This Privacy Policy outlines the principles of processing information about you, including personal data and cookies.

1. General information

1. This policy applies to the website operating under the URL: https://sternet.pl.
2. The operator of the website and the Data Controller is: STERNET Sp. z o.o., Chemiczna 110, 33-101 Tarnów.
3. Email contact address for the operator: [email protected].
4. The operator is the administrator of your personal data concerning the data voluntarily provided on the website.
5. The website uses personal data for the following purposes:
   1. Managing the newsletter,
   2. Conducting online chat conversations,
   3. Handling inquiries via the form,
   4. Presenting offers or information.
6. The website acquires information about users and their behavior in the following ways:
   1. Through data voluntarily entered into forms, which are then entered into the operator’s systems,
   2. By saving cookies on end-user devices.

2. Selected data protection methods used by the operator

1. Login and personal data entry points are protected at the transmission layer (SSL certificate). This ensures that personal data and login details entered on the site are encrypted and readable only on the target server.
2. User passwords are stored in hashed form, making it impossible to reverse the hashing process. This adheres to contemporary standards for storing user passwords.
3. Administrative passwords are periodically changed by the operator.
4. Regular backups are performed for data protection.
5. Software used to process personal data is regularly updated, including its components.

3. Hosting

1. The website is hosted on servers operated by nazwa.pl.
2. The hosting company ensures technical reliability by maintaining logs at the server level. These logs may include:
   1. URL identifiers (addresses of requested resources such as pages or files),
   2. Time of the request,
   3. Time of the server’s response,
   4. Client station name (identified via the HTTP protocol),
   5. Information about errors during HTTP transactions,
   6. Referrer URL (the page visited prior to navigating to the website),
   7. Browser details,
   8. IP address information,
   9. Diagnostic information related to service ordering processes via forms on the site,
   10. Email communication logs involving the operator.

4. Your rights and additional information on data usage

1. In certain situations, the administrator has the right to transfer your personal data to other recipients if necessary to fulfill a contract or legal obligation. This includes:
   1. Postal service providers,
   2. Online chat solution providers,
   3. Authorized employees and collaborators using data to perform website functions,
   4. Companies providing marketing services for the administrator.
2. Personal data will not be processed longer than necessary for tasks outlined in specific legal provisions (e.g., accounting regulations). Marketing data will not be processed for more than three years.
3. You have the right to:
   1. Access your personal data,
   2. Rectify it,
   3. Delete it,
   4. Restrict processing,
   5. Transfer data.
4. You can object to processing for purposes outlined in section 3.2, particularly for legally justified interests pursued by the administrator, including profiling. However, objections may not be upheld if there are overriding legally justified grounds for processing, especially for claims establishment, pursuit, or defense.
5. Complaints can be submitted to the President of the Personal Data Protection Office at ul. Stawki 2, 00-193 Warsaw, Poland.
6. Providing personal data is voluntary but necessary to use the website.
7. Automated decision-making, including profiling, may be applied for service provision or direct marketing by the administrator.
8. Data may be transferred to third countries outside the EU in accordance with data protection regulations.

5. Information in forms

1. The website collects information voluntarily provided by users, including personal data.
2. The website may log connection details (time and IP address).
3. In some cases, data in forms may be linked to the user’s email address, which appears in the URL of the page containing the form.
4. Data entered in forms is processed for purposes related to the form’s specific function, such as handling service requests or registering services.

6. Administrator logs

1. User behavior on the website may be logged for administrative purposes.

7. Essential marketing techniques

1. The operator uses statistical analysis of website traffic through Google Analytics (Google Inc., based in the USA). The operator does not provide personal data to the service provider, only anonymized information. The service is based on the use of cookies stored on the user’s end device. Regarding information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool available at: https://www.google.com/ads/preferences/.
2. The operator uses remarketing techniques to tailor advertising messages to the user’s behavior on the website, which may give the impression that the user’s personal data is being used for tracking. However, in practice, no personal data is transferred from the operator to advertising providers. The technical prerequisite for such actions is the enabled use of cookies.
3. The operator uses the Facebook Pixel. This technology allows Facebook (Facebook Inc., based in the USA) to know that a registered user of its platform is using the website. In this case, the data used is managed by Facebook itself as its administrator, and the operator does not provide any additional personal data to Facebook. The service is based on the use of cookies stored on the user’s end device.
4. The operator uses a solution that analyzes user behavior by creating heatmaps and recording on-site behavior. This information is anonymized before being transmitted to the service provider, ensuring that it cannot be associated with any specific individual. In particular, entered passwords and other personal data are not recorded.
5. The operator uses a solution that automates the website’s functionality for users, such as sending an email to a user after visiting a specific subpage, provided the user has consented to receive commercial correspondence from the operator.

8. Cookie policy

1. The website uses cookies.
2. Cookies are IT data, specifically text files, that are stored on the end device of the Website User and are intended for use on the Website’s pages. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.
3. The entity placing cookies on the Website User’s end device and accessing them is the Website operator.
4. Cookies are used for the following purposes:
   1. Maintaining the Website User’s session (after logging in), so the user does not have to re-enter their login and password on every subpage of the Website,
   2. Fulfilling the purposes outlined above in the “Essential Marketing Techniques” section.
5. The Website uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the User’s end device until they log out, leave the website, or close the software (web browser). “Persistent” cookies are stored on the User’s end device for the duration specified in the cookie parameters or until they are deleted by the User.
6. Web browsing software (web browser) typically allows cookies to be stored on the User’s end device by default. Users of the Website can change these settings. The web browser allows for the deletion of cookies, and it is also possible to automatically block cookies. Detailed information on this can be found in the help section or documentation of the web browser.
7. Restrictions on the use of cookies may affect some functionalities available on the Website’s pages.
8. Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website operator, particularly companies such as Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter (Twitter Inc., based in the USA).

9. Managing Cookies – How to provide and withdraw consent in practice

1. If a user does not wish to receive cookies, they can change their browser settings. Please note that disabling cookies necessary for authentication processes, security, or user preference maintenance may make it difficult or, in extreme cases, impossible to use the website.
2. To manage cookie settings, select your browser from the list below and follow the instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera
3. Mobile devices:
   • Android
   • Safari (iOS)
   • Windows Phone