Light is everything
🇵🇱 Read in Polish / Przeczytaj po polsku

Privacy Policy

Effective from: December 4, 2025
Version: 2.0

Applies to the service:
https://fotoferia.pl

Data Administrator / Company Information

Personal data administrator / service owner:

ODART RAFAŁ KOWALKOWSKI
ul. Tadeusza Makowskiego 3
78-100 Kołobrzeg, POLAND

NIP: 5791020696
REGON: 320889738

Website: https://odart.pl

General Provisions

The mission of the Fotoferia photography portal (hereinafter referred to as the Service), operated by ODART RAFAŁ KOWALKOWSKI (hereinafter referred to as the Administrator), is to publish and promote photographs created by photographers from around the world, both professionals and amateurs.

Creating a photography community involves collecting data, which creates an obligation to maintain transparency regarding the data collected about the User, how it is used and shared.

This Privacy Policy applies when using the Service. The User has the ability to choose regarding the processing of data that we collect, use and share in accordance with this Privacy Policy.

The purpose of the Privacy Policy is to define the actions taken by the Administrator regarding personal data collected through the website www.fotoferia.pl and related services and tools used by Users to perform activities such as registration in the Service, posting or viewing comments and photos, and performing a number of other related activities.

All subject activities are subject to applicable legal provisions regarding data protection. This Privacy Policy is subject to Polish law and GDPR regulations.

The User who uses the Service and uses related services and tools confirms that they have read the provisions of this Privacy Policy and the Service Terms and Conditions and understand their content, and agrees to the use of their personal data in accordance with the Service Terms and Conditions and this Privacy Policy.

By publishing any photo in the Service, the User declares that they have all copyrights to the published image and have consent for the publication of the image of persons depicted in it.

The User acknowledges that by clicking on links posted in the Service, they may be redirected to external services of other entities, located outside the managed Service environment, where the data collection process takes place outside the direct control of the Service. The privacy protection policy applicable in external entity services or applications applies to data obtained by these entities.

Article I. Definitions

Administrator (Service) – ODART RAFAŁ KOWALKOWSKI, conducting business under the above name, based in Kołobrzeg, being the owner and administrator of the www.fotoferia.pl service.

Personal data – all information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.

Policy – this Privacy Policy.

GDPR (RODO, DSGVO) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Service – the website operated by the Administrator at www.fotoferia.pl.

User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

Article II. Personal Data Administrator

The administrator of personal data of Users who are natural persons is:

ODART RAFAŁ KOWALKOWSKI
ul. Tadeusza Makowskiego 3
78-100 Kołobrzeg, Poland
NIP: 5791020696
REGON: 320889738

The Administrator operates the Fotoferia Service in Polish (www.fotoferia.pl) and English versions, hereinafter collectively referred to as the Service.

Each User registering in the Service may submit their photographs for evaluation by other Service Users and use the Service's social functionalities, in accordance with the Terms and Conditions.

Article III. Data Processing in Connection with Using the Service

In connection with the User's use of the Service, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User's activity in the Service. Below are described detailed rules and purposes of processing personal data collected during the User's use of the Service.

Article IV. Purposes and Legal Bases for Data Processing in the Service

Using the Service

Personal data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies), who are not registered Users (i.e., persons without a profile in the Service) are processed by the Administrator:

  1. for the purpose of providing electronic services in the scope of making content collected in the Service available to Users, including to the extent necessary to establish, shape content, modify, terminate and properly perform electronic services;
  2. for analytical and statistical purposes – then the legal basis for processing is the Administrator's legitimate interest (Art. 6(1)(f) GDPR) consisting in conducting analyses of User activity and their preferences in order to improve the functionalities used and services provided;
  3. for the purpose of possible establishment and pursuit of claims or defense against them – the legal basis for processing is the Administrator's legitimate interest (Art. 6(1)(f) GDPR) consisting in the protection of its rights.

User activity in the Service, including their personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions related to the information system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to service provision. The Administrator also processes them for technical, administrative purposes, to ensure the security of the information system and manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Administrator's legally justified interest (Art. 6(1)(f) GDPR).

Registration in the Service

Persons who register in the Service are asked to provide data necessary to create and operate an account. To facilitate service, the User may provide additional data, thereby expressing consent to their processing. Such data can be deleted at any time. Providing data is required to create and operate an account, and failure to provide it results in the inability to create an account.

Users creating an account in the Service are required to provide specific information, such as:

  1. login,
  2. confirmation of majority,
  3. email address.

The above data will be automatically entered into the Service's user database. The following data are visible to other Users:

  1. login,
  2. gender.

This data can be edited in portfolio settings, from which only the login can remain visible to other Users.

Personal data are processed:

  1. for the purpose of providing services related to maintaining and operating an account in the Service – the legal basis for processing is the necessity of processing to perform a contract (Art. 6(1)(b) GDPR), and in the scope of optionally provided data – the legal basis for processing is consent (Art. 6(1)(a) GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the Administrator's legitimate interest (Art. 6(1)(f) GDPR) consisting in conducting analyses of User activity in the Service and account usage, as well as their preferences in order to improve the functionalities used;
  3. for the purpose of possible establishment and pursuit of claims or defense against them – the legal basis for processing is the Administrator's legitimate interest (Art. 6(1)(f) GDPR) consisting in the protection of its rights;
  4. if the User places any personal data of other persons in the Service (including their name and surname, address, phone number or email address), they may do so only on condition of not violating applicable law and personal rights of these persons.

It is possible that the Service will be required to disclose information about the User when required by law, in the case of a court summons or other legal process, or if disclosure is reasonably necessary to:

  1. investigate, prevent or take action regarding suspected or actual illegal activities or assist government law enforcement agencies,
  2. enforce our agreements with the User,
  3. enforce copyright and related rights law requirements,
  4. enforce GDPR regulation requirements,
  5. investigate and defend against third-party claims or allegations,
  6. protect the security or integrity of our service,
  7. exercise or protect the rights and security of the Administrator, Users or other persons.

The Administrator – to the extent possible – may notify the User of legal requests regarding their personal data when justified, unless prohibited by law or court order or when the request is urgent. The Administrator may object to such requests when it believes that the requests are exaggerated, unclear or do not come from the appropriate authority, however, it is not committed to challenging every request.

The User bears sole responsibility for any third-party claims for infringement of copyrights, moral rights or any third-party rights in connection with using the Service and publishing their photographs on the Service pages. The Administrator is exempt from liability regarding any third-party claims for infringement of these rights. In the event of third parties making any claims for infringement of their rights as a result of the User publishing photographs, analyses or comments in the Service, solely the User will be obligated to bear the costs of any court proceedings, legal representation costs and damages awarded or established through settlement.

Social Media Platforms

The Service, after obtaining voluntary and revocable consent from the User, may publish User photographs on public profiles in social media services, including Facebook, Instagram, X and YouTube.

The Administrator processes personal data of Users visiting the Administrator's profiles maintained on social media (Facebook, YouTube, Instagram, X). This data is processed solely in connection with maintaining the profile, including to inform Users about the Administrator's activity and promote various types of events, services and products, as well as to communicate with Users through functionalities available on social media. The legal basis for processing personal data by the Administrator for this purpose is its legitimate interest (Art. 6(1)(f) GDPR) consisting in promoting its own brand and building and maintaining a community related to the brand.

Communication Between Service Users

Created profiles enable contact between Users. Users share information on their public profiles at their own responsibility. The User should carefully consider the risk of making personal data public, in particular location.

The User creating an account in the Service indicates a unique identifier and password for using the Service. The User is obligated not to disclose data used for authorization in the Service to third parties and bears responsibility for all consequences of disclosing the identifier or password.

The Service allows maintaining constant contact with other registered Users through creating internal clubs and connecting in friend groups. The Service may continuously inform about events and information related to photography and photographers and influence improving Users' photographic skills. The Service may use the User's content, login and avatar to create portal messages.

Communication Between the Service and Users

Stored data may be used for communication between the Administrator and the User regarding in particular:

  1. Service operation,
  2. Service news,
  3. photography contests,
  4. photography exhibitions,
  5. other events related to photography and the nature of the Service.

The Service contacts Users via email address, messages in the Service, information on Service pages and surveys. Messages concern Service operation, updates, security, fixes, instructions and promotional materials of the Service and partners.

Photography Contests

Photography contests may be organized within the Service. The Administrator may collect User personal data (e.g., name and surname and contact details) when they participate in contests organized in the Service or by Service partners.

This particularly applies to international contests under the patronage of photography organizations, where photographs and participant personal data may appear in galleries and post-contest materials (e.g., reports, exhibitions, albums). The scope of data and rules for their processing within a specific contest are defined by the contest regulations.

Email Communication

The Administrator within the Service may collect personal data of Users contacting via email address, which are necessary to fulfill the User's request and contact them if necessary. Contact will also be possible through data placed for this purpose on the User's account. The Administrator is entitled to collect other data regarding communication with Users, e.g., information about support requests or feedback from Users.

Photography Achievements

Information shown in the User's profile, such as photography achievements, professional experience, skills, photography, city or area, recommendations – depend solely on the User. The User does not have to provide additional information on their profile; however, profile information helps promote the photographer.

The User decides what to include in the profile and what information to place. The User should not publish or add personal data to their profile if they do not want it to be publicly available. The User's profile is visible on the web to everyone, including non-logged Internet users and external search engines.

What Actions Cause Data Collection?

We collect data when the User publishes photos, comments on photos, publishes forum posts, rates photos, fills out forms and surveys. The User does not have to do this, however, resigning from the listed activities lowers the value of the User's portfolio.

Other Users may insert content related to a given person in the Service. We log User visits and page views in the Service, this also applies to User statistics and mobile devices.

We monitor content usage, mobile applications and their installations. We use logins, cookies, device information and have access to User IP addresses.

Cookies and Similar Technology

Cookies are small text files installed on the User's device browsing the Service. Cookies collect information facilitating Service use – e.g., by remembering User visits to the Service and actions performed by them.

They are saved on the User's end device (computer, smartphone, tablet, etc.). Thanks to saving these files, it is possible, among others:

  1. remembering login data (the User does not have to enter login and password each time),
  2. remembering User preferences,
  3. adjusting page content to interests and usage method,
  4. collecting statistical data, which enables the Administrator to develop the Service according to User preferences.

If the User does not agree to saving cookies on their device, they should appropriately configure browser settings or delete saved cookies each time after using the Service.

Disabling or limiting cookies may, however, make it difficult or impossible to use the Service.

Cookies Used by the Administrator

The Administrator uses so-called service cookies primarily for:

  1. providing the User with electronically provided services,
  2. improving service quality,
  3. ensuring proper Service operation,
  4. conducting statistics and analyses of Service usage.

The Administrator and external entities providing analytical and statistical services on its behalf may use cookies storing information or accessing information stored on the User's end device.

Types of Cookies Used in the Service

Cookies used in the Service include, among others:

  1. 1P_JAR – used by Google reCaptcha service,
  2. _ga – used by Google Analytics to distinguish users,
  3. __utma – informs how many times the user visited the Service,
  4. __utmb – informs how long the visit to the page lasts,
  5. __utmc – works like __utmb, expires after the session ends,
  6. __utmz – informs where the User comes from (traffic source).

Cookies from other websites – such as Facebook, Instagram, X, YouTube – may be transmitted while browsing the Service and serve, e.g., to:

  1. share content on social media,
  2. conduct access and activity statistics.

The Administrator has no influence on external entity cookies. The User should familiarize themselves with the privacy policies of these services.

Analytics Cookies

The Service uses Google Analytics to analyze Service usage and create statistical reports.

The analytics service provider generates statistical information using cookie files.

Detailed Google privacy policy is available at:
https://www.google.com/policies/privacy/

Cookie Management

  1. Blocking cookies: most browsers allow refusing to accept cookie files. Note: this may prevent logging in or using some Service functions.
  2. Deleting cookies: The User can delete saved cookie files from their device at any time.

Article V. Personal Data Processing Period

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of service provision or order fulfillment, until:

  1. contract completion,
  2. withdrawal of expressed consent – when the legal basis for data processing is User consent,
  3. filing an effective objection to data processing – in cases where the legal basis for data processing is the Administrator's legitimate interest.

The data processing period may be extended each time when processing is necessary to establish and pursue possible claims or defense against them, and after this time – only in the case and to the extent required by legal provisions.

After the processing period expires, data is irreversibly deleted or anonymized.

Article VI. User Rights

The User has the right to access the content of their data and request their rectification, deletion, processing restriction, right to data portability, as well as the right to object to data processing and the right to file a complaint with the supervisory authority dealing with personal data protection.

To the extent that User data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator or using functionalities provided in the Service, including writing to the email address: [email protected].

The User has the right to object to data processing for marketing purposes, if processing takes place in connection with the Administrator's legitimate interest, and also – for reasons related to the User's particular situation – in other cases where the basis for data processing is the Administrator's legitimate interest (e.g., in connection with analytical and statistical purposes).

Detailed Information

Users who have created an account in the Service have the right to view, edit and delete data provided by themselves in the profile or through contact via email address [email protected].

The Administrator enables:

  1. data deletion – the Administrator deletes indicated data (e.g., photos, comments, posts, articles) within 3 business days,
  2. data change and correction – some data can be changed independently in the User's profile,
  3. partial or complete withdrawal of consent to data processing through email contact,
  4. the User's right to obtain information about data processed by the Administrator.

Account Closure

If the User decides to close their account, they should send information to the email address [email protected].
The account will be deleted within 3 business days.

Payments in the Service

The Service may offer paid services (e.g., premium account, contest fees or other additional services).

Payments may be made using:

  1. PayPal,
  2. Przelewy24,
  3. or traditional bank transfer to the Administrator's bank account (if provided in the Terms and Conditions).

Payment data is processed solely to the extent necessary to fulfill the order or payment and in accordance with payment operator security principles.

Article VII. Data Recipients

In connection with service provision, User personal data may be disclosed to external entities, in particular:

  1. providers responsible for IT systems and technical infrastructure service,
  2. entities such as banks and payment operators (e.g., PayPal, Przelewy24),
  3. accounting service providers,
  4. courier companies and postal operators (in case of shipments or contest prizes),
  5. marketing agencies (in the scope of marketing services performed for the Administrator),
  6. entities cooperating with the Administrator under appropriate data processing agreements.

In case of obtaining User consent, their data may also be made available to other entities for their own purposes, including marketing purposes.

The Administrator reserves the right to disclose selected information about the User to appropriate authorities or third parties who submit a request for such information, based on appropriate legal basis and in accordance with applicable law.

The Administrator does not make User personal data available to unrelated entities without the consent of interested Users. The Administrator undertakes not to lend or sell User personal data.

Article VIII. Data Transfer Outside the EEA

The level of personal data protection outside the European Economic Area (EEA) may differ from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with appropriate protection level, in particular through:

  1. cooperation with entities processing personal data in countries for which an appropriate European Commission decision has been issued,
  2. application of standard contractual clauses issued by the European Commission,
  3. application of binding corporate rules approved by the appropriate supervisory authority,
  4. in case of data transfer to the USA – cooperation with entities meeting requirements of current programs ensuring appropriate data protection level (e.g., Data Privacy Framework).

The Administrator informs about the intention to transfer personal data outside the EEA at the stage of their collection.

Article IX. Personal Data Security

The Administrator ensures personal data security by applying appropriate technical and organizational measures aimed at preventing:

  1. unlawful data processing,
  2. accidental data loss,
  3. their destruction or damage.

The Administrator takes particular care to ensure that personal data are:

  1. processed in accordance with the law,
  2. collected only for specific, legally justified purposes,
  3. not further processed in a manner inconsistent with these purposes,
  4. adequate, relevant and limited to the necessary minimum,
  5. correct and current,
  6. stored no longer than necessary,
  7. secured against access by unauthorized persons,
  8. transferred outside the EEA only with appropriate safeguards.

Recommendations for the User to Secure the Account

  1. using a strong password (minimum 8 characters, lowercase and uppercase letters, digits and special characters),
  2. keeping login and password confidential,
  3. logging out of the Service after each session,
  4. using current antivirus software,
  5. using the Service only on trusted devices,
  6. avoiding saving login data on public computers,
  7. regularly deleting browsing history and cookie files if using shared devices.

The Administrator continuously conducts risk analysis to ensure that personal data is processed securely – only authorized persons have access, solely to the extent necessary to perform assigned tasks.

The Administrator ensures that subcontractors and other cooperating entities apply appropriate security measures required by law.

Article X. Privacy Policy Changes

The Privacy Policy is continuously verified and updated as needed. The Administrator may introduce changes to the Policy in case of changes in legal provisions, Service functionality or personal data processing method.

Users will be informed about Privacy Policy changes through the Service.

Contact Information

Contact with the Administrator is possible through:

Email address:
[email protected]

Correspondence address:
ODART RAFAŁ KOWALKOWSKI
ul. Tadeusza Makowskiego 3
78-100 Kołobrzeg
POLAND

This page was created in 0.019960165023804 seconds