Purpose of the Privacy Policy

This Privacy Policy is addressed to all persons who visit the website www.ecrkongresmlodych.pl and correspond with the Personal Data Controller via the contact form and e-mail correspondence to the address provided on the website.

Basic definitions

• Personal Data Controller (PDC) – an entity which, alone or jointly with others, determines the purposes and means of personal data processing,
• information security – maintaining the integrity, confidentiality and availability of personal data,
• personal data – any information relating to an identified or identifiable natural person (data subject),
• Data Protection Officer (DPO) – a person who performs a supervisory and advisory function for the Personal Data Controller in the performance of their obligations regarding personal data protection,
• data processing – any operation or set of operations performed on personal data, such as: collection, recording, organisation, structuring, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether by automated or non-automated means,
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (OJ EU L 119 of 04.05.2016),
• Association – Nowa Polska Organizacja (New Poland Organisation) entered in the Register of Associations of the National Court Register under KRS number: 0001125861 with its registered office in Warsaw, ul. Techników 28, 02-468 Warsaw, NIP (Tax Identification Number): 5223310390, REGON: 52961717100000,
• website – ecrkongresmlodych.pl
• User – a person visiting the website, corresponding with the Personal Data Controller via the contact form or e-mail correspondence to the address provided on the website.

Personal Data Controller

The Personal Data Controller is the Association called Nowa Polska Organizacja (New Poland Organisation), entered in the Register of Associations of the National Court Register under KRS number: 0001125861, with its registered office in Warsaw, ul. Techników 28, 02-468 Warsaw, NIP: 5223310390, REGON: 52961717100000

The PDC can be contacted by e-mail at stowarzyszenie@nowapl.org or by post at the following address: Nowa Polska Organizacja, ul. Techników 28, 02-468 Warsaw.

Data Protection Officer

1. PDC has not appointed a Data Protection Officer.
2. In all matters relating to the processing of personal data, you can contact us by email at stowarzyszenie@nowapl.org or by post at the following address: Nowa Polska Organizacja, ul. Techników 28, 02-468 Warsaw.

Purposes of personal data processing and legal basis for processing

1. Users’ personal data will be processed for the following purposes and on the following legal bases:
   1. contacting Users in matters they have addressed to the PDC using the e-mail address provided on the website. In such situations, personal data will be processed due to the legitimate interest of the PDC (legal basis – Article 6(1)(f) of the GDPR), consisting in the need to respond to the User and maintain contact with Users,
   2. keeping statistics and reports, and archiving for the Controller’s internal needs related to the number of event participants – the legal basis for data processing is the necessity of processing for purposes resulting from legitimate interests pursued by the Controller. The legitimate interest of the PDC is to keep statistics and reports (Article 6(1)(f) of the GDPR),
   3. informing about initiatives undertaken or co-organised by the PDC (Article 6(1)(a) of the GDPR).

Data recipients

1. In certain situations, the Controller has the right to transfer personal data to other recipients in order to perform specific services on behalf of the PDC.
2. Personal data will not be processed outside the European Economic Area.

Scope of data processing

PDC processes personal data such as:

1. when submitting an enquiry via the e-mail address provided on the website, it is necessary to provide data such as: name and surname, e-mail address.
2. in the case of contact via the contact form – each time, the form indicates the scope and purpose of personal data processing, according to the subject and issue to which the form relates

Data retention period

The data processing period depends on the purpose for which it was collected:

1. in the case of an enquiry submitted via e-mail, the data will be processed for the period necessary to contact the User and for a period of 3 years from the end of the contact,
2. in the case of personal data processed for the period of pursuing claims and defending against claims – until the claims expire or until an effective objection is lodged,
3. in the case of contact via the contact form – each time, the form indicates the period of storage of personal data, according to the subject and issue to which the form relates.

Rights related to the processing of personal data

Please be advised that you have the right to: request access to personal data, rectification, erasure and the right to restrict processing, object to processing and the right to lodge a complaint with the President of the Personal Data Protection Office.

Every person has the right to withdraw their consent if the basis for the processing of personal data was consent granted under Article 6(1)(a) of the GDPR. In such a case, consent may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal. Consent may be withdrawn in person at the PDC’s registered office, by post or electronically to the following e-mail address: stowarzyszenie@nowapl.org.

Information on the requirement to provide data

The provision of your personal data is necessary for correspondence. Personal data will not be processed for the purpose of automated decision-making, including profiling.

Security of personal data

1. The PDC uses adequate technical and organisational measures to ensure the protection of the data being processed, appropriate to the risks and categories of data covered by the protection, and in particular protects the data against unauthorised access, removal by an unauthorised person, processing in violation of the law, and alteration, loss, damage or destruction.
2. Access to personal data is restricted to authorised persons only, who are obliged to keep the data and the methods of its protection confidential.
3. The places where personal data is logged in and entered are protected at the transmission layer (SSL certificate). Thanks to this, personal data entered on the website is encrypted on the user’s computer and can only be read on the destination server.
4. Personal data stored in the database is encrypted. This protects the data in the event of the database being stolen from the server.
5. PDC periodically changes its administrative passwords.
6. In order to protect data, PDC regularly makes backup copies.
7. An important element of data protection is the regular updating of all software used by PDC to process personal data, which in particular means regular updates of programming components.

Hosting

1. The website is hosted (technically maintained) on the operator’s server: Cyberfolks.
2. Registration details of the hosting company: ul. Wierzbięcice 1B, Building D, 8th floor, 61-569, Poznań, Poland, NIP: 7792467259, REGON: 367731587, KRS: 0000685595.
3. At https://cyberfolks.pl/o-nas/, you can learn more about hosting and check the hosting company’s privacy policy.
4. The hosting company:

1. uses measures to protect against data loss (e.g. disk arrays, regular backups),
2. uses adequate measures to protect processing sites in the event of a fire (e.g. special fire extinguishing systems),
3. uses adequate measures to protect processing systems in the event of a sudden power failure (e.g. dual power supply lines, generators, UPS power backup systems),
4. uses physical measures to protect access to data processing sites (e.g. access control, monitoring),
5. uses measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. environmental control, specialised air conditioning systems),
6. uses organisational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.),
7. has appointed a Data Protection Officer.

1. In order to ensure technical reliability, the hosting company keeps logs at the server level. The following may be recorded:

1. resources specified by a URL identifier (addresses of requested resources – pages, files),
2. time of arrival of the query,
3. time of response,
4. the name of the client station – identification carried out by the HTTP protocol,
5. information about errors that occurred during the execution of the HTTP transaction,
6. URL of the page previously visited by the user (referrer link) – if the transition to the Website took place via a link,
7. information about the user’s browser,
8. information about the IP address,
9. diagnostic information related to the process of ordering services independently via the website’s recorders, information related to the handling of e-mails sent to and from the Operator

Cookies

1. The website uses cookies.
2. Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for use on the Website’s pages. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
3. The entity placing cookies on the Website User’s end device and accessing them is the Website operator.
4. Cookies are used to maintain the Website User’s session.
5. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until they log out, leave the website or turn off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
6. Web browsing software (web browser) usually allows cookies to be stored on the User’s end device by default. Website Users may change their settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help section or documentation of the web browser.
7. Restrictions on the use of cookies may affect some of the functionalities available on the Website.
8. Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website operator, in particular the following companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
9. If the user does not want to receive cookies, they can change their browser settings. Please note that disabling cookies necessary for authentication, security and maintaining user preferences may hinder, and in extreme cases may prevent, the use of websites.
10. To manage your cookie settings, select the web browser you use from the list below and follow the instructions:
    1. Edge,
    2. Internet Explorer,
    3. Chrome,
    4. Safari,
    5. Firefox,
    6. Opera,

Mobile devices:

1. Android,
2. Safari (iOS),
3. Windows Phone.

Relevant marketing techniques

1. The operator uses statistical analysis of website traffic via Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to the operator of this service, only anonymised information. The service is based on the use of cookies on the user’s end device. With regard to information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/.
2. The Operator uses remarketing techniques to tailor advertising messages to the user’s behaviour on the website, which may give the illusion that the User’s personal data is being used to track them, but in practice no personal data is transferred from the Operator to advertising operators. The technological prerequisite for such activities is the enabling of cookies.
3. The Operator uses Facebook pixels. This technology allows Facebook (Facebook Inc. based in the USA) to know that a person registered with it is using the Website. In this case, it is based on data for which it is the controller; the Operator does not transfer any additional personal data to Facebook. The service is based on the use of cookies on the user’s end device.
4. The Operator uses a solution that analyses user behaviour by creating heat maps and recording behaviour on the website. This information is anonymised before it is sent to the service operator, so that the operator does not know which individual it relates to. In particular, passwords and other personal data are not recorded.
5. The operator uses a solution that automates the operation of the Website in relation to users, e.g. sending an email to a user after visiting a specific subpage, provided that the user has consented to receive commercial correspondence from the Operator.

Changes to the Privacy Policy

The Privacy Policy may be changed if required by the technical solutions used or changes in the law regarding the privacy of data subjects. Questions regarding the Privacy Policy should be sent to: stowarzyszenie@nowapl.org.