PRIVACY POLICY
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (general data protection regulation – hereinafter referred to as “GDPR”), as well as other applicable laws and regulations, the Organizer presents the following information concerning the principles governing the processing of your personal data.
The protection of private information relating to users of the websites https://vetclinicalnutrition.academy/ and https://karolinaholda.com/en/ (each individually referred to as the “Website” and collectively as “Websites”) is of utmost importance to us. Accordingly, we make every effort to ensure your safety while visiting our Website.
Please take the time to read this document (hereinafter the “Privacy Policy”), which is intended to explain how we handle your personal data when you visit the Website. By accessing the Website, you acknowledge that you have read this Privacy Policy.
This Privacy Policy is intended to comply with applicable data protection laws and regulations. The rights available to Users may vary depending on their country or state of residence and the applicable legal framework. Users may be entitled to additional rights under applicable law. In certain jurisdictions, including some U.S. states, privacy rights may depend on the legal classification of the individual under applicable law.
This Privacy Policy sets out, among other things:
- the contact details of the Organizer;
- the principles of collecting, storing, and processing your personal data by the Organizer;
- the sources from which personal data is obtained;
- the scope and purpose of personal data processing;
- the duration of data processing;
- your rights concerning your personal data.
DEFINITIONS
In this Policy, the following terms shall have the meanings set forth below:
“Privacy Policy” or “Policy” means this document, entitled “Privacy Policy.”
“Organizer”, “we” or “us” means Karolina Hołda, operating a sole proprietorship under the laws of Poland under the name Karolina Hołda CaniDiet with its seat in Warsaw, Poland (02-796), ul. Iwanowa-Szajnowicza 1/68, VAT no.: PL9512241510, REGON no.: 382505095.
“Course Platform” means an internet platform operated by a third party, through which the User may access digital content offered by the Organizer.
“Website” means each of the websites accessible at https://vetclinicalnutrition.academy/ and https://karolinaholda.com, and “Websites” means them collectively.
“User” or “you” means a natural person (individual), who has used the Website and/or Course Platform by browsing such websites or submitting personal data (e.g., for the purpose of placing an order on the Website), or, in case of the Course Platform, accessing the digital content offered by the Organizer.
“Order Form” means the form available on karolinaholda.com through which a User orders digital content offered by the Organizer and provides the following data: https://vetclinicalnutrition.academy/terms-of-sale-refund-policy/
“Contact Form” means an interactive electronic form available on karolinaholda.com, through which the User may send an inquiry or message to the Organizer, providing the following data: first name and e‑mail address.
“Waitlist Form” means an interactive electronic form available on https://vetclinicalnutrition.academy/, through which the User may join a waitlist for the next edition of the course offered by the Organizer (“Waitlist”), providing the following data: first name and e‑mail address. In addition to joining the Waitlist, the User can agree to subscribe to the newsletter containing information about new products, promotions, products or services offered by the Organizer and to receive information concerning the next edition of the course.
“Services” means the activities carried out by the Organizer as a result of the User’s provision of personal data, including, but not limited to, entering into an Agreement between the Organizer and the User, managing the User’s access to digital content offered by the Organizer, managing the Waitlist, and sending a response to inquiries submitted via the Contact Form.
- INTRODUCTION
- The Websites are operated by the Organizer.
- The Course Platform is operated by a third party course platform provider. Personal data processing in connection with the use of the Course Platform may be carried out either by the Organizer or by the platform provider, depending on the nature of the processing. Where the platform provider acts as an independent controller, such processing is governed by its respective privacy policy and/or terms of service.
- This Privacy Policy is not addressed to persons under sixteen (16) years of age, and the Organizer does not knowingly collect personal data from such persons.
- The Website and/or Course Platform may contain external links to websites, plugins, or applications operated by third parties. Clicking such links or permitting connection results in transmission of your data (e.g., IP address and browser identifier) to that site’s controller, who thereby becomes a controller of your personal data in that context. Upon leaving the Website and/or Course Platform, we encourage you to review the privacy policies of any external sites you visit.
- By using the Website or the Course Platform, the User confirms that they have read and understood this Privacy Policy.
- COOKIES
- The Websites use “cookies.” Upon the User’s first visit to the Website, a notification regarding the use of cookies is displayed. This notification remains visible until the User provides consent via the designated acceptance button.
- By clicking the button labeled accordingly (e.g., “Accept Cookies”), the User consents to the use of cookies. Consent applies only to non-essential cookies and can be withdrawn at any time.
- Detailed information concerning cookies – including their definition and how they are used by the Websites – is available to the User by clicking the “Cookie Policy” link, which appears alongside the cookie notification. The full Cookie Policy can also be accessed at any time via the “Cookie Policy” section on both Websites.
C. YOUR DATA
- “Personal data” means any information relating to an identified or identifiable individual. Information that has been anonymized in such a way that the individual cannot be identified or re-identified does not qualify as personal data.
- The Organizer is the Controller of your Personal data within the meaning of GDPR. This means that it decides upon purposes and measures of processing your personal data.
- Your personal data will be processed lawfully, fairly, and transparently, in accordance with the principles of accuracy, data minimization, and purpose limitation.
- The Websites do not collect or process personal data for the purpose of transferring or selling it to external entities for marketing purposes. The Organizer does not send messages on behalf of third parties.
- We may collect, process, store, and transfer different categories of personal data, grouped as follows:
- Identity Data: name, surname, gender, username, or similar identifier.
- Contact Data: billing address, email address, telephone number.
- Transactional Data: details of completed transactions and payments.
- Technical Data: IP address, login data, browser type and version, time zone and location settings, browser plugin types and versions, operating system, and information concerning other technologies used by your devices to access the Website.
- Account Data: username and password.
- Usage Data: information about how you use the Websites and which services you access.
- Marketing and Communication Data: your preferences regarding receiving marketing information and communications from us.
- Depending on how you interact with our Websites and which Website you interact with, we may process different categories of personal data for different purposes. For example, Transactional Data will only be gathered by karolinaholda.com.
- When you use the Websites, Technical Data may be collected automatically via cookies and other technologies, in accordance with the Cookie Policy available on the Website.
D. PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
- When you provide us with your personal data, it will be processed for the purposes described below, in accordance with applicable data protection laws.
- The table below outlines the purposes/activities of personal data processing, the categories of data involved. Under GDPR, each processing activity must be based on an appropriate legal basis.Relevant legal bases under Article 6 of GDPR are also provided.
| Purpose / Activity | Categories of Personal Data | Legal Basis |
| Provision of the Services | Identity DataContact DataTransactional DataAccount Data | Necessary for performance of a contract with the User (Art. 6(1)(b) GDPR) |
| Notification of changes to terms and policies | Contact Data | Necessary for performance of a contract with the User (Art. 6(1)(b)) GDPRLegal obligation (Art. 6(1)(c) GDPR) |
| Management and security of the Organizer and the Websites (diagnostics, maintenance, analytics, testing, server and hosting management) | Identity DataContact DataTechnical Data | Legitimate interest of the Controller (business operation, IT management, ensuring security and proper functioning, fraud prevention) (Art. 6(1)(f)) GDPR)Legal obligation (Art. 6(1)(c) GDPR) |
| Ensuring appropriate content and advertisements on the Websites, and analyzing advertising effectiveness | Account Data Usage Data Marketing & Communication DataTechnical Data | Consent obtained via cookie banner (§2) where required under applicable law (Art. 6(1)(a) GDPR) |
| Responding to User inquiries via Contact Form, managing the Waitlist, providing order details, or resolving technical issues on the Website | Contact Data | Necessary for performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) |
| Transmission of data to operators of external websites, plugins, or applications linked from the Website | Technical Data | Based on the User’s interaction with the Website (e.g. clicking external links); where applicable, consent obtained via cookie banner (Art. 6(1)(a) GDPR) |
| Distribution of the Organizer’s newsletter and other promotional content | Identity DataMarketing & Communication DataContact Data | Consent obtained via a checkbox on the Website (Art. 6(1)(a) GDPR) |
- Provision of personal data is voluntary. However, certain data is necessary to enter into and perform the Services or to use specific functionalities of the Websites.
- We may use your personal data to create user profiles in order to personalize content and offers. This involves analyzing your activity on the Websites (e.g., visited pages, interactions, or purchase history) and may constitute automated decision making within the meaning of GDPR. This profiling does not produce legal consequences or similarly significant effects on the User.
E. DISCLOSURE OF YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS
- Disclosure. In connection with the purposes described in the preceding section, we may disclose your personal data to external third parties where permitted under applicable law, including in particular payment processors, marketing agencies, accounting and IT service providers (including hosting and cloud computing), social media platforms, as well as to the Polish Tax Office and other public authorities within the Republic of Poland.
- Sale and sharing of personal data. We do not sell your personal data in the traditional sense (i.e., for monetary consideration). However, due to our use of certain analytics and advertising tools (e.g., Google Analytics, Google Ads, Meta Pixel), we may disclose limited data (such as online identifiers and device information) to third parties, which, depending on applicable law, may be considered a “sale” or “sharing for cross-context behavioral advertising purposes” under certain US privacy laws.
- We require the recipients of your data to implement appropriate security measures and to process personal data in accordance with applicable law. Where such entities act as processors, they process personal data only on our behalf and in accordance with our instructions. In certain cases, third parties may act as independent controllers (e.g., social media platforms or analytics providers). In such cases, they process personal data in accordance with their own privacy policies and are independently responsible for such processing.
- Information for EU Users in connection with data transfers outside EEA. Since we rely on external processing entities, such as Stripe, PayPal, Mailerlite, Google, Meta Platforms, Vimeo, CookieYes, your personal data may be transferred outside the EEA. In such cases, we ensure a comparable level of protection by applying at least one of the following safeguards:
- Transfer to countries deemed “adequate” by the European Commission, meaning they provide a level of data protection essentially equivalent to that of the EEA.
- Transfer under Standard Contractual Clauses (SCCs) approved by the European Commission, which legally bind the recipient to protect personal data to EU standards.
Your data may also be transferred to entities certified under the EU-US Data Privacy Framework.
- Further information about the safeguards applied in connection with international data transfers may be obtained by contacting us.
F. DATA SECURITY
- The Organizer processes Users’ personal data in compliance with applicable data protection laws and implements appropriate security measures to protect such data.
- We have implemented appropriate technical and organisational measures, taking into account the nature, scope, context and purposes of processing, as well as the risks to individuals, to protect your data against accidental loss, unauthorised access, misuse, alteration, or disclosure.
- Access to your personal data is limited to employees, service providers, and third parties for whom such access is essential for carrying out our business activities. Such persons process your personal data only on the Organizer’s instructions and are bound by confidentiality obligations.
- The Organizer has adopted adequate procedures for responding to suspected personal data breaches. In the event of a breach, we will notify both you and the competent supervisory authority where we are legally obliged to do so.
- Despite the measures we implement, no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security of personal data.
G. RETENTION PERIODS FOR PERSONAL DATA
- Your personal data will typically be retained no longer than necessary to fulfill the purposes for which it was collected (i.e., for the duration necessary to perform the Agreement), unless a longer retention period is required to comply with applicable legal, accounting, or reporting obligations, or is necessary for the establishment, exercise, or defense of legal claims under civil law.
- Personal data processed in connection with the performance of the Agreement, as well as other data necessary for the establishment, exercise, or defence of legal claims, will be retained for no longer than is necessary for those purposes, i.e. until the expiry of the applicable statutory limitation periods, calculated from the date the claim arises. Under applicable law (including, where relevant, Polish law), such periods are typically as follows:
- 3 years where the User acts in the course of a professional activity (applicable to claims of both the User and the Organizer), and
- 6 years with respect to claims of a consumer against the Organizer.
- Personal data processed for accounting and tax purposes will be retained for the period required under applicable law (typically 5 years from the end of the calendar year in which the relevant tax obligation arose).
- Technical Data is retained for a limited period, typically not exceeding 12–24 months, depending on the utilized technology and its purpose. Server backup data may be retained for shorter periods (30 – 180 days), and retention of certain cookies may be limited to the duration of an individual session.
- In certain circumstances, you may request the deletion of your personal data in accordance with Section H of this Policy.
- In specific cases, we may anonymize your personal data – rendering it permanently non-identifiable – for research or statistical purposes. Anonymized data may be stored indefinitely without further notification to you.
- USER RIGHTS RELATED TO PERSONAL DATA PROTECTION. COMPLAINT TO THE SUPERVISORY AUTHORITY
- In certain situations, you have the right to request information whether we process your personal data and to request access to your personal data (or “right to know” as understood under certain privacy laws), including information about the categories of data we collect, the purposes of processing, and the recipients of such data. You may also request correction of your personal data, restriction of processing, or deletion of your personal data processed by the Organizer. Further, you have the right to object to the processing of your personal data. To exercise these rights, please contact us at kontakt@karolinaholda.com.
- Please note that we may not always be able to fulfill your request to delete your personal data, particularly due to specific legal obligations or the necessity to pursue claims. In such cases, we will inform you after receiving such a request. For more information about the specific rights outlined in this paragraph, please contact us at kontakt@karolinaholda.com.
- Where the processing of your personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time by sending a message to the following email: kontakt@karolinaholda.com. Moreover, it does not affect the lawfulness of processing based on consent before its withdrawal. This means that the withdrawal of consent applies to the future, not to the processing of data that occurred in the past, during the period between granting and withdrawing consent.
- You have the right to request the Organizer to transfer your personal data that the Organizer administers to another data controller, provided that technical and organizational requirements allow for the transfer of such personal data (right to data portability).
- The Organizer will promptly – within one month of receiving the request – provide the User who submitted one of the requests mentioned in this paragraph with information about the actions taken in connection with the request, or about any extension of the deadline due to the nature of the request or the number of requests, or about the reasons for not taking action and the possibility of filing a complaint with the supervisory authority and seeking legal remedies before a court.
- Exercising the rights outlined above is free of charge; however, the Organizer may charge the User a reasonable fee if the request or requests are manifestly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with the presented request.
- To fulfill individual requests, the Organizer may require specific information from the User to verify their identity and ensure the exercise of individual rights. This serves as a security measure to ensure that personal data is not disclosed to unauthorized persons.
- The User whose personal data is processed by us has the right to file a complaint with the supervisory authority, particularly – if they believe the processing infringes upon GDPR – in the EU Member State:
- of their habitual residence,
- of their place of work, or
- of the place of the alleged infringement.
- ADDITIONAL INFORMATION FOR US RESIDENTS
- If you are a US resident, depending on your state of residence, you may be entitled to different and/or additional rights under applicable privacy laws, including:
- the right to opt out of the sale or sharing of your personal data, including for targeted advertising purposes;
- the right to opt out of certain forms of profiling, including use of your data for the purposes of targeted advertising (where applicable);
- the right not to be discriminated against for exercising your rights;
- the right to appeal a decision we make regarding your request (where applicable under state law).
- To exercise these rights, please contact us at: kontakt@karolinaholda.com.
- GENERAL
- The Organizer may update this Privacy Policy from time to time, in particular to reflect changes in applicable law, processing practices, or the functionalities of the Websites. Any significant changes to this Policy will be communicated by posting an appropriate notice on the Website and/or Websites and/or Course Platform and, where appropriate, by other means of communication.
- The updated version of the Privacy Policy will be effective from the date of its publication.
- For more information on processing of your personal data or in connection with related matters, please contact us at: kontakt@karolinaholda.com or at the phone number provided on the Website. International calling charges may apply.
