
§4 Methods of obtaining data
The user’s personal data is collected directly from the data subjects, i.e. by:
filling out the form with contact details when submitting a question via the form on the website,
completing the subscription form for the newsletter,
direct contact with the data administrator using the contact details available on the website or in traditional form at the place of business.
§5 The scope of processed data
The scope of processed personal data has been limited to the minimum necessary to provide services in the field of:
submitting a question via the contact form or by using contact details available on the website: e-mail address, telephone number, name, any other data provided voluntarily by the data subject,
subscribing to the newsletter: e-mail address.
§6 Data processing period
Personal data is processed for the period necessary to achieve the purpose for which they were collected, i.e.:
for the duration of the concluded contract,
for the period necessary to document the contract or service performed, including the invoice or invoice – the data is stored for 7 years from the end of the calendar year in which the tax payment deadline expired,
for the period necessary to answer the question asked by the contact form or by phone,
until the consent is withdrawn, if the data processing is based on the consent of the data subject.
§7 Data recipients
User’s personal data may be entrusted to other entities to perform services at the request of the data administrator, in particular entities in the field of:
ervice and maintenance of IT systems in which data is processed, including for the purpose of newsletter automation, etc.,
The user’s personal data may also be made available to entities supporting the data administrator.
The user’s personal data is not transferred to third countries outside the European Union or international organizations.
§8 Rights of data subjects
The data subject is entitled to:
the right to access and rectify data content,
the right to delete data, unless other law applies, which oblige the data administrator to archive data for a specified period of time,
the right to transfer data, provided that the basis for data processing is the contract or consent of the data subject, and the data is processed automatically,
the right to object to the processing of data for direct marketing purposes carried out by the data controller within the legitimate legal interest, as well as to limit processing,
the right not to be automatically profiled if the data controller would make decisions based solely on automatic profiling and having legal effects on the data subject or similarly affected him,
the right to control data processing and information about who is the data administrator, as well as to obtain information about the purpose, scope and method of data processing, content of this data, data source, as well as the method of sharing, including recipients or categories of data recipients,
the right to withdraw consent at any time, if the basis for data processing was the consent of the data subject. The withdrawal of consent does not affect the lawfulness of the processing carried out on its basis, before its withdrawal,
the right to lodge a complaint to the President of the Office for Personal Data Protection (PUODO) if the person considers that the processing of his data is incompatible with the current provisions in this respect.
In order to exercise the right to data control, access to data content, correct it, as well as other rights, please contact the data administrator.
§9 Cookies policy
Cookies can be temporary, i.e. they are deleted when the browser is closed or permanent. Permanent cookies are also stored after using the Website and are used to remember the settings selected by the user.
The data contained in cookies are not combined with personal data provided by the user.
adapt the content of the Website pages to the user’s individual preferences and optimize the use of websites (display tailored to the needs),
making analyzes and statistics that will provide information on how the Website user uses the Website pages, which allows improving their structure and content,
maintaining the user’s session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage if he registers on the Website,
for the purposes of statistical analysis and assessment of the global traffic of Website users.
In order to analyze the traffic on the Website, traffic sources, and optimize Website marketing activities, the Website has been installed:
The Facebook pixel, which allows you to collect information about the user’s use of the Website and directing dedicated ads to him on this social network,
Google Analytics, which allows you to analyze the user’s traffic on the Website and its subpages.
The user may at any time delete and / or disable cookies in the web browser used when browsing the Website.
Deleting or disabling Website cookies may cause difficulties or limited functionality of some parts of the website (applies to functional cookies).
The user may at any time change the settings for cookies in the web browser settings (“help” option), which he uses to browse the Website.
Cookie settings can be changed in such a way as to block the automatic handling of cookies in the web browser settings or to inform about them every time they are placed on the user’s device.
§10 Final provisions