PRIVACY POLICY

§ 1. GENERAL PROVISIONS

  1. The administrator of the personal data of users of the website located at www.eterna-link.com is
    D&M 2k25
    with its registered office at: Święty Marcin 29/8, 61-806 Poznań, Poland, VAT ID (NIP): 7831922728, REGON: 540913952 (hereinafter referred to as the “Administrator”).
  2. Contact with the Administrator is possible:
    By email: info@eterna-link.com
    By phone: +49 15201494800 (Monday–Friday, 11:00 AM – 5:00 PM)
    In writing, at the registered office address
  3. The purpose of this Policy is to define the actions taken regarding personal data collected through the Administrator’s website and the associated application used for managing QR profiles, as well as in the course of entering into and performing agreements.
  4. If necessary, the provisions of this Policy may be amended. Any changes will be communicated to users by publishing the updated Policy on the website. In the case of significant changes, users will also be notified via email.

§ 2. LEGAL BASES FOR PROCESSING, PURPOSES, AND STORAGE OF PERSONAL DATA

  1. Users’ personal data are processed in accordance with the General Data Protection Regulation (GDPR), the Personal Data Protection Act, and the Act on the Provision of Electronic Services.

DETAILED DATA PROCESSING TABLE:


Purpose of processingLegal basisRetention periodScope of data
“Performance of the contract for the sale of QR plaques”Art. 6(1)(b) GDPR (performance of a contract)


• For the term of the contract
• Two years after the last transaction
• Until the expiry of the claim limitation period		• Full name
• Email address
• Phone number
• Delivery address
• Company details (if applicable)
Registration and management of the user accountArt. 6(1)(b) GDPR (performance of a contract)


• Until the account is deleted by the user
• Two years after the last activity
• Without time limitation (the profile may be preserved for posterity)		• Full name
• Email address
• Password (encrypted)
• Profile data provided by the user


Management of the QR profile and content

Art. 6(1)(b) GDPR (performance of a contract)


• Until deleted by the user
• Without time limitation (nature of the service)


• All content provided by the user
• Photos, videos, texts
• Information in the time capsule, timeline, family tree


Payment processingArt. 6(1)(b) GDPR (performance of a contract)


• 5 years (accounting requirements)
• Until the expiry of the claim limitation period		• Transaction data
• Payment information
• Order history
Keeping accounting records
Art. 6(1)(c) GDPR (legal obligation)


• 5 years (in accordance with the Accounting Act)• Full name
• Address
• Tax identification number (if provided)
• Invoice details
Customer service and technical supportArt. 6(1)(b) GDPR (performance of a contract)



• Two years from the last correspondence• Contact details
• Correspondence content
• History of technical issues
Generation of biography using AIArt. 6(1)(a) GDPR (user consent)



• Until consent is withdrawn
• Until deleted by the user		• Data entered by the user in the stepper form
• Generated biographical content
Analysis of statistics and service improvementArt. 6(1)(f) GDPR (legitimate interest)

• 26 months (Google Analytics)
• Without limitation (Matomo – own server)		• IP address (anonymized)
• Technical device data
• Browsing information
Recording of telephone conversationsArt. 6(1)(f) GDPR (legitimate interest)
• Two years from the recording• Call recordings
• Caller identification data
System security and fraud detectionArt. 6(1)(f) GDPR (legitimate interest)
• Three years


• System logs
• IP address
• Access time

§ 3. PROFILING

The controller does not use profiling within the meaning of Article 22 GDPR. We do not make automated decisions that could affect users’ rights.

§ 4. DATA DISCLOSURE

Personal data may be transferred to the following recipients:

  1. Payment service providers:
    Krajowy Integrator Płatności S.A. (Tpay) – electronic payment processing
    PayPal (Europe) S.à r.l. et Cie, S.C.A. – PayPal payment processing

Technical service providers:

  • Google LLC (USA) – Google Analytics, Google Fonts
  • Hosting and server infrastructure providers (Frankfurt am Main, Germany)

Accounting and legal service providers:


  • Accounting office – for the purpose of maintaining documentation


  • Law firm – in the event of legal disputes


AI service providers:


  • Artificial intelligence technology providers for biography generation (only data entered by the user in the form)


Public authorities:


  • In the event of a request from law enforcement authorities or other authorized institutions



Transfers outside the European Economic Area:
Data may be transferred to the USA in the case of:

In other cases – on the basis of standard contractual clauses approved by the European Commission

Google LLC – on the basis of the EU-US Data Privacy Framework adequacy decision


§ 5. USER RIGHTS



The user has the right to:


  1. Access to data – to receive information about the data being processed


  2. Rectification of data – to correct inaccurate data


  3. Erasure of data (“right to be forgotten”)


  4. Restriction of processing – to suspend certain operations


  5. Data portability – to receive data in a format that allows for its transfer


  6. Objection – to object to processing based on legitimate interest


  7. Withdrawal of consent – at any time (applies to processing based on consent)


  8. Lodging a complaint – with the President of the Personal Data Protection Office


Exercising your rights:



Requests should be submitted to: info@eterna-link.com or in writing to the company’s registered address. A response will be provided within 30 days.

§ 6. TECHNICAL AND ORGANIZATIONAL SAFEGUARDS



The controller applies appropriate technical and organizational measures:


  1. Data encryption – passwords are encrypted, communication is secured via HTTPS


  2. Access control – only authorized persons have access to the data


  3. Backups – regular creation of security copies


  4. Monitoring – continuous monitoring of system security


  5. Training – staff undergo regular data protection training


  6. Data processing agreements – all entities processing data on behalf of the controller have signed agreements


§ 7. COOKIES AND TRACKING TECHNOLOGIES



Types of cookies used:


Essential cookies:


  • User authentication


  • Maintaining login session


  • System security


  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Duration: until the end of the session or 30 days


Functional cookies:


  • Remembering user preferences


  • Language and region settings


  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Duration: up to 12 months


Analytical cookies:


  • Google Analytics – website traffic analysis


  • Matomo (own server) – usage statistics


  • Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • Duration: 26 months (Google Analytics), no limitation (Matomo)

Cookie management:
The user can manage cookies in the browser settings. Disabling cookies may affect the functionality of the website.

Instructions for managing cookies:

Google Analytics:
We use Google Analytics with IP anonymization enabled. Users can disable tracking by installing the Google Analytics Opt-out browser add-on.

Matomo:
We use our own instance of Matomo hosted on servers within the EU. Data is not shared with third parties.

§ 8. SPECIAL FEATURES OF THE APPLICATION

AI Biography Generation:

  1. Feature available upon active user consent
  2. Data processed only during the generation process
  3. The user controls the process via the stepper form
  4. The generated content belongs to the user
  5. Can be deleted at any time

Time capsule, timeline, family tree:

  1. All data is entered by the user
  2. The user has full control over the content
  3. Data is stored without time limitation (due to the nature of the service)
  4. Option to edit and delete at any time

§ 9. CALL RECORDING

The controller may record telephone conversations for the purposes of:

  • Ensuring the quality of customer service
  • Dispute resolution
  • Staff training

Information about recording
is provided before the conversation begins. Recordings are stored for two years.

§ 10. CHANGES TO THE PRIVACY POLICY

  1. The controller reserves the right to amend this Privacy Policy
  2. Users will be informed about significant changes via:
    • Publication of the new version on the website
    • Email to registered users (in case of significant changes)
  3. Changes come into effect 14 days after publication
  4. Continued use of the services after the changes take effect constitutes acceptance of the new terms

§ 11. FINAL PROVISIONS

  1. Matters not covered by this Policy are subject to the provisions of the GDPR and applicable Polish law
  2. All disputes shall be settled by Polish courts having jurisdiction over the registered office of the Controller
  3. If any provision of the Policy is found to be invalid, the remaining provisions shall remain in full force and effect
  4. The Policy enters into force on the date of its publication on the website

CONTACT FOR DATA PROTECTION INQUIRIES:
Email: info@eterna-link.com
Phone: +49 15201494800
Address: D&M 2k25, Święty Marcin 29/8, 61-806 Poznań, Poland
Business hours: Monday to Friday, 11:00 AM – 5:00 PM

The Privacy Policy is effective as of July 23, 2025.
© 2025 D&M 2k25. All rights reserved.


Shopping Cart
Scroll to Top