Privacy policy

  1. GENERAL PROVISIONS

The Data Controller of the personal data collected through the communication platform is xyz.; registered office and place of business address and address for service: xyz, Poland; entered in the Register of Entrepreneurs of the National Court Register under KRS number: xxx; NIP: xxx, REGON: xxx.

1.2 The personal data collected by the Data Controller through the communication platform shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO, and the Personal Data Protection Act of 10 May 2018.

  1. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

2.1 PURPOSE OF PROCESSING AND LEGAL BASIS. The Data Controller processes personal data through the communication platform in order to carry out the registration and communication process for users of the platform.

2.2 TYPE OF PERSONAL DATA PROCESSED. The Data Controller processes the following categories of your personal data:

  1. first and last name,
  2. e-mail address,
  3. telephone number,
  4. address,
  1. other contact details.

2.3 ARCHIVING PERIOD FOR PERSONAL DATA. Your personal data shall be stored by the Data Controller:

  1. where the basis of data processing is the performance of a contract, for as long as is necessary for the performance of the task, and thereafter for a period corresponding to the period of limitation of claims. Unless specifically provided otherwise, the period of limitation shall be six years, and for claims for periodic performance and claims related to the conduct of a business activity, three years.
  2. where data processing is based on consent, for as long as the consent is not revoked, and after revocation of the consent for a period of time corresponding to the period of limitation of claims which the Data Controller may raise and which may be raised against him. Unless a specific provision provides otherwise, the period of limitation shall be six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.

2.4 When using the communication platform, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.

2.5 Navigation data may also be collected from users, including information about the links and references they choose to click on or other actions they take on the communication platform. The legal basis for such activities is the Controller’s legitimate interest (Article 6(1)(f) RODO) to facilitate the use of the services provided electronically and to improve the functionality of these services.

2.6 The provision of personal data by the user is voluntary.

2.7 Personal data may also be processed by automated means in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) RODO. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning him or her or to analyse or predict his or her preferences, behaviour and attitudes.

2.8 The Data Controller shall take particular care to protect the interests of data subjects and shall, in particular, ensure that the data it collects are:

  1. processed lawfully,
  2. collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes,
  3. Substantially correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.

3. SHARING OF PERSONAL DATA

3.1 Your personal data may be shared with the service providers used by the Controller to operate the communication platform. Service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).

3.2 Your personal data is stored exclusively in the European Economic Area (EEA).

4. RIGHT OF CONTROL, ACCESS AND CORRECTION OF YOUR OWN DATA

4.1 The data subject has the right to access to the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without

affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

4.2 Legal grounds for your request:

  1. Access to data – Article 15 of the RODO,
  2. Rectification of data – Article 16 RODO,
  3. Deletion of data (so-called right to be forgotten) – Article 17 RODO,
  4. Restriction of processing – Article 18 RODO,
  5. Data portability – article 20 RODO,
  6. Objection – article 21 RODO,
  7. Withdrawal of consent – Article 7(3) RODO.

4.3 In order to exercise the rights referred to in paragraph 4.1, you can send a relevant email to: xxx

4.3 In order to exercise the rights referred to in section 4.1, you can send the relevant email to: xxx

4.4 If the user makes a request for exercising the rights under the above rights, the Controller shall either comply with the request or refuse to comply with it immediately, but no later than within one month after receiving the request. However, if – due to the complexity of the request or the number of requests – the Controller will not be able to comply with the request within one month, the Controller will comply with the request within another two months, informing the user in advance, within one month of receipt of the request, of the intended extension of the deadline and the reasons for it.

4.5 If it is established that the processing of personal data violates the provisions of the RODO, the data subject has the right to lodge a complaint with the President of the Data Protection Authority.

5. COOKIES

5.1 The Controller’s website uses “cookies” files.

5.2 The installation of “cookies” is necessary for the proper provision of services on the website. The “cookies” files contain information necessary for the proper functioning of the website, and they also provide the possibility to develop general statistics about the website.

5.3 The following types of cookies are used on the website: session cookies and permanent cookies

  1. “Session” cookies are temporary files that are stored on the user’s terminal equipment until they log off (leave the website).
  2. “Permanent” “cookies” are stored on the user’s terminal equipment for the time specified in the parameters of the “cookies” or until they are deleted by the user.

5.4 The Controller uses its own cookies to better understand how the user interacts with the content of the website. The cookies collect information about the user’s use of the website, the type of website from which the user was redirected and the number of visits and the length of the user’s visit to the website. This information does not record specific personal data about the user, but is used to compile statistics.

5.5 The user has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and handling of cookies is available in the settings of your software (browser).

6. FINAL PROVISIONS

6.1 The Controller shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and categories of protected data, and in particular to protect the data against their access to unauthorised persons, against their being taken by an unauthorised person, against their being processed in breach of the applicable regulations, and against their alteration, loss, damage or destruction.

6.2 The Controller shall make available appropriate technical measures to prevent acquisition and modification by unauthorised persons, of personal data sent electronically.

6.3 In matters not regulated by this Privacy Policy, the provisions of RODO and other relevant provisions of Polish law shall apply accordingly.