Privacy Policy

1.1. This Privacy Policy describes how [COMPANY_NAME], NIP: 8692008357, REGON: [REGON], with its registered office at [ADDRESS] (hereinafter: "Administrator" or "Chillingo"), processes personal data of Users of the website [DOMAIN] (hereinafter: "Platform").

1.2. The Administrator processes personal data in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR)
• Polish Personal Data Protection Act of May 10, 2018
• Polish Act on Provision of Electronic Services of July 18, 2002

1.3. Contact with the Data Protection Officer: [CONTACT_EMAIL]

2.1. The Administrator processes the following categories of personal data:

• Identification data: name, surname, email address
• Account data: username, encrypted password, account preferences
• Contact data: email address, phone number (optional)
• Transaction data: payment history, subscription details, invoice information
• Educational data: lesson attendance, progress tracking, test results, certificates
• Technical data: IP address, browser type, device information, cookies
• Communication data: correspondence with the Administrator, feedback submissions

4.1. Personal data may be shared with:

• Teachers: Name and educational progress information necessary for lesson delivery
• Payment processors: Payment data for transaction processing (e.g., Stripe, PayU)
• IT service providers: Hosting, maintenance, and technical support (e.g., Supabase)
• Communication platforms: Zoom, Calendly for lesson scheduling and delivery
• Email service providers: For sending notifications and communications
• Accounting and legal advisors: For compliance and professional services
• Public authorities: When required by law

4.2. All data processors are bound by data protection agreements ensuring GDPR compliance.

5.1. Personal data may be transferred outside the European Economic Area (EEA) to service providers located in third countries.

5.2. Such transfers are protected by:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Privacy Shield certification (for US-based processors)

5.3. Users can request information about specific safeguards by contacting [CONTACT_EMAIL].

6.1. Personal data is retained for the following periods:

• Account data: Until Account deletion or 3 years of inactivity
• Transaction and invoice data: 5 years from the end of the tax year (legal requirement)
• Marketing consent data: Until consent withdrawal
• Complaint and correspondence data: Until resolution plus statute of limitations period
• Technical and log data: 12 months

6.2. After retention periods expire, data is securely deleted or anonymized.

7.1. Under GDPR, Users have the following rights:

7.2. To exercise these rights, contact: [CONTACT_EMAIL]

7.3. The Administrator will respond to requests within 30 days.

8.1. The Platform uses cookies and similar technologies to:

• Ensure proper Platform functionality
• Remember User preferences and login sessions
• Analyze traffic and User behavior
• Deliver personalized content

8.2. Types of cookies used:

8.3. Users can manage cookie preferences through browser settings. Disabling certain cookies may affect Platform functionality.

9.1. The Administrator implements appropriate technical and organizational measures to protect personal data, including:

• Data encryption in transit (SSL/TLS) and at rest
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Backup and disaster recovery procedures
• Secure data center facilities

9.2. In case of a data breach, the Administrator will notify affected Users and relevant supervisory authorities in accordance with GDPR requirements.

10.1. The Platform uses automated Teacher-Student matching based on quiz responses and preferences.

10.2. This processing is necessary for contract performance and does not produce legal effects or similarly significantly affect Users.

10.3. Users can request human intervention, express their point of view, and contest automated decisions by contacting [CONTACT_EMAIL].

11.1. The Platform is intended for Users aged 17 and above.

11.2. Users between 13-18 years old may use the Platform with parental or legal guardian consent.

11.3. The Administrator does not knowingly collect personal data from children under 13 without verifiable parental consent.

11.4. If the Administrator becomes aware of unauthorized collection of data from children under 13, such data will be promptly deleted.

12.1. The Platform integrates with third-party services:

• Calendly: Lesson scheduling (Privacy Policy: calendly.com/privacy)
• Zoom: Video conferencing (Privacy Policy: zoom.us/privacy)
• Supabase: Database and authentication (Privacy Policy: supabase.com/privacy)
• Payment processors: Stripe or PayU (respective privacy policies apply)

12.2. These services have their own privacy policies, which Users should review.

12.3. The Administrator is not responsible for third-party privacy practices.

13.1. The Administrator reserves the right to update this Privacy Policy.

13.2. Significant changes will be communicated via email or prominent Platform notice at least 14 days before taking effect.

13.3. The current version is always available at [DOMAIN]/privacy-policy.

13.4. Continued use of the Platform after changes indicates acceptance of the updated Privacy Policy.

14.1. For questions, concerns, or to exercise data protection rights, contact:

14.2. Supervisory Authority: