{"id":5527,"date":"2025-08-22T14:34:12","date_gmt":"2025-08-22T14:34:12","guid":{"rendered":"https:\/\/highllnewarsaw.org\/website-privacy-policy\/"},"modified":"2025-10-01T13:11:14","modified_gmt":"2025-10-01T13:11:14","slug":"website-privacy-policy","status":"publish","type":"page","link":"https:\/\/highllnewarsaw.org\/en\/website-privacy-policy\/","title":{"rendered":"Website Privacy Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"5527\" class=\"elementor elementor-5527 elementor-5105\" data-elementor-post-type=\"page\">\n\t\t\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-096d1b5 e-flex e-con-boxed e-con e-parent\" data-id=\"096d1b5\" data-element_type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-06506d1 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"06506d1\" data-element_type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Website Privacy Policy<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-element elementor-element-d3c1b86 e-flex e-con-boxed e-con e-parent\" data-id=\"d3c1b86\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b33f378 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"b33f378\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5>Table of Contents<\/h5>\n<ul>\n  <li><a href=\"#s1\">1. WEBSITE PRIVACY POLICY<\/a><\/li>\n  <li><a href=\"#s2\">2. Introduction<\/a><\/li>\n  <li><a href=\"#s3\">3. Who we are<\/a><\/li>\n  <li><a href=\"#s4\">4. Contacting the Controller<\/a><\/li>\n  <li><a href=\"#s5\">5. Who this Privacy Policy applies to<\/a><\/li>\n  <li><a href=\"#s6\">6. Purposes, legal bases and retention periods<\/a><\/li>\n  <li><a href=\"#s7\">7. CONTACT WITH THE CONTROLLER<\/a><\/li>\n  <li><a href=\"#s8\">8. PRESENCE ON SOCIAL NETWORKS (SOCIAL MEDIA)<\/a><\/li>\n  <li><a href=\"#s9\">9. Joint controllership \u2013 LinkedIn<\/a><\/li>\n  <li><a href=\"#s10\">10. Joint controllership \u2013 YouTube<\/a><\/li>\n  <li><a href=\"#s11\">11. Joint controllership \u2013 Facebook &#038; Instagram<\/a><\/li>\n  <li><a href=\"#s12\">12. ANALYTICS &#038; REMARKETING (GA4 \/ META PIXEL \/ GOOGLE ADS \/ TIKTOK ADS)<\/a><\/li>\n  <li><a href=\"#s13\">13. ARCHIVAL PURPOSES, CLAIMS<\/a><\/li>\n  <li><a href=\"#s14\">14. INTERNAL ADMINISTRATIVE PURPOSES<\/a><\/li>\n  <li><a href=\"#s15\">15. ANALYTICAL &#038; STATISTICAL ACTIVITIES<\/a><\/li>\n  <li><a href=\"#s16\">16. SECURITY<\/a><\/li>\n  <li><a href=\"#s17\">17. Disclosure and sharing of personal data<\/a><\/li>\n  <li><a href=\"#s18\">18. NEWSLETTER &#038; ELECTRONIC MARKETING<\/a><\/li>\n  <li><a href=\"#s19\">19. RECRUITMENT<\/a><\/li>\n  <li><a href=\"#s20\">20. COOKIES &#038; TRACKING TECHNOLOGIES<\/a><\/li>\n  <li><a href=\"#s21\">21. Processing of data in third countries<\/a><\/li>\n  <li><a href=\"#s22\">22. Rights of data subjects<\/a><\/li>\n  <li><a href=\"#s23\">23. Automated decisions in individual cases<\/a><\/li>\n  <li><a href=\"#s24\">24. Amendments and updates to the Privacy Policy<\/a><\/li>\n<\/ul>\n\n<section id=\"s1\">\n  <h5>1. WEBSITE PRIVACY POLICY<\/h5>\n  <p>effective from 08\/08\/2025<\/p>\n  <p>(\u201cPrivacy Policy\u201d)<\/p>\n<\/section>\n\n<section id=\"s2\">\n  <h5>2. Introduction<\/h5>\n  <p>Data protection, especially the protection of your personal data, is extremely important to us. We therefore wish to present our data protection rules as transparently as possible. In this Privacy Policy we explain how we process your personal data on the highllnewarsaw.org website (the \u201cWebsite\u201d).<\/p>\n  <p>Personal data are processed under the rules set out in data protection legislation, including Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation \u2013 \u201cGDPR\u201d), and Polish laws issued in connection with the GDPR, including the Polish Act of 10 May 2018 on the Protection of Personal Data.<\/p>\n  <p>We keep personal data confidential and protect them against unauthorized access by third parties in accordance with the above-mentioned legal acts and this Privacy Policy.<\/p>\n  <p>Terms not defined separately in this Privacy Policy have the meanings given in the GDPR.<\/p>\n  <p>Our Website may contain links to other websites. The administrators of those websites are responsible for their own privacy policies and processing of personal data. We encourage you to read the data protection rules in force on those websites before providing your personal data.<\/p>\n<\/section>\n\n<section id=\"s3\">\n  <h5>3. Who we are<\/h5>\n  <p>The controller of your personal data is:<\/p>\n  <p>\u201cMAGNICITY WARSAW\u201d sp\u00f3\u0142ka z ograniczon\u0105 odpowiedzialno\u015bci\u0105 (limited liability company) with its registered office in Warsaw, ul. Z\u0142ota 59 (Skylight Office Building \/ 14th floor), 00-120 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0001043051, NIP 5252961210, REGON 525637863, with share capital of PLN 5,000.00.<\/p>\n  <p>(the \u201cController\u201d, \u201cMAGNICITY WARSAW\u201d, communication conducted in the first person \u2013 e.g., we, us).<\/p>\n<\/section>\n\n<section id=\"s4\">\n  <h5>4. Contacting the Controller<\/h5>\n  <p>You can contact the Controller by sending an email to<\/p>\n  <p><a href=\"mailto:info@highllnewarsaw.org\">info@highllnewarsaw.org<\/a> or by post to the Controller\u2019s registered address indicated above.<\/p>\n<\/section>\n\n<section id=\"s5\">\n  <h5>5. Who this Privacy Policy applies to<\/h5>\n  <p>This Privacy Policy is addressed to users of the Website, i.e., all natural persons visiting the Website, including users who use the forms available on our Website. In this Privacy Policy we may also address users directly, e.g., using \u201cyou\/your\u201d.<\/p>\n  <p>When you visit our Website your personal data are generally not collected. This occurs only when data are voluntarily provided to us for further processing, e.g., through online forms, including the contact form or recruitment form.<\/p>\n  <p>Some metadata are analyzed and stored in the form of cookies on your device or on our server according to the information provided in the cookie banner, where you can set your individual preferences.<\/p>\n  <p>This may include your IP address, individual pages visited on our Website and the amount of data transmitted during the visit. The date and duration of the visit and the website or link from which you accessed our site are also recorded.<\/p>\n<\/section>\n\n<section id=\"s6\">\n  <h5>6. Purposes, legal bases and retention periods<\/h5>\n  <p>Personal data processed via the Website are processed for the purposes listed below, on the legal bases and for the periods indicated there. We also indicate whether the provision of personal data is voluntary or constitutes a contractual or statutory requirement.<\/p>\n<\/section>\n\n<section id=\"s7\">\n  <h5>7. CONTACT WITH THE CONTROLLER<\/h5>\n  <p><strong>Purpose:<\/strong><br>Processing personal data to conduct correspondence, including responding to messages via email, contact forms and other communication channels. The purpose also includes providing commercial information about the Controller\u2019s activities, analyzing interest in the Controller\u2019s offer and tailoring marketing content to such interests. In addition, the purpose includes entering into and performing a contract where a natural person acts on their own behalf, entering into and performing a contract with an entity other than a natural person, the Controller\u2019s compliance with legal obligations arising from laws applicable to its activities, and archiving documentation and communications, including correspondence created by the Controller as part of its business operations.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests, namely maintaining contact with persons interested in the Controller\u2019s activities, timely conducting all communications related to its activities, ensuring the quality of cooperation with clients and contractors and other interested parties. Art. 6(1)(b) GDPR in case of entering into and performing a contract with a natural person. Art. 6(1)(c) GDPR for compliance with legal obligations, in particular tax and accounting obligations.<\/p>\n  <p><strong>Categories of data:<\/strong><br>First and last name, position or role, email address, phone number, company name, company contact details, and the content of correspondence.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data obtained directly from the data subject or provided by an employer\/client\/principal in connection with entering into a contract. Where data are obtained from other sources (e.g., public registers, websites), we act in accordance with Art. 14 GDPR \u2013 in particular we inform data subjects about the source of the data and the scope of processing within the time limit specified therein.<\/p>\n  <p><strong>Recipients:<\/strong><br>Entities providing IT support services to the Controller, including maintenance and servicing of IT systems, data hosting and cloud services, authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, group companies for internal administrative purposes.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>As a rule, the Controller does not transfer personal data to a third country (i.e., outside the European Economic Area). Where such transfer occurs, appropriate safeguards are used: standard contractual clauses (Art. 46(2) GDPR) or other legally compliant mechanisms ensuring appropriate guarantees. Transfers to the United States are based on the European Commission\u2019s adequacy decision of 10 July 2023 regarding the EU\u2013US Data Privacy Framework (Art. 45 GDPR).<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed for contact purposes until the matter is handled or a valid objection is raised. Thereafter, data may be processed for marketing purposes if the Controller has a legitimate interest, and for the period specified by limitation laws. Where a contract is concluded\/performed, data will be processed for the term of the contract and then for 5 years from the end of the year in which a tax or accounting obligation arose.<\/p>\n  <p><strong>Voluntariness:<\/strong> Providing personal data is voluntary but necessary to initiate and conduct communication and to achieve the purposes indicated above.<\/p>\n<\/section>\n\n<section id=\"s8\">\n  <h5>8. PRESENCE ON SOCIAL NETWORKS (SOCIAL MEDIA)<\/h5>\n  <p><strong>Purpose<\/strong><br>The Controller processes personal data in connection with administering and managing its profile (fan page) on LinkedIn, Facebook, Instagram and its YouTube channel. The purposes include in particular: publishing videos and sharing content (including informational, promotional, marketing, educational etc.), responding to visitors\u2019 comments and messages, ensuring proper communication and interaction with users (followers\/subscribers). The purposes also include analyzing user activity on the fan page (e.g., interactions: likes, shares, comments, views, subscriptions, etc.) for statistical and analytical purposes (to better understand user needs, the market and improve communication strategy), marketing and promotion of the Controller\u2019s products or services (identifying users interested in a given topic, activities to increase engagement and followers), moderating and supervising published content (ensuring order and user safety, preventing fraud and protecting the IT environment) and conducting communication, including responding to messages via email.<\/p>\n  <p><strong>Legal basis<\/strong><br>Processing is based on Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests. These interests include: conducting marketing and promotional activities regarding its own products or services, ensuring continuity of business communication and maintaining contact with current and potential clients and contractors, care for the Controller\u2019s brand image, maintaining contact with persons interested in the Controller\u2019s activities, timely communications related to its operations, and ensuring quality cooperation with clients and other interested entities.<\/p>\n  <p><strong>Categories of data<\/strong><br>Information on your individual account that you have marked as public, such as account name (which may contain your name), profile photo, followers\/following, posts (which may be photos), tags of you in other users\u2019 photos, stories and bio data. We also process your activity on the Account such as: following the Account, sending a message to the Controller, liking posts, commenting on posts, sharing posts, tagging the Controller in your posts. We also process private messages addressed to the Controller (their content and any personal data therein) and statistical data: aggregate statistics created on the basis of certain events recorded by social platforms\u2019 servers when users use profiles and related content.<\/p>\n  <p><strong>Retention period<\/strong><br>LinkedIn: personal data processed on the fan page will be processed for as long as the fan page is operated by the Controller unless a valid objection is raised earlier.<br>YouTube: personal data processed on the YouTube Channel are stored for the duration of operating the Channel by the Controller or until a valid objection is raised. Data published as comments and other user activity may remain visible until deleted (by the user or the Controller, where technically possible).<br>Facebook &#038; Instagram: personal data processed on the fan page are processed for as long as the fan page is operated by the Controller unless a valid objection is raised. Data published as comments and other user activity may remain visible until deleted (by the user or the Controller, where technically possible).<\/p>\n  <p><strong>Voluntariness<\/strong><br>LinkedIn: providing data when using the fan page is voluntary. Failure to provide data may prevent use of some platform features (e.g., posting comments, sending messages).<br>YouTube: providing data when using the YouTube Channel is voluntary (results, among others, from Google\/YouTube account settings). Not providing data (e.g., not logging in) may limit the ability to use some features (e.g., commenting, subscribing).<br>Facebook &#038; Instagram: providing data when using the fan page is voluntary. Failure to provide data may prevent the use of certain features (e.g., commenting, sending messages).<\/p>\n<\/section>\n\n<section id=\"s9\">\n  <h5>9. Joint controllership \u2013 LinkedIn<\/h5>\n  <p>For processing statistical data relating to activity on the fan page (LinkedIn Page Insights), the data controller alongside the Controller is LinkedIn Ireland Unlimited Company, Gardner House, Wilton Place, Wilton Plaza, Dublin 2, Ireland (\u201cLinkedIn\u201d), acting jointly as joint controllers for this scope. Details on LinkedIn\u2019s data processing are available in the official LinkedIn Privacy Policy at:<\/p>\n  <p><a href=\"https:\/\/pl.linkedin.com\/legal\/privacy-policy\" target=\"_blank\" rel=\"noopener\">https:\/\/pl.linkedin.com\/legal\/privacy-policy<\/a><\/p>\n  <p>LinkedIn also provides separate European Regional Privacy Policy information at:<\/p>\n  <p><a href=\"https:\/\/pl.linkedin.com\/legal\/privacy\/eu\" target=\"_blank\" rel=\"noopener\">https:\/\/pl.linkedin.com\/legal\/privacy\/eu<\/a><\/p>\n  <p>Otherwise, the Controller has no influence over LinkedIn\u2019s purposes, scope or retention for its own processing \u2013 which is conducted under LinkedIn\u2019s own conditions and policies.<\/p>\n  <p>LinkedIn is responsible for enabling users to exercise their GDPR rights where it processes data independently and for joint controllership relating to Page Insights: <a href=\"https:\/\/legal.linkedin.com\/pages-joint-controller-addendum\" target=\"_blank\" rel=\"noopener\">https:\/\/legal.linkedin.com\/pages-joint-controller-addendum<\/a><\/p>\n<\/section>\n\n<section id=\"s10\">\n  <h5>10. Joint controllership \u2013 YouTube<\/h5>\n  <p>Where the Controller receives from YouTube (Google Ireland) aggregated statistical data about activity of visitors to the Channel (e.g., via YouTube Studio\/Analytics), Google Ireland may act as a joint controller or (more often) as an independent controller for data it processes for its own purposes. Details on Google and YouTube processing can be found in Google\u2019s Privacy Policy (Polish version) at:<\/p>\n  <p><a href=\"https:\/\/policies.google.com\/privacy?hl=pl\" target=\"_blank\" rel=\"noopener\">https:\/\/policies.google.com\/privacy?hl=pl<\/a><\/p>\n  <p>That policy explains what data are collected by Google (and services such as YouTube), for what purpose, how they are used, and users\u2019 rights. It also covers data sharing, security and how to manage or delete data.<\/p>\n  <p>Otherwise, purposes and means of processing are determined solely by YouTube (Google Ireland), especially regarding data collected via cookies, pixels, server logs or similar technologies.<\/p>\n  <p>Google Ireland is responsible for enabling users to exercise their GDPR rights for processing it conducts on its own platforms.<\/p>\n<\/section>\n\n<section id=\"s11\">\n  <h5>11. Joint controllership \u2013 Facebook &#038; Instagram<\/h5>\n  <p>Regarding processing of statistical data about (i) your activity on the fan page and (ii) use of Messenger in relation to the fan page, the controllers are the Controller and Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland (\u201cMeta Ireland\u201d), acting as joint controllers.<\/p>\n  <p>More information on Meta Ireland\u2019s processing can be found in Meta\u2019s Privacy Policy: <a href=\"https:\/\/www.meta.com\/pl\/legal\/privacy-policy\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.meta.com\/pl\/legal\/privacy-policy\/<\/a><\/p>\n  <p>Further details on joint controllership and allocation of responsibilities are set out in Meta documents (controller addendum): <a href=\"https:\/\/www.metaenterprise.com\/legal\/terms\/european_data_transfer_addendum\" target=\"_blank\" rel=\"noopener\">https:\/\/www.metaenterprise.com\/legal\/terms\/european_data_transfer_addendum<\/a><\/p>\n  <p>Meta Ireland provides the Controller with aggregate statistics based on certain events recorded by Meta\u2019s servers when users use the fan page and related content. Page administrators (including the Controller) do not have access to event-level data \u2013 only to aggregate page statistics.<\/p>\n  <p>Meta Ireland and the Controller have agreed that the Irish Data Protection Commission is the lead supervisory authority for the processing for page statistics.<\/p>\n<\/section>\n\n<section id=\"s12\">\n  <h5>12. ANALYTICS &#038; REMARKETING (GA4 \/ META PIXEL \/ GOOGLE ADS \/ TIKTOK ADS)<\/h5>\n  <p><strong>Scope and purposes:<\/strong><br>On our Website we use analytics and advertising tools (\u201cremarketing\/retargeting\u201d) which \u2013 upon consent \u2013 process online identifiers (e.g., cookies, pixel IDs), device data and data about on-site activity and campaign effectiveness. The purpose is statistics and measurement of Website use, content optimization and serving interest-based advertising (audience building).<\/p>\n  <p><strong>Legal basis:<\/strong><br>For analytics and marketing \u2013 consent: Art. 6(1)(a) GDPR (and consent for storing\/reading information on a device under electronic communications laws).<\/p>\n  <p><strong>Tools used:<\/strong><br>Google Analytics 4; Meta Pixel (Facebook\/Instagram); Google Ads (including remarketing lists); TikTok Ads Pixel. The providers of these tools act as independent controllers for their advertising platforms; we remain the controller for processing related to operation of the Website.<\/p>\n  <p><strong>Recipients:<\/strong><br>Google Ireland\/LLC, Meta Platforms Ireland, TikTok Technology Limited and entities supporting their services (as per tools\u2019 configurations).<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>Use of the above tools may involve transfers to third countries (e.g., the USA). Appropriate safeguards are used (e.g., standard contractual clauses, adequacy decisions where applicable). Details are available in the providers\u2019 privacy policies.<\/p>\n  <p><strong>Retention:<\/strong><br>Identifiers used for analytics and marketing are stored for the period configured in the tools or until consent is withdrawn. Specific storage periods (for categories of cookies\/IDs) are given in the Cookie Policy.<\/p>\n  <p><strong>Withdrawal of consent and settings:<\/strong><br>You can withdraw or change your consent at any time via the \u201cCookie settings\u201d link available on our site. Withdrawal does not affect lawfulness of processing before withdrawal.<\/p>\n  <p><strong>Profiling \/ automated decisions:<\/strong> We use profiling to tailor advertising content (e.g., assigning to an audience), but we do not make decisions producing legal effects concerning you or similarly significantly affecting you within the meaning of Art. 22 GDPR.<\/p>\n<\/section>\n\n<section id=\"s13\">\n  <h5>13. ARCHIVAL PURPOSES, CLAIMS<\/h5>\n  <p><strong>Purpose:<\/strong><br>Personal data will be processed for archiving documentation and communications, including correspondence created by the Controller as part of its business operations, and for the establishment, exercise or defence of legal claims.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests, namely the need to document evidence of business activities in accordance with applicable laws and to use archived material to establish, pursue or defend claims.<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed for the period specified by limitation laws unless a valid objection is raised earlier.<\/p>\n  <p><strong>Categories of data:<\/strong><br>Personal data contained in documentation and correspondence created by the Controller as part of its business operations.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data obtained directly from the data subject or in the course of business operations.<\/p>\n  <p><strong>Recipients:<\/strong><br>Entities providing IT support, including maintenance of IT systems, data hosting and cloud services, authorized employees and contractors, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong> As a rule, the Controller does not transfer personal data to a third country. If such transfer occurs, standard contractual clauses (Art. 46(2) GDPR) or other lawful mechanisms are used.<\/p>\n  <p><strong>Voluntariness:<\/strong> Providing data is voluntary, but failure to do so may limit the ability to fully use the Website\u2019s services or functionalities.<\/p>\n<\/section>\n\n<section id=\"s14\">\n  <h5>14. INTERNAL ADMINISTRATIVE PURPOSES<\/h5>\n  <p><strong>Purpose:<\/strong><br>Personal data will be processed for internal administrative purposes arising from the Controller\u2019s capital, personnel or organizational links with other entities.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests, namely data exchange within the group to which the Controller belongs for internal administrative purposes.<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed until the purpose is achieved unless a valid objection is raised earlier.<\/p>\n  <p><strong>Categories of data:<\/strong><br>Personal data processed for internal administrative purposes arising from the Controller\u2019s capital, personnel or organizational links with other entities.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data obtained directly from the data subject or in the course of business operations.<\/p>\n  <p><strong>Recipients:<\/strong><br>Group companies, authorized employees and contractors of the Controller, IT support providers.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>As a rule, the Controller does not transfer personal data to a third country. If such transfer occurs, standard contractual clauses or other lawful mechanisms are used.<\/p>\n  <p><strong>Voluntariness:<\/strong><br>Providing data is voluntary, but failure to do so may limit the ability to fully use the Website\u2019s services or functionalities.<\/p>\n<\/section>\n\n<section id=\"s15\">\n  <h5>15. ANALYTICAL &#038; STATISTICAL ACTIVITIES<\/h5>\n  <p><strong>Purpose:<\/strong><br>The Controller may process personal data for analytical and statistical purposes (analyzing activity, monitoring traffic on the Website, determining purchasing preferences and improving functionalities and service quality).<\/p>\n  <p>The Controller uses marketing and analytical profiling \u2013 within partially automated processing (e.g., browsing history) it evaluates selected factors to improve the Website and better tailor content to users\u2019 individual preferences.<\/p>\n  <p>We do not, however, take fully automated decisions that produce legal effects concerning you or similarly significantly affect you (per Art. 22 GDPR).<\/p>\n  <p>This means any potential marketing or analytical activities are statistical in nature and personalize displayed content without producing serious legal effects.<\/p>\n  <p>Our ability to process data collected via cookies and similar technologies for analytical and statistical purposes depends on your consent to store such information on your end device (e.g., computer, phone).<\/p>\n  <p><strong>Legal basis:<\/strong><br>Art. 6(1)(f) GDPR in connection with your consent to use cookies or similar technologies (in line with the Polish Electronic Communications Law of 12 July 2024) \u2013 processing is necessary for the Controller\u2019s legitimate interests of analyzing user activity to improve functionalities and service quality, including Website development. You may withdraw consent at any time by reopening the cookie banner and adjusting your settings.<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed for the period indicated in the cookie banner unless a valid objection is raised or consent for cookies\/similar technologies is withdrawn earlier.<\/p>\n  <p><strong>Categories of data:<\/strong> IP address, browsing history, data about Website activity, user preferences, browser and device identifiers.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data collected automatically when using the Website via cookies and similar technologies.<\/p>\n  <p><strong>Recipients:<\/strong><br>IT service providers, data hosting and cloud services, analytics tool providers, authorized employees and contractors of the Controller.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>Data may be transferred to a third country on the basis of standard contractual clauses or another lawful mechanism. Transfers to the United States may rely on the European Commission\u2019s adequacy decision of 10 July 2023.<\/p>\n  <p><strong>Voluntariness:<\/strong><br>Providing data is voluntary, but failure to do so may limit the ability to fully use the Website\u2019s services or functionalities.<\/p>\n<\/section>\n\n<section id=\"s16\">\n  <h5>16. SECURITY<\/h5>\n  <p><strong>Purpose:<\/strong><br>Personal data will be processed to ensure the security of the Website (services provided electronically) and to prevent abuses, including actions violating the Terms or generally applicable laws.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests, namely ensuring the factual and legal security of the Website and its users.<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed for as long as you use the Website unless a valid objection is raised earlier.<\/p>\n  <p><strong>Sources of data:<\/strong> Data collected automatically while using the Website for security purposes.<br><strong>Recipients:<\/strong> IT service providers responsible for system security, authorized employees and contractors of the Controller.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong> As a rule, data are not transferred outside the EEA. If necessary, transfers are carried out on the basis of appropriate legal safeguards.<\/p>\n  <p><strong>Voluntariness:<\/strong> Providing data is voluntary, but failure to do so may limit the ability to fully use the Website\u2019s services or functionalities.<\/p>\n  <p>We use technical and organizational security measures that protect data entrusted to us against accidental or deliberate manipulation, loss, destruction and unauthorized access. These measures are constantly developed and improved in line with technological progress.<\/p>\n<\/section>\n\n<section id=\"s17\">\n  <h5>17. Disclosure and sharing of personal data<\/h5>\n  <p>The Controller may disclose personal data to the following categories of recipients: IT support providers (maintenance and servicing of IT systems, data hosting, cloud services), postal operators and couriers, law firms, auditors, banks and payment service providers, insurers, entities responsible for archiving or destroying data, authorized employees and contractors of the Controller and group companies.<\/p>\n  <p>After clicking links on the Website you may be redirected to websites or services managed by entities independent of the Controller. In such cases the processing of personal data is subject to the rules established by the providers of those websites or services.<\/p>\n<\/section>\n\n<section id=\"s18\">\n  <h5>18. NEWSLETTER &#038; ELECTRONIC MARKETING<\/h5>\n  <p><strong>Purpose:<\/strong><br>Sending a newsletter and other commercial and marketing information about the Controller\u2019s products and services by electronic means \u2013 including information tailored to the industry or business profile for persons representing business entities. In addition, archiving documentation and communications, including correspondence created by the Controller as part of its business operations, due to the Controller\u2019s legitimate interest in documenting its activities (including compliance) and using archived material to establish, pursue or defend claims.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Consent, i.e., Art. 6(1)(a) GDPR, in connection with Art. 398(1) and (2) of the Polish Electronic Communications Law of 7 July 2023 (for newsletter sign-ups), or the Controller\u2019s legitimate interests (Art. 6(1)(f) GDPR) consisting of sending information about products and services to contact persons representing business entities within existing business relationships \u2013 until objection (Art. 21 GDPR). Archiving is based on Art. 6(1)(f) GDPR.<\/p>\n  <p><strong>Categories of data:<\/strong><br>First and last name, email address; for persons representing business entities also position\/role, phone number, company name and contact details.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data obtained directly from you in connection with newsletter sign-up or in the course of business correspondence. For persons representing business entities, data may be obtained from public sources (public registers, company website, etc.).<\/p>\n  <p><strong>Recipients:<\/strong><br>Entities providing IT support, including maintenance of IT systems, data hosting and cloud services, our authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, and group companies for internal administrative purposes (Art. 6(1)(f) GDPR).<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>Personal data may be transferred to a third country on the basis of standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission\u2019s adequacy decision of 10 July 2023 under the EU\u2013US Data Privacy Framework (Art. 45 GDPR).<\/p>\n  <p><strong>Retention period:<\/strong><br>Data will be processed for the duration of consent (for newsletter sign-up) or until objection to processing for marketing purposes (where based on legitimate interest), and thereafter for the period necessary to establish or defend against potential claims.<\/p>\n  <p><strong>Voluntariness:<\/strong><br>Providing your personal data to subscribe to the newsletter is voluntary, but failure to provide data will prevent receipt of the newsletter.<\/p>\n  <p><strong>Profiling:<\/strong><br>To tailor newsletter and marketing content we may analyze general information about industry or business profile (e.g., based on a corporate email domain) or previous business relations. Such activities may constitute profiling within the meaning of the GDPR but are standard and do not lead to automated decision-making producing legal effects concerning you or similarly significantly affecting you.<\/p>\n<\/section>\n\n<section id=\"s19\">\n  <h5>19. RECRUITMENT<\/h5>\n  <p><strong>Purpose:<\/strong><br>Processing personal data for recruitment purposes, including contacting candidates, assessing qualifications, and conducting the selection process. Where employing a foreign national, also to verify the lawfulness of employment or to carry out legalization procedures due to obligations under the Act on Foreigners, the Act on Employment Promotion and Labour Market Institutions and the Act on the Consequences of Entrusting Work to Foreigners Staying Illegally in Poland. Also, conducting future recruitment processes based on the candidate\u2019s voluntary consent, if given, and archiving documentation and communications, including correspondence created by the Controller as part of its business operations, due to the Controller\u2019s legitimate interest in documenting activities and using archived material to establish, pursue or defend claims.<\/p>\n  <p><strong>Legal basis:<\/strong><br>For employment under a contract of employment \u2013 necessary to comply with legal obligations (Art. 6(1)(c) GDPR in connection with Art. 22 \u00a71 of the Polish Labour Code) and, for a broader scope, voluntary consent understood as sending a CV and\/or cover letter or completing a recruitment form on the candidate\u2019s own initiative (Art. 6(1)(a) GDPR). For employment under a civil law contract \u2013 necessary to take steps at the request of the candidate prior to entering into a contract (Art. 6(1)(b) GDPR). For employment of a foreign national \u2013 in addition to the above bases, to verify legality of employment or conduct legalization procedures (Art. 6(1)(c) GDPR) and because it is necessary to conclude and perform the contract (Art. 6(1)(b) GDPR). Future recruitment processes \u2013 candidate\u2019s voluntary consent (Art. 6(1)(a) GDPR). Archiving \u2013 Art. 6(1)(f) GDPR.<\/p>\n  <p><strong>Categories of data:<\/strong><br>For employment under an employment contract: first name(s) and surname, date of birth, contact details indicated by the candidate, education, professional qualifications, employment history, and any additional data contained in the CV, cover letter or recruitment form provided voluntarily by the candidate.<\/p>\n  <p><strong>Sources of data:<\/strong><br>Data obtained directly from the candidate when applying for a job or provided by recruitment agencies cooperating with the Controller.<\/p>\n  <p><strong>Recipients:<\/strong><br>Entities providing IT support (including maintenance of IT systems, data hosting and cloud services), authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, cooperating recruitment agencies and administrators of recruitment portals (e.g., e-recruiter, pracuj.pl, LinkedIn); entities responsible for archiving or destroying data; for executive-level candidates \u2013 group companies for internal administrative purposes (Art. 6(1)(f) GDPR).<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>Personal data may be transferred to a third country based on standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission\u2019s adequacy decision of 10 July 2023 under the EU\u2013US Data Privacy Framework (Art. 45 GDPR).<\/p>\n  <p><strong>Retention period:<\/strong><br>Personal data will be processed for 6 months from the date the application is submitted; during the same period the data are subject to anonymization. If consent for future recruitment is given, data will be processed until the candidate withdraws consent, but no longer than 12 months from application submission.<\/p>\n  <p><strong>Voluntariness:<\/strong><br>Providing personal data is voluntary. Failure to provide data prevents participation in recruitment. Failure to provide data processed on the basis of consent will not affect participation in the recruitment and candidate selection.<\/p>\n  <p><strong>Profiling:<\/strong><br>No automated decision-making, including profiling, will be carried out with respect to candidates.<\/p>\n<\/section>\n\n<section id=\"s20\">\n  <h5>20. COOKIES &#038; TRACKING TECHNOLOGIES<\/h5>\n  <p>Cookies are text files that contain data from visited websites and are stored on a user\u2019s computer by the browser. A cookie primarily stores information about the user during or after a visit to online services.<\/p>\n  <p>Stored data may include, for example, the language settings on the website, login status, shopping cart or the point where a video was viewed. The term \u201ccookies\u201d also includes other technologies that perform the same functions (e.g., where user information is stored using online identifiers, also called \u201cuser IDs\u201d).<\/p>\n  <p><strong>Purpose:<\/strong><br>Processing personal data in connection with the use of cookies and similar technologies to: ensure proper functioning of the Website (strictly necessary cookies), analyze traffic and user activity on the Website for statistical and analytical purposes (better understanding of user needs and improving functionalities and service quality), personalize content and ensure extended Website functionality. In addition, to conduct marketing and advertising activities (including marketing profiling), enable social media features and ensure system security and stability.<\/p>\n  <p><strong>Legal basis:<\/strong><br>Strictly necessary cookies: Art. 6(1)(f) GDPR \u2013 the Controller\u2019s legitimate interests in ensuring proper functioning of the Website. Other cookie categories: Art. 6(1)(a) and (f) GDPR in connection with the user\u2019s consent to use cookies (in line with the Polish Electronic Communications Law of 12 July 2024). The Controller\u2019s legitimate interests include analyzing user activity to improve functionalities and quality of services, conducting marketing activities and ensuring Website security.<\/p>\n  <p><strong>Categories of data:<\/strong><br>IP address, pages visited, visit duration, source of entry to the site, language settings, login status, browsing history, user interests, browser and device identifiers, data on interactions with content and other metadata related to use of the Website.<\/p>\n  <p><strong>Types of cookies<\/strong><br>Session cookies \u2013 deleted after leaving the site and closing the browser; persistent cookies \u2013 stored even after closing the browser; first\u2011party cookies \u2013 set by the Controller; third\u2011party cookies \u2013 set by external providers.<\/p>\n  <p><strong>Cookie functions:<\/strong><br>Strictly necessary cookies \u2013 essential for the website to function and cannot be disabled<br>Analytical\/statistical cookies \u2013 allow counting visits and traffic sources and measuring Website performance<br>Functional cookies \u2013 provide enhanced functionality and personalization<br>Marketing cookies \u2013 used to create interest profiles and display targeted advertising<br>Social media cookies \u2013 enable content sharing on social networks<\/p>\n  <p><strong>Recipients:<\/strong><br>IT service providers, data hosting and cloud services, advertising partners, social media providers, analytics providers, authorized employees and contractors of the Controller.<\/p>\n  <p><strong>Transfers outside the EEA:<\/strong><br>Data may be transferred to a third country based on standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or another lawful mechanism. Transfers to the United States may rely on the European Commission\u2019s adequacy decision of 10 July 2023 under the EU\u2013US Data Privacy Framework (Art. 45 GDPR).<\/p>\n  <p><strong>Retention period:<\/strong><br>Data processed via cookies will be stored for the period indicated in the cookie banner unless a valid objection is raised or consent is withdrawn earlier. Session cookies are deleted after leaving the site and closing the browser; persistent cookies are stored even after closing the browser according to settings defined for each category.<\/p>\n  <p><strong>Voluntariness:<\/strong><br>Consent for cookie use (except strictly necessary cookies) is voluntary. Lack of consent may limit Website functionality but will not prevent basic use. Consent can be withdrawn at any time via the cookie banner available under \u201cCookie Settings\u201d.<\/p>\n  <p><strong>Profiling:<\/strong><br>The Controller uses marketing and analytical profiling \u2013 within partially automated processing (e.g., browsing history) it evaluates selected factors to improve the Website and better tailor content to individual preferences. We do not, however, make fully automated decisions that produce legal effects or similarly significantly affect the user (per Art. 22 GDPR).<\/p>\n  <p><strong>Managing cookie settings:<\/strong><br>Cookie settings can be changed at any time via the link at the top of the page under \u201cCookie Settings\u201d. Detailed information is available in the Cookie Policy on a separate page.<\/p>\n<\/section>\n\n<section id=\"s21\">\n  <h5>21. Processing of data in third countries<\/h5>\n  <p>If we process data in a third country (i.e., outside the EU\/EEA) or if processing occurs in the context of using third\u2011party services or disclosing or transferring data to other persons, authorities or companies, this is done only in accordance with legal requirements.<\/p>\n  <p>The Controller processes data in third countries on the basis of standard contractual clauses (Art. 46(2)(c) or (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission\u2019s adequacy decision of 10 July 2023 under the EU\u2013US Data Privacy Framework (Art. 45 GDPR).<\/p>\n<\/section>\n\n<section id=\"s22\">\n  <h5>22. Rights of data subjects<\/h5>\n  <p>Data subjects (you) have the right to:<\/p>\n  <ul>\n    <li>request from the Controller access to personal data concerning them or a copy thereof,<\/li>\n    <li>rectification of data,<\/li>\n    <li>erasure of data,<\/li>\n    <li>restriction of processing,<\/li>\n    <li>data portability (if the Controller processes personal data by automated means, based on consent or for performance of a contract, the data subject may request transfer of their data in a structured, commonly used, machine\u2011readable format. If the person requests direct transfer to another controller, this will be done only where technically feasible),<\/li>\n    <li>object to processing of personal data for the purposes of the Controller\u2019s legitimate interests; the right to object cannot be exercised where there are compelling legitimate grounds for processing overriding your interests, rights and freedoms. Where you object to processing for direct marketing, your personal data will no longer be processed for that purpose,<\/li>\n    <li>withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.<\/li>\n  <\/ul>\n  <p>You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stanis\u0142awa Moniuszki 1A, 00\u2011014 Warsaw.<\/p>\n<\/section>\n\n<section id=\"s23\">\n  <h5>23. Automated decisions in individual cases<\/h5>\n  <p>No automated decisions \u2013 i.e., decisions based solely on automated processing, including profiling \u2013 that produce legal effects concerning data subjects (e.g., you) or similarly significantly affect them will be made with respect to personal data processed on the Website.<\/p>\n<\/section>\n\n<section id=\"s24\">\n  <h5>24. Amendments and updates to the Privacy Policy<\/h5>\n  <p>The content of this Privacy Policy may be amended by the Controller if there are factual or legal changes regarding personal data processing on the Website. You will be informed of changes in particular by publication of the new content on the Website.<\/p>\n<\/section>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Website Privacy Policy Table of Contents 1. WEBSITE PRIVACY POLICY 2. Introduction 3. Who we are 4. Contacting the Controller 5. Who this Privacy Policy applies to 6. Purposes, legal bases and retention periods 7. CONTACT WITH THE CONTROLLER 8. PRESENCE ON SOCIAL NETWORKS (SOCIAL MEDIA) 9. Joint controllership \u2013 LinkedIn 10. Joint controllership \u2013 [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-5527","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/pages\/5527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/comments?post=5527"}],"version-history":[{"count":9,"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/pages\/5527\/revisions"}],"predecessor-version":[{"id":5965,"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/pages\/5527\/revisions\/5965"}],"wp:attachment":[{"href":"https:\/\/highllnewarsaw.org\/en\/wp-json\/wp\/v2\/media?parent=5527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}