Privacy Policy

Privacy Policy for universeofmemory.com

Last updated: 8 April 2026

1. General Information

This Privacy Policy sets out the rules for the processing of personal data and the use of cookies in connection with your use of the website available at https://universeofmemory.com.

The controller of personal data is:

The Universe Of Memory Bartosz Czekała

ul. Sopocka 15/1

50-344 Wrocław

Tax ID (NIP): 898 211 10 23

REGON: 365359184

E-mail: [email protected]

For matters related to personal data protection, you may contact the Controller at: [email protected].

2. Scope of this Policy

This Policy applies to personal data processed in connection with:

  • use of the website,
  • sending messages via the contact form,
  • contact by e-mail or telephone,
  • subscribing to the newsletter, educational materials, free resources, webinars, or other free content, if offered,
  • placing orders or entering into contracts,
  • using the student area, user account, or other login-protected areas,
  • posting comments or reviews, if such functionality is available,
  • the use of cookies and similar technologies on the website.

3. What Data May Be Processed

Depending on the purpose and the way the website is used, the Controller may process, in particular:

  • first and last name,
  • e-mail address,
  • telephone number,
  • data provided in the content of a message,
  • data necessary to process an order and related payments or billing,
  • invoice details,
  • data related to the user account or student area,
  • IP address,
  • technical data concerning the device and browser,
  • data concerning activity on the website,
  • data resulting from cookies and similar technologies.

As a rule, providing data is voluntary, but in some cases it may be necessary in order to respond, enter into a contract, process an order, or provide a service.

4. Purposes, Legal Bases, and Retention Periods for Data Processing

4.1. Contact via form, e-mail, or telephone

Personal data are processed for the following purposes:

  • responding to a message,
  • conducting correspondence,
  • handling an inquiry before entering into a contract or in connection with its performance.

Legal basis:

  • Article 6(1)(b) GDPR – taking steps prior to entering into a contract or performing a contract,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest in handling correspondence and communication.

Retention period: for the time necessary to handle the contact, and then for the period needed to defend against claims or pursue claims, no longer than until the expiry of the applicable limitation periods, unless longer retention is required by law.

4.2. Entering into and performing a contract, sale of products and services

Personal data are processed for the following purposes:

  • accepting and processing an order,
  • entering into and performing a contract,
  • delivering a product, service, course, training, consultation, digital material, or access to purchased content,
  • handling payments,
  • issuing accounting documents,
  • handling complaints and returns,
  • contact in matters related to contract performance.

Legal basis:

  • Article 6(1)(b) GDPR – performance of a contract,
  • Article 6(1)(c) GDPR – compliance with legal obligations, in particular accounting and tax obligations,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest in pursuing claims, defending against claims, and organizing customer service.

Retention period: for the duration of the contract, and after its completion for the period required by law, in particular under tax and accounting regulations, and for the limitation period for claims.

4.3. User account, student area, login

If a user account, student area, or other login-protected area is available on the website, personal data are processed for the following purposes:

  • creating and maintaining the account,
  • enabling login,
  • providing access to purchased content, courses, materials, and services,
  • ensuring account security.

Legal basis:

  • Article 6(1)(b) GDPR – performance of a contract or provision of electronic services,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest in ensuring system security and preventing abuse.

Retention period: for the period during which the account or access to the service is maintained, and after its termination for the period necessary for settlements, archiving, and protection against claims.

4.4. Newsletter, educational materials, free resources, webinars

If the user subscribes to the newsletter, downloads material, registers for a webinar, or consents to receiving commercial information, personal data are processed for the following purposes:

  • sending the newsletter,
  • delivering the requested materials,
  • sending educational, marketing, or commercial information,
  • analyzing the effectiveness of mailings and communication.

Legal basis:

  • Article 6(1)(a) GDPR – consent,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest in keeping statistics and analyzing its own marketing activities, to the extent this is carried out in accordance with applicable law.

Retention period: until consent is withdrawn, the user unsubscribes from the newsletter, or the purpose of processing ceases to exist, unless earlier or further storage of the data is necessary to defend against claims.

Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

4.5. Marketing of the Controller’s own products and services

Personal data may be processed for the purpose of direct marketing of the Controller’s own products and services.

Legal basis:

  • Article 6(1)(f) GDPR – the Controller’s legitimate interest in promoting its own business activities,
  • where required by law for electronic communications or the use of certain technologies – the user’s consent accordingly.

Retention period: until an objection is raised or the purpose of processing ceases.

4.6. Handling complaints, claims, and defense of rights

Personal data may be processed for the following purposes:

  • handling complaints,
  • establishing, pursuing, or defending claims,
  • demonstrating the Controller’s compliance with legal requirements.

Legal basis:

  • Article 6(1)(c) GDPR – to the extent legal obligations apply,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest.

Retention period: until the expiry of limitation periods for claims or the conclusion of proceedings.

4.7. Analytics, statistics, and website improvement

Personal data may be processed for the following purposes:

  • compiling statistics,
  • analyzing how the website is used,
  • improving functionality, performance, and security,
  • creating website traffic reports.

Legal basis:

  • Article 6(1)(a) GDPR – consent, if analytics are based on cookies or similar technologies requiring consent,
  • Article 6(1)(f) GDPR – the Controller’s legitimate interest, where processing does not require consent and is carried out lawfully.

Retention period: until consent is withdrawn or for the period resulting from the settings of a given tool and the Controller’s analytical needs.

5. Data Recipients

Data may be disclosed to entities that support the Controller in operating the website and conducting business activities, in particular:

  • hosting and IT infrastructure providers,
  • e-mail service providers,
  • providers of newsletter and marketing automation systems,
  • payment system providers,
  • providers of e-commerce, course, or student area software,
  • accounting offices or entities providing accounting services,
  • law firms and advisory entities,
  • providers of analytical and marketing tools,
  • entities providing technical support,
  • authorized public authorities, if the obligation to disclose data results from legal provisions.

Entities processing data on behalf of the Controller act on the basis of appropriate agreements and only in accordance with the Controller’s instructions, unless they act as separate data controllers.

6. Transfers of Data Outside the European Economic Area

As a rule, the Controller seeks to use solutions ensuring that data are processed within the European Economic Area.

At the same time, some tools used, especially technological, analytical, mailing, advertising, or cloud-based tools, may involve the transfer of data outside the EEA, in particular to the United States.

In such cases, the Controller uses only solutions providing mechanisms compliant with the law, in particular:

  • an adequacy decision,
  • standard contractual clauses approved by the European Commission,
  • other mechanisms permitted under the GDPR.

Information about specific providers and the legal basis for transfers may be provided upon request, to the extent that such solutions are used at a given time.

7. Rights of the Data Subject

Every data subject has the right to:

  • access their data,
  • rectify their data,
  • erase their data,
  • restrict processing,
  • data portability,
  • object to processing based on the Controller’s legitimate interest,
  • withdraw consent at any time, if processing is based on consent,
  • lodge a complaint with the President of the Personal Data Protection Office (PUODO).

To exercise these rights, please contact the Controller.

8. Voluntary Provision of Data

Providing data is voluntary, but it may be necessary in order to:

  • submit the contact form,
  • receive a response,
  • enter into and perform a contract,
  • receive the newsletter or materials,
  • create an account,
  • gain access to certain website functionalities.

Failure to provide the required data may make it impossible to achieve the indicated purpose.

9. Automated Decision-Making and Profiling

As a rule, personal data are not used to make decisions producing legal effects concerning the user or similarly significantly affecting the user.

Data may be used for analytical, statistical, marketing, or content personalization purposes, to the extent that this is carried out in accordance with applicable law and the scope of the consents granted.

If, in the future, the Controller implements solutions involving profiling within the meaning of the GDPR, appropriate information will be added to this Policy.

10. Data Security

The Controller applies technical and organizational measures appropriate to the scale, nature, and risks associated with data processing in order to ensure security, confidentiality, integrity, and accountability.

These measures include, in particular, infrastructure safeguards, access control, system updates, restriction of access to data to authorized persons, and cooperation with trusted service providers.

11. Cookies and Similar Technologies

The website uses cookies and similar technologies.

Cookies are small text files stored on the user’s end device. They may be read by the Controller’s IT systems or by third parties whose tools are used on the website.

11.1. Purposes of Using Cookies

Cookies may be used for the following purposes:

  • ensuring the proper functioning of the website,
  • maintaining the user session,
  • remembering settings and preferences,
  • ensuring security,
  • compiling statistics and analyses,
  • marketing and remarketing activities,
  • supporting external tools, forms, embedded content, or integrations.

11.2. Categories of Cookies

The following categories of cookies may be used on the website:

  • essential – necessary for the proper functioning of the website and the provision of electronic services,
  • preference / functional – allowing the user’s settings to be remembered,
  • analytical / statistical – used for traffic measurement and analysis,
  • marketing – used for advertising, remarketing, or measuring campaign effectiveness.

11.3. Legal Basis for the Use of Cookies

Essential cookies are used on the basis of the Controller’s legitimate interest or because they are necessary for the provision of a service requested by the user.

Other cookies, in particular analytical, functional, and marketing cookies, are used on the basis of the user’s consent, if the law requires such consent.

The user may at any time:

  • give consent,
  • refuse consent,
  • change consent settings,
  • withdraw consent.

This can be done via the consent management tool available on the website or by changing browser settings. However, restricting some cookies may affect the operation of the website.

11.4. External Tools

The website may use third-party tools such as:

  • analytical tools,
  • advertising tools,
  • tools for handling forms and newsletters,
  • embedded video materials,
  • social media buttons,
  • tools for managing cookie consents.

If such tools store cookies or access information on the user’s device, this takes place in accordance with the consents granted and the user’s settings.

12. Server Logs

Using the website involves sending requests to the server on which the website is stored.

Each request sent to the server may be saved in server logs. Logs may include, in particular:

  • IP address,
  • server date and time,
  • information about the browser and operating system,
  • the URL of the previously visited page,
  • information about technical errors.

Logs are used primarily for administrative, technical, security, and diagnostic purposes, and to ensure the stable functioning of the website.

13. Links to Other Websites

The website may contain links to other websites. The Controller is not responsible for the privacy policies applicable on those websites. After leaving this website, it is recommended to review the privacy policy of the relevant website.

14. Changes to the Privacy Policy

The Controller may update this Privacy Policy, in particular in the event of:

  • changes in legal provisions,
  • technological changes,
  • changes in the way the website operates,
  • implementation of new services, tools, or functionalities.

The current version of the Policy is published on the website.

15. Contact

In matters concerning privacy and personal data, you may contact the Controller at:

[email protected]