Privacy Policy


Information on the Administrator

  1. The owner of the Fotka.com Website and the administrator of personal data collected through it is Fotka Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its seat in Warsaw (registered seat and correspondence address: ul. Inżynierska 8, 03-422 Warszawa); entered into the Register of Entrepreneurs of the National Court Register under KRS (National Court Register) number 0000721451; the registry court, where the company's documentation is kept: the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register; the share capital of the company is 60 000.00 PLN; NIP (Tax Identification Number): 1132579612; REGON (National Business Registry Number): 140315867.

  2. The Website consists of: single websites: fotka.com, m.fotka.com, android.fotka.com, api.fotka.com, n.fotka.com, v1.fotka.com, v2.fotka.com, c.fotka.com and mobile applications available in official stores: Windows Market, Google Play Market and App Store.

Information obligations of the Administrator

  1. The provisions of this Privacy Policy exhaust the information obligations of Fotka Spółka z ograniczoną odpowiedzialnością Spółka komandytowa resulting from Article 13 of the General Data Protection Regulation of 26 April 2016 (OJ EU L 2016. No. 119. Hereinafter referred to as: GDPR).

  2. The Administrator declares that they have made every effort to fulfill these obligations while complying with the criteria for information transparency and transparent communication stipulated in Article 12 of the GDPR.

Contact details for inquiries about the protection of personal data

  1. In case you have any inquiries about the protection of personal data, you can contact the Fotka.com Website Administrator via the following e-mail address: iod@fotka.com.

  2. Any person whose personal data are processed by Fotka.com also has the right to send an inquiry about the protection of their data via the Administrator's contact details visible on the official Website of Fotka.com.

Declaration of the Administrator

  1. The Website Administrator takes diligent care to protect the rights and freedoms of data subjects, and in particular ensures that the data are:

    1. processed in accordance with the law, thoroughly and transparently,

    2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

    3. adequate, appropriate, and limited to what is necessary to achieve the purposes for which they are processed,

    4. accurate and, if necessary, updated,

    5. kept in a form which permits identification of data subjects for no longer than it is necessary to achieve the purposes for which they are processed,

    6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

  2. As part of the measures listed in point 1(f) above, the Administrator has implemented, among others, the following security measures: firewalls, data encryption, physical access controls to data centers and information access authorization control, whereby the effectiveness of the User's data security measures requires that the User adheres to the rules specified in the Fotka Website Regulations, and will not to disclose their passwords to third parties, in particular. The Website User shall also care for the correctness of the data provided by them during account registration on the Website and update them.

  3. The Customer's personal data are processed in accordance with Regulation (EU) No. 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L of 4 May 2016 No. 119), the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended), the Act of February 21 2019 on the amendment of certain acts in connection with ensuring the application of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Journal of Laws of 2019, item 730) and the Act of 18 July 2002 on the Provision of Services by Electronic Means (i.e. Journal of Laws of 2019, item 123, as amended).


Purpose, basis and scope of personal data collection

  1. Each time the purpose, basis and scope as well as the recipients of the data processed by the Administrator arise from legally permissible actions taken by the Administrator of the Fotka.com Website.

  2. Possible purposes of collecting Users' personal data and their scope:

    1. Conclusion and implementation of the contract for the provision of electronic services offered by the Fotka.com Website: the basis for processing: Article 6(1)(b) of the GDPR (processing necessary to perform the contract)

      1. personal data of the account holder and data related to the User's use of the Website's services on their account: name, surname, e-mail address, date of birth, location (city),

    2. Implementation of the Website User's objectives - establishing and maintaining contacts by the User with other Website users via the Website. The basis for processing: Article 6(1)(a) (consent of the data subject) - the consent is given by accepting the regulations of the Fotka.com Website. The data provided voluntarily by the User (the User decides whether and what information they want to share about themselves, knowing that it is available to others and may be used by all persons who have access to the Website) may include the following categories:

      1. user's contact details: name, surname, date of birth, website address, location (city)

      2. education, profession, employment, income (partially chosen from the selection menu),

      3. use of stimulants (alcohol, cigarettes) (from the selection menu),

      4. photos and videos of the user (personal image),

      5. external appearance: description of selected external features and clothing choices (from the selection menu),

      6. personality (from the selection menu) and data on marital status, children and preferences in this regard,

      7. preferences, likes and interests (from the selection menu).

    3. User verification by phone number - a procedure used to limit the number of fake accounts; the basis for processing: Article 6(1)(f) of the GDPR (processing is necessary for purposes arising from legally justified interests pursued by the Data Administrator or by a third party);
      The scope of personal data processed: Website User's phone number.

    4. Complaint proceedings related to the provided or performed electronic service; the basis for processing: Article 6(1)(b) of the GDPR;
      The scope of personal data processed: name and last name of the person submitting the complaint, contact details (correspondence address, e-mail address, phone number), reason and details of the subject of the complaint.

    5. Marketing of the Service Provider's own products or services and marketing of Business Partners' products and services; the basis for processing - Article 6(1)(a) or Article 6(1)(f) (consent of the data subject - marketing of third party products and services or the legitimate interest of the administrator - direct marketing of the administrator's own products and services).
      The scope of personal data processed: name and last name, e-mail address, phone number.

    6. Profiling with the purpose of optimal matching the offer of services and products of Cooperating Partners to the recipient's profile; the basis for processing - Article 6(1)(a) (consent of the data subject for the marketing of third party products and services);
      The scope of data processed: age, sex, location, data provided voluntarily by the User (included in point 2 of this policy)

    7. Settlement of transactions related to access to paid functions of the Website (the so-called Star Club) - the basis for processing: Article 6(1)(b) of GDPR (processing is necessary to perform the contract).
      The scope of personal data processed: phone numbers used for SMS payments, billing information, contact details.

    8. Creating a user account on the website of the internet game service provider - promotion (marketing of business partner services); the basis for processing - Art. 6(1)(a) (consent of the data subject).
      The scope of personal data processed: login, date of birth, name, gender, location (depending on the requirements of the external website).

    9. Ensuring the security of the Website and the protection of its Users' data - the basis for processing: Article 6(1)(f) of the GDPR (processing is necessary for purposes resulting from legitimate interests pursued by the Data Administrator or by a third party).
      The scope of personal data processed: login data to the Fotka.com Website, data and geolocation of the device (including the IP address), from which the connection is made).

    10. The Administrator also processes anonymized data related to the use of the Website (e.g. the number of Users) to generate statistics on the use of the Website. This data are aggregate and anonymous, i.e. they do not contain features that may identify persons using the Fotka.com Website
       

    Sharing personal data

    1. Personal data of the Fotka.com Website User included in their profile are made available to other users of the Website in connection with the basic function of the Website, which is viewing and rating photos and associated User profiles.

    2. With the user's consent, their data may be transferred to entities providing payment services (payment platforms). Currently, the Fotka.com Website uses the following payment platforms:

      1. Dotpay Sp. z o. o., with its registered seat in Kraków, 30-552 Kraków, at ul. Wielicka 72,

      2. PayPal (Europe) S.a. r.l. & Cie, S.C.A. with its registered seat at L-1150 in Luxembourg,

      3. Centrum Technologii Mobilnych Mobiltek S.A., with its seat at ul. Józefińska 2 30-529 Kraków,

      4. Paysafe - London (Group HQ), located at 27-25 Canada Square, 27th Floor, London, E14 5LQ, United Kingdom.

      5. Blue Media SA, with its registered seat at ul. Powstańców Warszawy 6, 81-718 Sopot.

    3. The data of the User who have consented to the processing of their personal data for marketing and profiling purposes may be transferred to entities specializing in the provision of mass, personalized sending of advertising messages. These messages are sent with help of the internal functionality of Private Messages available to logged-in Users. While selecting the entities providing this category of services, the Administrator follows the criteria stipulated in Art. 28(1) of the GDPR, i.e. each contractor must guarantee the implementation and application of technical and organizational measures relevant to the category of personal data for its security.

    4. In addition, we would like to inform you that in the cases described in separate provisions and in accordance with the mode indicated in these provisions, personal data may be transferred to authorized national administrative bodies.

    5. Personal data may also be disclosed for the purposes of audits, ensuring compliance with regulations and implementing owner supervision.

    6. Personal data of Website users may be processed using the external IT infrastructure of hosting service providers that meet the requirements of the GDPR in terms of system security.

    7. The administrator declares that in each case the disclosure or transfer of personal data for processing takes place on the basis of the consent of the data subject or personal data processing agreement, another legal instrument, or based on a legal obligation.

    8. The data of the User who have consented to the processing of their personal data for marketing purposes may be transferred to entities specializing in the provision of online advertising services. User data (their age, gender and location) can be used for profiling in order to display advertisements that suit the User better. While selecting the entities providing this category of services, the Administrator follows the criteria stipulated in Art. 28(1) of the GDPR, i.e. each contractor must guarantee the implementation and application of technical and organizational measures relevant to the category of personal data for its security. Currently, the Fotka.com website cooperates with the following Partners:

      1. Społeczności Spółka z o.o. sp. k. with its registered seat at ul. Inżynierska 8, 03-422 Warsaw,

        Partner's privacy policy

        Partner's privacy settings


    Periods of personal data processing (data retention)

    1. The Website User's personal data may be kept:

      1. ersonal data assigned to the User's account on the Website - for the entire duration of the account (contract duration). After the User deletes the account, the data is are permanently deleted within 30 days (excluding copies of the database created for the security of the Website; data from the copies are deleted after a maximum of 3 months).

      2. Basic data identifying the user of the account in the form of an email address and first and last name provided in connection with the contract for the use of the service and data on fees paid by the User in connection with the use of the Website's services - until the time of prescription of claims of the parties, i.e. of the User or the Website

      3. Marketing data - until the consent to the processing of data for this purpose is withdrawn, whereby the data regarding prior consent and marketing operations carried out towards the Website User will be kept in an archival form for at least 5 years from the moment of the consent withdrawal.

      4. Personal data on facts and events subject to tax obligations or recognition in relevant accounting books - for the period required by law, in particular in accordance with the provisions of the following acts: Tax Ordinance Act and the Accounting Act.

      5. Personal data necessary for the pursuit of claims by the Administrator or third parties, or constituting evidence in proceedings before a court or national administrative body - until the usefulness of these data in the pending proceedings or until the completion of other legally permissible activities related to the pursuit of claims.


    The rights of the person whose data is processed by the Administrator

    1. Each person whose data are processed by the Administrator is entitled to:

      1. the right to access their personal data, rectify, delete, limit processing, the right to object, and the right to transfer data in the cases specified in the provisions of the GDPR;

      2. the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (it concerns data processing for marketing purposes in particular),

      3. the right to object at any time to the processing of personal data - for reasons related to the special situation of the data subject, as well as the right to object to the processing of data for direct marketing purposes,

      4. the right to file a complaint with the Supervisory Authority if the data subject determines that the processing of data by the Administrator violates the provisions of the GDPR or national provisions.

    2. With the exception of the right to file a complaint with the Supervisory Authority, all other rights can be exercised by users by reporting the case to the e-mail address provided for contact in matters regarding personal data protection, using the contact form or other contact details of the Fotka.com Website.

    3. In the case of contacts referred to in point 2, the Administrator may make the performance of activities conditional on the undoubtful identification of the identity of the person submitting the inquiry, application, objection or request.


    Voluntary choice as to the scope of personal data collected by the Administrator.

    1. Providing personal data while registering on the Website is voluntary, whereby failure to provide this data will prevent the conclusion of a contract for the use of the functionality of the Fotka.com Website.

    2. The data included in the User Profile may be voluntarily modified by the User, whereby the lack of some data indicated by the Administrator may limit the use of some of the Website's functions.

    3. Providing personal data for marketing purposes is voluntary, whereby failure to provide these data takes away the opportunity to receive the offer of services and bonuses offered by the Data Administrator and their business partners.

    4. Consent to profiling for marketing purposes is fully voluntary, whereby the lack of consent may take away the opportunity to receive an offer of services and products provided by the Websites' Partners that is personalized, carefully selected for the age, location, preferences and interests of the User.

    5. Providing the data necessary to log in to external websites offering online games is voluntary, whereby failure to provide these data results prohibits the use of the service.


    Withdrawal of consent if it is the basis for the processing of personal data by the Administrator.

    1. The data subject has the right to withdraw consent to the processing of personal data at any time.

    2. Withdrawal of consent will not affect the lawfulness of processing based on prior consent

    3. The consent may be withdrawn in the following way:

      1. Consent to the processing of data for marketing purposes: in the account settings or by contacting the user service department

      2. Consent to use electronic means of communication: in the account settings or by contacting the user service department

      3. In order to completely remove the profile along with the data, delete the account using the option: "Remember that you can always change your data or completely delete your account"" account settings or by contacting the user service department


    Conditions for child consent for information society services.

    1. Fotka.com does not provide any of its services to individuals under the age of 16.

    2. The age of the Fotka.com user is verified during the registration phase by providing the date of birth.

    3. Existing Users who are under the age of 16 on the date of entry into force of the GDPR, i.e. May 25, 2018, are allowed to continue using the Website provided that they obtain the consent of their parent or legal guardian, confirmed via a special form available after logging into the User's account or in your account settings.


    Cookies

    1. Fotka uses cookies; by using the Website, you consent to the reading of the cookies listed

    2. Cookies are small text files saved by the website on the User's end device (computer, mobile device) via the browser. These files are read or modified during subsequent visits and may contain basic information about the user, their individual appearance settings or operation of the Website or any other data useful for creators to maintain a better website.

    3. Cookies saved in the domains of the Website do not contain personal data.

     

    Cookies used by Fotka.com

    1. Permanent - files used to modify the appearance or operation of the Website on the basis of previously made choices or actions (e.g. filter settings). They remain on the User's device until they expire or are deleted by the Website or the User. The lack of these files prevents browsing the Website according to the preferences selected by the User.

    2. Session - files containing a string of characters identifying a set of data kept on the website (the so-called session). The session is used by the User's authentication system and many other mechanisms to improve the operation and security of the Website. They remain on the User's device until logging out of the website or closing the browser. The lack of these files prevents proper functioning of the Website.

     

    Third-party cookies

    1. Analytical:

      1. Google Analytics, a free Google web tool that allows anonymous collection of information in order to better understand the way the website is used, user preferences, trends Resignation (opt-out)

      2. gemiusAudience for the Megapanel PBI/Gemius study. Partner's privacy settings

    2. Advertising:

      1. Społeczności Spółka z o.o. sp. K., a trusted partner of the Website specializing in the provision of internet advertising services. Partner's privacy settings.

    3. Social media cookies:

      1. Facebook files for Users who have linked their Fotka account with their Facebook account.

      2. Instagram files for Users who have linked their Fotka account with their Instagram account.

      3. Google Service files for Users who have linked their Fotka account with their Google account.


    Managing cookies

    1. Each browser to a greater or lesser extent (e.g. on mobile devices) offers the possibility of viewing, deleting, as well as limiting and controlling the acceptance of cookies. See the help content or the privacy/security settings of the browser you are using. Deleting current cookies may result in the need to redo certain activities on the website, and blocking the acceptance of certain files may prevent the use of certain functions of the Website.


    Additional information

    1. On May 22, 2019, the Website stopped sending commercial information of the Website and Partners via e-mail - information about the consent to receive commercial information to the e-mail address that the Users previously gave is kept under the provisions of this policy and can be changed in the account settings.

    2. The Website may contain links to other websites. Once you navigate to the other websites, the Administrator encourages you to familiarize yourself with the privacy policies enforced therein. This privacy policy applies only to the Fotka.com Website.