Privacy Policy

1. Introduction

STAR-SOL ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our educational services.

STAR-SOL is the data controller responsible for your personal information. We are a company registered in Poland (European Union) with our registered office at 32-432 Pcim, Poland (1426). Our representative is PÁL MÁRK DÁVID.

This Privacy Policy applies to all users of our website and educational services, regardless of their location. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users, the General Data Protection Regulation (GDPR) for users in the European Economic Area, and applicable privacy laws in other jurisdictions.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

2. Information We Collect

We collect several types of information from and about users of our website and services:

Personal Information You Provide

When you register for courses, contact us, or use our services, you may provide the following information:

• Full name (first and last name)
• Email address
• Phone number (optional, if provided)
• Mailing address (if required for course materials or billing)
• Payment information (processed securely through third-party payment processors)
• Course enrollment information and learning preferences
• Communications you send to us (emails, contact form messages, support requests)

Automatically Collected Information

When you access our website, we automatically collect certain technical information:

• IP address and geographic location (city and country level)
• Browser type and version
• Device type, operating system, and screen resolution
• Date and time of visit
• Pages viewed and time spent on each page
• Referring website or source that directed you to our site
• Clickstream data and navigation patterns

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior. For detailed information about our use of cookies, please refer to our Cookie Policy.

Information from Third Parties

We may receive information about you from third-party services such as Google Analytics, payment processors (Stripe, PayPal), and social media platforms if you interact with our content on those platforms.

3. How We Collect Your Data

We collect your personal information through the following methods:

• Direct interactions: When you fill out forms on our website, register for courses, subscribe to newsletters, or contact us via email or phone.
• Automated technologies: Through cookies, server logs, and analytics tools that automatically record information as you navigate our website.
• Third-party platforms: When you make payments through our payment processors or interact with our social media profiles.
• Public sources: Information that is publicly available or provided by third-party data sources in compliance with applicable laws.

4. Legal Basis for Processing (GDPR Article 6)

For users in the European Economic Area and other jurisdictions requiring a legal basis for data processing, we process your personal data under the following lawful grounds:

• Consent (Article 6(1)(a)): When you have given explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications or using non-essential cookies.
• Contract performance (Article 6(1)(b)): Processing is necessary to fulfill our contractual obligations to you when you purchase a course or use our educational services.
• Legal obligation (Article 6(1)(c)): When we must process your data to comply with legal requirements, such as tax regulations, financial reporting, or responding to legal requests from authorities.
• Legitimate interests (Article 6(1)(f)): When processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, ensuring network security, and conducting analytics, provided these interests do not override your fundamental rights and freedoms.

5. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• To provide access to our educational courses, webinars, and learning materials
• To process your course registrations and manage your account
• To communicate with you about your courses, account status, and technical issues
• To provide customer support and respond to your inquiries
• To send important notices about changes to our services, policies, or terms

Marketing and Communications (with your consent)

• To send you newsletters, promotional materials, and information about new courses
• To inform you about special offers, webinars, and educational events
• To personalize marketing messages based on your interests and course history

Analytics and Improvement

• To analyze website usage patterns and improve user experience
• To understand how users interact with our content and courses
• To develop new educational programs and enhance existing offerings
• To conduct research and statistical analysis for business planning

Legal Compliance and Security

• To comply with applicable laws, regulations, and legal processes
• To protect against fraud, unauthorized access, and security threats
• To enforce our Terms and Conditions and other policies
• To maintain records for accounting, tax, and regulatory purposes

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or regulatory requirements. Specific retention periods include:

• Account and course data: Retained for the duration of your account activity plus 3 years after account closure or last interaction.
• Contact form submissions and support inquiries: Retained for 2 years from the date of submission.
• Payment and transaction records: Retained for 7 years to comply with financial and tax regulations.
• Marketing communications data: Retained until you unsubscribe or withdraw consent, plus 1 year for record-keeping purposes.
• Website analytics and cookies: Analytics data is anonymized and retained for 26 months. Cookie data retention periods are specified in our Cookie Policy (typically 13 months for analytics cookies).
• Legal and compliance records: Retained for periods required by applicable laws, typically 7-10 years.

After the retention period expires, we will securely delete or anonymize your personal data. You may request earlier deletion by exercising your rights as described in Section 9.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data with the following categories of recipients for legitimate business purposes:

Service Providers and Business Partners

• Payment processors: Stripe, PayPal, and other payment gateways that process course purchases securely. These providers have their own privacy policies and security measures.
• Hosting and infrastructure providers: Companies that host our website and store data on secure servers.
• Email service providers: Platforms that help us send newsletters, course notifications, and transactional emails.
• Analytics providers: Google Analytics and similar services that help us understand website usage (data is anonymized where possible).
• Customer support tools: Platforms that help us manage support tickets and customer inquiries.

Legal and Regulatory Authorities

We may disclose your information when required by law, court order, or regulatory authority, or when necessary to:

• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety, or that of our users
• Investigate fraud, security breaches, or illegal activities
• Enforce our Terms and Conditions or other agreements

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and provide you with choices regarding your data.

Important: We do not share your personal data with third parties for their own marketing purposes without your explicit consent.

8. International Data Transfers

STAR-SOL is registered in Poland (European Union), and we process data within the EU. However, some of our service providers and partners are located outside the European Economic Area, including in Canada and the United States.

When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place to protect your information, including:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with third-party service providers to ensure your data receives adequate protection.
• Adequacy decisions: We transfer data to countries that the European Commission has determined provide an adequate level of data protection (such as Canada under PIPEDA for commercial organizations).
• Appropriate technical and organizational measures: Including encryption, access controls, and regular security audits.

You have the right to request information about the safeguards we have in place for international data transfers by contacting us at [email protected].

9. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

GDPR Rights (for EEA users)

• Right of access (Article 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Article 16): You can request that we correct inaccurate or incomplete personal data.
• Right to erasure (Article 17): You can request deletion of your personal data in certain circumstances (also known as the "right to be forgotten").
• Right to restriction of processing (Article 18): You can request that we limit how we use your data in specific situations.
• Right to data portability (Article 20): You can request to receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to object (Article 21): You can object to our processing of your data for direct marketing purposes or when based on legitimate interests.
• Right to withdraw consent (Article 7): Where processing is based on consent, you can withdraw that consent at any time.
• Right to lodge a complaint: You have the right to file a complaint with your local data protection supervisory authority.

PIPEDA Rights (for Canadian users)

• Right to access your personal information
• Right to request correction of inaccurate information
• Right to withdraw consent for certain uses of your data
• Right to file a complaint with the Privacy Commissioner of Canada

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Please note that certain rights may not apply in all circumstances, and we may need to retain some information for legal or legitimate business purposes even after you exercise your rights.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver personalized content. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use

• Essential cookies: Necessary for the website to function properly, including session management and security features. These cannot be disabled. Duration: Session-based or up to 24 hours.
• Analytics cookies: Help us understand how visitors use our site through Google Analytics and similar tools. Data is anonymized where possible. Duration: 13 months.
• Marketing cookies: Used to track visitors across websites and deliver targeted advertising. These are only set with your consent. Duration: Varies, typically 6-13 months.
• Preference cookies: Remember your settings and preferences to provide a personalized experience. Duration: 12 months.

Managing Cookies

You can control and manage cookies through:

• Our cookie consent banner that appears when you first visit our website
• Your browser settings (most browsers allow you to refuse or delete cookies)
• Third-party opt-out tools such as the Network Advertising Initiative opt-out page

For more detailed information about our use of cookies, please see our Cookie Policy.

11. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you are under 16, please do not provide any personal information through our website or services.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 16, please contact us immediately at [email protected].

Parents and guardians who wish to review, modify, or delete their child's personal information may contact us using the information in Section 13.

12. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols (HTTPS)
• Encryption of sensitive data at rest
• Access controls and authentication mechanisms to limit who can access personal data
• Regular security assessments and vulnerability testing
• Employee training on data protection and security best practices
• Secure backup and disaster recovery procedures
• Firewalls and intrusion detection systems

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our security measures.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by law, typically within 72 hours of becoming aware of the breach.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (if the changes are significant)
• Displaying a prominent notice on our website homepage

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you do not agree with any changes to this Privacy Policy, you may discontinue using our services and request deletion of your account and personal data.

14. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Supervisory Authority

If you are located in the European Economic Area and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

For Poland (our country of registration):

For Canadian users: