This privacy policy (hereinafter referred to as the 'Privacy Policy') provides information about the processes concerning personal data within the operation of the casedrop.eu website (hereinafter referred to as the 'Service'), along with specifying information regarding processing by the Administrator based on the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as 'GDPR').

OXMIS LTD HE 467004 Markou Drakou, 69, Mesa Geitonia, 4002, Limassol, Cyprus (hereinafter referred to as the 'Administrator'), processes personal data in accordance with Polish and European legal regulations. Contact with the Administrator is possible via traditional mail: OXMIS LTD HE 467004 Markou Drakou, 69, Mesa Geitonia, 4002, Limassol, Cyprus, or via email: (email address: [email protected]).

The Administrator ensures the security of personal data, including confidentiality, availability, integrity, and accountability of the conducted activities.

Service Customers:
-purpose of processing personal data: execution of the contract (Art. 6(1)(f) GDPR), fulfillment of legal obligations (Art. 6(1)(c) GDPR), legitimate interests of the Administrator (Art. 6(1)(f) GDPR);
-processing period: until the completion of the contract, and potentially for the time required by legal regulations. If justified, data may be processed until the expiration of the limitation periods for claims arising from the contract, depending on which period is longer.

Potential Service Customers, recipients of marketing activities:
-purpose of processing: realization of the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting of marketing their own products and services, and with explicit consent, the products and services of companies cooperating with the Administrator (Art. 6(1)(a) GDPR), establishment, assertion, or defense of claims arising from or related to the provided service (Art. 6(1)(f) GDPR), implementation of the content of consent to the processing of personal data if such consent has been given (Art. 6(1)(a) GDPR);
-processing period: until the withdrawal of consent or objection. After this period, data may be stored for the purpose of demonstrating the lawfulness of fulfilling legal obligations incumbent on the Administrator and related claims.

Contractors, suppliers, and individuals designated to perform the contract:
-purpose of processing: execution of the contract (Art. 6(1)(f) GDPR), conducting settlements, accounting, and financial reporting (Art. 6(1)(c) and (f) GDPR), realization of the legitimate interest of the Administrator (Art. 6(1)(f) GDPR);
-processing period: for the period required by law or, if justified, until the expiration of the limitation periods for claims arising from the contract, depending on which period is longer.

Participants in contests and events:
-purpose of processing: realization of the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), conducting settlements, accounting, and financial reporting (Art. 6(1)(c) and (f) GDPR);
-processing period: for the time necessary to fulfill the purpose for which they were collected.

Correspondents:
-purpose of processing: realization of the legitimate interest of the Administrator (Art. 6(1)(f) GDPR);
-processing period: for the period specified by legal regulations, and if not specified, for the time when their storage falls within the scope of the Administrator's legitimate purpose.

Complainants, applicants, those making inquiries:
-purpose of processing: consideration of a complaint, application, or claim (Art. 6(1)(f) GDPR), realization of the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), fulfillment of the contract related to the submission (Art. 6(1)(b) GDPR);
-processing period: for the time necessary to fulfill the purpose for which they were collected.

Companies providing services or delivering IT solutions, analytical, and internet analysis;

Companies providing advisory, legal, marketing services;

Financial and payment institutions.

Every individual whose data is processed by the Administrator has the right to:
- access their data – Art. 15 GDPR;
- rectify data – Art. 16 GDPR;
- erase data – Art. 17 GDPR;
- restrict data processing – Art. 18 GDPR;
- data portability – Art. 20 GDPR;
- object to data processing – Art. 21 GDPR;
- withdraw consent at any time, if the processing is based on consent.

To exercise any of the above rights, the user should contact the Administrator.

An individual whose personal data is processed has the right to lodge a complaint with the President of the Office for Personal Data Protection if they believe that the processing of personal data violates the law.

Personal data is generally not transferred outside the European Economic Area. However, it should be noted that services provided by various service providers may involve the delegation of specific tasks to companies operating outside the EEA, which may entail the transfer of data outside the EEA.

Data recipients outside the EEA, based on the content of decisions of the European Commission, ensure an adequate level of protection of personal data in accordance with EEA standards.

The Service automatically collects cookie files.

Cookies are computer data, in particular text files, stored on the end device of the Service user.

Cookies are divided into session and persistent. Session cookies are stored on the device until logging out of the website or turning off the internet browser. Persistent cookies are stored for a defined period, typically ranging from 1 day to 2 years, and some cookies may be stored on the device until the browsing history is deleted.

Cookies are used for:
- adapting the content of the Service's web pages to the user's preferences and optimizing the use of the web pages, especially allowing cookies to recognize the user's device and display the website accordingly, tailored to individual needs;
- creating statistics that help understand how the Service user uses the web pages, enabling the improvement of their structure and content;
- maintaining the user's session on the Service.

The following types of cookies are used within the Service:
- necessary cookies - enable the use of services available on the Service's web pages and ensure the security of using the Service;
- functional cookies - allow remembering user settings and personalization in the Service;
- performance cookies - assist in collecting information about how the Service user uses the web pages;
- advertising cookies - deliver advertising content in a more personalized way.

The user can change cookie settings at any time. These settings can be changed, in particular, to block the automatic handling of cookies or to inform about their placement on the device each time. However, restricting the use of cookies may affect some functionalities available on the Service.

Session cookies (stored on the device and remain there until the end of the session of a given browser) and persistent cookies (stored on the device and remain there until they are deleted) are used on the Service's website.

Google — web analysis service — https://www.google.com/intl/en/policies/privacy/

Facebook — analytics service — https://pl-pl.facebook.com/help/cookie

ZEN — payment service provider — https://www.zen.com/terms/mobile/zen_privacy_policy.html

Cashbill — payment service provider — https://www.cashbill.pl/download/dokumenty/polityka-ochrony-danych-osobowych.pdf

SimPay — payment service provider — https://simpay.pl/polityka-prywatnosci

Cloudflare — website traffic management — https://www.cloudflare.com/privacypolicy/

The policy, in its original form, comes into effect on November 14, 2023.

The Administrator is authorized to change the Privacy Policy. Information about the change will appear on the main page of the Service and becomes effective within 14 days from the moment the content of the changed Privacy Policy is made available. All actions performed on the Service before the changes come into effect are governed by the rules of the previously applicable Privacy Policy.

If any provision of the Privacy Policy is deemed invalid by a final court decision, the remaining provisions remain in force.