Sign Up
Login
Edit Template

Privacy Policy of the "DanceForms" Application

This Privacy Policy (hereinafter: “Policy“) contains information on the processing of your personal data in connection with the use of the “DanceForms” application, operating at the following website addresses: https://danceforms.pro and https://app.danceforms.pro (hereinafter: “Application“).

Any capitalized terms that are not otherwise defined in the Policy have the meanings assigned to them in the Terms and Conditions available at: https://danceforms.pro/terms-and-conditions

Personal Data Controller

The controller of your personal data is Szymon Chodzidło, conducting business under the company name “schodev.it Szymon Chodzidło – Usługi programistyczne” (permanent place of business: ul. Stefana Banacha 45B/24, 31-235 Kraków), entered into the Central Register and Information on Economic Activity (CEIDG), holding NIP: 9452302253, REGON number: 540238657 (hereinafter: “Controller“).

Szymon Chodzidło acts as the Controller for User data provided to him under the Agreement (including during the pre-contractual stage, conclusion, and execution).
In relation to data provided by a User acting as the controller of such data, Szymon Chodzidło acts as a processor. The duties of Szymon Chodzidło as a processor are specified in the Personal Data Processing Entrustment Agreement (Annex 1 to the Terms and Conditions).
Contact with the Controller

In all matters related to the processing of personal data, you can contact the Controller via e-mail: admin@danceforms.pro

Personal Data Protection Measures

The Controller employs modern organizational and technical security measures to ensure the best possible protection of your personal data and guarantees that it is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR“), the Protection of Personal Data Act of 10 May 2018, and other personal data protection regulations.

Information on Processed Personal Data
Using the Application requires the processing of your personal data. Below, you will find detailed information regarding the purposes and legal bases of the processing, as well as the processing period and whether providing the data is mandatory or voluntary.
Purpose of processing Processed personal data Legal basis
Conclusion and execution of the Service Provision Agreement
  1. first name and last name
  2. e-mail address

Art. 6(1)(b) of the GDPR

(processing is necessary for the performance of the Account Service Provision Agreement concluded with the data subject, or to take steps at the request of the data subject prior to entering into an agreement)

Providing the aforementioned personal data is a condition for the conclusion and performance of the Account Service Provision Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to conclude and perform the aforementioned agreement, including the creation of an Account).

The Controller will process the aforementioned personal data until the statute of limitations for claims arising from the Account Service Provision Agreement expires.
Purpose of processing Processed personal data Legal basis
Conclusion and performance of the Application Use Agreement
  1. first name and last name
  2. e-mail address

Art. 6(1)(b) of the GDPR

(processing is necessary for the performance of the Application Use Agreement concluded with the data subject, or to take steps at the request of the data subject prior to entering into its conclusion)

Providing the aforementioned personal data is a condition for the conclusion and performance of the Application Use Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to conclude and perform the Application Use Agreement).

The Controller will process the aforementioned personal data until the statute of limitations for claims arising from the Application Use Agreement expires.
Purpose of processing Processed personal data Legal basis
Conclusion and performance of the Newsletter Delivery Agreement or other Digital Content Delivery Agreement e-mail address

Art. 6(1)(b) of the GDPR

(processing is necessary for the performance of the Newsletter Delivery Agreement or Digital Content Delivery Agreement concluded with the data subject, or to take steps at the request of the data subject prior to its conclusion)

or

Art. 6(1)(f) of the GDPR

(the processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, providing information about news and promotions available in the Application)

Providing the aforementioned personal data is voluntary but necessary to receive the Newsletter or Digital Content (the consequence of not providing them will be the inability to receive the Newsletter or Digital Content).

The Controller will process the aforementioned personal data until an effective objection is filed or the purpose of processing is achieved, or until the statute of limitations for claims arising from the Newsletter Delivery Agreement or Digital Content Delivery Agreement expires (whichever occurs first).
Purpose of processing Processed personal data Legal basis
Conducting a complaint procedure
  1. first name and last name
  2. e-mail address

Art. 6(1)(c) of the GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case, the obligations to:

  • provide a response to the complaint – Art. 7a of the Consumer Rights Act;
  • fulfill the Client's rights resulting from the provisions on the Controller’s liability in the event of non-compliance of a Physical Good with the Sales Agreement or a Digital Service Item with the relevant Agreement)

Providing the aforementioned personal data is a condition for receiving a response to a complaint or for the fulfillment of the Service Recipient's rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the Digital Service Item with the relevant Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to receive a response to the complaint and the fulfillment of the aforementioned rights).

The Controller will process the aforementioned personal data for the duration of the complaint procedure, and in the case of the fulfillment of the aforementioned Client's rights – until their statute of limitations expires.
Purpose of processing Processed personal data Legal basis
Conducting verification procedures and handling appeals against decisions regarding the management of inadmissible content
  1. first name and last name/company name
  2. contact details, including e-mail address

Art. 6(1)(c) of the GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case, the obligations to:

  • provide a mechanism for reporting inadmissible content (Art. 16 of Regulation 2022/2065 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (hereinafter: "DSA"),
  • handle complaints (Art. 20 of the DSA).

Providing the aforementioned personal data is a condition for receiving a response to a report or for the fulfillment of the User's rights resulting from the DSA provisions (providing them is voluntary, but the consequence of not providing them will be the inability to receive a response to the report and the fulfillment of the aforementioned rights).

The Controller will process the aforementioned personal data for the duration of the verification procedure, and in the case of the fulfillment of the aforementioned User's rights – until their statute of limitations expires.
Purpose of processing Processed personal data Legal basis
Handling inquiries submitted by Users
  1. first name
  2. e-mail address
  3. other data contained in the message to the Controller

Art. 6(1)(f) of the GDPR

(processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, providing a response to the received inquiry)

Providing the aforementioned personal data is voluntary but necessary to receive a response to the inquiry (the consequence of not providing them will be the inability to receive a response).

The Controller will process the aforementioned personal data until an effective objection is filed or the purpose of processing is achieved (whichever occurs first).
Purpose of processing Processed personal data Legal basis
Sharing Opinions about services
  1. first name
  2. optionally – other data contained in the Opinion

Art. 6(1)(f) of the GDPR

(processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, sharing Opinions for informational and promotional purposes)

Providing the aforementioned personal data is voluntary but necessary to add an Opinion (the consequence of not providing them will be the inability to add an Opinion).

The Controller will process the aforementioned personal data until an effective objection is filed or the purpose of processing is achieved (whichever occurs first).
Purpose of processing Processed personal data Legal basis
Fulfilling tax obligations (including issuing a VAT invoice, storing accounting documentation)
  1. first name and last name / company name
  2. residential address / registered office address
  3. Tax Identification Number (NIP)

Art. 6(1)(c) of the GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case, obligations arising from tax law)

Providing the aforementioned personal data is voluntary but necessary for the Controller to fulfill its tax obligations (the consequence of not providing them will be the inability of the Controller to fulfill the aforementioned obligations).

The Controller will process the aforementioned personal data for a period of 5 years from the end of the year in which the tax payment deadline for the previous year expired.
Purpose of processing Processed personal data Legal basis
Fulfilling obligations related to personal data protection
  1. first name and last name
  2. contact details provided by you (e-mail address; correspondence address; phone number)

Art. 6(1)(c) of the GDPR

(processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case, obligations arising from the provisions on personal data protection)

Providing the aforementioned personal data is voluntary but necessary for the proper performance of the Controller’s obligations arising from personal data protection regulations, including the fulfillment of the rights granted to you by the GDPR (the consequence of not providing the aforementioned data will be the inability to properly fulfill those rights).

The Controller will process the aforementioned personal data until the statute of limitations for claims arising from the violation of personal data protection regulations expires.
Purpose of processing Processed personal data Legal basis
Establishment, exercise, or defense of legal claims
  1. first name and last name / company name
  2. e-mail address
  3. residential address / registered office address
  4. PESEL number (Personal Identification Number)
  5. Tax Identification Number (NIP)

art. 6(1)(f) of the GDPR

(processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, the establishment, exercise, or defense of legal claims that may arise in connection with the performance of Agreements concluded with the Controller)

Providing the aforementioned personal data is voluntary but necessary for the establishment, exercise, or defense of legal claims that may arise in connection with the performance of Agreements concluded with the Controller (the consequence of not providing the aforementioned data will be the inability of the Controller to undertake the aforementioned actions).

The Controller will process the aforementioned personal data until the statute of limitations for claims that may arise in connection with the performance of Agreements concluded with the Controller expires.
Purpose of processing Processed personal data Legal basis
Analysis of your activity in the Application
  1. date and time of the visit
  2. device IP address
  3. type of the device's operating system
  4. approximate location
  5. web browser type
  6. time spent in the Application
  7. subpages visited and other actions taken within the Application

Art. 6(1)(f) of the GDPR

(processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, obtaining information about your activity in the Application)

Providing the aforementioned personal data is voluntary but necessary for the Controller to obtain information about your activity in the Application (the consequence of not providing them will be the inability of the Controller to obtain the aforementioned information).

The Controller will process the aforementioned personal data until an effective objection is filed or the purpose of processing is achieved.
Purpose of processing Processed personal data Legal basis
Administration of the Application

  1. IP address
  2. server date and time
  3. web browser information
  4. operating system information

The above data are saved automatically in the so-called server logs each time the Application is used (administering it without the use of server logs and automatic recording would not be possible).

Art. 6(1)(f) of the GDPR

(processing is necessary for the purposes of the legitimate interests pursued by the Controller, in this case, ensuring the proper functioning of the Application)

Providing the aforementioned personal data is voluntary but necessary to ensure the proper functioning of the Application (the consequence of not providing them will be the inability to ensure the proper functioning of the Application).

The Controller will process the aforementioned personal data until an effective objection is filed or the purpose of processing is achieved.
Profiling
In order to create your profile for marketing purposes and to direct marketing tailored to your preferences to you, the Controller will process your personal data in an automated manner, including profiling – however, this will not produce any legal effects concerning you or similarly significantly affect your situation.
The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Application and the data you save in your Account.
The legal basis for processing personal data for the above purpose is Art. 6(1)(f) of the GDPR, according to which the Controller may process personal data in order to pursue its legitimate interest, in this case, conducting marketing activities tailored to the preferences of the recipients. Providing the aforementioned personal data is voluntary but necessary to achieve the aforementioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).
The Controller will process personal data for profiling purposes until an effective objection is filed or the purpose of processing is achieved.
Recipients of Personal Data
The recipients of your personal data will be the following external entities cooperating with the Controller:
  1. Amazon Web Services, Inc.
  2. Functional Software, Inc.
  3. Stripe, Inc.
  4. MailerLite, Inc.
  5. Google LLC
  6. inFakt Sp. z o.o.
Furthermore, personal data may also be transferred to public or private entities if such an obligation arises from generally applicable law, a final court judgment, or a final administrative decision.
Transfer of Personal Data to Third Countries
In connection with the Controller‘s use of services provided by third parties, your personal data may be transferred to the following third countries: United Kingdom, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The grounds for transferring data to the aforementioned third countries are:
  • In the case of the United Kingdom, Canada, Israel, and Japan – decisions of the European Commission stating an adequate level of personal data protection in each of the aforementioned third countries;
  • In the case of the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia, and Australia – contractual clauses ensuring an adequate level of protection, consistent with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
You may obtain a copy of the data transferred to a third country from the Controller.
Your Rights
In connection with the processing of your personal data, you have the following rights:
  1. The right to information regarding which of your personal data is being processed by the Controller and to receive a copy of that data (the so-called right of access). The first copy of the data is free of charge; for subsequent copies, the Controller may charge a fee;
  2. If the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
  3. In certain situations, you may request the Controller to erase your personal data, e.g., when:
    • the data is no longer needed by the Controller for the purposes it was collected for;
    • you have effectively withdrawn your consent to the processing of data — provided that the Controller has no right to process the data on another legal basis;
    • the processing is unlawful;
    • the necessity to erase the data results from a legal obligation imposed on the Controller;
  4. In the event that personal data is processed by the Controller on the basis of granted consent or for the performance of a Contract concluded with them, you have the right to data portability (to transfer your data to another controller);
  5. In the event that personal data is processed by the Controller on the basis of your consent, you have the right to withdraw this consent at any time (the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal);
  6. If you believe that the processed personal data is incorrect, the processing is unlawful, or the Controller no longer needs specific data, you may request the restriction of processing. This means that for a specific period (e.g., to check data correctness or pursue claims), the Controller will not perform any operations on the data other than storage;
  7. You have the right to object to the processing of personal data where the basis for processing is the legitimate interest of the Controller. Upon an effective objection, the Controller will stop processing the personal data for that purpose;
  8. You have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO) if you believe that the processing of personal data violates the provisions of the GDPR.
If you are concerned about the possibility of losing control over your information, the tracking of your activities, or your privacy, we point out that there are a number of tools and solutions that allow for blocking such activities — these may include browser extensions, privacy settings, as well as more advanced solutions such as VPNs or browsers that provide greater privacy by rerouting traffic. We deliberately do not provide specific solutions because their variety is very large; however, we encourage you to research and choose those that best suit your needs. You can find such lists and suggestions on the Privacy Guides website: https://privacyguides.org.
Cookies
  1. The Controller informs that the Application uses “cookies” installed on your terminal device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services the Controller uses (e.g., Google).
  2. The Controller uses cookies for the following purposes:
    1. ensuring the proper functioning of the Application – cookies enable the efficient operation of the Application, the use of its functions, and convenient navigation between subpages;
    2. improving user experience – cookies allow for the detection of errors on certain subpages and their continuous improvement;
    3. creating statistics – cookies are used to analyze how users interact with the Application. This allows for constant improvement of the Application and the adaptation of its operation to user preferences;
    4. conducting marketing activities – thanks to cookies, the Controller can direct advertisements tailored to users’ preferences.
  3. The Controller may place both persistent and temporary (session) files on your device. Session files are usually deleted when the browser is closed, whereas closing the browser does not delete persistent files.
  4. Information about the cookies used by the Controller is displayed in the panel located at the bottom of the website/footer of the Application. Depending on your decision, you can enable or disable specific categories of cookies (except for necessary cookies) and change these settings at any time.
  5. Data collected through cookies does not allow the Controller to identify you.
  6. The Controller uses the following cookies or tools that utilize them:
TOOL PROVIDER FUNCTIONS AND SCOPE OF COLLECTED DATA EXPIRY PERIOD
Essential cookies Controller The operation of these cookies is essential for the proper functioning of the Application / the Application's website; therefore, you cannot disable them. Thanks to these cookies (which collect, among other things, your device's IP address), it is possible, for instance, to inform you about the cookies operating within the Application. Most of the strictly necessary cookies are session-based; however, some remain on your terminal device for a period of 12 months or until they are deleted.
Google Analytics Google This tool enables the collection of statistical data on how Users use the Application, including the number of visits, duration of visits, the search engine used, and location. The collected data helps improve the Application and make it more user-friendly. up to 2 years or until they are deleted (depending on which of these events occurs first)
Facebook Pixel Facebook This tool makes it possible to determine that you have opened the Application, as well as to direct advertisements displayed on the Facebook and Instagram social networks to you and to measure their effectiveness. up to 3 months or until they are deleted (depending on which of these events occurs first)
  1. Through most commonly used browsers, you can check whether cookies have been installed on your terminal device, as well as delete installed cookies and block their future installation by the Application. However, disabling or restricting the support of cookies may result in significant difficulties in using the Application, such as the necessity to log in on every subpage, longer loading times for the Application, or restrictions on using certain functionalities.
Final Provisions
In matters not regulated by this Policy, generally applicable provisions on personal data protection shall apply.

The Policy is effective as of 19/01/2026.

Edit Template