By using the website https://morgansenglish.pl/, you accept the terms of the Privacy Policy and Cookie Policy outlined below.
As a User, please review its provisions. It informs you how we protect User Data, how we process it, whom we entrust it to, and many other important issues related to Personal Data.
§1 GENERAL PROVISIONS
- This Privacy Policy and Cookie Policy outline the rules for the processing and protection of Personal Data provided by Users, as well as cookies and other technologies used on the website named and linked at: https://morgansenglish.pl/.
- The Administrator of the website and Personal Data provided through it is MORGAN’S ENGLISH SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at 32-085 Szyce, ul. Wesoła 8, registered in the Register of Entrepreneurs of the National Court Register under number KRS: 0001115826, NIP: 5130295752, REGON: 52913821700000, according to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Anna Morgan – President of the Board, and James Lawrence – Member of the Board.
- The Administrator processes Personal Data in accordance with the applicable laws, in particular the GDPR and the Personal Data Protection Act.
- The Administrator takes special care to ensure the privacy of Users and the protection of their interests, especially by ensuring that Personal Data collected through the Website is processed only for specified purposes and not subjected to further processing that is inconsistent with those purposes.
- Users’ Personal Data is collected and processed solely on the basis of appropriate legal grounds, and the scope of data depends on the type of service provided and is as limited as possible.
- If you have any questions regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator via email: kontakt@morgansenglish.pl.
- The Administrator reserves the right to make changes to the Privacy Policy and Cookie Policy, and every User of the Website is obliged to be familiar with the current Privacy Policy and Cookie Policy. Changes may be caused by the development of internet technology, changes in applicable laws, or the development of the Website, such as the use of new tools by the Administrator. The date of the current Privacy Policy and Cookie Policy publication is listed at the bottom of the Website.
- This Policy also sets out the terms for using the services provided by the Administrator, including the Intermediary Service, regulating the relations between the Administrator as the provider of the Intermediary Service and the Service Recipient, as referred to in §10 of this Policy.
- Other definitions, procedures, obligations, and rights arising from the Digital Services Act (DSA) are described in §10 of this Policy and are an integral part of it.
- The capitalized terms used in this Privacy Policy and Cookie Policy have the meanings assigned to them in §2 of the Privacy Policy.
§2 DEFINITIONS
- Administrator – MORGAN’S ENGLISH SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at 32-085 Szyce, ul. Wesoła 8, registered in the Register of Entrepreneurs of the National Court Register under number KRS: 0001115826, NIP: 5130295752, REGON: 52913821700000, according to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Anna Morgan – President of the Board, and James Lawrence – Member of the Board.
- User – any entity visiting and using the website.
- Website – the website and blog located at https://morgansenglish.pl/.
- Personal Data – any information relating to an identified or identifiable natural person, such as name, identification number, location data, online identifier, or one or more specific factors defining the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
- Consent – a voluntary, specific, informed, and unambiguous indication of the User’s will, in the form of a statement or a clear affirmative action, giving permission to process their Personal Data.
- Form or Forms – areas on the Website that allow the User to enter Personal Data for specified purposes, e.g., to contact the User.
- Service – a set of cooperating IT devices and software that ensure the processing, storage, transmission, and reception of data via telecommunications networks using appropriate end-user devices (Internet), including the Website or its part, the Shop or its part, as well as applications including mobile apps and other services of the Administrator, Social Media, and channels operated by the Administrator within these Media.
- GDPR – refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- DSA – refers to Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act).
- Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781, as amended).
- Act on the Provision of Electronic Services – the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344, as amended).
- Telecommunications Law – the Act of 16 July 2004, Telecommunications Law (Journal of Laws of 2024, item 34, as amended).
§3 PERSONAL DATA AND RULES FOR PROCESSING
WHO IS THE ADMINISTRATOR OF THE USER’S PERSONAL DATA?
The Administrator of the User’s Personal Data is MORGAN’S ENGLISH SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at 32-085 Szyce, ul. Wesoła 8, registered in the Register of Entrepreneurs of the National Court Register under number KRS: 0001115826, NIP: 5130295752, REGON: 52913821700000, according to the current extract from the Register of Entrepreneurs contained in the Central Information of the National Court Register, represented by Anna Morgan – President of the Board, and James Lawrence – Member of the Board.
The Administrator jointly manages data with social media platform providers, such as Facebook, Instagram, etc., as indicated in this document, regarding the data of people using social media who follow the Administrator’s profile on a given social media platform and interact with the Administrator. The rules for joint management are specified below for each social media platform where the Administrator has a profile.
IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING DATA?
Providing Data is voluntary; however, failure to provide certain information, generally marked as mandatory on the Administrator’s website, will result in the inability to perform a given service, achieve a specific goal, or take certain actions.
If a User provides non-mandatory Data or excess Data that the Administrator does not need to process, it is done at the User’s discretion, and processing is based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User consents to the processing of this data and to the anonymization of data that the Administrator does not require and does not want to process, even if the User has provided it to the Administrator.
FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DOES THE ADMINISTRATOR PROCESS THE USER’S PERSONAL DATA WHEN USING THE WEBSITE?
The User’s personal data on the Administrator’s Website may be processed for the following purposes and on the following legal grounds:
No. | Purpose of Data Processing | Legal Basis for Processing | Duration of Processing |
1. | Sending an offer / contact at the User’s request | Article 6(1)(b) GDPR (necessary for the conclusion and/or performance of a contract or taking action at the User’s request) | Data is processed for the time necessary to send the offer and respond to the User, and then for the limitation period of claims: 2 years or 6 years from the contract execution, depending on whether the User is an entrepreneur |
2. | Establishing, pursuing, or defending against claims | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until the basis for processing ceases: 2 years or 6 years from the contract execution, depending on whether the User is an entrepreneur |
3. | Telephone contact related to service or contract execution | Article 6(1)(b) GDPR (necessary for the conclusion and/or performance of a contract) | Data is processed for the duration of the contract/time necessary to send the offer and respond to the User, and then for the limitation period of claims: 2 years or 6 years from the contract execution, depending on whether the User is an entrepreneur |
4. | Telephone contact to present an offer and direct marketing | Article 6(1)(a) GDPR (consent) | Data is processed until consent is withdrawn |
5. | Creating registers related to GDPR and other regulations | Article 6(1)(c) GDPR (legal obligation) and Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until the basis for processing ceases or loses its usefulness for the Administrator |
6. | Archiving for the purpose of securing information that may be used to demonstrate facts | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until an objection is raised or the data loses its usefulness for the Administrator: 2 years or 6 years from the contract execution, depending on whether the User is an entrepreneur |
7. | Analytical purposes, including analyzing Data collected automatically when using the website, such as cookies (e.g., Google Analytics or Google Search Console) | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until the cookies are deleted from the User’s browser |
8. | Using cookies on the Website and its subpages | Article 6(1)(a) GDPR (consent) | Data is processed until the cookies are deleted from the User’s browser |
9. | Managing the Website and the Administrator’s pages on other platforms | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until an objection is raised or the data loses its usefulness for the Administrator |
10. | Internal administrative purposes of the Administrator related to managing contact with the User | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until the basis for processing ceases: 2 years or 6 years from the contract execution, depending on whether the User is an entrepreneur |
11. | Managing a Facebook fanpage and interacting with Users | Article 6(1)(f) GDPR (legitimate interest of the Administrator) and Article 6(1)(a) GDPR (consent) | Data is processed until consent is withdrawn, an objection is raised, or the data loses its usefulness for the Administrator |
12. | Managing a profile on the Instagram platform and interacting with Users | Article 6(1)(f) GDPR (legitimate interest of the Administrator) and Article 6(1)(a) GDPR (consent) | Data is processed until consent is withdrawn, an objection is raised, or the data loses its usefulness for the Administrator |
13. | Managing a profile on the YouTube platform and interacting with Users | Article 6(1)(f) GDPR (legitimate interest of the Administrator) and Article 6(1)(a) GDPR (consent) | Data is processed until consent is withdrawn, an objection is raised, or the data loses its usefulness for the Administrator |
14. | Creating the Administrator’s own databases of Users | Article 6(1)(f) GDPR (legitimate interest of the Administrator) | Data is processed until an objection is raised or the data loses its usefulness for the Administrator |
If a User provides non-mandatory Data or excess Data that the Administrator does not need to process, it is done at the User’s discretion, and processing is based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User consents to the processing of this Data and to the anonymization of data that the Administrator does not require and does not wish to process, even if the User has provided it to the Administrator.
HOW ARE DATA COLLECTED?
Only the Data that the User provides themselves are collected and processed (with the exception of Data that is automatically collected using cookies and login data in certain situations, as mentioned below).
During a visit to the website, Data concerning the visit is automatically collected, such as the User’s IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected Data may be used to analyze User behavior on the Website, gather demographic data about Users, or personalize the content of the website to improve it. However, this Data is processed solely for the purposes of administering the Website, ensuring efficient hosting services, or directing marketing content and is not associated with individual Users’ Data. More information about cookies can be found later in this Policy.
Data may also be collected through forms available on the Website, as described later in this Privacy Policy.
Information Society Services
The Administrator does not collect Data from children. A User must be at least 16 years old to independently give Consent for the processing of Personal Data for the provision of information society services, including for marketing purposes, or must obtain Consent from a legal guardian (e.g., a parent) for this purpose.
If the User is under 16 years old, they should not use the Website or the service at https://morgansenglish.pl/.
The Administrator is entitled to make reasonable efforts to verify whether the User meets the age requirement mentioned above or whether the person with parental authority or custody over a User under 16 has given or approved Consent.
WHAT ARE THE USER’S RIGHTS?
The User has the following rights at any time, as provided in Articles 15-21 of the GDPR:
- The right to access the content of their Data.
- The right to data portability.
- The right to correct Data.
- The right to rectify Data.
- The right to delete Data if there are no grounds for processing it.
- The right to restrict processing if it has occurred improperly or without a legal basis.
- The right to object to the processing of Data based on the legitimate interest of the Administrator.
- The right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (under the rules set out in the Personal Data Protection Act), if they believe that the processing of their data is not in accordance with the currently applicable data protection laws.
- The right to be forgotten if further processing is not provided for by the currently applicable laws.
The Administrator notes that these rights are not absolute and do not apply to all data processing activities concerning the User’s Personal Data. This applies, for example, to the right to obtain a copy of the data. This right must not adversely affect the rights and freedoms of others, such as copyrights or professional secrecy. To understand the limitations of the User’s rights, please refer to the content of the GDPR.
However, the User always has the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. +48 22 531-03-00, e-mail: kancelaria@uodo.gov.pl, if they believe that the processing of personal data violates the GDPR or other applicable regulations concerning the processing of Personal Data.
To exercise their rights, the User may contact the Administrator via email at kontakt@morgansenglish.pl or by mail at the business address of the Administrator, if provided in this Privacy Policy, specifying the scope of their request. A response will be provided no later than 30 days from the date of receipt of the request and its justification, unless an extension of this period is justified in accordance with the GDPR.
CAN THE USER WITHDRAW CONSENT?
If the User has given Consent for a specific action, such Consent can be withdrawn at any time, which will result in the removal of data from the Administrator’s database and the cessation of specified actions (in cases where processing is based on Consent). The User may withdraw Consent by sending a statement to the Administrator’s email address or to the business address of the Administrator if provided in this Privacy Policy. Withdrawal of Consent does not affect the processing of data that was carried out based on the Consent before its withdrawal.
In some cases, Data may not be completely deleted and may be retained to defend against possible claims for a period in accordance with the provisions of the Civil Code or, for example, to fulfill legal obligations imposed on the Administrator.
The Administrator will always respond to the User’s request, appropriately justifying further actions resulting from legal obligations.
DOES THE ADMINISTRATOR TRANSFER USER DATA TO THIRD COUNTRIES?
User Data may be transferred outside the European Union to third countries.
Since the Administrator uses external providers of various services, such as Meta Platforms Ireland Limited (Facebook and its subsidiaries) — hereinafter referred to as Meta or Facebook, Microsoft, etc., User Data may be transferred to the United States of America (USA) due to its storage on American servers (in whole or in part). Based on the European Commission’s executive decision of July 10, 2023, issued under Regulation (EU) 2016/679, recognizing an adequate level of personal data protection under the EU-U.S. Data Privacy Framework, Facebook has undergone a certification process and obtained a certificate confirming the protection of Personal Data at the European Union level. Users’ personal data will be transferred only to recipients who guarantee the highest protection and security of the Data, including:
- Cooperation with entities processing Personal Data in countries for which an appropriate European Commission decision has been issued,
- The use of standard contractual clauses issued by the European Commission,
- The use of binding corporate rules approved by the competent supervisory authority,
or those to whom the User has given Consent for the transfer of Personal Data.
Detailed information is available in the privacy policy of each service provider, accessible on their websites.
For example:
Meta Platforms Ireland Limited
Currently, the services offered by Meta Platforms Ireland Limited are mainly provided by entities located within the European Union. However, it is advisable to always check the privacy policy of these providers for the most up-to-date information regarding personal data protection.
HOW LONG DOES THE ADMINISTRATOR RETAIN USER DATA?
The User’s Data will be retained by the Administrator for the duration of the provision of individual services/achievement of the purposes indicated in the table above, and:
- For the period of service provision and cooperation, as well as for the period of the limitation of claims in accordance with the law — in relation to Data provided by contractors, clients, or Users,
- For the duration of discussions and negotiations preceding the conclusion of a contract or the provision of a service — in relation to Data provided in a request for proposal,
- Until an effective objection is submitted under Article 21 of the GDPR — in relation to personal data processed based on the Administrator’s legitimate interest, including for direct marketing purposes,
- Until Consent is withdrawn or the processing purpose, business purpose is achieved — in relation to personal data processed based on Consent. After withdrawal of Consent, Data may still be processed to defend against possible claims in accordance with the limitation period for such claims or for a (shorter) period indicated to the User,
- Until it becomes outdated or loses its usefulness — in relation to personal data processed primarily for analytical, statistical purposes, use of cookies, and administration of the Administrator’s Websites.
The retention periods for Data specified in years are counted from the end of each year in which the processing of Data began. This is intended to streamline the process of processing and managing Data.
Detailed periods of personal data processing for specific processing activities can be found in the Administrator’s register of processing activities.
LINKS TO OTHER WEBSITES
The Website may contain links to other websites. These links may open in a new browser window or in the same window. The Administrator is not responsible for the content provided by these websites. The User is obligated to review the privacy policy or terms of use of those websites.
ACTIVITY IN SOCIAL MEDIA – FACEBOOK
The Administrator manages User Data on the fan page named Morgan’s English on Facebook (hereinafter referred to as the Fanpage).
The personal data provided by the User on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the User, interacting with the User, directing marketing content to the User, and building the Fanpage community.
The legal basis for processing this data is the User’s Consent and the Administrator’s legitimate interest in interacting with Users and Followers of the Fanpage. The User voluntarily chooses to like/follow the Fanpage.
The rules governing the Fanpage are set by the Administrator; however, the terms of use of the Facebook social media platform are determined by Facebook’s regulations.
The User may stop following the Fanpage at any time. In such a case, the Administrator will no longer display any content from the Administrator related to the Fanpage to the User.
The Administrator can view the User’s personal data, such as their name, surname, or general information that the User has made public on their profiles. The processing of other personal data is conducted by the Facebook social media platform according to its terms and conditions.
The User’s personal data will be processed for as long as the Fanpage is maintained or exists, based on the Consent given by liking/clicking “Follow” on the Fanpage or interacting, e.g., by leaving a comment, sending a message, and to fulfill the legitimate interests of the Administrator, such as marketing their own products or services or defending against claims.
The User’s personal data may be shared with other Data recipients, such as the Facebook platform, cooperating advertising agencies, other subcontractors managing the Administrator’s Fanpage, IT services, and virtual assistants if contact occurs outside of Facebook.
Other User rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with Facebook’s terms and conditions.
The data may also be profiled to better personalize the advertising offer directed to the User. However, it will not be processed in an automated manner within the meaning of the GDPR (in a way that negatively affects the rights and freedoms of the User).
ACTIVITY IN SOCIAL MEDIA – INSTAGRAM
The Administrator manages User Data on the profile page named “morgansenglish” on Instagram (hereinafter referred to as the Profile).
The personal data provided by the User on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting with the User, directing marketing content to the User, and building the Profile’s community.
The legal basis for processing this data is the User’s Consent and the Administrator’s legitimate interest in interacting with Users and Followers of the Profile. The User voluntarily chooses to like/follow the Profile.
The rules governing the Profile are set by the Administrator; however, the terms of use of the Instagram social media platform are determined by Instagram’s regulations.
The User may stop following the Profile at any time. In such a case, the Administrator will no longer display any content from the Administrator related to the Profile to the User.
The Administrator can view the User’s personal data, such as their name, surname, or general information that the User has made public on their profiles. The processing of other personal data is conducted by Instagram according to its terms and conditions.
The User’s personal data will be processed for as long as the Profile is maintained or exists, based on the Consent given by liking/clicking “Follow” on the Profile or interacting, e.g., by leaving a comment, sending a message, and to fulfill the legitimate interests of the Administrator, such as marketing their own products or services or defending against claims.
The User’s personal data may be shared with other data recipients, such as cooperating advertising agencies, other subcontractors managing the Administrator’s Profile, IT services, and virtual assistants if contact occurs outside of Instagram.
Other User rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with Instagram’s terms and conditions.
The data may also be profiled to better personalize the advertising offer directed to the User. However, it will not be processed in an automated manner within the meaning of the GDPR (in a way that negatively affects the rights and freedoms of the User).
ACTIVITY IN SOCIAL MEDIA – YOUTUBE
The Administrator manages User Data on the profile page named “Cheeky Monkeys Kindergarten – PRZEDSZKOLE ANGLOJĘZYCZNE” on YouTube (hereinafter referred to as the Profile).
The personal data provided by the User on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting with the User, directing marketing content to the User, and building the Profile’s community.
The legal basis for processing this data is the User’s Consent and the Administrator’s legitimate interest in interacting with Users and Followers of the Profile. The User voluntarily chooses to like/follow the Profile.
The rules governing the Profile are set by the Administrator; however, the terms of use of the YouTube social media platform are determined by YouTube’s (Google’s) regulations.
The User may stop following the Profile at any time. In such a case, the Administrator will no longer display any content from the Administrator related to the Profile to the User.
The Administrator can view the User’s personal data, such as their name, surname, or general information that the User has made public on their profiles. The processing of other personal data is conducted by YouTube according to its terms and conditions.
The User’s personal data will be processed for as long as the Profile is maintained or exists, based on the Consent given by liking/clicking “Follow” on the Profile or interacting, e.g., by leaving a comment, sending a message, and to fulfill the legitimate interests of the Administrator, such as marketing their own products or services or defending against claims.
The User’s personal data may be shared with other Data recipients, such as YouTube, cooperating advertising agencies, other subcontractors managing the Administrator’s Profile, IT services, and virtual assistants if contact occurs outside of YouTube.
Other User rights are described in this Privacy Policy.
User data may be transferred to third countries in accordance with YouTube’s (Google’s) terms and conditions.
DATA SECURITY
The User’s personal data is stored and protected with due care in accordance with the internal procedures implemented by the Administrator. The Administrator processes User information using appropriate technical and organizational measures that meet the requirements of applicable law, particularly the Personal Data Protection Act and GDPR. These measures are primarily aimed at securing the User’s personal data against access by unauthorized persons.
In particular, only authorized individuals who are obligated to keep this Data confidential, or entities entrusted with processing personal data under a separate data processing agreement, have access to the User’s personal data.
The User should also take care to secure their personal data transmitted over the Internet, in particular, by not disclosing their login details to third parties, using antivirus protection, and updating software.
WHO MAY BE RECIPIENTS OF PERSONAL DATA?
The Administrator informs that it uses the services of external entities. Entities entrusted with processing personal data (such as courier companies, electronic payment intermediaries, companies offering accounting services, companies facilitating the sending of newsletters) guarantee the use of appropriate measures for the protection and security of personal data required by law, particularly by GDPR.
The Administrator informs the User that it entrusts the processing of personal data to, among others, the following entities:
- cyber_Folks S.A., located in Poznań, ul. Wierzbięcice 1B, 61-569 Poznań, registered in the National Court Register by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register under number KRS 0000685595, REGON 367731587, NIP 7792467259 – for the purpose of storing personal data on a server, and managing the domain and mail server.
- Other contractors or subcontractors involved in technical, administrative support, or providing legal assistance to the Administrator and its clients, such as accounting, HR, IT, graphic design, copywriting, debt collection companies, lawyers, etc.
Personal data may also be shared with other recipients, such as authorities, e.g., the tax office, for the purpose of fulfilling legal and tax obligations related to settlements and accounting.
Entities that process personal data, like the Administrator, ensure compliance with European standards for personal data protection, including standards set by legal acts and European Commission decisions. They also apply compliance mechanisms when transferring data outside the EEA, such as standard contractual clauses adopted by the European Commission’s decision 2021/915 of June 4, 2021, concerning standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and Council, and Article 29(7) of Regulation (EU) 2018/1725. You can find the commission’s implementing decision here.
HAS THE ADMINISTRATOR APPOINTED A DATA PROTECTION OFFICER?
The Personal Data Administrator hereby informs that a Data Protection Officer (DPO) has not been appointed and that the Administrator performs the duties related to personal data processing independently.
The User acknowledges that their personal data may be transferred to authorized state authorities in connection with proceedings conducted by them, upon their request and after meeting the prerequisites confirming the necessity of obtaining this Data from the Administrator.
DOES THE ADMINISTRATOR PROFILE USER DATA?
The User’s personal data will not be used for automated decision-making that affects the User’s rights, obligations, or freedoms within the meaning of the GDPR.
Within the Website and through tracking technologies, User Data may be profiled to help better personalize the company’s offerings directed to the User (mainly through so-called behavioral advertising). However, this should not affect the User’s legal situation, particularly the terms of any agreements they have entered into or intend to enter into. It may only help in better matching content and advertisements to the User’s interests. The information used is anonymous and is not associated with the personal data provided by the User, e.g., during the purchase process. It results from statistical data, such as gender, age, interests, approximate location, and behavior on the Website.
Every User has the right to object to profiling if it would negatively impact their rights and obligations.
More about behavioral advertising can be found here.
§4 FORMS
The Administrator uses the following types of Forms on the Website:
Contact Form – allows the User to send a message to the Administrator and contact them electronically. Personal data such as first name, last name, email address, phone number, and data provided in the message content are processed by the Administrator in accordance with this Privacy Policy for the purpose of contacting the User.
After the contact with the User has ended, the Data may be archived, which is a legitimate interest of the Administrator. The Administrator cannot specify the exact period for archiving and, therefore, the deletion of messages. However, the maximum period will not exceed the limitation periods for claims as stipulated by law.
The Administrator may entrust the processing of Personal Data to third parties without the User’s separate Consent (based on a data processing agreement). Data obtained from the forms cannot be transferred to third parties.
§5 DISCLAIMER AND COPYRIGHT
- The content presented on the Website does not constitute professional advice or guidance (e.g., educational) and does not refer to any specific factual situation. If the User seeks assistance on a particular matter, they should contact a person authorized to provide such advice or the Administrator using the provided contact details. The Administrator is not liable for the use of the content on the Website or for any actions or omissions taken based on it.
- All content on the Website is subject to copyright held by specified individuals and/or the Administrator (e.g., photos, texts, other materials, etc.). The Administrator does not permit the copying of such content in whole or in part without their explicit, prior consent.
- The Administrator hereby informs the User that any distribution of content provided by the Administrator constitutes a violation of legal provisions and may result in civil or criminal liability. The Administrator may also seek appropriate compensation for material or non-material losses in accordance with applicable laws.
- The Administrator is not liable for the use of materials available on the Website in a manner that is not in compliance with the law.
- The content on the Website is up to date as of the date of posting, unless otherwise indicated.
§6 TECHNOLOGIES
To use the Administrator’s website, the following are required:
- Internet access from a device such as a desktop computer, laptop, or other portable device, including equipment that allows communication and completion of necessary forms within the service, such as a functional keyboard.
- A properly configured, up-to-date version of a web browser that supports, among other things, cookies, such as Microsoft Edge, Opera, Mozilla Firefox, Safari, Google Chrome, and that allows browsing of web pages.
- An active and properly configured email account (the Administrator recommends that the User check whether emails from the Service domain are not directed to the “spam,” “offers,” or any other folder than “main/inbox.” The Administrator has no control over this, as it depends on the settings of the User’s email account and/or the email service provider.
- Software that allows reading content in formats such as PDF, video, MP3, MP4.
§7 COOKIE POLICY
- Like most websites, the Administrator’s Website uses so-called tracking technologies, i.e., cookies, which allow for improving the Website based on the needs of the Users visiting it.
- The Website does not automatically collect any information except for the information contained in cookies.
- Cookies (“cookies”) are data files, small text files that are stored on an end device, such as a computer, tablet, or smartphone when the User uses the Website.
- These may include first-party cookies (originating directly from the Website) and third-party cookies (originating from websites other than the Website).
- Cookies allow for the customization of the Website’s content to the individual needs of the User and other visitors. They also enable the creation of statistics showing how Users use and navigate the Website. This helps the Administrator to improve the Website, its content, structure, and appearance.
- The Administrator uses the following third-party cookies on the Website:
- Embedded Google Analytics code – for analyzing the Website’s statistics. Google Analytics uses its own cookies to analyze User activities and behaviors on the Website. These cookies store information such as which website the User visited before the current website. This helps improve the Website. This tool is used under an agreement with Google Ireland Limited and is provided by Google LLC. The actions taken using the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which in turn allows for the improvement of the Administrator’s services and Website optimization.
The Administrator does not process any User Data through Google Analytics that would allow for identification.
The Administrator recommends reviewing details related to the use of the Google Analytics tool, the possibility of disabling the tracking code, and, if necessary, asking the provider of this tool questions here or reviewing the privacy policy under this link. - Google Search Console – used to monitor and improve the performance of our website. This tool, offered by Google Inc. (“Google”), provides us with data and analysis regarding our website’s presence in Google search results, which allows us to optimize and improve the availability and visibility of our site on the web.
Google Search Console helps us understand how users find our site through Google and which queries direct them to our website. The tool also provides information about potential errors on the site, indexing problems, and recommendations for site optimization.
The Administrator does not process any User Data through Google Search Console that would allow for identification.
We encourage you to review Google’s privacy policies to learn more about how data is processed by Google’s tools. - Social media plugins – Facebook, Instagram.
When the User clicks on a social media plugin icon, they are redirected to the external provider’s website, in this case, the social media service owner, e.g., Facebook. The User then has the option to click “Like” or “Share” and like the Administrator’s fan page on Facebook or directly share its content (post, article, video, etc.).
The Administrator recommends reviewing Facebook’s privacy policy before creating an account on this platform. The Administrator has no control over the Data processed by Facebook. From the moment the User clicks on the button of the social media plugin, the personal data is processed by the social media platform, e.g., Facebook, which becomes its controller and decides on the purposes and scope of its processing. Cookies left by the Facebook plugin (or other third parties) may also be applied to the User’s device upon entering the Website and then associated with the Data collected in the Facebook portal. By using the Website, the User accepts this fact. The Administrator has no control over the processing of Data by third parties in this way.
The above guidelines also apply to:- Facebook – fan page available at the URL: Morgan’s English
- Profile on the social media platform Instagram, available at the URL: morgansenglish
- Channel on YouTube available at the URL: Cheeky Monkeys Kindergarten – PRZEDSZKOLE ANGLOJĘZYCZNE.
- Embedded Google Analytics code – for analyzing the Website’s statistics. Google Analytics uses its own cookies to analyze User activities and behaviors on the Website. These cookies store information such as which website the User visited before the current website. This helps improve the Website. This tool is used under an agreement with Google Ireland Limited and is provided by Google LLC. The actions taken using the Google Analytics code are based on the Administrator’s legitimate interest in creating and using statistics, which in turn allows for the improvement of the Administrator’s services and Website optimization.
- The Administrator again recommends reviewing the privacy policy of each of these service providers to learn about the options for making changes and settings that ensure the protection of User rights.
- The Website uses two types of cookies: session cookies, which are deleted after closing the browser, logging out, or leaving the website, and persistent cookies, which are stored on the User’s end device, allowing the browser to be recognized upon the next visit to the Website, for the time specified in the cookie parameters or until they are deleted by the User.
- In many cases, software used for browsing websites (web browser) allows cookies to be stored by default on the User’s end device. Website Users can change their cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the web browser settings or to inform about their placement on the User’s device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web browser).
- The Administrator informs that restricting the use of cookies (disabling or limiting them) may affect some functionalities available on the Website and hinder its operation.
- More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section in the web browser menu.
- Within the browser settings, the User can delete cookies originating from the Website or Online Store or from the Administrator’s providers by changing their web browser settings at any time. The method of deleting cookies will vary depending on the web browser used by the User. Information on how to delete cookies is available in the “Help” tab in the selected web browser.
- Deleting cookies does not mean deleting personal data obtained by the Administrator through cookies.
§8 CONSENT TO COOKIES
When accessing the Website for the first time, the User must give consent to cookies or take other possible actions indicated in the message to continue using the Website’s content. Using the Website signifies giving consent. If the User does not wish to give such consent, they should leave the Website. The User can always change their browser settings to disable or delete cookies. Necessary information is available in the “Help” tab in the User’s browser.
§9 SERVER LOGS
- Using the Website involves sending requests to the server where the Website is hosted.
- Each request sent to the server is recorded in the server logs. These logs include, among other things, the User’s IP address, server date and time, and information about the web browser and operating system used by the User.
- Logs are recorded and stored on the server.
- The server logs are used for administering the Website, and their content is not disclosed to anyone except persons and entities authorized to administer the server.
- The Administrator does not use server logs to identify the User in any way.
§10 DEFINITIONS, PROCEDURES, OBLIGATIONS, AND RIGHTS RELATED TO THE DSA
- This section of the Privacy Policy provides information about any restrictions imposed by the Administrator in connection with the use of its services, including, but not limited to: information on policies, procedures, measures, and tools used for content moderation, including algorithmic decision-making and human review, as well as information about the internal complaint-handling system, any significant changes to the terms of service, and mechanisms for reporting Illegal Content. The Administrator provides the above-mentioned information and terms of service in a clear and understandable manner. The Administrator designs, organizes, and operates its Websites (and interfaces) in a way that does not mislead or manipulate Users or otherwise significantly disrupt or limit Users’ ability to make free and informed decisions.
- The Administrator is a provider of Intermediary Services within the meaning of the DSA, offering the following services:
- Hosting.
- The Administrator provides Intermediary Services through its profiles available on Social Media platforms such as Instagram (morgansenglish), Facebook (Morgan’s English), and YouTube (Cheeky Monkeys Kindergarten – PRZEDSZKOLE ANGLOJĘZYCZNE) by:
- Allowing Users to leave comments under posted content,
- Adding ratings and reviews,
- Other forms of interaction that enable posting Content available on the mentioned platforms.
- The definitions used in this section and in the Terms and Conditions mean:
- Administrator – as defined in §2.1 of the Privacy Policy, as well as an entrepreneur, i.e., a natural or legal person, regardless of whether it is a public or private entity, acting — including through a person acting on its behalf or for its benefit — for purposes related to its commercial, economic, craft, or professional activity, providing the services mentioned in this section, including information society services within the Service.
- Service Recipient – A Client or User, or any person using intermediary or other information society services provided by the Administrator, including, for example, the Service or the Administrator’s Social Media, particularly for the purpose of seeking or sharing information.
- Content – any information provided by the User in any form within the Service, Social Media, or other platforms and locations owned or moderated by the Administrator, especially within the Service or functionalities of these locations made available to the User.
- Illegal Content – refers to information that, in itself or by reference to an action, is not in compliance with EU law or the law of any Member State consistent with EU law, regardless of the specific subject or nature of that law.
- Content Moderation – refers to actions, whether automated or not, undertaken by the Administrator or its cooperating Intermediary Service providers, aimed particularly at detecting, identifying, and combating illegal content or information that does not comply with the terms of use of their services, provided by the Service Recipients, including measures that affect the availability, visibility, and reach of such illegal content or information, such as de-ranking, demonetization, blocking access, or removing such content, or that affect the ability of Service Recipients to provide such information, such as closing or suspending the recipient’s account.
- Intermediary Service – means one of the following information society services provided by the Administrator:
- A “mere conduit” service involving the transmission of information in a telecommunications network or providing access to a telecommunications network.
- A “caching” service involving the transmission of information in a telecommunications network, including the automatic, intermediate, and temporary storage of that information solely to make the subsequent transmission of the information to other recipients more efficient.
- A “hosting” service involving the storage of information provided by the Service Recipient and at their request.
- Online Platform – means a hosting service that stores and publicly disseminates information at the request of the Service Recipient, unless such an activity is an insignificant or solely ancillary feature of another service, or a minor function of the primary service, and for objective and technical reasons cannot be used without that other service, and the inclusion of such a feature or function in such another service is not a way to circumvent the application of the DSA.
- Public Dissemination – means making information available at the request of the Service Recipient who provided the information, potentially to an unlimited number of third parties.
- Social Media – social media platforms where the Administrator creates additional communication channels with the User or Service Recipient of the information or content it provides, whether by publishing content publicly available to a wide audience or through other forms of contact with the Content Recipient, including contact related to commercial offers, particularly concerning: private or public social groups, channels on social media platforms, public accounts mentioned, among others, in the Privacy Policy, fan pages, communication channels within these social media platforms, etc.Contact point
- The Administrator designates the following single point of contact for direct electronic communication with the authorities of Member States, the Commission, and the Digital Services Board via the email address: kontakt@morgansenglish.pl. Communication may take place in Polish.
- The Administrator designates the following single point of contact for direct electronic communication with the Service Recipients via the email address: kontakt@morgansenglish.pl. Communication may also take place in Polish.
Illegal Content and Content Not Compliant with the Administrator’s Terms of Service
- Users may not post the following Content within the Service, Online Platform, or the Administrator’s Social Media:
- Illegal Content or content not compliant with the Privacy Policy,
- Content containing vulgarities, hate speech against third parties, or spam,
- Content contrary to good morals, particularly offensive content, content violating religious feelings, personal rights of third parties, or showing a lack of respect in accordance with generally accepted social norms and rules of social coexistence, such as racist, vulgar, violent, pornographic, fascist, discriminatory content, or content with sexual undertones inappropriate for minors, etc.,
- Content infringing the rights of third parties, e.g., copyright or intellectual property rights, or aiming to disclose trade secrets or other confidential information,
- Content containing links to other websites (links), entities other than the Service, competitive websites, or online stores, for which the Administrator has not given prior consent, particularly advertising, marketing links, fundraising links, or other commercial links,
- Content promoting or advertising other services, platforms, social media, etc.,
- Content unrelated to the Administrator’s service or any action of the Administrator or the Service, or Content not related to the topic of the Service or the Administrator’s Social Media,
- Content containing personal or contact information,
- Repetitive Content that has already appeared on the Service or the Administrator’s Social Media (Users are obliged to verify before publishing Content that it is not a duplicate of existing Content),
- Content of a technical nature, inquiries related to customer service regarding the Administrator’s products or services (for this purpose, the User should contact the details provided in the Privacy Policy).
Procedure for Reporting Illegal Content, Appeal Procedure, and Content Moderation
- A User who considers certain Content to be Illegal or in violation of this Privacy Policy is entitled to report this Content to the Administrator electronically at the email address provided in the Privacy Policy. The report should include the location where the Administrator can review the mentioned Content and any details necessary for reviewing the report, including the contact details of the User and involved third parties (if possible). The User may use the Illegal Content Reporting Form attached to this Privacy Policy.
- If the User does not provide contact details when reporting certain Content, the Administrator will not be able to notify the User of the receipt of the report or the outcome of the review.
- The Administrator will promptly inform the User upon receiving the Content report.
- The Administrator makes decisions regarding the report within a period not exceeding 14 days from the date of receipt, in a non-arbitrary, objective manner and with due diligence. For the purpose of reviewing and making decisions, the Seller does not use automated means.
- The Administrator informs the User of the result of the decision, its content, and justification without undue delay.
- In the case of Illegal Content or Content not in compliance with the Terms of Service, the Administrator may remove it, limit its visibility, block access, de-rank it, or leave it on the Service. The Administrator may also suspend, terminate, or otherwise limit monetary payments if they occur on the Service, suspend or terminate the provision of the service in whole or in part, or suspend or close the User’s or third party’s account. The Administrator also informs the User and any involved third parties of the decision, providing a clear and specific justification (if contact details are available).
- The User may appeal the Administrator’s decision within 14 days from the date of receiving the decision, providing a justification simultaneously.
- The Administrator reviews the User’s appeal within 14 days from the date of receipt, providing the User with its decision and justification.
Administrator’s Responsibility for User Content
- The Administrator is not responsible for User Content, particularly Illegal Content posted within the Service or Online Platform, if the User’s actions are contrary to the Privacy Policy or applicable law. The Administrator makes every effort to handle such Content in a manner consistent with applicable law and the Privacy Policy, including not modifying Content in a way that affects the integrity of the information transmitted or shared, not facilitating the posting of Illegal Content, and promptly taking actions to remove or block access to such Content in accordance with the Privacy Policy while respecting the fundamental rights of Users, including the right to freedom of expression and information. The Administrator also acts in good faith and with due diligence.
Algorithmic Decision-Making
- There is no algorithmic decision-making within the Service, including decisions related to User appeals.
Cooperation with Public Authorities on Illegal Content Notifications
- If the Administrator receives any information giving rise to suspicion that a crime threatening the life or safety of a person or persons has been, is being, or may be committed, the Administrator immediately notifies the law enforcement or judicial authorities of the interested Member State(s) and provides all available information on the matter.
Providing Information to the Digital Services Coordinator
- The Administrator provides the Digital Services Coordinator responsible for the place of establishment and the Commission — upon their request and without undue delay — with information on the average number of active monthly recipients of the service in the Union, calculated as an average number over the previous six months, updated at the time of such a request. The Digital Services Coordinator or the Commission may request that the Administrator provide additional information regarding the calculation, including explanations and justifications regarding the data used. This information must not contain personal data.
Termination of the Use of Administrator’s Services
- The User has the right to terminate the use of the Administrator’s services at any time. For this purpose, they may use available forms of service termination, such as unfollowing the Administrator’s Social Media or deleting Content they have posted. The User may also contact the Administrator using the details provided in this Privacy Policy. This provision does not prejudice the Administrator’s obligations and rights under other generally applicable laws and the further retention of data, including personal data, especially for the purposes indicated in the Privacy Policy, as required by GDPR or other laws.
Changes to the Terms of Use of the Administrator’s Services
- The Administrator will promptly inform the User of any significant changes to the terms of use of the Administrator’s services, including changes to the rules regarding permissible information about its services or other changes that may directly affect the Recipients’ ability to use the service, using appropriate means.Date of Privacy Policy Publication: 11.09.2024
Date of Last Update: 11.09.2024
ANNEX No. 1 – TEMPLATE FOR REPORTING ILLEGAL CONTENT OR CONTENT NOT COMPLIANT WITH TERMS OF SERVICE
Date: …………………………….
Name/Surname or Company: …………………………….
Address: ……………………………….
Email (if available): …………………………….
Phone Number (if available): …………………………….
Order Number (if applicable): …………………………….
[except for reports concerning information considered related to one of the offenses mentioned in Articles 3–7 of Directive 2011/93/EU]
Link to Content: …………………………….
[Administrator’s details: name, address, email]
……………………………………………………………………..
……………………………………………………………………..
REPORT OF ILLEGAL CONTENT OR CONTENT NOT COMPLIANT WITH TERMS OF SERVICE
I hereby report that on the Service located at the following link: ___________________________ there has been a posting of:
- illegal content
- content not compliant with the Privacy Policy
- content not compliant with the Administrator’s terms of service [please mark the appropriate option].
Description of Content and Evidence of Its Existence
The content posted on the Service violates the following provisions of the Privacy Policy/legal regulations: _________________________ [please specify] and _________________________________ [please list other reasons why the indicated content is considered illegal or not compliant with the Privacy Policy].
Additionally, to support my claims, I am providing:
- screenshots of the mentioned content
- Other: ___________________________________ [please specify and attach]
Details of the Violator
To the best of my knowledge, the above content was posted by the following person:
Name: _____________________ [if available]
Profile Link: _____________________ [if available]
Email Address: _____________________ [if available]
Demands
Given the above, I demand:
- Removal of the mentioned content from the Service
- Limiting the visibility of the following information related to the mentioned content: _________________________ [please specify] by:
- Blocking access to the content for the violator
- De-ranking the content
- Suspending the violator’s account
- Closing the violator’s account
- Suspending the provision of service in whole/part [please choose] by the Administrator to the violator
- Terminating the provision of service in whole/part [please choose] by the Administrator to the violator
- Suspending, terminating, or otherwise restricting monetary payments as follows: _________________________________ [please specify]
- Other: ________________________________ [please specify].
Statement
I declare that I am making this report in good faith and believe that the information and allegations contained in it are correct and complete.
Date: _____________________ Signature [if possible]: _____________