Privacy and Cookies Policy

Expanding Web pays great attention to protecting Personal Data and complying with the law when it collects, Processes and uses such data. We want you to feel safe when you visit our site and use our services – and that is why we are providing you with this Privacy and Cookies Policy. Here you can find out about our data collection and use of data policy.

This Privacy and Cookies Policy sets forth our current privacy practices with regard to the information we collect when you interact with our Website or by using our Services.

Capitalized terms that are not defined in this Privacy and Cookies Policy have the meaning assigned to them in the Terms and Conditions.

  1. Definitions
    • “Applicable laws” means all the laws and regulations relevant to the collection, processing and storage of data, especially all data protection laws, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
    • “Expanding Web” means Marcin Dancewicz acting as a sole trader under the business name Expanding Web Marcin Dancewicz, address: ul. Malinowskiego 1, 59-600 Lwówek Śląski (Poland), having EU VAT number: PL6161455447.
    • “Cookies” means small text files stored in a web browser by a website or by an ad server. By storing certain information in a cookie, those web browsers, websites and ad servers are able to remember the User’s preferences and recognize websites visited and/or web browsers used from one visit to another.
    • “Log Data” means information that is automatically reported by the browser each time the User accesses the Platform and which is sent by the User’s web browser and then automatically recorded by the Expanding Web’s servers. Log Data may include information such as the User’s browser type, web requests, domain names or pages viewed.
    • “Paddle” means Paddle.com Inc. whose office is at 54 W. 40th St., New York, NY, 10018, USA (where the User is purchasing the Services from within the United States) and Paddle.com Market Limited, incorporated in England and Wales with company number 8172165 (otherwise, for sales of the Services made in the rest of the world), all operating on the site: https://www.paddle.com/. Paddle is a reseller of Expanding Web’s Services.
    • “Personal Data” or “Personal Information” or “Data” means any information relating to an identified or identifiable person as defined in Article 4.1 of the GDPR and in other Applicable laws.
    • “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning).
  2. Introduction

    This Privacy and Cookies Policy applies to processing of the User’s Personal Information carried out by Expanding Web when the User uses the Platform.

    The data controller of the User’s Personal Information is Expanding Web.

    When the User uses Expanding Web’s Services, Expanding Web may collect information from the registration or contact form, correspondence with the User as well as from the User’s activities on the Platform through the usage of Cookies and Log Data.

  3. Personal Information collected by Expanding Web

    The User’s Data is collected through the Platform and processed by Expanding Web for the following purposes:

    1. Creating the Account in the Platform

      The processing of Personal Data for this purpose is necessary for the performance of the Agreement (article 6.1 (b) of the GDPR). Expanding Web processes the following Personal Data of the User to create the Account in the Platform: name and email address. If the Account is created via social networks (Google, LinkedIN etc.) Expanding Web processes also the following Personal Data of the User: username, email address indicated in the social media account, language settings, profile picture (if apply).

    2. Provision of Expanding Web’s Services

      Expanding Web’s Services are provided through the reseller - Paddle who collects the following Data and transfer it to Expanding Web: full name, address, town/city, state/county, postcode, country (for consumer purchases) and business/company name, billing address, and tax identification number (for business purchases). After a transaction, the User’s private Information (credit cards, financials, etc.) shall not be stored on the Expanding Web’s servers. Paddle’s privacy policy can be found here: https://www.paddle.com/legal/privacy.

    3. Conducting necessary tax and accounting operations

      The processing is necessary for compliance with legal obligations to which Expanding Web is subject to regarding tax and accounting law (article 6.1 (c) of the GDPR). Expanding Web processes the following Personal Data of the User: name, email address, business/company name, billing address and tax identification number. The User is obliged to provide the aforementioned Data for that purpose.

    4. Processing of the User’s complaints, responding to the User’s inquiries

      The processing of Personal Data is necessary for the purposes of Expanding Web’s legitimate interest (article 6.1. (f) of the GDPR). Expanding Web processes the following Personal Data of the User: name, email address, business/company name, billing address, tax identification number and other data provided by the User including contact data and the content of the complaint or the inquiry.

    5. Pursuing claims or defending against the User’s claims

      The processing of Personal Data is necessary for the purposes of Expanding Web’s legitimate interest (article 6.1 (f) of the GDPR). Expanding Web processes the following Personal Data of the User: name, email address, business/company name, billing address, tax identification number and other data provided by the User including contact data.

    6. Improving of Expanding Web’s Services, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement, as well as storing data for archiving and statistical purposes

      The processing of Personal Data is necessary for the purposes of the Expanding Web’s legitimate interest (article 6.1. (f) of the GDPR). Expanding Web processes the following Personal Data of the User: name, email address, business/company name, billing address, tax identification number and other information provided when using the Account in the Platform, including the User’s activity in the Platform.

    7. Sending commercial information by electronic means and newsletter

      The processing of Personal Data is based on the User’s voluntary consent (article 6.1 (a) of the GDPR). Expanding Web processes the following Personal Data of the User: name and email address.

      By subscribing to the newsletter, you provide us with your email address and name via the newsletter subscription form. Providing this data is voluntary, but necessary to subscribe to the newsletter. The data provided when subscribing to the newsletter is used to send you the newsletter, and the legal basis for their processing is the performance of the agreement for the newsletter service (Article 6.1. b) of the GDPR) and your consent to the sending of commercial information in accordance with Article 10 of the Act on Providing Services by Electronic Means and Article 172 of the Telecommunications Act (article 6.1. a) of the GDPR) expressed when subscribing to the newsletter.

      You can withdraw your consent at any time by writing to us at the following e-mail address: [email protected] or by unsubscribing from the newsletter. Withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal. The data will be processed for the duration of the newsletter and the Agreement concluded with you, unless you resign from receiving it earlier. However, resignation from receiving the newsletter does not lead to complete removal of data from the database. Your data will still be stored in the mailing system in order to defend against any claims related to sending the newsletter, in particular for the purpose of demonstrating your consent to receive the newsletter, which is our legitimate interest referred to in article 6.1. f) of the GDPR.

    8. Performing marketing of Expanding Web’s Services

      The processing of the Personal Data is necessary for the purposes of Expanding Web’s legitimate interest (article 6.1. (f) of the GDPR). Expanding Web processes the following Personal Data of the User: name, email address, business/company name, the User’s activity in the Platform.

    9. Contact

      By contacting us via e-mail, contact form or social media account, you provide us with your e-mail address as the address of the sender of the message. In addition, you can also include other Personal Data in the content of the message. Providing data is voluntary, but necessary to make contact. In this case, your Data is processed in order to contact you, and the basis for processing is your consent resulting from initiating contact with us (article 6.1. a) of the GDPR). After the contact is completed, the legal basis is our legitimate interest in archiving correspondence for the purpose of demonstrating its course in the future (article 6.1. f) of the GDPR). The content of correspondence may be archived for the period of limitation of claims that may arise from it. If no potential claims arise from the content of the correspondence, it is deleted after 30 (thirty) days from the time of answering your last question submitted in the contact form or sent by e-mail.

    10. Social Media and Third Parties’ Sites

      We process your Personal Data when you use our social media accounts, in particular when you share content in comments or posts. In this case, your Personal Data may be processed, such as: username, name, surname, image in the profile picture, or the content of the material you provide. The above Data is processed on the basis of our legitimate interest (article 6.1. f) of the GDPR), consisting in running and managing profiles in social media, as well as conducting marketing activities through these media or using statistics. Information that you send via chat or in private messages is also processed (the purposes of data processing in this regard are indicated in the ‘Contact’ section above).

  4. Cookies, Log Data and similar technologies

    When the User interacts with the Platform, Expanding Web may also collect information from its activities in the Platform through the usage of Cookies, Log Data and other similar technologies.

    By using those technologies Expanding Web aims to use this information for the purpose of analytics and monitoring of the effectiveness of Expanding Web’s performance, including the collection of the aggregate Platform usage data (such as the overall number of the Platform’s visitors or pages viewed).

    The information mentioned above may include:

    1. information about the User’s interactions with the Platform (sessions);
    2. technical information about the User’s device hardware and software that may include the types of devices the User uses in order to access the Platform, device IDs or identifiers, device attributes, network connection type, browser type, language, internet service provider, access times, type of requests and their details.

    Cookies. Expanding Web may collect Personal Data from other sources, through the use of ”cookies”. A cookie is a small text file stored on the User’s computer that contains information that helps the website to identify and track the visitor. Cookies do not contain viruses nor occupy space on the hard drive.

    Expanding Web uses two types of cookies: “session cookies” and cookies that are saved permanently on the User’s device i.e. “persistent cookies”. Session cookies are never stored permanently on the User’s computer and disappear when the User closes the session. When the User visits the Platform, Expanding Web’s web server assigns the User’s browser a unique identifier string so as not to confuse the User with other visitors. The second type of cookies save files permanently on the User’s device and this is used to track how visitors move around in the Platform. This is only used to offer visitors better services and support. The text files can be deleted. The information stored on the User’s device is only a unique number, without any connection to Personal Information.

    To opt out of cookies, the User can alter the settings on their internet browser to accept or reject the Platform from using cookies. However this may affect functionality of the Platform.

    Expanding Web uses a tracking software system to monitor the User’s patterns and the Platform usage to help Expanding Web develop the design and layout of the Platform. This software does not enable Expanding Web to capture any of the User’s Personal Data. The User’s Personal Data will not be shared, sold, rented or disclosed other than as described in this Privacy and Cookies Policy. The use of both types of cookies (session and persistent ones) and log data files is based on Expanding Web’s legitimate interest (article 6.1. f) of the GDPR), consisting in proper operation of the Platform, creating statistics and analyzing them in order to optimize the Platform.

    Below is a list of all cookies we use:

    NAME DESCRIPTION RETENTION
    remember_web_* This cookie is generated when you select the "Remember me" checkbox on the login page. It remembers your login credentials, to let you quickly log in if the session loged you out. If you log out, it’s deleted. 5 years
    laravel_session This cookie is used to identify a Laravel session instance for a user. 24 hours
    XSRF-TOKEN This cookie contains a unique hash, which is used to prevent hack attacks on the website, protecting from Cross-site request forgery. 24 hours
    PHPSESSID This cookie is used to establish a user session and to pass state data via a temporary cookie, commonly referred to as a session cookie. session
    paddlejs_campaign_referrer This cookie is used by our payment processor. 30 days

    Google Analytics. Our Platform and Website use those cookies that are small text information stored on your end device (e.g. tablet, smartphone) that can be read by Google LLC’s IT system (third party cookies) in connection with our use of Google Analytics software. Google Analytics is an online tool for analyzing websites and mobile applications that automatically collects information about your use of the Platform. We do not identify users with this software, and use of it is for statistical purposes only. Detailed information on how Google uses user data is available at: https://policies.google.com/technologies/partner-sites.

    Log Data. Using the Platform involves sending queries to the server on which the Platform is stored. Each query directed to the server is saved in the server's logs. Logs include, among others, server date and time, information on the web browser and operating system used by the User. Logs are saved and stored on the server. The data saved in the server logs is not associated with a specific person using the Platform and is not used by Expanding Web to identify the User. Server logs are only additionally used to operate the Platform, and their content is not disclosed to anyone except those authorized to operate the server.

    Social media. The Website uses plug-ins and other social tools provided by social networking sites, such as Facebook or Instagram. By displaying a website containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plug-in is transferred by the given service provider directly to your browser and integrated with the website. Due to this integration, service providers receive information that your browser has displayed our Website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider and stored there. If you have logged in to one of the social networking sites or an external service provider’s site, the indicated entities will be able to directly assign a visit to the Website to your profile on a given social networking site. If you use a specific plugin, e.g. by clicking the "Like" or "Share" button, the relevant information will also be sent directly to the server of the given service provider and stored there. In addition, this information will be published on a given social network and will be shown to people added as your contacts. We process the above-mentioned data on the basis of our legitimate interest (article 6.1. f) of the GDPR) in order to ensure the possibility of using additional functions on the Website, such as social plug-ins. The indicated data will be processed by the us for the duration of the availability of statistics provided by a given service provider. To learn more about the processing of your data by social media service providers, read their privacy policies:

    1. Facebook - https://pl-pl.facebook.com/privacy/explanation;
    2. Instagram - https://pl-pl.facebook.com/privacy/explanation.
  5. Opt-out

    During the first visit to the Platform, the User is shown information on the use of cookies. The User can prevent the recording of Personal Data collected by cookies regarding their use of the Platform as well as the Processing of this Personal Data by installing the browser plug-in located at the following address: https://tools.google.com/dlpage/gaoptout. Details related to Personal Data processing within Google Analytics and explanations prepared by Google can be found at: https://support.google.com/analytics/answer/6004245.

    The User’s browser may also offer tools to enable or disable cookies by modifying the settings in a browser. However, it should be noted that certain features of the Platform may not work if some types of cookies are deleted or disabled. Some third parties may use cookies and other technologies. Expanding Web recommends reading their privacy policies.

    Some browsers provide helpful cookie guides:

    Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
    Firefox: http://support.mozilla.org/en-US/kb/Cookies
    Internet Explorer: http://support.microsoft.com/kb/278835
    Safari 5 for Mac: https://support.apple.com/en-us/HT201265
    Opera: http://help.opera.com/Linux/10.50/en/cookies.html
    Alternatively: http://www.allaboutcookies.org provides advice on how to opt out as well as further information on cookies and how to manage them.
  6. The User’s rights

    The User has the right to access their Personal Information and manage it by contacting Expanding Web via email address: [email protected] or by using a contact form.

    The User has following rights provided by the GDPR:

    1. The right to be informed

      Expanding Web has published this Privacy and Cookies Policy to keep the User informed of what Expanding Web does with the User’s Personal Information.

    2. The right of access

      The User has the right to access their Personal Information and to request a copy of it.

    3. The right to rectification

      The User has a right to rectify their Personal Information by contacting Expanding Web through the use of the contact details provided above.

    4. The right to erasure (“the right to be forgotten”)

      In some circumstances the User has the right to erasure of their Personal Data without undue delay. Those circumstances include situations when: the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the User’s consent withdrawal to consent-based processing; the processing is for direct marketing purposes; and the Data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

    5. The right to restriction of processing

      In some circumstances the User has the right to restrict the processing of their Personal Data. Those circumstances are the following: the User’s contest of the accuracy of the Personal Data; processing is unlawful but the User opposes erasure; Expanding Web no longer needs the Personal Data for the purposes of the processing, but the User requires Personal Data for the establishment, exercise or defense of legal claims; and the User has objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, Expanding Web may continue to store the User’s Personal Data. However, Expanding Web will only otherwise process it: with the User’s consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

    6. The right to Personal Data portability

      Expanding Web must allow the User to obtain and reuse their Personal Data for their own purposes across Services in a safe and secure way without it affecting the usability of the User’s Personal Data. This right only applies to Personal Data that the User has provided to Expanding Web as the Data Controller. The Personal Data must be held by Expanding Web by consent or for the performance of the Terms and Conditions and the processing has to be carried out by automated means.

    7. The right to object

      In certain circumstances, the User has the right to object to the processing of their Personal Data where, for example, their Personal Data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for Expanding Web to continue to process the User’s Personal Data, or if the User’s Personal Data is being processed for direct marketing purposes.

    8. The right to withdraw consent

      If the User has given Expanding Web consent to process their Personal Data, the User has the right to withdraw their consent at any time, and Expanding Web has to stop processing the Data unless Expanding Web has other legal grounds for processing the Personal Data. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.

    9. The right to complain to a Supervisory Authority

      The User has the right to lodge a complaint with the relevant Supervisory Authority in particular if they feel that Expanding Web has not responded to requests to solve a problem regarding data protection.

      The contact data of the Supervisory Authority of Expanding Web is as follows:
      Bureau of the President of the Personal Data Protection Office (PUODO)
      Address: Stawki 2, 00-193 Warszawa (Poland)
      Telephone: (+48 22) 531 03 00

  7. Security information

    Expanding Web follows strict procedures in the storage and disclosure of the User’s Personal Data, and to protect it against accidental loss, destruction or damage. Only qualified and authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. Expanding Web maintains physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of the User’s Personal Data. Expanding Web’s security procedures mean that Expanding Web may request proof of the User’s identity before a disclosure of the Personal Data to the User.

    We also rely only on vendors who ensure an appropriate level of security of User’s Personal Data. In this context, we use only secure cloud servers provided by Google Cloud Platform. Therefore Google LLC is our processor. Google Cloud Platform uses various security technologies and procedures to protect Personal Data and is compliant with third-party assurance frameworks such as ISO 27001 for cloud security, ISO 9001 for cloud quality, PCI DSS and SOC 1, SOC 2, SOC 3. For more details please see Google Cloud Platform security and privacy policy at https://cloud.google.com/terms/cloud-privacy-notice.

    The User should note to avoid sending Personal Data through insecure channels or networks. The User shall protect themselves against unauthorized access to their password and to their devices and under no circumstances share the User’s password with anyone.

  8. International transfer of Data

    Expanding Web may transfer Personal Data to a country outside of the European Economic Area (EEA) based on a decision of the European Commission, stating that a third country may be considered as providing an adequate level of data protection or based on Standard Contractual Clauses approved by the European Commission. If the User is located in the EEA, the User may contact us if they require a copy of the safeguards which Expanding Web has put in place to protect the User’s Personal Data transferred outside of the EEA and the User’s privacy rights in these circumstances. The User may also learn more about EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries here https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914 and here https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

  9. Retention of your Information

    Expanding Web stores the User’s Personal Information for a period of time required for the purposes for which it was collected using generally accepted security standards and in compliance with the Applicable laws. Expanding Web will not retain the User’s Personal Information for longer than required.

    In particular, Expanding Web stores Personal Information about the User through the period of use of Expanding Web’s Services. The User should note that even if they delete their Account in the Platform, Expanding Web may have the right to process the User’s Personal Data for the purpose of creating statistics, pursuing claims or defending against claims, handling complaints and refunds as well as in order to meet the tax and accounting law requirements, where such processing will last only for the period of time necessary to achieve the intended purposes (e.g. for pursuing claims or defending against claims, the period of retention of the User’s Personal Data is no longer than limitation period for claims as defined in statutory law applicable to Expanding Web) or indicated by law.

    The User’s Personal Data shall be processed for marketing purposes until the User objects to it. Where the User has consented to marketing communications via email or other telecommunication means for Expanding Web’s marketing purposes, the User may withdraw their consent at any time by contacting Expanding Web. In these circumstances, the User's Personal Data will be processed until their withdrawal of the consent.

    User’s and event data associated with cookies is stored by Google Analytics on servers for a period of 26 months. After the end of the period, stored data will be automatically deleted once a month.

    To see the retention periods of other used cookies please go to the table in section 4.

    When we no longer need your Personal Data, we will securely erase it. We will also consider if and how we can minimize over time the scope of Personal Data that we use, and if we can anonymize your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

  10. Disclosures

    Expanding Web may disclose the User’s Personal Data only to the following trusted third parties:

    1. Authorized third parties – Expanding Web may share the Personal Data with parties directly authorized by the User to receive that Personal Data, such as when the User authorizes a third party (e.g. payment service provider) to access their Personal Data. The use of the Personal Data by an authorized third party is subject to the third party’s privacy policy. Within the Platform, Expanding Web receives information on purchased Subscriptions and made payments from Paddle.
    2. Safety, legal purposes and law enforcement - Expanding Web may use and disclose the Personal Data when it shall be necessary: (i) under applicable law, and (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
    3. Service providers – Expanding Web also engages third parties that support the operation of our Services (acting on our behalf) such as analytics providers or IT services providers:
      • Google LLC; analytics and cloud platform (privacy policy: https://policies.google.com/privacy?hl=en-US);
      • OpenAI, L.L.C.; request executing (privacy policy: https://openai.com/policies/privacy-policy).
  11. Additional Notice for California residents

    If you are a California resident special additional provisions of this section apply to you, in accordance with the Californian law which requires companies that operate websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected, how it is being used and those individuals or companies to whom it is being disclosed.

    The California Privacy Rights Act („CPRA”) is a privacy law which amends and strengthens consumer data privacy rights established initially by the California Consumer Privacy Act (“CCPA”) that was signed into law on June 28, 2018, and came into effect on January 1, 2020.

    As the new law, CPRA takes effect from January 1, 2023 and this privacy policy provides for the rights of the Users extended by its provisions.

    Please note that in matters not covered in this section, the remaining provisions of this Privacy and Cookies Policy shall apply. If you have any questions regarding this Section 11 Additional Notice for California End users including its content and scope of application you can contact us via email: [email protected].

    California residents rights CPRA provides additional privacy protections for California data subjects including:
    1. Right to Access – We are required to also report all Personal Information we have shared with third parties and the third parties with whom we have shared the Personal Information.
    2. Right to Correction - You have the right to request your Personal Information to be changed if you discover that it is incorrect.
    3. Right to Delete – You can request to direct third-party suppliers, service providers or contractors to erase Personal Information that may have been sold or shared with them.
    4. Right to Data Portability – You have the right to request us to send certain pieces of Personal Information to another entity. This transmission, however, must be technically feasible for us.
    5. Right to limit the use of sensitive personal information (SPI) - You can request to limit the use of special categories of Personal Data, particularly when it comes to third-party sharing.
    6. Right to Opt-Out – You have the option to opt-out of having your Personal Information sold or shared with third parties, including for cross-context behavioral advertising.
    7. Right to know about automated decision making – You can ask for information on how automated decision technologies work and their likely outcomes.
    8. Right to opt-out of automated decision making - You can refuse to have your Personal Information used to make automated conclusions, such as profiling for targeted behavioral advertising.
    9. Right of Minors – We are obliged to notify minors if we intend to sell or share their personal information.
    10. „Non-discrimination” Right – You have a right not to be discriminated against for exercising any of your Data rights.

    To submit an access, correction, deletion, data portability as well as non-discrimination request please contact us via e-mail: [email protected] or using our contact data provided in Section 13 below. We shall make commercially reasonable efforts to fulfil your request within 45 days.

    Expanding Web does NOT collect User’s Sensitive Personal Information (SPI) and does not sell or share User’s Personal Information, hence the rights to limit the use of SPI and opt-out of Personal Data sale or sharing do not apply to them (please check detailed information below in this section). We also do NOT collect any minors’ Personal Data and do not make automated decisions, therefore, the rights relating to the above activities also do not apply to the Users.

    Your request must provide all information that allows us to reasonably verify if you are the person about whom we collected Personal Information or an authorized representative. Therefore please describe your request with sufficient details that allow us to properly understand, evaluate, and respond to it.

    The disclosure of the required information shall cover the 12 month period preceding the receipt of your verifiable request, provided that you may also request that we disclose the required information beyond the 12 month period but we shall only be required to provide such information unless doing so proves impossible or would involve a disproportionate effort.

    Please note that if you wish to exercise your rights with any of Expanding Web’s Users, you must make your request directly to them, based on information and procedures that they individually supply.

    Categories of Personal Information

    We may collect the following categories of Personal Information about you:

    1. First and last name,
    2. Address,
    3. Business/Company name,
    4. Billing address,
    5. Tax identification number,
    6. Email address,
    7. Payment and invoice details.

    When you interact with our Website or Platform, we may also automatically collect information from your activities through the usage of Cookies, Log Data and similar technologies therein.

    Please note that we do NOT collect User’s Sensitive Personal Information (SPI) i.e.: a social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, consumer’s mail, email, and text messages, genetic data, biometric information, information concerning a health, sex life or sexual orientation.

    Purposes of use of Personal Information

    We may use the categories of Personal Information listed above for the purposes of:

    1. entering into a contract with you (in particular registering your Account and verifying your identity)
    2. performing the Agreement, in particular performing the Services, providing you with support,
    3. handling your requests and complaints,
    4. pursuing claims or defending against claims,
    5. responding to your inquiries,
    6. improving Services, detecting, preventing and responding to actual or potential fraud, illegal activities or intellectual property infringement,
    7. monitoring compliance with our Terms and Conditions,
    8. ensuring accountability (demonstration of compliance with our obligations under the law),
    9. storing data for archiving or statistical purposes,
    10. conducting necessary tax and accounting operations,
    11. performing marketing of our products and Services (our direct marketing, satisfaction surveys, analysis, enabling you to download the information or publication requested by you).
    Business purposes of use of Personal Information

    In addition, we may use aforementioned categories of Personal Information for certain business purposes, as specified in the CPRA, in particular as described below:

    1. helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes;
    2. debugging to identify and repair errors that impair existing intended functionality;
    3. providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers;
    4. undertaking internal research for technological development and demonstration;
    5. undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
    Sale of Personal Information

    Please note that Expanding Web does NOT and will NOT sell Personal Information of their Users, as defined in Section 1798.140 of the Civil Code of California and amended by the CPRA.

    Disclosure/Transferring of Personal Information for Business Purposes

    If it is necessary to perform our business purposes we may transfer Personal Information, in this manner, however, that does not constitute “sell” or „share” under CPRA, for example to the parties we use to provide our services.

    Please remember that „sharing” according to CPRA means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

    Particularly, we may transfer your Personal Information with third parties or allow them to collect Personal Information from our sites or services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal information, or if you use the Expanding Web Platform or our Services to interact with third parties or direct us to disclose your Personal information to third parties.

    For detailed information concerning categories of third parties to whom we may transfer Users’ Personal Information please see section 10. Disclosures of this Privacy Policy.

    Retention of Personal Data

    To read the information on retention periods of relevant categories of your Personal Data please read Section 9 of this policy.

  12. COPPA (Children Online Privacy Protection Act)

    Protecting children’s privacy is very important to Expanding Web. Our Website is not intended for, designed to be used by, or targeted at children as defined in Applicable laws. We are in compliance with the requirements of EU General Data Protection Regulation 2016/679, the California Privacy Rights Act (which amended the California Consumer Privacy Act) as well as COPPA (Children’s Online Privacy Protection Act) and we do not knowingly collect any Personal Information from anyone under the age of 13. If you are a parent or a guardian who knows or has otherwise discovered that your child under the age of 13 has submitted their Personal Information, or other information, to us without your consent, permission or authorization, do not hesitate to contact us using the following email address: [email protected]. We will promptly remove your child’s Personal Information or other information from our system, cease the use of such Information and direct any third party with access to it to do the same.

  13. General Provisions

    In case of any questions regarding this Privacy and Cookies Policy, the User may contact us using the address of the business seat of Expanding Web:

    Expanding Web Marcin Dancewicz
    address: ul. Malinowskiego 1
    59-600 Lwówek Śląski (Poland)

    or by email address: [email protected] and by phone number: (+48) 693 868 369.

    Expanding Web may change this Privacy and Cookies Policy from time to time by updating its provisions.