GDPR Information Obligation

Who is the Data Administrator?

The Personal Data Administrator (hereinafter referred to as the Administrator) is the company "Mariusz Kiedrowicz Tinker," conducting business at the following address: ul. Ząbkowska 22/24/26 m.125, 03-735 Warsaw, with the assigned tax identification number (NIP): 8791553767, providing electronic services via the Service.

How can you contact the Data Administrator?

You can contact the Administrator in one of the following ways:

• Postal address: Mariusz Kiedrowicz Tinker, ul. Ząbkowska 22/24/26 m.125, 03-735 Warsaw

• Email address: box@tinkerexplorer.com

• Phone call: +48 695 020 788

• Contact form: available at https://www.tinkerexplorer.com/contact-4

Has the Administrator appointed a Data Protection Officer?

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Administrator directly.

Where do we obtain personal data from, and what are its sources?

Personal data is obtained from the following sources:

• From the individuals to whom the data pertains

• In the case of registration via social media platforms, from those platforms with the informed consent of the individual

What is the scope of the personal data we process?

The Service processes basic personal data voluntarily provided by the individuals concerned (e.g., name, surname, username, email address, phone number, IP address, etc.). A detailed scope of processed data is available in the Privacy Policy.

What are the purposes of our data processing?

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Provision of electronic services:

  • Registration and maintenance of a User account within the Service and related functionalities

  • Newsletter service (including the sending of advertising content with consent)

  • Commenting/liking posts in the Service without registration

• Communication between the Administrator and Users regarding the Service and data protection

• Ensuring the legally justified interests of the Administrator

What are the legal grounds for data processing?

The Service collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR)

  • Article 6(1)(a): The data subject has given consent to the processing of their personal data for one or more specific purposes

  • Article 6(1)(b): Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract

  • Article 6(1)(f): Processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party

• The Act of 10 May 2018 on Personal Data Protection (Dz.U. 2018 poz. 1000)

• The Act of 16 July 2004 - Telecommunications Law (Dz.U. 2004 nr 171 poz. 1800)

• The Act of 4 February 1994 on Copyright and Related Rights (Dz.U. 1994 Nr 24 poz. 83)

What is the legally justified interest pursued by the Administrator?

• Establishing, pursuing, or defending against claims - the legal basis is our legitimate interest (Article 6(1)(f) GDPR), which involves protecting our rights

• Risk assessment of potential customers

• Evaluation of planned marketing campaigns

• Implementation of direct marketing

How long do we process personal data?

As a rule, personal data is stored only for the duration of service provision by the Administrator. It is deleted or anonymized within 30 days of service termination (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

In exceptional cases, in order to protect the Administrator’s legally justified interest, this period may be extended. In such cases, the Administrator will store the indicated data, after a request for deletion by the User, for no longer than 3 years in the event of a breach or suspected breach of the Service’s regulations by the individual concerned.

Who are the recipients of the data, including personal data?

As a rule, the sole recipient of the data is the Administrator. However, data processing may be entrusted to other entities providing services for the Administrator to maintain the Service’s operation, such as:

• Hosting companies providing hosting or related services to the Administrator

• Companies through which the Newsletter service is provided

• Companies facilitating online payments for goods or services offered within the Service (in case of transactions made in the Service)

Will your personal data be transferred outside the European Union?

Personal data may be transferred outside the European Union. Such transfers occur when the Administrator uses services from entities located outside the EU or when data is published as a result of the User's individual actions (e.g., posting a comment or entry), making the data accessible to anyone visiting the Service. In the case of data transfer or entrusting data processing outside the EU, such processing is based on an agreement between the Administrator and the Service Provider.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What are your rights regarding personal data processing?

• Right of access to personal data: Users have the right to obtain access to their personal data upon request submitted to the Administrator.

• Right to rectify personal data: Users have the right to request immediate rectification of incorrect personal data or to complete incomplete personal data upon request submitted to the Administrator.

• Right to erasure of personal data: Users have the right to request immediate deletion of their personal data upon request submitted to the Administrator.

  • For user accounts, data deletion involves anonymizing identifying information.

  • For the Newsletter service, Users can independently remove their personal data using the link provided in every email message.

• Right to restrict data processing: Users have the right to request restriction of data processing in cases specified in Article 18 of the GDPR, e.g., questioning the accuracy of personal data.

• Right to data portability: Users have the right to obtain their personal data from the Administrator in a structured, commonly used, and machine-readable format.

• Right to object to data processing: Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR.

• Right to lodge a complaint: Users have the right to lodge a complaint with a supervisory authority responsible for data protection.