Privacy & Cookie Policy
Effective date: [04 July 2025]
1 Who we are
This Privacy & Cookie Policy explains how Karolina Hołda Cani Diet, with registered office at Jerzego Iwanowa-Szajnowicza Street, No. 1/68, 02-796, Warsaw, Poland, VAT ID PL9512241510 (further: “we”, “us”, “Academy”), processes your personal data when you visit vetclinicalnutrition.academy, karolinaholda.com, purchase our online courses, or otherwise interact with us.
We act as the data controller within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
Contact for privacy matters: kontakt@karolinaholda.com | Tel. [+48 508 337 868]
2 Definitions
- Personal data – any information relating to an identified or identifiable natural person.
- Processing – any operation performed on personal data (collection, storage, erasure, etc.).
- GDPR – Regulation (EU) 2016/679.
- EEA – European Economic Area (EU + Iceland, Liechtenstein, Norway).
3 Legal framework
- EU GDPR.
- Polish Data Protection Act of 10 May 2018.
- Directive 2002/58/EC (e‑Privacy Directive).
- Directive 2011/83/EU (Consumer Rights Directive).
- Directive 2019/770/EU (Digital Content & Digital Services Directive).
- Polish Civil Code & tax regulations.
4 What data we collect, for what purpose and on which legal basis
| Purpose | Categories of data | Legal basis (Art. 6 GDPR) | Details |
|---|---|---|---|
| Purchase of courses fulfilment of contract | name, e‑mail, billing address, VAT ID, order ID, payment status | b) contract performance;c) legal obligation (invoicing) | Data are required to conclude and perform the sales agreement, issue invoices and provide access to digital content. |
| Payment processing | order ID, amount, tokenised card / wallet data | b) contract performance | Processing is carried out by selected payment provider (see section 6). |
| Creating & maintaining user account | name, e‑mail, password hash, course progress, quiz results | b) contract performance | Enables you to access purchased courses and track progress. |
| Customer support | messages, attachments, order data, technical logs | f) legitimate interest – handling enquiries | We keep a record of correspondence to resolve issues and improve our services. |
| E‑mail marketing (newsletter, product updates) | e‑mail address, open & click rates | a) consent | You may withdraw consent at any time via the “unsubscribe” link or by e‑mailing us. |
| Analytics & statistics | IP address, device type, events, pages viewed | a) consent (non‑essential cookies); f) legitimate interest (aggregated, anonymised statistics) | We use Google Analytics 4 with IP‑anonymisation enabled. |
| Security & fraud prevention | IP address, server logs, transaction identifiers | f) legitimate interest | To protect the Website and users against abuse and fraud. |
We do not use your data for automated decision‑making that produces legal effects concerning you.
5 Processors and sub‑processors
We engage third‑party service providers that process personal data on our behalf, strictly under a Data Processing Agreement (Art. 28 GDPR):
| Processor | Service | Registered in / data centre |
|---|---|---|
| WooCommerce (Automattic Inc.) | e‑commerce platform | EU / USA |
| Stripe Payments Europe Ltd. | Card payments | Ireland / USA |
| PayPal (Europe) S.à r.l. et Cie, S.C.A. | Wallet payments | Luxembourg / USA |
| Pay Now (mBank S.A.) | Domestic online payments | Poland |
| Przelewy24 (PayPro S.A.) | Domestic online payments | Poland |
| Fakturownia Sp. z o.o. | Invoicing software | Poland |
| Mailerlite Limited | E‑mail marketing & automation | EU / USA |
| Google Workspace (Google Ireland Ltd.) | Business e‑mail & cloud storage | EU / USA |
| LH.pl Sp. z o.o. | Web hosting | Poland |
| Publigo (Neure Sp. z o.o.) | Secure digital‑file delivery | Poland |
| Vimeo.com, Inc. | Video streaming | USA |
| Google Analytics 4 (Google Ireland Ltd.) | Web analytics | EU / USA |
| CookieYes Limited | Consent Management Platform (CMP) | EU / UK |
6 International transfers
Some processors (Stripe, PayPal, Mailerlite, Google, Vimeo, CookieYes) may transfer data to the United States or other third countries. Transfers are safeguarded by Standard Contractual Clauses (Commission Decision (EU) 2021/914) and supplementary technical measures (TLS encryption, pseudonymisation, least‑privilege access). Copies of the SCCs are available on request.
7 Data retention
| Category | Retention period | Rationale |
|---|---|---|
| Invoices, order history, user accounts | up to 6 years after your last payment | Tax & accounting duties (Art. 70 §1 Tax Ordinance) + limitation period for consumer claims (6 years) |
| Guarantee / complaints regarding digital content | 2 years from delivery | Compliance guarantee under Directive 2019/770/EU |
| Marketing e‑mail list | Until consent is withdrawn or no activity for 6 months | Art. 6 (1) a GDPR – consent |
| Server backups | 30 – 180 days (rolling) | Business continuity |
| Analytics identifiers (GA4) | 14 – 24 months | Configurable in GA4 panel |
| Support tickets & e‑mail correspondence | Up to 5 years | Evidence in case of disputes |
When a retention period expires, data are permanently deleted or irreversibly anonymised.
8 Your rights
Under the GDPR you have the right to:
- Access your data (Art. 15).
- Rectify inaccurate data (Art. 16).
- Erase data (“right to be forgotten”, Art. 17).
- Restrict processing (Art. 18).
- Data portability (Art. 20).
- Object to processing based on legitimate interest (Art. 21).
- Withdraw consent at any time, without affecting processing performed before withdrawal.
To exercise your rights, write to kontakt@karolinaholda.com.
You may lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00‑193 Warsaw, Poland.
9 Data security
We implement industry‑standard technical and organisational measures, including HTTPS/TLS encryption, access control, periodic backups, and staff training. Payment card details are processed exclusively by certified payment providers and never stored on our servers.
Cookie Policy
10 What are cookies?
Cookies are small text files placed on your device by a website. They enable the site to remember your actions and preferences over time.
11 How we use cookies
| Category | Example cookies | Purpose | Storage period |
|---|---|---|---|
| Strictly necessary | woocommerce_cart_hash, woocommerce_items_in_cart | Remember cart contents and login session | Session / 48 h |
| Preferences | pll_language, cookieyes-consent | Store language choice & consent settings | 6 months |
| Analytical | _ga, _ga_<ID> | Google Analytics 4 – site statistics | 14 – 24 months |
| Marketing | vuid (Vimeo) | Display embedded videos and measure views | 30 days |
Non‑essential cookies (preferences, analytical, marketing) are set only after you give consent via the CookieYes banner.
12 Managing cookies
You can change or withdraw your consent at any time by clicking the “Privacy settings” link in the footer. You may also disable cookies in your browser settings; however, essential features of the Website may not function properly.
For detailed instructions consult your browser’s help section (Chrome, Firefox, Safari, Edge).
13 Third‑party cookies
During checkout, payment providers (Stripe, PayPal, Pay Now, Przelewy24) may place their own cookies to prevent fraud and complete the transaction. These cookies are governed by the respective provider’s privacy policy.
14 Changes to this Policy
We may amend this Policy from time to time. The latest version is always available on the Website. If the changes are material, we will notify registered users by e‑mail at least 7 days in advance.
15 Contact
For any questions about this Policy or your personal data, please contact kontakt@karolinaholda.com.
Last updated: [04 July 2025]