Privacy Policy
GDPR (General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) governs the protection of personal data of individuals within the European Union. The aim of GDPR is to strengthen and unify data protection laws within the EU.
To safeguard the personal data of those who collaborate with us, we have developed this Privacy Policy. Its purpose is to inform you about the personal data we collect, the purposes for which we process it, how we use it, and who we are. This policy also outlines your rights in connection with the processing of your personal data by us.
This Privacy Policy does not apply to the processing of personal data of employees and collaborators.
WHO IS THE DATA CONTROLLER?
We kindly inform you that the Data Controller of your personal data is:
Econverse Foundation
Św. Marcin 29/8 | 61-806 Poznań
KRS 0000958429 | NIP 781 203 28 96
hereinafter referred to as the “Data Controller.”
DATA PROTECTION OFFICER
Please note that we have not appointed a Data Protection Officer. If you have any questions regarding data protection, please contact us by sending an email to: fundacja@econverse.org with the note “GDPR.”
WHOSE PERSONAL DATA WILL WE PROCESS?
As the Data Controller, we will process the personal data of:
• Participants of events, trade shows, etc.
• Our clients and potential clients,
• Our contractors - suppliers (including potential ones),
• Business partners, content partners, etc.
• Representatives of entities with whom we cooperate,
• Entities with whom we have relationships but are not yet our clients.
WHERE DID WE OBTAIN YOUR PERSONAL DATA?
We obtained your personal data from:
• Registration forms, application forms;
• Your participation in our events;
• Directly from you through our correspondence, conversation, meeting, sending information, or using our services;
• Our ongoing cooperation;
• Public registers such as CEIDG, KRS, VAT taxpayer white list;
• Other sources, including publicly available ones, such as websites.
WHAT ARE OUR PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA?
To provide our services, the Data Controller processes your personal data for various purposes, but always in accordance with the law.
We process personal data that we receive from you when you use our services and during contacts with us. This data is always processed in accordance with GDPR and national regulations.Below, you will find the purposes for processing your personal data along with the legal bases:
A. For registering for our events, trade shows, etc., and participating in them (including recording the participants’ images), we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, participants’ images recorded, e.g., in photos, videos, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent, e.g., in terms of providing the above-mentioned personal data;
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller) for the proper provision of services related to the organization of our events, trade shows, etc.
B. For entering into and performing contracts, i.e., providing our services, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(b) GDPR (necessary for contract performance), which allows processing of personal data if it is necessary to perform a contract or to take steps to enter into a contract between us;
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller), e.g., for contacting you, providing you with information about activities related to the execution of the contract between us.
C. For fulfilling our legal obligations, e.g., issuing VAT invoices, accounting documents, and tax settlements, we process the following personal data:
• Name, contact details (e.g., email, phone number), company name, company headquarters, correspondence address, VAT number, REGON number, PESEL number/date of birth, bank account number, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(c) GDPR (legal obligation), which allows processing of personal data if such processing is necessary to comply with legal obligations to which the Data Controller is subject.
D. For handling matters directed directly to the Data Controller, e.g., processing complaints, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, contact details (e.g., email, phone number), company headquarters, VAT number, REGON number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller), e.g., for contacting you, handling complaints, and processing grievances.
E. For establishing, defending, and pursuing claims, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, PESEL number, nationality, personal data of co-participants (name, contact details), and other information you provide us;
• Legal entities: Company name, contact details (e.g., email, phone number), company headquarters, VAT number, REGON number, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to establish, pursue, or defend claims from participants, clients/contractors, and third parties.
F. For storing unanswered offers/inquiries, we process the following personal data:
• Name, company name, email address, phone number, or other data you provide us;
• This is because you might decide to use our services after some time from receiving our offer. The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to enable you to use our services for a specified period without the need to reissue the offer.
G. For archival and evidentiary purposes, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, PESEL number, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, REGON number, website address, information contained in public registers, bank account number, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to prove certain facts related to the execution of the contract or provision of services, when a state authority demands it;
• Article 6(1)(c) GDPR (legal obligation), which allows processing of personal data if such processing is necessary to comply with legal obligations to which the Data Controller is subject.
H. For administering the website, while using it, data may be recorded automatically. However, you can choose the option “do not allow data recording” or “delete upon closing all domains” in your browser settings. Within this purpose, we may process personal data such as:
• IP address, server date and time, information about the web browser, and information about the operating system.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent, e.g., browser settings;
• Article 6(1)(f) GDPR (legitimate interests), e.g., to manage the website.For more information, refer to our Cookie Policy.
I. For direct marketing, we process the following data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent;
- Article 6(1)(f) GDPR (legitimate interests), which allows processing of personal data if this serves the legitimate interests of the Data Controller, e.g., responding to inquiries, sending offers.
J. For sending newsletters, we process the following data:
• Individuals: Name, contact details (e.g., email, phone number);
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), name, and surname.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent to receive our newsletter.
DATA SECURITY
To ensure the security of all data within our company, especially in ensuring confidentiality and integrity, we have implemented appropriate technical and organizational measures, such as:
• Regular risk analysis to appropriately adjust solutions to potential threats related to breaches;
• Only authorized persons have access to data and only to the extent necessary to perform their tasks;
• We regularly sign data processing agreements with entities to whom we entrust personal data processing, ensuring they guarantee the highest level of security;
• Access to systems is strictly controlled, in accordance with security procedures.
SOCIAL MEDIA
In the course of our operations, we process your personal data on various social media platforms, such as LinkedIn, Instagram, Facebook, EventBrite, Evenea, X, TikTok. Data processing occurs for the following purposes and on the following legal bases:
Purposes of data processing:
• Communication and interaction with users: Responding to user inquiries, comments, and messages, building relationships, and increasing engagement;
• Marketing and promotion: Promoting our services, products, events, and marketing campaigns by posting content, advertisements, and announcements;
• Event organization: Managing event registrations, informing about event details, and communicating with participants;
• Analysis and statistics: Analyzing user activity, monitoring reach, and evaluating the effectiveness of our marketing efforts;
• Building the company’s image: Presenting our activities, achievements, and engaging in dialogue with users.
Legal bases for data processing:
• User consent (Article 6(1)(a) GDPR): Personal data processing on social media platforms is based on consent expressed by users through interactions with our profiles and content.
• Legitimate interests of the controller (Article 6(1)(f) GDPR): Data processing for marketing, communication, and analytical purposes is justified by our interest in promoting our activities and increasing user engagement.
We ensure that personal data processing on social media platforms complies with applicable data protection regulations and that all information is protected with appropriate security measures. More information about data processing rules can be found directly on the respective platforms: LinkedIn, Instagram, Facebook, EventBrite, Evenea, X, TikTok.
REQUIREMENT TO PROVIDE PERSONAL DATA
Providing any personal data is voluntary and at your discretion. However, in some cases, providing specific personal data is necessary to meet your expectations regarding the services provided by the Data Controller. To receive a commercial offer, it is necessary to provide an email address—without this, we are unable to meet your expectations and maintain the highest quality of service, which we value greatly.
DO WE CONDUCT AUTOMATED DECISION-MAKING AND PROFILING?
In the course of organizing our events, we use profiling of participants to better tailor our services to their needs and expectations. Profiling includes both behavioral data, such as participant behavior during events, their interactions with various program elements, and psychological data that allows for a deeper understanding of participants’ motivations, interests, and preferences. This enables us to create more engaging and personalized experiences, tailored to the individual needs of each participant. All collected data is processed in accordance with applicable data protection regulations, ensuring full confidentiality and security of information.
Legal bases for data processing under GDPR:
• Participant consent (Article 6(1)(a) GDPR): Personal data processing for profiling purposes is based on the voluntarily given consent of participants.
• Contract performance (Article 6(1)(b) GDPR): Data processing is necessary to perform a contract to which the participant is a party, in order to ensure high-quality services and tailor them to individual needs.
• Legitimate interests of the controller (Article 6(1)(f) GDPR): Data processing is necessary to achieve our legitimate interests, such as analyzing and improving the services offered, provided that these interests do not infringe on the rights and freedoms of participants.
WHO CAN WE SHARE YOUR PERSONAL DATA WITH?
We may share your data with:
• Our employees and collaborators who need access to the data to fulfill our obligations or perform actions on your behalf;
• Our event partners and external entities supporting us in organizing events, trade shows, and other activities—this mainly applies to participants in our activities.
Like most businesses, we also use the assistance of other entities in our operations, which often involves the need to share personal data. Therefore, if necessary, we share your personal data with the following recipients:
• Entities providing us with marketing services, training organization, events;
• Entities maintaining our IT and telecommunication systems;
• Entities providing us with telecommunication systems we use daily;
• Entities conducting payment activities (banks, payment institutions);
• Entities conducting credit (banks), leasing activities;
• Entities conducting postal, courier activities;
• Entities providing us with consulting, auditing, or legal, tax, accounting, or HR assistance;
• Entities preparing photo and video coverage of our events, trade shows, etc.
Additionally, it may happen that, based on a relevant legal provision or decision of a competent authority, we will have to share your personal data with other entities, whether public or private, such as the Social Insurance Institution (ZUS), Tax Office, National Tax Administration, etc.
We cannot predict who may request access to personal data. Nevertheless, we assure you that any such request is carefully and thoroughly analyzed to avoid accidentally sharing information with an unauthorized person.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (TO THIRD COUNTRIES)?
In connection with our cooperation with partners from the UK and the USA, we transfer your personal data outside the European Economic Area (EEA). We ensure that each data transfer is carried out in compliance with applicable data protection regulations. We apply appropriate security measures to protect your personal data and ensure its compliance with European data protection standards.
Data transfers are based on one of the following legal grounds:
• Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission, which require data recipients to comply with appropriate data protection standards.
• Adequacy decisions: In the case of data transfers to the UK, we rely on the European Commission’s adequacy decision, which states that the UK provides an adequate level of data protection.
• Other appropriate safeguards: In situations where the use of standard contractual clauses or adequacy decisions is not possible, we may use other appropriate safeguards, such as binding corporate rules or specific contractual clauses tailored to the needs of a particular data transfer.
We ensure that we only cooperate with partners who adhere to strict data protection standards. We regularly monitor and verify their data processing practices to ensure that your data is protected in accordance with the highest standards.
If you have any questions or concerns regarding the transfer of your data outside the EEA, we encourage you to contact us.
COOPERATION WITH GOOGLE, GOOGLE ANALYTICS, AND MICROSOFT
We use the services of Google, Google Analytics, and Microsoft, which may require transferring your personal data outside the EEA.
• Google and Google Analytics: In using Google and Google Analytics services, your data may be transferred to servers located in the United States. Google complies with standard contractual clauses and other GDPR-compliant mechanisms to ensure an appropriate level of data protection. Link to privacy policy.
• Microsoft: We collaborate with Microsoft for data storage and processing on their cloud platforms, such as Azure and Office 365. Microsoft also complies with standard contractual clauses and other GDPR-compliant mechanisms to protect your personal data.
HOW LONG CAN WE STORE YOUR PERSONAL DATA?
In accordance with applicable law, we process your personal data for the time necessary to achieve the specified purpose. After this period, your personal data will be irreversibly deleted or destroyed.
Regarding specific periods for processing personal data, we inform you that personal data is processed for the period:
• The duration of the contract and after its termination, but not longer than 6 years—in relation to personal data processed for the purpose of concluding and performing a contract.
• Up to 10 years—in relation to personal data processed for the purpose of establishing, pursuing, or defending claims, but not longer than permitted by applicable law.
• 1 year—in relation to personal data collected in connection with directing an offer, but the contract was not immediately concluded.
• 5 years—in relation to personal data related to fulfilling tax law obligations, e.g., storing invoices and receipts.
• Until consent is withdrawn or the purpose of processing is achieved, but not longer than 2 years—in relation to personal data processed based on consent.
• Until effective objection or the purpose of processing is achieved, but not longer than 2 years—in relation to personal data processed based on the legitimate interest of the Data Controller or for marketing purposes.
• Until it becomes outdated or loses its relevance, but not longer than 5 years—in relation to personal data processed mainly for the purposes of using cookies and administering the website.
Periods are counted in years from the end of the year in which we began processing personal data to streamline the process of deleting or destroying personal data. Separate counting of the deadline for each event would involve significant organizational and technical difficulties, as well as a significant financial outlay; therefore, establishing one deletion or destruction date for personal data allows us to manage this process more efficiently.
Right to be Forgotten: Of course, if you exercise your right to be forgotten, such situations are handled on a case-by-case basis.
WHAT RIGHTS DO YOU HAVE?
We kindly inform you that you have the right to:
• Right to access your personal data—this means obtaining information about the purpose and manner of processing your personal data and receiving a copy of your data.
• Right to rectify data—this means correcting data if it is incorrect, has changed, or has become outdated.
• Right to partially or completely delete data (“Right to be Forgotten”)—this means deleting data that is processed without a legal basis.
• Right to restrict processing—this means limiting the processing of data to its storage only.
• Right to data portability—this means obtaining your personal data that you have provided us or indicating another controller to whom we should transfer it, if technically possible.
• Right to object to personal data provided voluntarily—this includes data used for direct marketing purposes.
• Right to withdraw consent—you may withdraw any consent you have given at any time. Please remember that from the time you submit the request, we will no longer process the data for the purpose specified by you, but until the consent is withdrawn, we have the right to process your data.
We respect your rights under data protection regulations and strive to facilitate their exercise to the greatest extent possible. Please note that the mentioned rights are not absolute, and in some situations, we may lawfully refuse to fulfill them. However, if we deny your request, it will only be after thorough analysis and only if refusal is necessary.
Regarding the right to object, we explain that you have the right to object to the processing of personal data based on the legitimate interest of the Data Controller /as listed in section three of this Privacy Policy/ in connection with your particular situation. However, you must remember that according to the regulations, we may refuse to honor the objection if we demonstrate that:
• There are legally justified grounds for processing that are overriding in relation to your interests, rights, and freedoms, or;
• There are grounds for establishing, pursuing, or defending claims.
Additionally, at any time, you may object to the processing of your personal data for marketing purposes. In such a case, upon receiving the objection, we will cease processing for this purpose.
You can exercise your rights by sending an email to fundacja@econverse.org with the subject “GDPR.”
HOW TO EXERCISE THE RIGHT TO WITHDRAW CONSENT?
If the processing of personal data is based on your consent, you can withdraw this consent at any time—at your discretion. If you wish to withdraw consent for personal data processing, simply send an email to fundacja@econverse.org with the subject “GDPR.”
If the processing of your personal data was based on consent, withdrawing it does not mean that the processing up to that point was illegal. In other words, until the consent is withdrawn, we have the right to process your personal data, and withdrawing consent does not affect the lawfulness of prior processing.
YOU HAVE THE RIGHT TO FILE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
If you believe that your personal data is being processed unlawfully, you can file a complaint with the President of the Personal Data Protection Office, Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
FINAL PROVISIONS
In matters not regulated by the policy, the provisions of the Civil Code and relevant Polish laws, as well as European Union law, in particular GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC), shall apply.
You will be informed of any changes made to this Privacy Policy through a notice on our website or at the Data Controller’s headquarters. This Privacy Policy is effective from August 22, 2024.
To safeguard the personal data of those who collaborate with us, we have developed this Privacy Policy. Its purpose is to inform you about the personal data we collect, the purposes for which we process it, how we use it, and who we are. This policy also outlines your rights in connection with the processing of your personal data by us.
This Privacy Policy does not apply to the processing of personal data of employees and collaborators.
WHO IS THE DATA CONTROLLER?
We kindly inform you that the Data Controller of your personal data is:
Econverse Foundation
Św. Marcin 29/8 | 61-806 Poznań
KRS 0000958429 | NIP 781 203 28 96
hereinafter referred to as the “Data Controller.”
DATA PROTECTION OFFICER
Please note that we have not appointed a Data Protection Officer. If you have any questions regarding data protection, please contact us by sending an email to: fundacja@econverse.org with the note “GDPR.”
WHOSE PERSONAL DATA WILL WE PROCESS?
As the Data Controller, we will process the personal data of:
• Participants of events, trade shows, etc.
• Our clients and potential clients,
• Our contractors - suppliers (including potential ones),
• Business partners, content partners, etc.
• Representatives of entities with whom we cooperate,
• Entities with whom we have relationships but are not yet our clients.
WHERE DID WE OBTAIN YOUR PERSONAL DATA?
We obtained your personal data from:
• Registration forms, application forms;
• Your participation in our events;
• Directly from you through our correspondence, conversation, meeting, sending information, or using our services;
• Our ongoing cooperation;
• Public registers such as CEIDG, KRS, VAT taxpayer white list;
• Other sources, including publicly available ones, such as websites.
WHAT ARE OUR PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA?
To provide our services, the Data Controller processes your personal data for various purposes, but always in accordance with the law.
We process personal data that we receive from you when you use our services and during contacts with us. This data is always processed in accordance with GDPR and national regulations.Below, you will find the purposes for processing your personal data along with the legal bases:
A. For registering for our events, trade shows, etc., and participating in them (including recording the participants’ images), we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, participants’ images recorded, e.g., in photos, videos, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent, e.g., in terms of providing the above-mentioned personal data;
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller) for the proper provision of services related to the organization of our events, trade shows, etc.
B. For entering into and performing contracts, i.e., providing our services, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(b) GDPR (necessary for contract performance), which allows processing of personal data if it is necessary to perform a contract or to take steps to enter into a contract between us;
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller), e.g., for contacting you, providing you with information about activities related to the execution of the contract between us.
C. For fulfilling our legal obligations, e.g., issuing VAT invoices, accounting documents, and tax settlements, we process the following personal data:
• Name, contact details (e.g., email, phone number), company name, company headquarters, correspondence address, VAT number, REGON number, PESEL number/date of birth, bank account number, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(c) GDPR (legal obligation), which allows processing of personal data if such processing is necessary to comply with legal obligations to which the Data Controller is subject.
D. For handling matters directed directly to the Data Controller, e.g., processing complaints, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, contact details (e.g., email, phone number), company headquarters, VAT number, REGON number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests of the Data Controller), e.g., for contacting you, handling complaints, and processing grievances.
E. For establishing, defending, and pursuing claims, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, PESEL number, nationality, personal data of co-participants (name, contact details), and other information you provide us;
• Legal entities: Company name, contact details (e.g., email, phone number), company headquarters, VAT number, REGON number, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to establish, pursue, or defend claims from participants, clients/contractors, and third parties.
F. For storing unanswered offers/inquiries, we process the following personal data:
• Name, company name, email address, phone number, or other data you provide us;
• This is because you might decide to use our services after some time from receiving our offer. The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to enable you to use our services for a specified period without the need to reissue the offer.
G. For archival and evidentiary purposes, we process the following personal data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, PESEL number, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, REGON number, website address, information contained in public registers, bank account number, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(f) GDPR (legitimate interests), e.g., to prove certain facts related to the execution of the contract or provision of services, when a state authority demands it;
• Article 6(1)(c) GDPR (legal obligation), which allows processing of personal data if such processing is necessary to comply with legal obligations to which the Data Controller is subject.
H. For administering the website, while using it, data may be recorded automatically. However, you can choose the option “do not allow data recording” or “delete upon closing all domains” in your browser settings. Within this purpose, we may process personal data such as:
• IP address, server date and time, information about the web browser, and information about the operating system.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent, e.g., browser settings;
• Article 6(1)(f) GDPR (legitimate interests), e.g., to manage the website.For more information, refer to our Cookie Policy.
I. For direct marketing, we process the following data:
• Individuals: Name, contact details (e.g., email, phone number), date of birth, nationality, personal data of co-participants (name, contact details), website address, and other information you provide us;
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), VAT number, website address, information contained in public registers, and other information you provide us.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent;
- Article 6(1)(f) GDPR (legitimate interests), which allows processing of personal data if this serves the legitimate interests of the Data Controller, e.g., responding to inquiries, sending offers.
J. For sending newsletters, we process the following data:
• Individuals: Name, contact details (e.g., email, phone number);
• Legal entities: Company name, company headquarters, contact details (e.g., email, phone number), name, and surname.
• The legal basis for such data processing is:
• Article 6(1)(a) GDPR (voluntary consent), which allows processing of personal data based on voluntarily given consent to receive our newsletter.
DATA SECURITY
To ensure the security of all data within our company, especially in ensuring confidentiality and integrity, we have implemented appropriate technical and organizational measures, such as:
• Regular risk analysis to appropriately adjust solutions to potential threats related to breaches;
• Only authorized persons have access to data and only to the extent necessary to perform their tasks;
• We regularly sign data processing agreements with entities to whom we entrust personal data processing, ensuring they guarantee the highest level of security;
• Access to systems is strictly controlled, in accordance with security procedures.
SOCIAL MEDIA
In the course of our operations, we process your personal data on various social media platforms, such as LinkedIn, Instagram, Facebook, EventBrite, Evenea, X, TikTok. Data processing occurs for the following purposes and on the following legal bases:
Purposes of data processing:
• Communication and interaction with users: Responding to user inquiries, comments, and messages, building relationships, and increasing engagement;
• Marketing and promotion: Promoting our services, products, events, and marketing campaigns by posting content, advertisements, and announcements;
• Event organization: Managing event registrations, informing about event details, and communicating with participants;
• Analysis and statistics: Analyzing user activity, monitoring reach, and evaluating the effectiveness of our marketing efforts;
• Building the company’s image: Presenting our activities, achievements, and engaging in dialogue with users.
Legal bases for data processing:
• User consent (Article 6(1)(a) GDPR): Personal data processing on social media platforms is based on consent expressed by users through interactions with our profiles and content.
• Legitimate interests of the controller (Article 6(1)(f) GDPR): Data processing for marketing, communication, and analytical purposes is justified by our interest in promoting our activities and increasing user engagement.
We ensure that personal data processing on social media platforms complies with applicable data protection regulations and that all information is protected with appropriate security measures. More information about data processing rules can be found directly on the respective platforms: LinkedIn, Instagram, Facebook, EventBrite, Evenea, X, TikTok.
REQUIREMENT TO PROVIDE PERSONAL DATA
Providing any personal data is voluntary and at your discretion. However, in some cases, providing specific personal data is necessary to meet your expectations regarding the services provided by the Data Controller. To receive a commercial offer, it is necessary to provide an email address—without this, we are unable to meet your expectations and maintain the highest quality of service, which we value greatly.
DO WE CONDUCT AUTOMATED DECISION-MAKING AND PROFILING?
In the course of organizing our events, we use profiling of participants to better tailor our services to their needs and expectations. Profiling includes both behavioral data, such as participant behavior during events, their interactions with various program elements, and psychological data that allows for a deeper understanding of participants’ motivations, interests, and preferences. This enables us to create more engaging and personalized experiences, tailored to the individual needs of each participant. All collected data is processed in accordance with applicable data protection regulations, ensuring full confidentiality and security of information.
Legal bases for data processing under GDPR:
• Participant consent (Article 6(1)(a) GDPR): Personal data processing for profiling purposes is based on the voluntarily given consent of participants.
• Contract performance (Article 6(1)(b) GDPR): Data processing is necessary to perform a contract to which the participant is a party, in order to ensure high-quality services and tailor them to individual needs.
• Legitimate interests of the controller (Article 6(1)(f) GDPR): Data processing is necessary to achieve our legitimate interests, such as analyzing and improving the services offered, provided that these interests do not infringe on the rights and freedoms of participants.
WHO CAN WE SHARE YOUR PERSONAL DATA WITH?
We may share your data with:
• Our employees and collaborators who need access to the data to fulfill our obligations or perform actions on your behalf;
• Our event partners and external entities supporting us in organizing events, trade shows, and other activities—this mainly applies to participants in our activities.
Like most businesses, we also use the assistance of other entities in our operations, which often involves the need to share personal data. Therefore, if necessary, we share your personal data with the following recipients:
• Entities providing us with marketing services, training organization, events;
• Entities maintaining our IT and telecommunication systems;
• Entities providing us with telecommunication systems we use daily;
• Entities conducting payment activities (banks, payment institutions);
• Entities conducting credit (banks), leasing activities;
• Entities conducting postal, courier activities;
• Entities providing us with consulting, auditing, or legal, tax, accounting, or HR assistance;
• Entities preparing photo and video coverage of our events, trade shows, etc.
Additionally, it may happen that, based on a relevant legal provision or decision of a competent authority, we will have to share your personal data with other entities, whether public or private, such as the Social Insurance Institution (ZUS), Tax Office, National Tax Administration, etc.
We cannot predict who may request access to personal data. Nevertheless, we assure you that any such request is carefully and thoroughly analyzed to avoid accidentally sharing information with an unauthorized person.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (TO THIRD COUNTRIES)?
In connection with our cooperation with partners from the UK and the USA, we transfer your personal data outside the European Economic Area (EEA). We ensure that each data transfer is carried out in compliance with applicable data protection regulations. We apply appropriate security measures to protect your personal data and ensure its compliance with European data protection standards.
Data transfers are based on one of the following legal grounds:
• Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission, which require data recipients to comply with appropriate data protection standards.
• Adequacy decisions: In the case of data transfers to the UK, we rely on the European Commission’s adequacy decision, which states that the UK provides an adequate level of data protection.
• Other appropriate safeguards: In situations where the use of standard contractual clauses or adequacy decisions is not possible, we may use other appropriate safeguards, such as binding corporate rules or specific contractual clauses tailored to the needs of a particular data transfer.
We ensure that we only cooperate with partners who adhere to strict data protection standards. We regularly monitor and verify their data processing practices to ensure that your data is protected in accordance with the highest standards.
If you have any questions or concerns regarding the transfer of your data outside the EEA, we encourage you to contact us.
COOPERATION WITH GOOGLE, GOOGLE ANALYTICS, AND MICROSOFT
We use the services of Google, Google Analytics, and Microsoft, which may require transferring your personal data outside the EEA.
• Google and Google Analytics: In using Google and Google Analytics services, your data may be transferred to servers located in the United States. Google complies with standard contractual clauses and other GDPR-compliant mechanisms to ensure an appropriate level of data protection. Link to privacy policy.
• Microsoft: We collaborate with Microsoft for data storage and processing on their cloud platforms, such as Azure and Office 365. Microsoft also complies with standard contractual clauses and other GDPR-compliant mechanisms to protect your personal data.
HOW LONG CAN WE STORE YOUR PERSONAL DATA?
In accordance with applicable law, we process your personal data for the time necessary to achieve the specified purpose. After this period, your personal data will be irreversibly deleted or destroyed.
Regarding specific periods for processing personal data, we inform you that personal data is processed for the period:
• The duration of the contract and after its termination, but not longer than 6 years—in relation to personal data processed for the purpose of concluding and performing a contract.
• Up to 10 years—in relation to personal data processed for the purpose of establishing, pursuing, or defending claims, but not longer than permitted by applicable law.
• 1 year—in relation to personal data collected in connection with directing an offer, but the contract was not immediately concluded.
• 5 years—in relation to personal data related to fulfilling tax law obligations, e.g., storing invoices and receipts.
• Until consent is withdrawn or the purpose of processing is achieved, but not longer than 2 years—in relation to personal data processed based on consent.
• Until effective objection or the purpose of processing is achieved, but not longer than 2 years—in relation to personal data processed based on the legitimate interest of the Data Controller or for marketing purposes.
• Until it becomes outdated or loses its relevance, but not longer than 5 years—in relation to personal data processed mainly for the purposes of using cookies and administering the website.
Periods are counted in years from the end of the year in which we began processing personal data to streamline the process of deleting or destroying personal data. Separate counting of the deadline for each event would involve significant organizational and technical difficulties, as well as a significant financial outlay; therefore, establishing one deletion or destruction date for personal data allows us to manage this process more efficiently.
Right to be Forgotten: Of course, if you exercise your right to be forgotten, such situations are handled on a case-by-case basis.
WHAT RIGHTS DO YOU HAVE?
We kindly inform you that you have the right to:
• Right to access your personal data—this means obtaining information about the purpose and manner of processing your personal data and receiving a copy of your data.
• Right to rectify data—this means correcting data if it is incorrect, has changed, or has become outdated.
• Right to partially or completely delete data (“Right to be Forgotten”)—this means deleting data that is processed without a legal basis.
• Right to restrict processing—this means limiting the processing of data to its storage only.
• Right to data portability—this means obtaining your personal data that you have provided us or indicating another controller to whom we should transfer it, if technically possible.
• Right to object to personal data provided voluntarily—this includes data used for direct marketing purposes.
• Right to withdraw consent—you may withdraw any consent you have given at any time. Please remember that from the time you submit the request, we will no longer process the data for the purpose specified by you, but until the consent is withdrawn, we have the right to process your data.
We respect your rights under data protection regulations and strive to facilitate their exercise to the greatest extent possible. Please note that the mentioned rights are not absolute, and in some situations, we may lawfully refuse to fulfill them. However, if we deny your request, it will only be after thorough analysis and only if refusal is necessary.
Regarding the right to object, we explain that you have the right to object to the processing of personal data based on the legitimate interest of the Data Controller /as listed in section three of this Privacy Policy/ in connection with your particular situation. However, you must remember that according to the regulations, we may refuse to honor the objection if we demonstrate that:
• There are legally justified grounds for processing that are overriding in relation to your interests, rights, and freedoms, or;
• There are grounds for establishing, pursuing, or defending claims.
Additionally, at any time, you may object to the processing of your personal data for marketing purposes. In such a case, upon receiving the objection, we will cease processing for this purpose.
You can exercise your rights by sending an email to fundacja@econverse.org with the subject “GDPR.”
HOW TO EXERCISE THE RIGHT TO WITHDRAW CONSENT?
If the processing of personal data is based on your consent, you can withdraw this consent at any time—at your discretion. If you wish to withdraw consent for personal data processing, simply send an email to fundacja@econverse.org with the subject “GDPR.”
If the processing of your personal data was based on consent, withdrawing it does not mean that the processing up to that point was illegal. In other words, until the consent is withdrawn, we have the right to process your personal data, and withdrawing consent does not affect the lawfulness of prior processing.
YOU HAVE THE RIGHT TO FILE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY
If you believe that your personal data is being processed unlawfully, you can file a complaint with the President of the Personal Data Protection Office, Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
FINAL PROVISIONS
In matters not regulated by the policy, the provisions of the Civil Code and relevant Polish laws, as well as European Union law, in particular GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC), shall apply.
You will be informed of any changes made to this Privacy Policy through a notice on our website or at the Data Controller’s headquarters. This Privacy Policy is effective from August 22, 2024.
Cookies
This policy explains what “cookies” are and how we use them. You should review this policy to understand the types of cookies we use, the information we collect through them, and how these cookies are utilized. For more information on how we use, store, and protect users’ personal data, please refer to our Privacy Policy.
This policy also outlines your rights regarding the personal data you provide us. If you have any questions about this cookie policy, please contact us:
By mail: Econverse Foundation | Św Marcin 29/8 | 61-806 Poznań
By email: fundacja@econverse.org
What is a “cookie”?
“Cookies,” also known as “biscuits,” are small text files that are stored on your computer, phone, tablet, or other device by the websites you visit. Cookies are encrypted in such a way that unauthorized persons cannot access them.
These cookies can be read by us as the Data Controller, as well as by systems belonging to other trusted entities whose technologies we use.
Why do we use “cookies”?
Cookies perform various functions on our website, often useful ones, which we will describe below (if the information is insufficient, please contact us):
• Ensuring security: Cookies are used for user authentication and to prevent unauthorized use of the client panel. They help protect your personal data from unauthorized access.
• Influencing website processes and performance: Cookies are used to ensure that the website functions efficiently and that you can use its available features, such as remembering settings between visits. They enable smooth navigation on the website and its subpages. • Session state: Cookies often store information about how visitors use the website, such as which subpages they view most frequently. They also help identify errors displayed on certain subpages. Cookies used for saving the so-called “session state” help improve services and enhance browsing comfort.
• Maintaining session state: When a client logs into their panel, cookies allow the session to be maintained. This means that when moving to another subpage, you don’t have to re-enter your login and password, which enhances the comfort of using the website.
• Creating statistics: Cookies are used to analyze how users interact with the website (e.g., how many people visit the site, how long they stay, which content generates the most interest).
This allows us to continually improve the website and adjust its functionality to user preferences. To track activity and create statistics, we use tools like Google Analytics; apart from reporting site usage statistics, Google Analytics pixels can also assist, together with some of the cookies described above, in displaying more relevant content to users within Google services (e.g., in Google Search) and across the web.
Importantly, many cookies we use are anonymized — without additional information, we cannot identify your identity based on them.
How can you control cookies?
Your web browser by default allows cookies to be used on your device, so we ask for your consent to use cookies during your first visit.
However, it is possible to control and manage installed cookies. How can this be done?
• Control – Web browser: If you do not wish to use cookies while browsing the website, most web browsers allow you to change settings—completely block the automatic handling of cookies or require notification each time cookies are placed on your device. These settings can be changed at any time. For more information on this, please visit: https://www.aboutcookies.org/
What happens if you do not consent to our use of cookies?
Respecting the autonomy of all users of the website, we feel obliged to warn that disabling or limiting the handling of cookies may cause significant difficulties in using the website, such as the need to log in on each subpage, longer page loading times, limitations in functionality, or restrictions in liking the page on Facebook, LinkedIn, Instagram, etc.
How long will we use cookies?
Cookies remain on your device:
• Until you leave the website or close the software (web browser) — this mainly applies to technical cookies;
• Some cookies may remain on your device until you manually delete them.
This policy also outlines your rights regarding the personal data you provide us. If you have any questions about this cookie policy, please contact us:
By mail: Econverse Foundation | Św Marcin 29/8 | 61-806 Poznań
By email: fundacja@econverse.org
What is a “cookie”?
“Cookies,” also known as “biscuits,” are small text files that are stored on your computer, phone, tablet, or other device by the websites you visit. Cookies are encrypted in such a way that unauthorized persons cannot access them.
These cookies can be read by us as the Data Controller, as well as by systems belonging to other trusted entities whose technologies we use.
Why do we use “cookies”?
Cookies perform various functions on our website, often useful ones, which we will describe below (if the information is insufficient, please contact us):
• Ensuring security: Cookies are used for user authentication and to prevent unauthorized use of the client panel. They help protect your personal data from unauthorized access.
• Influencing website processes and performance: Cookies are used to ensure that the website functions efficiently and that you can use its available features, such as remembering settings between visits. They enable smooth navigation on the website and its subpages. • Session state: Cookies often store information about how visitors use the website, such as which subpages they view most frequently. They also help identify errors displayed on certain subpages. Cookies used for saving the so-called “session state” help improve services and enhance browsing comfort.
• Maintaining session state: When a client logs into their panel, cookies allow the session to be maintained. This means that when moving to another subpage, you don’t have to re-enter your login and password, which enhances the comfort of using the website.
• Creating statistics: Cookies are used to analyze how users interact with the website (e.g., how many people visit the site, how long they stay, which content generates the most interest).
This allows us to continually improve the website and adjust its functionality to user preferences. To track activity and create statistics, we use tools like Google Analytics; apart from reporting site usage statistics, Google Analytics pixels can also assist, together with some of the cookies described above, in displaying more relevant content to users within Google services (e.g., in Google Search) and across the web.
Importantly, many cookies we use are anonymized — without additional information, we cannot identify your identity based on them.
How can you control cookies?
Your web browser by default allows cookies to be used on your device, so we ask for your consent to use cookies during your first visit.
However, it is possible to control and manage installed cookies. How can this be done?
• Control – Web browser: If you do not wish to use cookies while browsing the website, most web browsers allow you to change settings—completely block the automatic handling of cookies or require notification each time cookies are placed on your device. These settings can be changed at any time. For more information on this, please visit: https://www.aboutcookies.org/
What happens if you do not consent to our use of cookies?
Respecting the autonomy of all users of the website, we feel obliged to warn that disabling or limiting the handling of cookies may cause significant difficulties in using the website, such as the need to log in on each subpage, longer page loading times, limitations in functionality, or restrictions in liking the page on Facebook, LinkedIn, Instagram, etc.
How long will we use cookies?
Cookies remain on your device:
• Until you leave the website or close the software (web browser) — this mainly applies to technical cookies;
• Some cookies may remain on your device until you manually delete them.