Privacy Policy

The Privacy Policy describes the rules for our processing of information about you, including personal data and cookies.

1. General Information This policy applies to the Website operating at the URL: www.myherotale.co.uk The Operator of the Website and the Personal Data Controller is: GT 2 INVEST SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Registered office address: ul. Brynicy 24, 40-358 Katowice, Silesian Voivodeship, Poland Tax ID (NIP/VAT ID): PL9542873114 Operator’s contact e-mail address: contact@myherotale.co.uk

The Operator is the Controller of your personal data in relation to data provided voluntarily on the Website. The Website uses personal data for the following purposes:

• Running a newsletter
• Running a comment system
• Handling inquiries via the contact form
• Preparation, packing, and shipping of goods
• Performance of ordered services (including personalization of audio/video products)
• Debt collection
• Presentation of offers or information

The Website performs the functions of obtaining information about users and their behaviour in the following way:

• Through data voluntarily entered in forms, which are entered into the Operator’s systems.
• By saving cookie files (so-called „cookies”) on end devices.

2. Selected Data Protection Methods Used by the Operator Login and personal data entry areas are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login data entered on the website are encrypted on the user’s computer and can only be read on the target server. The Operator periodically changes its administrative passwords. To protect data, the Operator regularly performs security backups. An essential element of data protection is the regular update of all software used by the Operator to process personal data, which in particular means regular updates of programming components.

3. Hosting The Website is hosted (technically maintained) on the servers of the operator: LH.pl To ensure technical reliability, the hosting company keeps logs at the server level. The following may be subject to recording:

• resources specified by the URL identifier (addresses of requested resources – pages, files),
• time of arrival of the query,
• time of sending the response,
• name of the client’s station – identification carried out by the HTTP protocol,
• information about errors that occurred during the execution of the HTTP transaction,
• URL address of the page previously visited by the user (referer link) – if the transition to the Website took place via a link,
• information about the user’s browser,
• information about the IP address,
• diagnostic information related to the process of self-ordering services via registrars on the website,
• information related to handling e-mail directed to the Operator and sent by the Operator.

4. Your Rights and Additional Information on How Data is Used In some situations, the Controller has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill obligations incumbent on the Controller. This applies to the following groups of recipients:

• hosting company on a strictly entrusted basis
• payment operators
• comment system operators
• online chat solution operators
• authorized employees and associates who use the data to achieve the purpose of the website (including audio/video editors)
• companies providing marketing services to the Controller

Your personal data is processed by the Controller for no longer than is necessary to perform related activities specified by separate regulations (e.g., accounting regulations). With regard to marketing data, the data will not be processed for longer than 3 years. You have the right to request from the Controller:

• access to personal data concerning you,
• rectification of the data,
• erasure of the data („right to be forgotten”),
• restriction of processing,
• and data portability.

You have the right to object to the processing indicated in point 3.2 regarding the processing of personal data for the purpose of legitimate interests pursued by the Controller, including profiling. However, the right to object cannot be exercised if there are valid legitimate grounds for processing overriding your interests, rights, and freedoms, in particular establishment, exercise, or defence of legal claims.

You have the right to lodge a complaint with the Supervisory Authority. Since the Controller is established in Poland, the primary authority is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland. Customers from the UK may also contact the Information Commissioner’s Office (ICO).

Providing personal data is voluntary but necessary to use the Website. Automated decision-making actions may be taken in relation to you, including profiling for the purpose of providing services under the concluded contract and for the purpose of direct marketing by the Controller. Personal data is not transferred to third countries within the meaning of data protection regulations (outside the European Economic Area), unless necessary for the technical infrastructure (e.g., global cloud services), in which case appropriate safeguards are applied.

5. Information in Forms The Website collects information provided voluntarily by the user, including personal data, if provided. The Website may save information about connection parameters (time stamp, IP address). The Website, in some cases, may save information facilitating the linking of data in the form with the e-mail address of the user filling out the form. In this case, the user’s e-mail address appears inside the URL of the page containing the form. Data provided in the form is processed for the purpose resulting from the function of a specific form, e.g., to process a service request or commercial contact, service registration, etc. Each time, the context and description of the form clearly inform what it is used for.

5a. Rules for Processing Graphic Files (Photos) and Images Due to the specific nature of certain services (personalized video tales, covers), the Controller may process graphic files containing the image of persons (including children), submitted voluntarily by the User.

1. Purpose of Processing: Submitted photos are used solely for the purpose of performing the contract – creating a personalized product ordered by the Customer.
2. Confidentiality: Photos are not shared publicly, are not published on social media, nor used in the Controller’s advertising materials. Access to them is granted only to employees directly involved in the editing process and order fulfillment.
3. Retention Period: Graphic files are stored on the Controller’s servers solely for the time necessary to fulfill the order and handle potential complaints, but no longer than 30 days from the date of delivery of the finished product. After this period, the files are permanently deleted.

6. Administrator Logs Information about the behaviour of users on the website may be subject to logging. This data is used to administer the website.

7. Significant Marketing Techniques The Operator uses statistical analysis of website traffic via Google Analytics (Google Inc. based in the USA). The Operator does not transfer personal data to the operator of this service, but only anonymized information. The service is based on the use of cookies on the user’s end device. regarding information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/ The Operator uses remarketing techniques, allowing advertising messages to be matched to the user’s behaviour on the website, which may give the illusion that the user’s personal data is being used to track them, but in practice, no personal data is transferred from the Operator to advertising operators. A technological condition for such activities is that cookies are enabled. The Operator uses the Facebook Pixel. This technology causes the Facebook service (Facebook Inc. based in the USA) to know that a given person registered with it is using the Website. In this case, it relies on data for which it is the controller itself; the Operator does not transfer any additional personal data to Facebook. The service relies on the use of cookies on the user’s end device. The Operator applies a solution automating the operation of the Website in relation to users, e.g., capable of sending an e-mail to the user after visiting a specific subpage, provided that the user has consented to receiving commercial correspondence from the Operator.

8. Information about Cookies The Website uses cookies. Cookies (so-called „biscuits”) are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website’s pages. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number. The entity placing cookies on the Website User’s end device and accessing them is the Website Operator. Cookies are used for the following purposes:

• maintaining the Website user’s session (after logging in), thanks to which the user does not have to re-enter their login and password on every subpage of the Website;
• achieving the goals set out above in the section „Significant Marketing Techniques”;

Two basic types of cookies are used within the Website: „session” cookies and „persistent” cookies. „Session” cookies are temporary files that are stored on the User’s end device until logging out, leaving the website, or turning off the software (web browser). „Persistent” cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User. Software for browsing websites (web browser) usually allows storing cookies on the User’s end device by default. Website Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject is contained in the help or documentation of the web browser. Restrictions on the use of cookies may affect some of the functionalities available on the Website’s pages. Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website Operator, in particular, this applies to companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Cookie Management – How to Express and Withdraw Consent in Practice? If the user does not wish to receive cookies, they may change their browser settings. We reserve that disabling cookies necessary for authentication processes, security, maintaining user preferences may make it difficult, and in extreme cases may prevent the use of the website. To manage cookie settings, select the web browser you use from the list below and follow the instructions available on the manufacturers’ websites (e.g., Edge, Internet Explorer, Chrome, Safari, Firefox, Opera).