Privacy Policy
KCRI Sp. z o.o. with its registered office in Kraków at Wadowicka 7, 30-347 Krakow, National Court Register number KRS 0000218183, complying with the obligations under the applicable personal data protection laws, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR), provides you with information on your personal data processing and protection.
The information in the Privacy Policy will help you understand what personal data are collected and processed by KCRI Sp. z o.o., for what purpose they are used, and what rights you have in relation to personal data protection.
This Privacy Policy provides information about the different types of personal information that we collect and the ways in which we use it. This Privacy Policy applies to all those who interact with us online or whose personal information we otherwise collect (although please note that if you are an employee or worker at KCRI, there is a separate privacy policy).
I. PERSONAL DATA CONTROLLER
The Controller of personal data is KCRI Sp. z o.o. with its registered office at Wadowicka 7, 30-347 Krakow, National Court Register number KRS 0000218183, (hereinafter also “KCRI”, ”Company”, “Controller”)
Contact:
- via email: dataprotection@kcri.org;
When contacting the Controller via e-mail, you naturally provide your e-mail address as the sender’s address. In addition, you can also include other personal data in the message (e.g. your name and surname, contact details, telephone number, etc.). Providing data is voluntary, but it is necessary to provide at least your e-mail address to establish contact. It is not possible to establish communication without providing at least a basic catalog of data, considering that each electronic message contains certain personal data.
- via post: Wadowicka 7, 30-347 Krakow;
- via contact form available at kcri.org.
II. PURPOSE OF PERSONAL DATA PROCESSING
Your personal data will be processed for the purpose of:
- providing services offered through the Website,
- contacting persons who use the Website (hereinafter also “Users”) in connection with the services offered,
- enabling the User to contact KCRI,
- adapting the content of the Website to the User’s preferences,
- resolving complaints/appeals lodged by Users,
- keeping statistics, performing analyses and archiving of the data,
- ensuring security at the company’s headquarters (monitoring system).
Moreover, the Controller collects information on IP numbers of any devices that establish connections to the website under the address http://www.kcri.org.
Such collected data are used to analyze and verify the operations of our website. Such data allow the development of, e.g. traffic statistics enabling reliable assessment of the level of interest in the service. We use the information on IP numbers also for technical purposes. In no event are the user personal data merged with the IP numbers of devices establishing connections to the website. Some areas of the service may use cookies, i.e. text files saved on the user’s device which identify the user in the manner necessary to enable the use of certain functions of the service.
III. LEGAL BASIS OF PERSONAL DATA PROCESSING
The legal basis for the processing of collected personal data is Article 6 (1) lit a) and f) of the GDPR. The data will be processed until withdrawal of the consent granted or raising an objection.
However, the person whose data are processed has the right to withdraw the granted consent at any time. This will not compromise the lawfulness of processing done before withdrawal of consent.
The Controller guarantees the confidentiality of all personal data provided. It ensures that all security and personal data protection measures required by personal data protection regulations are taken. Personal data is collected by the Controller with due diligence and adequately protected against access by unauthorized persons.
IV. YOUR RIGHTS RELATED TO DATA PROCESSING BY THE CONTROLLER
In connection with your data processing by the KCRI you have the right to:
- access the content of your data,
- correct the data,
- erase the data (to the extent it is possible in accordance with the applicable laws),
- limit the processing,
- transfer the data,
- object to the processing.
Such requests must be submitted to the Controller.
The rules relating to the implementation of these rights are set out in detail in Articles 16–21 of the GDPR. The rights listed above are not absolute and will not apply to all processing activities involving your personal data.
You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates provisions of the GDPR. As from 25 May 2018, the supervisory authority is the President of the Office for Personal Data Protection.
Providing your personal data to the Controller is voluntary. However, if you do not provide your personal data or if you provide incomplete personal data, the accomplishment by the Controller of the purposes may be seriously impeded or prevented.
Your personal data may be processed by the Controller’s subcontractors, i.e. entities whose services the Controller uses in the processing of data and the provision of services to you or the performance of services, such as:
1) server service providers, e-mail system providers;
2) persons who, when providing services related to technical support for the website, may potentially gain access to your personal data;
3) subcontractors who may be involved in the provision of various services, e.g. legal or accounting services.
All entities to whom the Controller entrusts the processing of personal data guarantee the application of appropriate measures to protect and secure personal data as required by law.
V. DATA TRANSFER
The Controller does not intend to transfer your personal data to any third countries or international organizations.
VI. AUTOMATED DECISION MAKING
The Controller will not make any automated decisions with regard to your data on the basis of the personal data shared by you, including decisions resulting from profiling.
VII. TIME OF PROCESSING
The Controller will processing the personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the context in which it was collected.
VIII. ADDITIONAL INFORMATION
This Policy is in effect from 25 May 2018 until its revocation and it fulfils the legal obligation under Articles 13 – 14 of the GDPR