PRIVACY POLICY

I simply enjoy designing with clarity and care.

PRIVACY POLICY

PRIVACY POLICY

1. General Information

This Privacy Policy applies to the website available at: https://abovethepictures.com

The Data Controller is:

ABOVE THE PICTURES Paulina Dziura

NIP: 9542868225
Contact e-mail: abovethepictures@gmail.com


The Controller does not use a postal address for communication; all matters related to personal data, including exercising data subject rights, should be handled exclusively via e-mail.

The Controller processes personal data in connection with the operation of the Website and for the purposes described in this Privacy Policy.



2. Scope and Purposes of Data Processing

Personal data is processed solely for the following purposes:

handling inquiries sent via contact form or e-mail,


ensuring the security, stability and proper functioning of the Website,


analysing basic website traffic using Framer’s built-in analytics (no third-party analytics tools such as Google Analytics are used).


The Website may collect data through:

information voluntarily entered by the user in forms,


cookies and similar technologies necessary for the functioning of the Website (no external analytics cookies are used).




3. Legal Basis for Data Processing

Personal data is processed on the basis of:

Art. 6(1)(b) GDPR — processing necessary to handle an inquiry or correspondence,


Art. 6(1)(f) GDPR — the legitimate interests of the Controller, such as ensuring the security and proper functioning of the Website, as well as analysing non-intrusive statistics,


Art. 6(1)(a) GDPR — user consent (if given, e.g., for optional features).




4. Data Protection Measures

The Controller implements appropriate technical and organisational measures to ensure data security, including:

encrypted connections (SSL),


regular updates of hosting and software components,


limiting access to data to authorised persons or service providers only.




5. Hosting and Technical Infrastructure

The Website is hosted on Framer.com.

The hosting provider may process technical data necessary for maintaining and securing the service, including:

IP address,


timestamps of requests,


URLs of accessed resources,


diagnostic and server performance data,


information related to error logs and traffic handling.


This processing is necessary to operate the Website, ensure performance, and maintain security.



6. Data Recipients

Personal data may be shared with service providers supporting the Controller, such as:

hosting provider (Framer),


e-mail service provider,


technical/IT support providers acting on behalf of the Controller.


No personal data is sold or transferred to third parties for marketing purposes.

The Website does not use external analytics tools (e.g., Google Analytics).



7. Data Transfers Outside the EU

Data may be transferred outside the EU/EEA (e.g., to the USA) due to the use of external service providers such as:

Framer (hosting),


the Controller’s e-mail provider.


Such transfers rely on legally required safeguards, including Standard Contractual Clauses (SCCs) implemented by the respective service providers.



8. User Rights

Users have the right to:

access their personal data,


rectify their data,


erase their data,


restrict processing,


transfer their data,


object to processing based on legitimate interest.


Users may lodge a complaint with the competent supervisory authority (e.g., the President of the Personal Data Protection Office in Poland).

Providing personal data is voluntary but may be necessary to use certain Website functionalities (e.g., contact form).

The Controller does not make automated decisions or perform profiling within the meaning of the GDPR.



9. Contact Form and E-mail Communication

Submitting a contact form or sending an e-mail involves providing personal data such as:

name,


e-mail address,


any information voluntarily included in the message.


These data are processed solely for the purpose of handling the inquiry.

The Website may also store technical parameters of the connection (e.g., IP address, submission timestamp) for security and diagnostic purposes.



10. Logs and Technical Data

The Website may collect technical logs related to the use of the Website.
These logs may include information such as:

IP addresses,


request timestamps,


device/browser information.


Such data is used for ensuring security, preventing abuse, and administering the Website.
Logs are not used to identify individual users unless required by law or security concerns.



11. Cookies

The Website uses cookies that are necessary for:

proper functioning of the Website,


improving speed, security, and stability,


analysing basic non-intrusive statistics through Framer’s built-in analytics tools.


The Website does not use cookies for advertising, profiling, or Google Analytics.

Types of cookies used:

session cookies — deleted when the browser is closed,


persistent cookies — stored for a defined period or until deleted by the user.


Users may manage cookie settings in their browser. Limiting cookies may affect certain Website functionalities.



12. Cookie Management

Instructions for managing cookies can be found in the documentation of major browsers:

Chrome, Safari, Firefox, Edge, Opera,
as well as mobile browsers.