Last updated: November 22, 2025 – Website address: https://www.astrophotography.pekdar.net/en/home-en/

1. Data controller The data controller is: PekDar Light catcher: dariusz.krzempek76[at]gmail.com. For data protection matters please contact via the contact form on the site or the e‑mail provided above.

2. Scope and sources of data

   a) Contact form: name, e‑mail address, message content, IP address, any additional data voluntarily submitted.

   b) Technical data and logs: session identifier, browser type, access time, IP address (for diagnostics and security).

   c) Cookies: the site uses technical cookies necessary for form and session functions; currently no analytics or marketing cookies are used. Embedded content (e.g. YouTube) may use their own cookies in accordance with the provider’s privacy policy.

3. Purposes and legal bases of processing

• Contact through the form: legal basis — user consent (Art. 6(1)(a) GDPR). Submitting the form constitutes explicit consent.

• Security and fraud prevention (including log analysis): legal basis — legitimate interest of the controller (Art. 6(1)(f) GDPR).

• Processing necessary for compliance with legal obligations or to preserve evidence of communication: legal basis — legal obligation or legitimate interest as applicable.

4. Recipients / processors Data may be disclosed to service providers processing data on behalf of the Controller: hosting provider, e‑mail/SMTP provider, security providers (e.g. Cloudflare), reCAPTCHA provider (Google). For embedded content (YouTube, Vimeo) user data may be processed by those services per their privacy policies.

5. Transfers outside the EEA If external services process data outside the EEA (e.g. Google), transfers are made only on the basis of appropriate legal mechanisms (e.g. Standard Contractual Clauses). The Controller will list used external providers where applicable.

6. Retention periods

• Contact form data will be retained up to 90 days unless the user requests earlier deletion or longer retention is required (e.g. for claims).

• Server logs and backups are subject to hosting provider retention policies (typically 30–90 days). The Controller sets retention criteria and deletes data no longer required.

7. Data subject rights Everyone has the right to access, rectify, erase, restrict processing, data portability, object, and withdraw consent (where processing is based on consent). Requests should be made via the contact form; the Controller will respond within 30 days.

8. Right to lodge a complaint You have the right to lodge a complaint with the relevant supervisory authority (President of the Personal Data Protection Office — PUODO).

9. Cookies and external tools The site uses technical cookies required for form functioning. If analytics/marketing tools are introduced, users will be informed and asked for consent. Embedded content may use their own cookies — see respective third‑party policies.

10. Data security The Controller implements technical and organizational measures (HTTPS/TLS, backups, updates, limited server access) to protect data. IP addresses may be used to prevent abuse.

11. Policy changes This policy may be updated; significant changes will be communicated via notice on the site.

12. Additional note on business character (occasionality) Form data are processed only to reply to individual inquiries. The Controller declares that contacts and any commissions via the site are occasional and do not constitute running a business. If the nature of activities changes, the Controller reserves the right to update these documents.

13. Social sharing clause The author allows sharing of materials (photos, posts) on social media provided that visible attribution to the author (name) and a link to the original post/page are preserved. Copying or sharing that removes attribution or source requires prior written consent.