privacy policy

Read the policy – you will find out who uses your data, why and on what basis, and what rights you have. If you do not accept the contents of this document, please stop using the Website.

Each person using the Website remains anonymous until they decide to reveal their identity. As the Administrator, I assure you that I do not process any data without your consent, where consent means checking the box, clicking the confirmation link and any other statement or behavior that, in a given context, clearly indicates that you have accepted the proposed processing. I process personal data of various types and for various purposes – always in accordance with the law.

Taking care of the security of your data, I select technical measures to ensure their protection, among others, against disclosure to unauthorized persons or processing in violation of the law. I have developed a Register of Processing Activities and other internal procedures to ensure proper protection of your data – I regularly check their implementation and compliance with applicable standards and regulations.

1. Definitions

1. Website – this website

2. Administrator – Renata Lorens, running a business under the name “RENATA LORENS IIMARABELLA”, based at VIME LA RESERVA DE MARABELLA 6023, 29604 MARABELLA, Spain, with NIP: ESX2901365F, e-mail: INFO@ELISIUM-MARBELLA.COM

3. Reader – a natural person using the Website

4. Potential Customer – a person interested in the Administrator’s offer

5. Customer – a person using the Administrator’s offer

6. Newsletter – a service that allows the Reader to receive free information from the Administrator to the provided e-mail address


2. General provisions

1. The Reader’s personal data are processed in accordance with the Personal Data Protection Act and the Act on the provision of electronic services, as well as the GDPR.

2. The Administrator is aware of the risks arising from the processing of personal data on the Internet, therefore declares that it makes every effort to ensure an appropriate level of privacy protection and security of Readers, Customers and Potential Customers.

3. The Administrator’s website and services are not intended for or addressed to children under 18 years of age, and the Administrator does not knowingly collect information regarding children under 18 years of age.

4. The Administrator undertakes to ensure that personnel authorized to process personal data are obliged to do so in accordance with this Policy and the Administrator’s internal procedures and standards applicable to legal advisors.


3. Scope of collected data

1. The Reader’s personal data collected by the Administrator are used to contact him and for marketing and distribution of the Newsletter.

2. The Administrator processes the following personal data of the Reader: name and surname or company name, e-mail address.

3. Providing personal data referred to in point 2 is necessary for the Administrator to provide the activities indicated in point 1.

4. The Administrator enables the use of free information in the form of a Newsletter via the Website. The reader may unsubscribe from receiving the Newsletter at any time.

5. In the case of a visit to the website during which the Reader does not fill out the forms, statistical data is collected, such as the pages and subpages visited and the amount of time spent on each of them, date and time of visit, operating system and web browser, and location. The legal basis is the Administrator’s legitimate interest in improving the structure of the website and services.

6. In the above case, unless alternative cookie handling has been set on the website, the data may be processed for marketing purposes. This is activity data – search history, clicks on the website, etc. The Administrator does not profile data, and the legal basis for processing this data is the Administrator’s legitimate interest in marketing the website and services.

7. When completing the Newsletter subscription form, the Reader’s e-mail address is processed, and the legal basis is the consent of the processed entity.

8. If you complete the contact form or choose another way of access to the Administrator indicating the Reader’s will to become a Customer or Potential Customer, only the data provided by him will be processed – by default, the e-mail address and the resulting name and surname. The content of the form and the proposed price of the service are not assessed by the IT system. All data regarding possible issues related to the case, opposing parties, etc. are confidential under the rules of the legal advisor’s profession. The basis for processing is the preparation and performance of the contract.

9. If you become a Customer, “invoice” data will be processed – name and surname, company, address and NIP number. The basis for processing is the need for the Administrator to fulfill legal and tax obligations. The Administrator also reserves the right to process this data in order to pursue claims due to him.

10. In the case of Potential Customers, their data will be stored for a period enabling the conclusion of a contract in accordance with the conditions previously proposed by the Administrator. The basis for processing is the legitimate interest of the Administrator.

11. Unless otherwise stated, the Administrator does not process data of people purchasing products available on the Website, such as online courses, etc.

12. The Administrator reserves the right to process people’s data for the purpose of creating registers and records of people resulting from the provisions on the protection of personal data and archiving, and for the purpose of demonstrating facts of evidentiary and legal importance.


4. Method of data processing

1. Use of the Website is voluntary. Anyone sending information using the form available on the Website or directly to the Administrator’s e-mail address should take into account that this information may be published on the Website or the Administrator’s social channels in an anonymized form.

2. Personal data of Readers, Customers and Potential Customers will not be transferred to third parties for marketing purposes.

3. The Administrator transfers personal data to the Administrator’s employees and collaborators in order to perform the contract.

4. The administrator provides personal data if requested by authorized state authorities – in particular the Police and organizational units of the prosecutor’s office or the Presidents of the Office of Personal Data Protection, UKE, Office of Competition and Consumer Protection.

5. The administrator transfers data to the following third parties:

1. entities based in the territory of the Republic of Poland

■ Teresa Majtczak accounting office – to the extent necessary to perform duties

■ cooperating lawyers – if the Client consents

■ insurer – if it is necessary to implement the policy

2. entities processing data within the territory of the European Union

■ HotJar – a tool that records data regarding behavior on the Website – including: cursor movement, page scrolling, location, operating system and browser

3. entities processing data outside the territory of the European Union

■ Google – only analytical data that does not identify a specific person, Google Analytics for analyzing website statistics

■ Facebook – social plugins, commenting system, pixel supporting the measurement of effectiveness and optimization of advertising

■ Shopify – e-commerce platform

6. The Administrator declares that the entities listed in point 4 b) in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC are obliged to comply with high privacy standards similar to those contained in the Policy.


7. The Administrator informs that the entities listed in point 4 c) are based outside the European Union, and therefore, in the light of the provisions of the GDPR, they are treated as the so-called third countries. 

Google Inc. (headquarters address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – the collected data makes it impossible to identify a specific person, and more information about the privacy standards of the tool is available at the link partners/ . Additionally, using the link below: , you can disable activity measured by Google Analytics. 

Facebook (headquarters address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA). The collected data generally makes it impossible to identify a specific person, and more information about the tool’s privacy standards is available at . 

The above companies guarantee compliance with personal data protection standards analogous to the Regulation, and the Administrator’s use of their technologies when processing personal data is lawful.

8. The Administrator informs that due to the failure to meet the mandatory requirements, it has not appointed a Data Protection Inspector. The controller is not a public authority or entity, and its main activity does not consist in processing operations which, due to their nature, scope or purposes, require regular and systematic monitoring of data subjects on a large scale. Moreover, the main activity of the Administrator does not involve large-scale processing of special categories of personal data, or personal data relating to criminal convictions and violations of the law. Therefore, the method of contact in matters of personal data is the Administrator’s e-mail address.

9. The Administrator, in accordance with applicable law, does not process personal data for an unlimited period, but only for the time necessary to achieve the following purposes:

1. offer – for a period of 3 years

2. conclusion and performance of the contract – for the period resulting from the limitation period for claims under the contract

3. issuing invoices – for a period of 6 years

4. for other purposes listed in §3 of this policy – for a period of 2 years or until consent is withdrawn

5. sending the newsletter – until the Administrator removes or discontinues the provision of the Newsletter service. 

The data storage period will not be shorter than that resulting from applicable legal provisions (specific acts), i.e., among others: the Accounting Act, the Tax Ordinance Act. 

Periods in years The Administrator counts from the end of the year in which he started processing personal data in order to improve the process of deleting or destroying personal data. Calculating the deadline for each event separately would be technically difficult, therefore establishing a single date for deleting or destroying personal data allows for more efficient management of this process. 

After this period, personal data will be irreversibly deleted or destroyed.


5. Obligations and rights of the Reader

1. The Reader is obliged to use the Website in a manner consistent with the law and good practices, taking into account the respect for personal rights and intellectual property rights of third parties.

2. The reader is obliged to enter data consistent with the actual situation. The Administrator is not responsible for undesirable consequences and inaccuracies resulting from providing data that is inconsistent with the actual situation.

3. All content posted on the Website is protected by copyright and is the property of the Administrator or other persons clearly marked as the author of the given content. The Reader is fully liable for any damage caused to the Administrator or another person marked as the author of a given content, resulting from the use of any content of the Website without the consent of the Administrator or the author.

4. Any use by anyone, without the Administrator’s express consent, of any of the elements constituting the content of the Website constitutes a violation of copyright law.

5. The Administrator ensures that the Reader exercises the rights indicated below by contacting the Administrator’s e-mail address no later than within 30 days after receiving the request (if, due to the complicated nature of the request or the number of requests, he will not be able to fulfill the request within 30 days, he will fulfill it within the next month, informing in advance about the intended extension of the deadline):

1. The right to withdraw consent – withdrawal of consent may, however, prevent further use of services that, in accordance with the law, the Administrator can only provide with consent. Moreover, withdrawal of consent does not mean that the processing of personal data until the withdrawal was unlawful.

2. The right to object to the use of data – if the Administrator processes data based on a legitimate interest, the Reader may object to their use. If the objection turns out to be justified and the Administrator has no other legal basis for data processing, he will delete the data that is the subject of the objection.

3. The right to delete data (“right to be forgotten”) – the Administrator will delete data upon request in the event of withdrawal of consent, justified objection to use for marketing or statistical purposes, processing illegally or when they are no longer necessary for the purposes for which they were collected. or in which they were processed. The Administrator reserves that he may retain certain personal data to the extent necessary for backup copies or the purposes of establishing, pursuing or defending claims and relations with state authorities.

4. The right to limit data processing – if you question the accuracy of the data and the legality or necessity of their processing and raise an objection.

5. The right to access data – the Administrator undertakes to confirm the processing of personal data, if it takes place. In such a case, the Reader has the opportunity to obtain a copy of the data and access to it and obtain the information contained in this Policy and other requested information.

6. The right to rectify data – the Administrator, at the request of the Reader or Customer, undertakes to rectify the data (in the case of incorrect data) and supplement it (in the case of incomplete data).

7. The right to transfer data – at the request of the Reader or Customer, the Administrator will send personal data in the form of a file in PDF or other established format to the requesting person or directly to another Administrator indicated by him.

8. Moreover, the Reader has the right to lodge a complaint with the President of the Personal Data Protection Office. 

The Administrator indicates that it respects the rights regarding the protection of personal data and strives to exercise them to the highest possible extent. At the same time, the rights in question are not absolute, so a lawful refusal to exercise them is possible – the Administrator ensures that any refusal is preceded by the necessary analysis of the issues and is carried out only if the refusal is necessary due to grounds overriding the interests of the Reader.


6. Cookies

1. The Administrator’s website uses “cookies”, to which the Reader consents by accepting the pop-up when entering the website. These are short text information saved on the user’s computer, phone, tablet or other device. They can be read by the Administrator, as well as by systems belonging to other entities whose services he uses (e.g. Facebook, Google). Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number. More information about cookies can be found at .

2. Cookies used on the website do not store personal data or other information collected from the Reader. The website uses cookies to identify the browser session, which enables the use of website functions. The use of “cookie” techniques does not allow downloading any personal and address data of the Reader or any confidential information from his computer.

3. Cookies are used for the following purposes: maintaining the security of services and preventing fraud, facilitating website performance, recording visits for marketing and statistical purposes, using social functions, supporting website personalization (e.g. saving language settings). Cookies may also be used and placed by partners cooperating with the Administrator – they are then subject to the cookie policies or privacy policies of the entities posting them. 

In addition, the Website contains cookies from social networks – they enable sharing or commenting on content (e.g. in accordance with these rules – ). When using this type of Website services, the Reader’s browser will establish a direct connection to the servers of these websites. The Administrator feels obliged to inform you that information about commenting or sharing, depending on the privacy settings, will be displayed to people added as contacts or to all visitors to the Reader’s profile on a given website. 

The scope and purpose of data collection as well as the method of contact and exercise of rights or making settings ensuring privacy protection are described in the privacy policies of individual service providers (links in paragraph 4 point 6 of this Policy).

4. Typically, the web browser allows the use of cookies on the device by default. The Administrator informs that you can change the settings in your web browser – completely block the automatic handling of cookies or request notification each time cookies are placed on your device. 

If you use Google Chrome, instructions can be found here – . 

If you use Mozilla Firefox, instructions can be found here – . 

If you use Safari, the instructions can be found here – . 

If you use Microsoft Edge, instructions can be found here – . 

If you use Internet Explorer, the Administrator suggests changing the tool to one of the above, and the instructions can be found here – . 

If you are using Windows Phone, the instructions can be found here – .

5. The Administrator feels obliged to warn that disabling or limiting the use of cookies may cause difficulties in using the website and 

limit its functionality.


7. Final Provisions

1. The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.

2. The Administrator provides technical means to prevent unauthorized persons from obtaining and modifying personal data sent electronically.

3. In matters not regulated by this Privacy Policy, the relevant provisions of Polish and European law shall apply. This website may contain additional user privacy provisions regulating specific issues – they take precedence over this Policy.

4. This document may be updated by the Administrator from time to time by publishing new versions on the Website. In addition, the Administrator may notify about changes to this Privacy Policy by e-mail. Further use of the Website or further transfer of personal data to the Administrator will be subject to the terms of the Privacy Policy in force at that time.