Version 1.1. Publication date: 15 October 2024.
§1. General provisions
- The administrator of the personal data of the users of the website located under the domain https://bpcc.org.pl/ is BRITISH-POLISH CHAMBER OF COMMERCE with its registered office in Warsaw, Zielna 37, 00-108 Warsaw, entered in the register of entrepreneurs, as well as in the register of associations, other social and professional organizations, foundations and independent public health care facilities of the National Court Register kept by the District Court for the city of Warsaw in Warsaw, XII Economic Department of the National Court Register under the TIN:(NIP): 5252800783, represented by Marcin Cichy – Managing Director.
- The Service has designated an electronic point of contact for direct communication with the authorities of the Member States, the Commission, the Digital Services Board: rodo@bpcc.org.pl. The same contact point can be used by any Client to communicate directly and quickly with the Service. The Service can also be contacted in writing at its address: Zielna 37, 00-108 Warsaw. Communication may be conducted in Polish or English.
- The purpose of the Policy is to define the actions taken with regard to personal data collected through the Administrator’s website and related services and tools used by its users, as well as in the activity of concluding and executing contracts in contact outside the website.
- If necessary, the provisions of this Policy may be changed. The change will be communicated to users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or provided e-mail data in the execution of contracts, they will also be notified of the change by e-mail.
§ 2. Basis for processing, purposes and storage of personal data
- Users’ personal data shall be processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of 10.05.2018 and the Electronic Services Act of 18.07.2002. Together with subsequent amendments of the above.
- The Administrator may collect the following data for the following purposes:
Purpose of data processing | Legal basis for processing | Data retention period | Scope of data processed |
Accepting applications to become a member of the Polish-British Chamber of Commerce | Legalising premise: Article 6(1)(a) of the GDPR, i.e. consent of the data subject. | Personal data will be processed until the date of withdrawal of consent by the data subject. Subsequent withdrawal of consent does not affect the legality of the processing of personal data from the period before the withdrawal. | Company name, address, name, TIN, mailing address, phone number, e-mail address, name of legal entity authorities, name of authorized person authorized to represent the company, country, postal code, name of contact person, name of position of contact person, e-mail address of contact person, number of employees, salary of employees. |
Performing a contract with a Client or taking action at the request of a data subject prior to entering into a contract, the object of which is to match potential business partners and promote best practices | Legalising premise: Article 6(1)(b) of the GDPR, i.e. the necessity to provide data in order to perform the contract | Personal data will be processed for the duration of the contract or until until any potential claims expire, but no less than 12 months from the date of acceptance of the membership application (minimum contract period) | Name; email address; company name, tax ID, image, email address, phone number |
Participation in international and national organisations such as the British Chambers of Commerce and the International Group of Chambers of Commerce | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract and Article 6(1) 1 letter f GDPR, i.e. the legitimate interest of the Administrator | Personal data will be processed for the duration of the contract or until the moment of expiry of any claims, but no less than 12 months from the date of acceptance of the membership application (minimum contract period) | Name and surname, e-mail address; company name, Tax Identification Number, image, e-mail address, telephone number, position name, |
Organisation of webinars, conferences, smaller expert meetings, and all meetings with the regulator – a representative of public administration, annual events, including networking events (Oktoberfest type), joint events with other chambers, | Legalising premise: Art. 6 section 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until the data subject withdraws consent. Subsequent withdrawal of consent does not affect the legality of data processing from the period before its withdrawal. | Name and surname; e-mail address; company name, NIP, image, PESEL, e-mail address, telephone number |
Annual client satisfaction survey with the services provided by the Administrator | Legalising premise: Art. 6 section 1 letter f GDPR, i.e. the legitimate interest of the Administrator consisting in examining the level of quality of services provided by the Personal Data Administrator | Personal data will be processed for the duration of the contract or until the moment of expiry of any claims, no less than for a period of 12 months from the date of acceptance of the membership application (minimum contract period). | Name and surname; e-mail address; company name, Tax Identification Number, image, e-mail address, telephone number, position name, |
Organisation of sector meetings for specific industries, meetings for management staff, cocktail meetings and typical networking meetings | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to provide data in order to perform the contract to which the Client is a party | Personal data will be processed for the duration of the contract or until the moment of expiry of any claims, but no less than for a period of 12 months from the date of acceptance of the membership application (minimum contract period). | Name and surname; e-mail address; company name, NIP, image, PESEL, e-mail address, telephone number, image |
Providing Client data to co-organisers and sponsors of business meetings | Legalising premise: Art. 6 section 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until the data subject withdraws consent. Subsequent withdrawal of consent does not affect the legality of processing from the period before its withdrawal. | Name and surname; e-mail address; company name, tax identification number, image, e-mail address, telephone number |
Managing Social Media | Legalising premise: Article 6(1) 1 letter f) GDPR Regulations legally justified interest of the Administrator and Art. 6 section 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until the date a given user has an account on Facebook/Instagram/YouTube/LinkedIn, but no longer than until the date of withdrawal of any consent. | e-mail address, name and surname, image, company name, address |
Accounting, accounting | Legalising premise: Art. 6 section 1 letter c) GDPR Regulations, i.e. the need for the Administrator to fulfill his obligations under the law and Art. 86 § 1 of the Tax Ordinance, i.e. the Act of August 29, 1997 – Tax Ordinance (consolidated text: Journal of Laws of 2022, item 2651, as amended) or Art. 74 section 2 of the Accounting Act, i.e. the Act of September 29, 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended) | Personal data are processed by the Administrator for the period of storage of accounting, accounting and tax documentation. We keep issued registered receipts and VAT invoices until the expiry of tax liabilities, i.e. for 5 years, counting from the beginning of the year following the financial year in which the operations, transactions and proceedings were finally completed, repaid, settled or expired (i.e. in accordance with Art. 74 section 2 of the Act of September 29, 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended). | name, surname, e-mail address, company name, Tax Identification Number, telephone number, bank account number, address (street, house number, apartment number, code postal, town, country), |
Establishing and defending own claims Own accounting | Legalising premise: Art. 6 section 1 letter c GDPR in connection with joke. 74 section 2 of the Accounting Act art. 6 section 1 letter b and f GDPR, as the so-called legally justified interest – pursuing claims and defending rights | The data is processed during the limitation period for claims resulting from the provisions of the Civil Code. We process all data processed for accounting and tax purposes for 5 years, counting from the beginning of the year following the financial year in which the operations, transactions and proceedings were finally completed, repaid, settled or expired (i.e. in accordance with Article 74 section 2 of the Act of September 29, 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended). | Candidates, Employees, Collaborators, Representatives of Contractors, Clients who are entitled to the status of members of the British-Polish Chamber of Commerce |
Maintaining the website https://bpcc.org.pl/, statistics on the use of individual functionalities of the Administrator’s websites and facilitating the use of the websites, ensuring IT security of the websites | Legalising premise: Art. 6 section 1 letter f GDPR – the basis for the processing of personal data is the legitimate legal interest of the Administrator consisting in facilitating the use of services provided electronically and in improving the functionality of these services and improving the operation of the Administrator’s websites, Legalizing premise: Art. 6 section 1 letter a GDPR regarding the collection of non-essential cookies | Personal data are processed by the Administrator for the duration of storage of cookies on the device of the person visiting the website, i.e. until the User withdraws consent to the Administrator’s analysis of data from cookies. | The Administrator processes personal data of people visiting websites run by the Administrator |
Client service | Legalising premise: Art. 6 section 1 letter b, c or f GDPR The Administrator has a legitimate interest in handling applications and inquiries formulated by Clients using its services. Processing personal data for this purpose is beneficial to Clients because it enables the provision of appropriate service and answers to their questions | 2 years after the last update of the Client’s inquiry or alternatively until the date of expiry of mutual claims | Personal data necessary to manage or solve problems reported as part of applications and requests, e.g. name and surname; mail address electronic; telephone number; name of the position, possibly image, company name, registered office address |
IT support | Legalising premise: Art. 6 section 1 letter f GDPR, i.e. the Administrator’s legal interest in providing IT services. | Personal data will be processed for the duration of the contract or alternatively until the date of expiry of claims arising from the contract, no less than for a period of 12 months (minimum contract duration). | name and surname, job position (and information about the company in which the person is employed), business correspondence address, business e-mail address and business telephone number, residential address, private e-mail address, private telephone number, image, the Administrator processes the following personal data: a) behavioral data on how individual users use the Administrator’s website and their preferences in this regard, e.g. regarding the categories of services in which these users are interested, the amount of time spent on the Administrator’s website, visits to specific URL addresses ( subpages) from specific phrases or media channels; b) data about the location of devices through which users display the Administrator’s website; c) age, gender; d) other data about user activity on the Administrator’s website and on websites related to it, e.g. posted comments and reviews, activity in social networks; e) e-mail address; f) IP address, other online identifiers of users, e.g. login; g) name and surname, correspondence address, telephone number, company name, Tax Identification Number. |
Using the services of third parties or purchasing goods from third parties for the purposes of conducting current business activities | Legalising premise: Art. 6 section 1 letter f GDPR and art. 6 section 1 letter b GDPR, i.e. the legitimate interest of the Administrator and the need to process data in order to perform the contract. | Personal data of contractors’ representatives will be stored for the period of economic cooperation between the Administrator and the contractor, as well as after its completion, when there are reasonable grounds for resuming this cooperation. Personal data of contractors’ representatives will be stored for a maximum period of 3 years from the date of the last contact between the parties, and longer only until the claims arising from the parties’ contract expire. | Name and surname, job position (and information about the company where the person is employed), business correspondence address, business e-mail address and business telephone number |
Maintaining an archive | Legalising premise: Art. 6 section 1 letter f GDPR, i.e. the legitimate interest of the Administrator consisting in providing evidence of specific facts regarding the Administrator’s business activities | Personal data will be processed until the legitimate interest of the Administrator exists, but no longer than until the date of expiry of any claims. For documents. In the case of accounting documents, data will be stored for a period of 5 years from the beginning of the year following the financial year to which the data files relate. | name, surname, company name, address, telephone number, e-mail address, and in the case of employees/collaborators – also the name of the position, image included in the e-mail footer, |
Sending the newsletter | Legalising premise: Art. 6 section 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until consent to their processing is withdrawn. Subsequent withdrawal of consent does not affect the legality of data processing from the period before its withdrawal. | name, surname, e-mail address, telephone number, image provided in the e-mail footer, company name, |
Settlement of membership fees paid by Clients who are entitled to the status of members of the British-Polish Chamber of Commerce | Legal basis: The legal basis for the processing of personal data is Art. 6 section 1 letter c) GDPR Regulations, i.e. the need for the Administrator to fulfill his obligations under the law and Art. 86 § 1 of the Tax Ordinance, i.e. the Act of August 29, 1997 – Tax Ordinance (consolidated text: Journal of Laws of 2022, item 2651, as amended) or Art. 74 section 2 of the Accounting Act, i.e. the Act of September 29, 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended) | Personal data are processed by the Administrator for the period of storage of accounting, accounting and tax documentation. We keep issued registered receipts and VAT invoices until the expiry of tax liabilities, i.e. for 5 years, counting from the beginning of the year following the financial year in which the operations, transactions and proceedings were finally completed, repaid, settled or expired (i.e. in accordance with Art. 74 section 2 of the Act of September 29, 1994 on Accounting (consolidated text: Journal of Laws of 2023, item 120, as amended). | name, surname, company name, address, bank account number, telephone number, e-mail address, |
Supporting the development of economic, trade and cultural relations between Poland and Great Britain | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Implementation of national and international economic initiatives and cultural | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address |
Cooperation with state and local government authorities in Poland and Great Britain in the field of economic, financial and cultural ventures | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Cooperation with the British Embassy in Poland and the Embassy of the Republic of Poland in London | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Maintaining and developing a network of contacts with organisations in the UK and with other British Chambers abroad | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Active promotion of events in the Polish and British economy and culture | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Conducting research, especially on economic and trade relations and cultural relations between Great Britain and Poland | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Organising regular business meetings in selected cities in Poland and Great Britain | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Supporting the presence of British business entities in Poland | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Action for the development of entrepreneurship | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Participation in creating and promoting best market practices | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest, | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Submitting proposals to bodies with legislative initiative and opinions within the scope specified by the Chamber’s tasks | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest, | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | name, surname, company name, address, telephone number, e-mail address, |
Providing assistance to members of the Chamber in various forms and scope by the Administrator | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest, | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | Name, surname, company name, address, telephone number, e-mail address, |
Cooperation with employers’ organisations and chambers of commerce in Great Britain | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest, | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | Name, surname, company name, address, telephone number, e-mail address, |
Conducting research and popularising economic, legal and organizational knowledge – in particular in the field of relations between Poland and Great Britain; | Legalising premise: Art. 6 section 1 letter b GDPR, i.e. the need to process personal data in order to perform the contract, as well as Art. 6 section 1 letter c GDPR, i.e. the need to fulfill the legal obligation imposed on the Administrator regarding the implementation of the provisions of the Statute, as well as Art. 6 section 1 letter e GDPR, i.e. the need to carry out a task in the public interest, | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | Name, surname, company name, address, telephone number, e-mail address, |
Registration on the Administrator’s website run as part of the website https://bpcc.org.pl/register/ | Legalising premise: Article 6(1) 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until the data subject withdraws consent. Subsequent withdrawal of consent does not affect the legality of the processing of personal data by the data subject. Withdrawal of consent may also be expressed by deleting the account on the Administrator’s website. | Name, surname, job position, telephone number, e-mail address |
Maintaining a contact form on the website at https://bpcc.org.pl/ | Legalising premise: Art. 6 section 1 letter a GDPR, i.e. consent of the data subject | Personal data will be processed until consent to their processing is withdrawn | Name, surname, job position, telephone number, e-mail address |
Maintaining an account dedicated to a member of the British Polish Chamber of Commerce on the website at https://bpcc.org.pl/login | Legalising premise: Article 6(1) 1 letter b GDPR, i.e. the need to provide data in order to perform the contract | Personal data will be processed for the duration of the contract, but no longer than until the date of expiry of any claims. | Name, surname, company name, e-mail address, telephone number, login |
- To the extent necessary for the proper functioning of the website and its functionality, the website may, when the User uses it, collect other information, including, but not limited to:
a.) IP address;
b.) device, hardware and software information such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising [“IDFA”] or Android advertising identifier [“AAID”]),
c.) type of platform,
d.) settings and components,
e.) installed software
f.) internet browser data, including browser type and preferred language; - Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights and freedoms of natural persons with varying probability and severity of threat, the Administrator implements appropriate technical and organizational measures to ensure that processing takes place in accordance with the Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
§ 3. Sharing data
- The Administrator ensures that all collected personal data is used to fulfill obligations towards users. This information will not be made available to third parties except when:
a.) the express consent of the persons concerned to such action is given in advance, or
b.) if the obligation to transfer this data results or will result from applicable legal provisions, e.g. to law enforcement authorities. - Additionally, personal data of service recipients and Clients may be transferred to the following recipients or categories of recipients:
- service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activities, including the website and electronic services provided via it (in particular computer software providers, marketing agencies, e-mail and hosting providers, management software providers company and providing technical assistance to the Administrator and the product delivery operator) – the Administrator provides the Client’s collected personal data to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy,
- providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) – the Administrator provides the collected personal data of the Client to a selected supplier acting on his behalf only in the case and to the extent necessary to complete a given purpose of data processing in accordance with this privacy policy.
- The Administrator may share anonymized data (i.e. data that does not identify specific Users) with external service providers in order to better recognize the attractiveness of advertisements and services for users, and in this respect, due to the headquarters of software suppliers, data may be transferred – while maintaining the principles of their protection. – to third countries, however, ensuring standard contractual provisions approved by the European Commission in the field of personal data processing or having appropriate powers to do so on the basis of bilateral data processing agreements between the European Union and a given third country, which is not a member of the European Economic Area. These entities in the case of the Administrator are:
- Google LLC. (headquarters: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag manager: used to manage scripts by easily adding code fragments to the website or application and tracking actions performed by users in website, Google Ads used to display sponsored links in the search results of the Google search engine and on websites cooperating under the Google AdSense program, Google Workspace allowing for comprehensive website editing and coordination of the work of people working on it (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker studio);
- Meta Platforms, Inc. (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a list of recipients focused on future ads.
4. The Administrator may transfer personal data outside the European Economic Area, in particular when using suppliers of IT tools based outside the European Union.
5. The Administrator conducts risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary due to the activities performed by the Administrator. not tasks. The administrator ensures that all operations on personal data are recorded and performed only by authorized employees and collaborators.
6. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data on behalf of the Administrator.
7. The Administrator’s website may use the functionality of Google Analytics, a website traffic analysis service provided by Google, LLC. (“Google”). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about visitors’ use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Administrator’s website are shortened. Only in exceptional cases is the complete IP address transferred to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, prepare reports on website activity and provide other services related to website activity and Internet use to website operators. Google will not combine the IP address transmitted as part of Google Analytics with any other data in its possession. More information about how Google Analytics collects and uses data can be found on the official Google website at: www.google.com/policies/privacy/partners. In addition, each User can prevent Google from collecting and processing data relating to their use of the website by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
8. When disclosing data to third parties, the Administrator makes every effort to ensure that this is done only to entities that meet the criteria and requirements specified in Art. 46 or 49 GDPR. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of July 16, 2020, the Controller continues to assess the legal system of the countries to which data are transferred and, where necessary, updates measures to ensure appropriate levels of protection.
9. In terms of data transferred to the United States, the Administrator, when making data available to third parties, makes every effort to ensure that this is done, in accordance with the decision of the European Commission of July 10, 2023, only to entities and organizations in the United States that ensure compliance with the new ” EU-US Data Privacy Framework. The list of these organizations has been published by the US Department of Commerce. The transfer of personal data from the EEA to organizations that have joined the EU-US Data Protection Framework and are on this list is possible without the need to obtain additional consents or apply legal instruments such as standard contractual clauses or binding corporate rules. However, if a given data importer in the USA has not joined the EU-US Data Protection Framework, the transfer of personal data to it is possible and will take place after meeting the conditions set out in Art. 46 or 49 GDPR. In such cases, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA.
§ 4. User's rights
- The user whose personal data is processed has the right to:
a.) access, rectification, restriction, deletion or transfer – the data subject has the right to request from the Administrator access to his or her personal data, rectification, deletion (“right to be forgotten”) or restriction of processing and has the right to object against processing, and also has the right to transfer his data. Detailed conditions for exercising the above-mentioned rights are indicated in Art. 15-21 of the GDPR Regulations,
b.) withdrawal of consent at any time – the person whose data is processed by the Administrator on the basis of consent (pursuant to Article 6(1)(a) or Art. 9 section 2 letter a) of the GDPR), he/she has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
c.) submit a complaint to the supervisory authority – the person whose data is processed by the Administrator has the right to submit a complaint to the supervisory authority in the manner and manner specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw,
d.) objection – the data subject has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data based on Art. 6 section 1 letter e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims,
e.) objection regarding direct marketing – if personal data are processed for direct marketing purposes (based on the legitimate interest of the Administrator, not on the basis of the data subject’s consent), the data subject has the right to object at any time to the processing regarding her personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. The above rights are exercised based on the user’s request sent to the e-mail address: rodo@bpcc.org.pl. Such a request should include the user’s name and surname.
3. The User ensures that the data provided or published on the website is correct.
§ 5. Cookies
- “Cookies” should be understood as IT data, in particular text files, stored on users’ end devices (usually on the computer’s hard drive or in a mobile device) used to save specific settings and data by the user’s browser in order to use websites. These files allow you to recognize the user’s device and properly display the website, ensuring comfort during its use. Storing “cookies” files therefore enables appropriate preparation of the website and the offer in terms of user preferences – the server recognizes the user and remembers, among others: preferences such as: visits, clicks, previous activities.
- The following cookies are used on the website:
Cookie | Domain | Description | Type |
PHPSESSID | bpcc.org.pl | This cookie comes from a PHP application. The cookie is used to store and identify a unique user session identifier for the purposes of managing the user’s session on the website. The cookie is a session file and is deleted when all browser windows are closed. | Necessary |
_ga | .bpcc.org.pl | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and tracks site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | Analytical |
_gid | .bpcc.org.pl | The _gid cookie installed by Google Analytics stores information about how visitors use the website, while also creating an analytical report on the website’s performance. Some of the data collected includes the number of visitors, their source and the pages visited anonymously | Analytical |
_gat_gtag_UA_* | .bpcc.org.pl | Google Analytics sets this cookie to store a unique user ID. | Analytical |
_ga_* | .bpcc.org.pl | Google Analytics sets this cookie to store and count page views. | Analytical |
_ga_* | .bpcc.org.pl | Google Analytics sets this cookie to store and count page views. | Analytical |
wp-wpml_current_language | bpcc.org.pl | The Multilingual WordPress plugin sets this cookie to store your current language/language settings. | Functional |
cookielawinfo-checkbox-necessary | bpcc.org.pl | Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent to cookies in the “Strictly Necessary” category | Necessary |
cookielawinfo-checkbox-functional | bpcc.org.pl | The cookie is set by the GDPR Cookie Consent plugin to record user consent to cookies in the “Functional” category | Necessary |
cookielawinfo-checkbox-performance | bpcc.org.pl | Set by the GDPR Cookie Consent plugin, this cookie is used to store user consent to cookies in the “Performance” category. | Necessary |
cookielawinfo-checkbox-analytics | bpcc.org.pl | Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent to cookies in the “Analytics” category. | Necessary |
cookielawinfo-checkbox-advertisement | bpcc.org.pl | Set by the GDPR Cookie Consent plugin, this cookie is used to record user consent to cookies in the “Advertising” category. | Necessary |
cookielawinfo-checkbox-others | bpcc.org.pl | Set by the GDPR Cookie Consent plugin, this cookie is used to store user consent to cookies in the “Other” category. | Necessary |
rc::a | google.com | This cookie is set by Google recaptcha to identify bots in order to protect the site from malicious spam attacks. | Necessary |
rc::c | google.com | This cookie is set by Google recaptcha to identify bots in order to protect the site from malicious spam attacks. | Necessary |
3. “Cookies” contain in particular the domain name of the website from which they come, the time of their storage on the end device and a unique number used to identify the browser from which the connection to the website is made.
4. Cookies are used for the following purposes:
a.) adapting the content of websites to user preferences and optimizing the use of websites,
b.) creating anonymous statistics which, by helping to determine how the user uses websites, enable the improvement of their structures and content,
c.) providing website users with advertising content tailored to their interests.
Cookies do not serve to identify the user and their identity is not established on their basis
5. The basic division of “cookie” files is their distinction into:
a.) Necessary cookies – they are absolutely necessary for the proper functioning of the website or the functionality that the user wants to use, because without them we would not be able to provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
b.) Functional cookies – they are important for the operation of the website due to the fact that:
- serve to enrich the functionality of websites; without them, the website will work properly, but it will not be adapted to the user’s preferences,
- serve to ensure a high level of functionality of websites; Without them, the level of functionality of the website may be reduced, but their absence should not prevent you from using it completely,
- serve most of the functionalities of websites; blocking them will prevent selected functions from working properly.
c.) Business cookies – they enable the implementation of the business model based on which the website is made available; Blocking them will not result in the unavailability of all functionality, but may reduce the level of service provision due to the inability of the website owner to generate revenues to subsidize its operation. This category includes, for example, advertising cookies
d.) “Cookies” files for website configuration – enable settings of functions and services on websites.
e.) Cookies for the security and reliability of websites – they enable verification of authenticity and optimization of website performance.
f.) Authentication cookies – enable notification when the user is logged in, so that the website can display appropriate information and functions.
g.) “Cookies” files examining the session status – they enable saving information on how users use the website. These may concern the most frequently visited pages or possible error messages displayed on certain pages. “Cookies” files used to save the so-called “session state” help improve services and increase the comfort of browsing websites
h.) Cookies examining processes taking place on the website – enable the efficient operation of the website and the functions available on it.
i.) Advertising cookies – enable the display of advertisements that are more interesting for users and at the same time more valuable for publishers and advertisers; Cookies can also be used to personalize advertising and to display advertisements outside websites.
j.) “Cookies” files providing access to the location – they enable adapting the displayed information to the user’s location.
k.) Cookies that conduct analyses, research or audience audits – enable the website owner to better understand the preferences of their users and improve and develop products and services through analysis. Typically, the website owner or research company collects information anonymously and processes trend data, without identifying the personal data of individual users.
l.) Harmless cookies – includes cookies necessary for the proper operation of the website and necessary to enable the functionality of the website, but their operation has nothing to do with tracking the user,
m.) Research cookies – used to track users, but do not include information allowing (without other data) to identify a specific user.
6. The use of “cookies” to adapt the content of websites to user preferences does not, in principle, mean the collection of any information allowing the identification of the user, although this information may sometimes have the nature of personal data, i.e. data enabling the assignment of certain behaviors to a specific user. Personal data collected using cookies may be collected only to perform specific functions for the user. Such data is encrypted in a way that prevents access to it by unauthorized persons.
7. Cookies used by this website are not harmful to the user or the end device used by him, therefore, for the proper functioning of the website, it is recommended not to disable their support in browsers. In many cases, software used to browse websites (web browser) allows by default to store information in the form of “cookies” and other similar technologies on the user’s end device. The user can change the way cookies are used by the browser at any time. To do this, you need to change your browser settings. The method of changing the settings varies depending on the software (web browser) used. You will find appropriate tips on the subpages, depending on the browser you are using.
8. Cookies are also used to facilitate logging in to the user’s account, including via social media, and to enable switching between subpages on websites without the need to log in again on each subpage. At the same time, cookies are used to secure websites, e.g. to prevent access by unauthorized persons.
9. As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information on how the user uses its services and his reaction to marketing messages sent by e-mail. A pixel is software code that allows you to embed an object on a website, usually a pixel-sized image, which makes it possible to track user behavior on websites where it is placed. After giving the appropriate consent, the browser automatically establishes a direct connection to the server storing the pixel, therefore the processing of data collected by the pixel takes place as part of the data protection policy of the partner that the above-mentioned. administers the server.
10. The Administrator may use online log files (which contain technical data, such as the user’s IP address) to monitor traffic within its services, solve technical problems, detect and prevent fraud, and enforce the provisions of the User Agreement.
11. The Administrator does not use any cross-site tracking technologies, and the personal data collected about each user is not sold or shared by him for advertising purposes based on collecting multi-context behavior from various websites.
12. The Administrator informs that the website does not respond to DNT (Do Not Track) signals, but the user can disable certain forms of online tracking, including some analytical data and personalized advertising, by changing cookie settings in his browser or by using our cookie consent tools (if applicable).
Detailed information on changing cookie settings and deleting them yourself in the most popular web browsers is available in the web browser’s help section and on the following websites (just click on the link):
a.) Google Chrome
b.) Mozilla Firefox
c.) Microsoft Edge
d.) Opera
e.) Safari macOS
f.) Safari iOS/iPad OS
14. Detailed information about managing cookies on a mobile phone or other mobile device should be found in the user manual of the given mobile device.
15. This policy was updated on September 6, 2024.