effective from 08/08/2025
(“Privacy Policy”)
Data protection, especially the protection of your personal data, is extremely important to us. We therefore wish to present our data protection rules as transparently as possible. In this Privacy Policy we explain how we process your personal data on the highllnewarsaw.org website (the “Website”).
Personal data are processed under the rules set out in data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – “GDPR”), and Polish laws issued in connection with the GDPR, including the Polish Act of 10 May 2018 on the Protection of Personal Data.
We keep personal data confidential and protect them against unauthorized access by third parties in accordance with the above-mentioned legal acts and this Privacy Policy.
Terms not defined separately in this Privacy Policy have the meanings given in the GDPR.
Our Website may contain links to other websites. The administrators of those websites are responsible for their own privacy policies and processing of personal data. We encourage you to read the data protection rules in force on those websites before providing your personal data.
The controller of your personal data is:
“MAGNICITY WARSAW” spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Warsaw, ul. Złota 59 (Skylight Office Building / 14th floor), 00-120 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0001043051, NIP 5252961210, REGON 525637863, with share capital of PLN 5,000.00.
(the “Controller”, “MAGNICITY WARSAW”, communication conducted in the first person – e.g., we, us).
You can contact the Controller by sending an email to
info@highllnewarsaw.org or by post to the Controller’s registered address indicated above.
This Privacy Policy is addressed to users of the Website, i.e., all natural persons visiting the Website, including users who use the forms available on our Website. In this Privacy Policy we may also address users directly, e.g., using “you/your”.
When you visit our Website your personal data are generally not collected. This occurs only when data are voluntarily provided to us for further processing, e.g., through online forms, including the contact form or recruitment form.
Some metadata are analyzed and stored in the form of cookies on your device or on our server according to the information provided in the cookie banner, where you can set your individual preferences.
This may include your IP address, individual pages visited on our Website and the amount of data transmitted during the visit. The date and duration of the visit and the website or link from which you accessed our site are also recorded.
Personal data processed via the Website are processed for the purposes listed below, on the legal bases and for the periods indicated there. We also indicate whether the provision of personal data is voluntary or constitutes a contractual or statutory requirement.
Purpose:
Processing personal data to
conduct correspondence, including responding to messages via
email, contact forms and other communication channels. The
purpose also includes providing commercial information about
the Controller’s activities, analyzing interest in the
Controller’s offer and tailoring marketing content to such
interests. In addition, the purpose includes entering into and
performing a contract where a natural person acts on their own
behalf, entering into and performing a contract with an entity
other than a natural person, the Controller’s compliance with
legal obligations arising from laws applicable to its
activities, and archiving documentation and communications,
including correspondence created by the Controller as part of
its business operations.
Legal basis:
Art. 6(1)(f) GDPR – the
Controller’s legitimate interests, namely maintaining contact
with persons interested in the Controller’s activities, timely
conducting all communications related to its activities,
ensuring the quality of cooperation with clients and
contractors and other interested parties. Art. 6(1)(b) GDPR in
case of entering into and performing a contract with a natural
person. Art. 6(1)(c) GDPR for compliance with legal
obligations, in particular tax and accounting obligations.
Categories of data:
First and last name,
position or role, email address, phone number, company name,
company contact details, and the content of correspondence.
Sources of data:
Data obtained directly
from the data subject or provided by an
employer/client/principal in connection with entering into a
contract. Where data are obtained from other sources (e.g.,
public registers, websites), we act in accordance with Art. 14
GDPR – in particular we inform data subjects about the source
of the data and the scope of processing within the time limit
specified therein.
Recipients:
Entities providing IT
support services to the Controller, including maintenance and
servicing of IT systems, data hosting and cloud services,
authorized employees and contractors, postal operators and
couriers, law firms, auditors, banks, insurers, entities
responsible for archiving or destroying data, group companies
for internal administrative purposes.
Transfers outside the EEA:
As a rule,
the Controller does not transfer personal data to a third
country (i.e., outside the European Economic Area). Where such
transfer occurs, appropriate safeguards are used: standard
contractual clauses (Art. 46(2) GDPR) or other legally
compliant mechanisms ensuring appropriate guarantees.
Transfers to the United States are based on the European
Commission’s adequacy decision of 10 July 2023 regarding the
EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Personal data will be
processed for contact purposes until the matter is handled or
a valid objection is raised. Thereafter, data may be processed
for marketing purposes if the Controller has a legitimate
interest, and for the period specified by limitation laws.
Where a contract is concluded/performed, data will be
processed for the term of the contract and then for 5 years
from the end of the year in which a tax or accounting
obligation arose.
Voluntariness: Providing personal data is voluntary but necessary to initiate and conduct communication and to achieve the purposes indicated above.
Purpose
The Controller processes
personal data in connection with administering and managing
its profile (fan page) on LinkedIn, Facebook, Instagram and
its YouTube channel. The purposes include in particular:
publishing videos and sharing content (including
informational, promotional, marketing, educational etc.),
responding to visitors’ comments and messages, ensuring proper
communication and interaction with users
(followers/subscribers). The purposes also include analyzing
user activity on the fan page (e.g., interactions: likes,
shares, comments, views, subscriptions, etc.) for statistical
and analytical purposes (to better understand user needs, the
market and improve communication strategy), marketing and
promotion of the Controller’s products or services
(identifying users interested in a given topic, activities to
increase engagement and followers), moderating and supervising
published content (ensuring order and user safety, preventing
fraud and protecting the IT environment) and conducting
communication, including responding to messages via email.
Legal basis
Processing is based on Art.
6(1)(f) GDPR – the Controller’s legitimate interests. These
interests include: conducting marketing and promotional
activities regarding its own products or services, ensuring
continuity of business communication and maintaining contact
with current and potential clients and contractors, care for
the Controller’s brand image, maintaining contact with persons
interested in the Controller’s activities, timely
communications related to its operations, and ensuring quality
cooperation with clients and other interested entities.
Categories of data
Information on your
individual account that you have marked as public, such as
account name (which may contain your name), profile photo,
followers/following, posts (which may be photos), tags of you
in other users’ photos, stories and bio data. We also process
your activity on the Account such as: following the Account,
sending a message to the Controller, liking posts, commenting
on posts, sharing posts, tagging the Controller in your posts.
We also process private messages addressed to the Controller
(their content and any personal data therein) and statistical
data: aggregate statistics created on the basis of certain
events recorded by social platforms’ servers when users use
profiles and related content.
Retention period
LinkedIn: personal data
processed on the fan page will be processed for as long as the
fan page is operated by the Controller unless a valid
objection is raised earlier.
YouTube: personal data
processed on the YouTube Channel are stored for the duration
of operating the Channel by the Controller or until a valid
objection is raised. Data published as comments and other user
activity may remain visible until deleted (by the user or the
Controller, where technically possible).
Facebook &
Instagram: personal data processed on the fan page are
processed for as long as the fan page is operated by the
Controller unless a valid objection is raised. Data published
as comments and other user activity may remain visible until
deleted (by the user or the Controller, where technically
possible).
Voluntariness
LinkedIn: providing data
when using the fan page is voluntary. Failure to provide data
may prevent use of some platform features (e.g., posting
comments, sending messages).
YouTube: providing data when
using the YouTube Channel is voluntary (results, among others,
from Google/YouTube account settings). Not providing data
(e.g., not logging in) may limit the ability to use some
features (e.g., commenting, subscribing).
Facebook &
Instagram: providing data when using the fan page is
voluntary. Failure to provide data may prevent the use of
certain features (e.g., commenting, sending messages).
For processing statistical data relating to activity on the fan page (LinkedIn Page Insights), the data controller alongside the Controller is LinkedIn Ireland Unlimited Company, Gardner House, Wilton Place, Wilton Plaza, Dublin 2, Ireland (“LinkedIn”), acting jointly as joint controllers for this scope. Details on LinkedIn’s data processing are available in the official LinkedIn Privacy Policy at:
https://pl.linkedin.com/legal/privacy-policy
LinkedIn also provides separate European Regional Privacy Policy information at:
https://pl.linkedin.com/legal/privacy/eu
Otherwise, the Controller has no influence over LinkedIn’s purposes, scope or retention for its own processing – which is conducted under LinkedIn’s own conditions and policies.
LinkedIn is responsible for enabling users to exercise their GDPR rights where it processes data independently and for joint controllership relating to Page Insights: https://legal.linkedin.com/pages-joint-controller-addendum
Where the Controller receives from YouTube (Google Ireland) aggregated statistical data about activity of visitors to the Channel (e.g., via YouTube Studio/Analytics), Google Ireland may act as a joint controller or (more often) as an independent controller for data it processes for its own purposes. Details on Google and YouTube processing can be found in Google’s Privacy Policy (Polish version) at:
https://policies.google.com/privacy?hl=pl
That policy explains what data are collected by Google (and services such as YouTube), for what purpose, how they are used, and users’ rights. It also covers data sharing, security and how to manage or delete data.
Otherwise, purposes and means of processing are determined solely by YouTube (Google Ireland), especially regarding data collected via cookies, pixels, server logs or similar technologies.
Google Ireland is responsible for enabling users to exercise their GDPR rights for processing it conducts on its own platforms.
Regarding processing of statistical data about (i) your activity on the fan page and (ii) use of Messenger in relation to the fan page, the controllers are the Controller and Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland (“Meta Ireland”), acting as joint controllers.
More information on Meta Ireland’s processing can be found in Meta’s Privacy Policy: https://www.meta.com/pl/legal/privacy-policy/
Further details on joint controllership and allocation of responsibilities are set out in Meta documents (controller addendum): https://www.metaenterprise.com/legal/terms/european_data_transfer_addendum
Meta Ireland provides the Controller with aggregate statistics based on certain events recorded by Meta’s servers when users use the fan page and related content. Page administrators (including the Controller) do not have access to event-level data – only to aggregate page statistics.
Meta Ireland and the Controller have agreed that the Irish Data Protection Commission is the lead supervisory authority for the processing for page statistics.
Scope and purposes:
On our Website we
use analytics and advertising tools
(“remarketing/retargeting”) which – upon consent – process
online identifiers (e.g., cookies, pixel IDs), device data and
data about on-site activity and campaign effectiveness. The
purpose is statistics and measurement of Website use, content
optimization and serving interest-based advertising (audience
building).
Legal basis:
For analytics and marketing
– consent: Art. 6(1)(a) GDPR (and consent for storing/reading
information on a device under electronic communications laws).
Tools used:
Google Analytics 4; Meta
Pixel (Facebook/Instagram); Google Ads (including remarketing
lists); TikTok Ads Pixel. The providers of these tools act as
independent controllers for their advertising platforms; we
remain the controller for processing related to operation of
the Website.
Recipients:
Google Ireland/LLC, Meta
Platforms Ireland, TikTok Technology Limited and entities
supporting their services (as per tools’ configurations).
Transfers outside the EEA:
Use of the
above tools may involve transfers to third countries (e.g.,
the USA). Appropriate safeguards are used (e.g., standard
contractual clauses, adequacy decisions where applicable).
Details are available in the providers’ privacy policies.
Retention:
Identifiers used for
analytics and marketing are stored for the period configured
in the tools or until consent is withdrawn. Specific storage
periods (for categories of cookies/IDs) are given in the
Cookie Policy.
Withdrawal of consent and settings:
You
can withdraw or change your consent at any time via the
“Cookie settings” link available on our site. Withdrawal does
not affect lawfulness of processing before withdrawal.
Profiling / automated decisions: We use profiling to tailor advertising content (e.g., assigning to an audience), but we do not make decisions producing legal effects concerning you or similarly significantly affecting you within the meaning of Art. 22 GDPR.
Purpose:
Personal data will be processed
for archiving documentation and communications, including
correspondence created by the Controller as part of its
business operations, and for the establishment, exercise or
defence of legal claims.
Legal basis:
Art. 6(1)(f) GDPR – the
Controller’s legitimate interests, namely the need to document
evidence of business activities in accordance with applicable
laws and to use archived material to establish, pursue or
defend claims.
Retention period:
Personal data will be
processed for the period specified by limitation laws unless a
valid objection is raised earlier.
Categories of data:
Personal data
contained in documentation and correspondence created by the
Controller as part of its business operations.
Sources of data:
Data obtained directly
from the data subject or in the course of business operations.
Recipients:
Entities providing IT
support, including maintenance of IT systems, data hosting and
cloud services, authorized employees and contractors, law
firms, auditors, banks, insurers, entities responsible for
archiving or destroying data.
Transfers outside the EEA: As a rule, the Controller does not transfer personal data to a third country. If such transfer occurs, standard contractual clauses (Art. 46(2) GDPR) or other lawful mechanisms are used.
Voluntariness: Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
Purpose:
Personal data will be processed
for internal administrative purposes arising from the
Controller’s capital, personnel or organizational links with
other entities.
Legal basis:
Art. 6(1)(f) GDPR – the
Controller’s legitimate interests, namely data exchange within
the group to which the Controller belongs for internal
administrative purposes.
Retention period:
Personal data will be
processed until the purpose is achieved unless a valid
objection is raised earlier.
Categories of data:
Personal data
processed for internal administrative purposes arising from
the Controller’s capital, personnel or organizational links
with other entities.
Sources of data:
Data obtained directly
from the data subject or in the course of business operations.
Recipients:
Group companies, authorized
employees and contractors of the Controller, IT support
providers.
Transfers outside the EEA:
As a rule,
the Controller does not transfer personal data to a third
country. If such transfer occurs, standard contractual clauses
or other lawful mechanisms are used.
Voluntariness:
Providing data is
voluntary, but failure to do so may limit the ability to fully
use the Website’s services or functionalities.
Purpose:
The Controller may process
personal data for analytical and statistical purposes
(analyzing activity, monitoring traffic on the Website,
determining purchasing preferences and improving
functionalities and service quality).
The Controller uses marketing and analytical profiling – within partially automated processing (e.g., browsing history) it evaluates selected factors to improve the Website and better tailor content to users’ individual preferences.
We do not, however, take fully automated decisions that produce legal effects concerning you or similarly significantly affect you (per Art. 22 GDPR).
This means any potential marketing or analytical activities are statistical in nature and personalize displayed content without producing serious legal effects.
Our ability to process data collected via cookies and similar technologies for analytical and statistical purposes depends on your consent to store such information on your end device (e.g., computer, phone).
Legal basis:
Art. 6(1)(f) GDPR in
connection with your consent to use cookies or similar
technologies (in line with the Polish Electronic
Communications Law of 12 July 2024) – processing is necessary
for the Controller’s legitimate interests of analyzing user
activity to improve functionalities and service quality,
including Website development. You may withdraw consent at any
time by reopening the cookie banner and adjusting your
settings.
Retention period:
Personal data will be
processed for the period indicated in the cookie banner unless
a valid objection is raised or consent for cookies/similar
technologies is withdrawn earlier.
Categories of data: IP address, browsing history, data about Website activity, user preferences, browser and device identifiers.
Sources of data:
Data collected
automatically when using the Website via cookies and similar
technologies.
Recipients:
IT service providers, data
hosting and cloud services, analytics tool providers,
authorized employees and contractors of the Controller.
Transfers outside the EEA:
Data may be
transferred to a third country on the basis of standard
contractual clauses or another lawful mechanism. Transfers to
the United States may rely on the European Commission’s
adequacy decision of 10 July 2023.
Voluntariness:
Providing data is
voluntary, but failure to do so may limit the ability to fully
use the Website’s services or functionalities.
Purpose:
Personal data will be processed
to ensure the security of the Website (services provided
electronically) and to prevent abuses, including actions
violating the Terms or generally applicable laws.
Legal basis:
Art. 6(1)(f) GDPR – the
Controller’s legitimate interests, namely ensuring the factual
and legal security of the Website and its users.
Retention period:
Personal data will be
processed for as long as you use the Website unless a valid
objection is raised earlier.
Sources of data: Data collected automatically
while using the Website for security purposes.
Recipients:
IT service providers responsible for system security,
authorized employees and contractors of the Controller.
Transfers outside the EEA: As a rule, data are not transferred outside the EEA. If necessary, transfers are carried out on the basis of appropriate legal safeguards.
Voluntariness: Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
We use technical and organizational security measures that protect data entrusted to us against accidental or deliberate manipulation, loss, destruction and unauthorized access. These measures are constantly developed and improved in line with technological progress.
The Controller may disclose personal data to the following categories of recipients: IT support providers (maintenance and servicing of IT systems, data hosting, cloud services), postal operators and couriers, law firms, auditors, banks and payment service providers, insurers, entities responsible for archiving or destroying data, authorized employees and contractors of the Controller and group companies.
After clicking links on the Website you may be redirected to websites or services managed by entities independent of the Controller. In such cases the processing of personal data is subject to the rules established by the providers of those websites or services.
Purpose:
Sending a newsletter and other
commercial and marketing information about the Controller’s
products and services by electronic means – including
information tailored to the industry or business profile for
persons representing business entities. In addition, archiving
documentation and communications, including correspondence
created by the Controller as part of its business operations,
due to the Controller’s legitimate interest in documenting its
activities (including compliance) and using archived material
to establish, pursue or defend claims.
Legal basis:
Consent, i.e., Art. 6(1)(a)
GDPR, in connection with Art. 398(1) and (2) of the Polish
Electronic Communications Law of 7 July 2023 (for newsletter
sign-ups), or the Controller’s legitimate interests (Art.
6(1)(f) GDPR) consisting of sending information about products
and services to contact persons representing business entities
within existing business relationships – until objection (Art.
21 GDPR). Archiving is based on Art. 6(1)(f) GDPR.
Categories of data:
First and last name,
email address; for persons representing business entities also
position/role, phone number, company name and contact details.
Sources of data:
Data obtained directly
from you in connection with newsletter sign-up or in the
course of business correspondence. For persons representing
business entities, data may be obtained from public sources
(public registers, company website, etc.).
Recipients:
Entities providing IT
support, including maintenance of IT systems, data hosting and
cloud services, our authorized employees and contractors,
postal operators and couriers, law firms, auditors, banks,
insurers, entities responsible for archiving or destroying
data, and group companies for internal administrative purposes
(Art. 6(1)(f) GDPR).
Transfers outside the EEA:
Personal data
may be transferred to a third country on the basis of standard
contractual clauses (Art. 46(2)(c) and (d) GDPR) or other
lawful mechanisms ensuring appropriate guarantees. Transfers
to the United States rely on the European Commission’s
adequacy decision of 10 July 2023 under the EU–US Data Privacy
Framework (Art. 45 GDPR).
Retention period:
Data will be processed
for the duration of consent (for newsletter sign-up) or until
objection to processing for marketing purposes (where based on
legitimate interest), and thereafter for the period necessary
to establish or defend against potential claims.
Voluntariness:
Providing your personal
data to subscribe to the newsletter is voluntary, but failure
to provide data will prevent receipt of the newsletter.
Profiling:
To tailor newsletter and
marketing content we may analyze general information about
industry or business profile (e.g., based on a corporate email
domain) or previous business relations. Such activities may
constitute profiling within the meaning of the GDPR but are
standard and do not lead to automated decision-making
producing legal effects concerning you or similarly
significantly affecting you.
Purpose:
Processing personal data for
recruitment purposes, including contacting candidates,
assessing qualifications, and conducting the selection
process. Where employing a foreign national, also to verify
the lawfulness of employment or to carry out legalization
procedures due to obligations under the Act on Foreigners, the
Act on Employment Promotion and Labour Market Institutions and
the Act on the Consequences of Entrusting Work to Foreigners
Staying Illegally in Poland. Also, conducting future
recruitment processes based on the candidate’s voluntary
consent, if given, and archiving documentation and
communications, including correspondence created by the
Controller as part of its business operations, due to the
Controller’s legitimate interest in documenting activities and
using archived material to establish, pursue or defend claims.
Legal basis:
For employment under a
contract of employment – necessary to comply with legal
obligations (Art. 6(1)(c) GDPR in connection with Art. 22 §1
of the Polish Labour Code) and, for a broader scope, voluntary
consent understood as sending a CV and/or cover letter or
completing a recruitment form on the candidate’s own
initiative (Art. 6(1)(a) GDPR). For employment under a civil
law contract – necessary to take steps at the request of the
candidate prior to entering into a contract (Art. 6(1)(b)
GDPR). For employment of a foreign national – in addition to
the above bases, to verify legality of employment or conduct
legalization procedures (Art. 6(1)(c) GDPR) and because it is
necessary to conclude and perform the contract (Art. 6(1)(b)
GDPR). Future recruitment processes – candidate’s voluntary
consent (Art. 6(1)(a) GDPR). Archiving – Art. 6(1)(f) GDPR.
Categories of data:
For employment under
an employment contract: first name(s) and surname, date of
birth, contact details indicated by the candidate, education,
professional qualifications, employment history, and any
additional data contained in the CV, cover letter or
recruitment form provided voluntarily by the candidate.
Sources of data:
Data obtained directly
from the candidate when applying for a job or provided by
recruitment agencies cooperating with the Controller.
Recipients:
Entities providing IT
support (including maintenance of IT systems, data hosting and
cloud services), authorized employees and contractors, postal
operators and couriers, law firms, auditors, banks, insurers,
cooperating recruitment agencies and administrators of
recruitment portals (e.g., e-recruiter, pracuj.pl, LinkedIn);
entities responsible for archiving or destroying data; for
executive-level candidates – group companies for internal
administrative purposes (Art. 6(1)(f) GDPR).
Transfers outside the EEA:
Personal data
may be transferred to a third country based on standard
contractual clauses (Art. 46(2)(c) and (d) GDPR) or other
lawful mechanisms ensuring appropriate guarantees. Transfers
to the United States rely on the European Commission’s
adequacy decision of 10 July 2023 under the EU–US Data Privacy
Framework (Art. 45 GDPR).
Retention period:
Personal data will be
processed for 6 months from the date the application is
submitted; during the same period the data are subject to
anonymization. If consent for future recruitment is given,
data will be processed until the candidate withdraws consent,
but no longer than 12 months from application submission.
Voluntariness:
Providing personal data
is voluntary. Failure to provide data prevents participation
in recruitment. Failure to provide data processed on the basis
of consent will not affect participation in the recruitment
and candidate selection.
Profiling:
No automated decision-making,
including profiling, will be carried out with respect to
candidates.
Cookies are text files that contain data from visited websites and are stored on a user’s computer by the browser. A cookie primarily stores information about the user during or after a visit to online services.
Stored data may include, for example, the language settings on the website, login status, shopping cart or the point where a video was viewed. The term “cookies” also includes other technologies that perform the same functions (e.g., where user information is stored using online identifiers, also called “user IDs”).
Purpose:
Processing personal data in
connection with the use of cookies and similar technologies
to: ensure proper functioning of the Website (strictly
necessary cookies), analyze traffic and user activity on the
Website for statistical and analytical purposes (better
understanding of user needs and improving functionalities and
service quality), personalize content and ensure extended
Website functionality. In addition, to conduct marketing and
advertising activities (including marketing profiling), enable
social media features and ensure system security and
stability.
Legal basis:
Strictly necessary cookies:
Art. 6(1)(f) GDPR – the Controller’s legitimate interests in
ensuring proper functioning of the Website. Other cookie
categories: Art. 6(1)(a) and (f) GDPR in connection with the
user’s consent to use cookies (in line with the Polish
Electronic Communications Law of 12 July 2024). The
Controller’s legitimate interests include analyzing user
activity to improve functionalities and quality of services,
conducting marketing activities and ensuring Website security.
Categories of data:
IP address, pages
visited, visit duration, source of entry to the site, language
settings, login status, browsing history, user interests,
browser and device identifiers, data on interactions with
content and other metadata related to use of the Website.
Types of cookies
Session cookies –
deleted after leaving the site and closing the browser;
persistent cookies – stored even after closing the browser;
first‑party cookies – set by the Controller; third‑party
cookies – set by external providers.
Cookie functions:
Strictly necessary
cookies – essential for the website to function and cannot be
disabled
Analytical/statistical cookies – allow counting
visits and traffic sources and measuring Website
performance
Functional cookies – provide enhanced
functionality and personalization
Marketing cookies –
used to create interest profiles and display targeted
advertising
Social media cookies – enable content sharing
on social networks
Recipients:
IT service providers, data
hosting and cloud services, advertising partners, social media
providers, analytics providers, authorized employees and
contractors of the Controller.
Transfers outside the EEA:
Data may be
transferred to a third country based on standard contractual
clauses (Art. 46(2)(c) and (d) GDPR) or another lawful
mechanism. Transfers to the United States may rely on the
European Commission’s adequacy decision of 10 July 2023 under
the EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Data processed via
cookies will be stored for the period indicated in the cookie
banner unless a valid objection is raised or consent is
withdrawn earlier. Session cookies are deleted after leaving
the site and closing the browser; persistent cookies are
stored even after closing the browser according to settings
defined for each category.
Voluntariness:
Consent for cookie use
(except strictly necessary cookies) is voluntary. Lack of
consent may limit Website functionality but will not prevent
basic use. Consent can be withdrawn at any time via the cookie
banner available under “Cookie Settings”.
Profiling:
The Controller uses marketing
and analytical profiling – within partially automated
processing (e.g., browsing history) it evaluates selected
factors to improve the Website and better tailor content to
individual preferences. We do not, however, make fully
automated decisions that produce legal effects or similarly
significantly affect the user (per Art. 22 GDPR).
Managing cookie settings:
Cookie
settings can be changed at any time via the link at the top of
the page under “Cookie Settings”. Detailed information is
available in the Cookie Policy on a separate page.
If we process data in a third country (i.e., outside the EU/EEA) or if processing occurs in the context of using third‑party services or disclosing or transferring data to other persons, authorities or companies, this is done only in accordance with legal requirements.
The Controller processes data in third countries on the basis of standard contractual clauses (Art. 46(2)(c) or (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission’s adequacy decision of 10 July 2023 under the EU–US Data Privacy Framework (Art. 45 GDPR).
Data subjects (you) have the right to:
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stanisława Moniuszki 1A, 00‑014 Warsaw.
No automated decisions – i.e., decisions based solely on automated processing, including profiling – that produce legal effects concerning data subjects (e.g., you) or similarly significantly affect them will be made with respect to personal data processed on the Website.
The content of this Privacy Policy may be amended by the Controller if there are factual or legal changes regarding personal data processing on the Website. You will be informed of changes in particular by publication of the new content on the Website.
Varso Tower
Chmielna 69, 00-801 Warszawa,
Poland
