Privacy policy

[stripe_subscription_checkout]

[csi_create_stripe_subscription]

The versions of legal agreements and terms and conditions prepared in Polish constitute the only current and binding versions of these documents. All translations of these documents are intended to facilitate users’ understanding and familiarity with the English version. Translated documents are not legally binding and do not replace the Polish versions. In the event of any misunderstandings or disputes, the agreements and terms and conditions drafted in Polish shall be considered binding.

The Polish version of the Privacy Policy is available at: https://brightcrafter.com/polityka-prywatnosci/

TABLE OF CONTENTS:

GENERAL PROVISIONS

BASIS FOR DATA PROCESSING

PURPOSE, LEGAL BASIS, AND DATA PROCESSING PERIOD IN THE ONLINE STORE

DATA RECIPIENTS IN THE ONLINE STORE

PROFILING IN THE ONLINE STORE

RIGHTS OF DATA SUBJECTS

COOKIES AND ANALYTICS IN THE ONLINE STORE

FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This Privacy Policy of the Online Store and its Chrome extension called ,,BrightCrafter” is informational in nature, meaning that it does not impose obligations on Service Recipients or Customers of the Online Store. The Privacy Policy primarily outlines the principles for processing personal data by the Data Controller in the Online Store (and its Chrome extension), including the basis, purposes, and duration of personal data processing, as well as the rights of data subjects. It also provides information on the use of Cookies and analytical tools in the Online Store.

1.2. The Data Controller for personal data collected via the Online Store is WebWiseAI Tomasz Ścierski, NIP: 6463009555, REGON: 527437312. Correspondence address: Stokrotek 22, 43-100 Tychy. Email: tomsci12@gmail.com, phone number: (+48) 726 625 839 – hereinafter referred to as the “Controller,” who is also the Service Provider of the Online Store and the Seller.

1.3. Personal data in the Online Store is processed by the Controller in compliance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to hereinafter as “GDPR” or the “GDPR Regulation.” Official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.

1.4. Use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by a Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions:

Contract conclusion with the Controller – Failure to provide, in the cases and scope specified on the Online Store’s website and in the Online Store Terms and Conditions and this Privacy Policy, the personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services with the Controller will result in the inability to conclude such an agreement. Providing personal data in this case is a contractual requirement, and if the data subject wishes to enter into the agreement, they must provide the required data. The scope of required data is specified on the Online Store’s website and in its Terms and Conditions.

Controller’s legal obligations – Providing personal data is a statutory requirement arising from generally applicable laws imposing an obligation on the Controller to process personal data (e.g., processing data for bookkeeping purposes), and failure to provide such data will prevent the Controller from fulfilling these obligations.

1.5. The Controller takes special care to protect the interests of data subjects whose personal data is processed, and in particular ensures that the data collected is:

Processed lawfully;

Collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes;

Factually correct and adequate in relation to the purposes for which it is processed;

Stored in a form that permits identification of data subjects for no longer than necessary to achieve the purpose of processing; and

Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure that processing is performed in compliance with the GDPR and can demonstrate such compliance. These measures are reviewed and updated as necessary. The Controller employs technical measures to prevent the acquisition and modification of personal data transmitted electronically by unauthorized persons.

1.7. All words, expressions, and acronyms appearing in this Privacy Policy and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definitions provided in the Terms and Conditions of the Online Store available on the Online Store’s website.

2. BASIS FOR DATA PROCESSING

2.1. The Controller is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met:

The data subject has given their consent to the processing of their personal data for one or more specific purposes;

The processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract;

The processing is necessary for compliance with a legal obligation to which the Controller is subject; or

The processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

2.2. The processing of personal data by the Controller always requires the existence of at least one of the legal bases specified in section 2.1 of this Privacy Policy. The specific legal bases for the processing of personal data of Service Recipients and Customers of the Online Store by the Controller are detailed in the subsequent section of the Privacy Policy, in relation to the specific purposes of processing personal data by the Controller.

3. PURPOSE, LEGAL BASIS, AND DATA PROCESSING PERIOD IN THE ONLINE STORE

3.1. The purpose, legal basis, processing period, and recipients of personal data processed by the Controller are always determined by the actions taken by a given Service Recipient or Customer in the Online Store or by the Controller.

3.2. The Controller may process personal data within the Online Store for the purposes, on the legal bases, and during the periods as described:

Execution of the Sales Agreement or the Agreement for the Provision of Electronic Services, or taking action at the request of the data subject before concluding the aforementioned agreements

Legal Basis: Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.

Article 9(1)(a) of the GDPR (consent for processing special categories of personal data) – due to the nature and purpose of certain products (e.g., training and nutrition services), personal data processed in connection with the conclusion and execution of the Sales Agreement may fall into special categories of personal data (e.g., health data). Special category data is processed solely with the explicit consent of the data subject, for the proper execution of the voluntarily concluded Sales Agreement, and only when such processing is necessary for its performance.

Retention Period: Data is retained for the period necessary to perform, terminate, or otherwise expire the concluded Sales Agreement or the Agreement for the Provision of Electronic Services. In cases where consent is given for processing special category personal data, such data is retained no longer than until the data subject withdraws their consent for further processing for this purpose.

Direct Marketing

Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for purposes arising from the legitimate interests pursued by the Controller, such as promoting the interests and reputation of the Controller and their Online Store, and striving for product sales.

Retention Period: Data is retained for the duration of the legitimate interest pursued by the Controller but no longer than the limitation period for claims the Controller may have against the data subject arising from the Controller’s business activity. Limitation periods are specified by law, particularly the Civil Code (the general limitation period for business-related claims is three years, and for Sales Agreements, two years). The Controller may not process data for direct marketing if the data subject effectively objects to such processing.

Marketing

Legal Basis: Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Controller.

Retention Period: Data is retained until the data subject withdraws their consent for further processing for this purpose.

Keeping Accounting Records

Legal Basis: Article 6(1)(c) of the GDPR (legal obligation) in connection with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395, as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject.

Retention Period: Data is retained for the period required by the laws mandating the Controller to store accounting records (5 years from the beginning of the year following the fiscal year to which the data pertains).

Establishing, Asserting, or Defending Claims that the Controller May Raise or that May Be Raised Against the Controller

Retention Period: Data is retained for the duration of the legitimate interest pursued by the Controller but no longer than the limitation period for claims that may be raised against the Controller (the general limitation period for claims against the Controller is six years).

Using the Online Store Website and Ensuring Its Proper Functioning

Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for purposes arising from the legitimate interests pursued by the Controller, such as maintaining and operating the Online Store website.

Conducting Statistics and Analyzing Traffic in the Online Store

Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for purposes arising from the legitimate interests pursued by the Controller, such as conducting statistics and analyzing traffic in the Online Store to improve its functionality and increase product sales.

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the execution of Sales Agreements, the Controller must use the services of external entities (such as software providers or payment service providers). The Controller only uses the services of such processors that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that the processing complies with GDPR requirements and protects the rights of data subjects.

4.2. Personal data may be transferred by the Controller to a third country. In such cases, the Controller ensures that the transfer is made to a country that provides an adequate level of protection, compliant with the GDPR. For other countries, transfers will be based on standard contractual clauses. The Controller ensures that data subjects can obtain a copy of their data. Personal data is transferred only when necessary and to the extent required for the purpose of data processing in compliance with this Privacy Policy.

4.3. Data transfers by the Controller do not occur in all cases and not to all recipients or categories of recipients listed in this Privacy Policy. The Controller transfers data only when it is necessary for achieving the purpose of personal data processing and only to the extent required for that purpose.

4.4. Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.4.1. Entities handling electronic or card payments

In the case of a Customer using electronic or card payment methods in the Online Store, the Controller shares the Customer’s personal data with the selected payment processor to the extent necessary to process the payment on behalf of the Customer.

4.4.2. Providers of technical, IT, and organizational solutions

These providers support the Controller in running the business, including the Online Store and the Electronic Services offered through it (e.g., software providers for operating the Online Store, email and hosting providers, software for company management, and technical support providers). The Controller shares the Customer’s personal data with selected providers only when necessary and to the extent required for the purpose of data processing in compliance with this Privacy Policy.

4.4.3. Providers of accounting, legal, and advisory services

These providers offer accounting, legal, or advisory support to the Controller (e.g., accounting firms, law firms, or debt collection companies). The Controller shares the Customer’s personal data with selected providers only when necessary and to the extent required for the purpose of data processing in compliance with this Privacy Policy.

4.4.4. Providers of social media plugins, scripts, and similar tools

These tools enable the browser of a person visiting the Online Store to download content from the providers of these plugins and to share data with them, including:

4.4.4.1. Meta Platforms Ireland Ltd.

The Controller uses Facebook social media plugins (e.g., “Like” and “Share” buttons) on the Online Store website and, as a result, collects and shares personal data of Service Recipients using the Online Store website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and under the terms of the privacy policy available here: https://www.facebook.com/about/privacy/. This data includes information about activities on the Online Store website, such as device details, visited websites, purchases, viewed ads, and usage of services, regardless of whether the Service Recipient has a Facebook account or is logged in to Facebook.

4.4.5. OpenAI, LLC

The Controller uses services provided by OpenAI to process data necessary for AI-based functionalities in the Platform. Personal data may be transferred to OpenAI (San Francisco, California, USA) to the extent required to provide these services, under conditions ensuring compliance with GDPR. Further details about data handling are available at OpenAI Privacy Policy.

4.4.6. Perplexity AI, Inc.

The Controller may use Perplexity AI services for advanced search and analytics capabilities in the Online Store. Personal data may be shared with Perplexity AI to the extent necessary for these operations. Data transfers are secured in accordance with GDPR requirements. Additional details can be found in the Perplexity Privacy Policy.

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR requires the Controller to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and to provide significant information about the principles of such decision-making as well as its significance and anticipated consequences for the data subject. In this section of the Privacy Policy, the Controller provides information regarding possible profiling.

5.2. The Controller may use profiling in the Online Store for direct marketing purposes. However, decisions made based on profiling by the Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the ability to use Electronic Services in the Online Store. The result of profiling in the Online Store may include granting a discount, sending a discount code, reminding about unfinished purchases, offering a product that matches the interests or preferences of the person, or proposing better conditions compared to the standard offer of the Online Store. Despite profiling, the individual freely decides whether they want to use the discount or better conditions and make a purchase in the Online Store.

5.3. Profiling in the Online Store involves automatic analysis or prediction of a person’s behavior on the Online Store’s website, such as adding a specific product to the cart, browsing the page of a specific product, or analyzing their purchase history. Such profiling requires the Controller to have the personal data of the person to send, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, erasure, or portability – The data subject has the right to request access to their personal data, rectify it, erase it (“right to be forgotten”), or restrict processing. They also have the right to object to the processing and to data portability. The detailed conditions for exercising these rights are specified in Articles 15–21 of the GDPR.

6.2. Right to withdraw consent at any time – If the data is processed by the Controller based on the data subject’s consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing conducted before the withdrawal.

6.3. Right to lodge a complaint with a supervisory authority – If the data is processed by the Controller, the data subject has the right to lodge a complaint with a supervisory authority in accordance with the GDPR and Polish law, particularly the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

6.4. Right to object – The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest tasks) or (f) (legitimate interests of the controller), including profiling based on these provisions. In such cases, the Controller must cease processing the data unless the Controller demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

6.5. Right to object to direct marketing – If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that it is related to such direct marketing.

6.6. To exercise the rights referred to in this section of the Privacy Policy, you can contact the Controller by sending an appropriate message in writing or electronically to the Controller’s contact details provided at the beginning of the Privacy Policy.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small text files sent by a server and stored on the device of the person visiting the Online Store website (e.g., on the hard drive of a computer, laptop, or smartphone memory card, depending on the device used to access the Online Store). Detailed information about cookies and their history can be found, for example, here: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies sent by the Online Store website can be categorized based on the following criteria:

By provider:

First-party cookies (created by the Online Store website).

Third-party cookies (created by entities other than the Controller).

By storage duration on the visitor’s device:

Session cookies (stored until the Online Store is exited or the browser is closed).

Persistent cookies (stored for a defined period specified by cookie parameters or until manually deleted).

By purpose:

Necessary cookies (enable the proper functioning of the Online Store).

Functional/preference cookies (adapt the Online Store to the visitor’s preferences).

Analytical and performance cookies (collect information on how the Online Store is used).

Marketing, advertising, and social cookies (collect information on the visitor to display personalized ads, measure effectiveness, and conduct marketing activities, including on external websites such as social media platforms or sites within the same advertising networks as the Online Store).

7.3. The Controller may process data contained in cookies during the use of the Online Store for the following purposes:

Purpose of Cookies in the Online Store Type of Cookies

Remembering products added to the cart for order placement Necessary cookies

Remembering data entered in order forms or surveys Necessary and/or functional/preference cookies

Adapting the Online Store’s content to the User’s preferences (e.g., colors, font size) and optimizing site usage Functional/preference cookies

Conducting anonymous statistics on how the Online Store is used Analytical and performance cookies

Displaying and rendering ads, limiting ad frequency, ignoring ads the User does not wish to see, measuring ad effectiveness, and personalizing ads based on user behavior and preferences. This may include analyzing repeated visits, keywords, or actions to build a user profile and deliver tailored ads across networks like Google Ireland Ltd. and Meta Platforms Ireland Ltd. Marketing, advertising, and social cookies

7.4. You can check which cookies are currently being sent by the Online Store and their duration in popular browsers as follows:

Chrome: Click the lock icon in the address bar > “Cookies.”

Firefox: Click the shield icon in the address bar > “Allowed” or “Blocked” > “Cookies and site data.”

Internet Explorer: Tools > Internet Options > General > Settings > “View Files.”

Opera: Click the lock icon in the address bar > “Cookies.”

Safari: Preferences > Privacy > “Manage Website Data.”

Microsoft Edge: Settings > Cookies and Site Permissions.

Alternatively, you can use tools like https://www.cookiemetrix.com/ or https://www.cookie-checker.com/.

7.5. Most browsers accept cookies by default. Users can modify cookie preferences, restrict them, or disable their storage entirely via browser settings. Note, however, that disabling cookies may impact some functionalities of the Online Store (e.g., products in the cart may not be remembered during the order process).

7.6. Browser settings for cookies are crucial for providing consent for their use by the Online Store. Consent can also be granted through browser settings. Detailed instructions for changing cookie settings in popular browsers are available in their help sections or via the following links:

Chrome

Firefox

Internet Explorer

Opera

Safari

Microsoft Edge.

7.7. The Controller may use Google Analytics and Universal Analytics, provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), to conduct statistics and analyze traffic in the Online Store. The collected data is aggregated and used to generate statistics for managing and analyzing traffic in the Online Store. This data includes visitor sources, behavior, device and browser information, IP addresses, geographic data, demographics (age, gender), and interests.

7.8. Users can block Google Analytics from collecting information about their activity by installing the browser add-on provided by Google, available here: https://tools.google.com/dlpage/gaoptout?hl=en.

7.9. The Controller may use advertising and analytics services provided by Google Ireland Ltd. Full information on how Google processes data (including cookie data) is available in Google’s Privacy Policy: https://policies.google.com/technologies/partner-sites

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Controller encourages users to review the privacy policies established on those websites upon visiting them. This Privacy Policy applies exclusively to the Controller’s Online Store.