Privacy Policy

The Controller of personal data is KCRI Sp. z o.o. with its registered office at Wadowicka 7, 30-347 Krakow, National Court Register number KRS 0000218183, (hereinafter also “KCRI”, ”Company”, “Controller”)

Contact:

• via email: dataprotection@kcri.org;

When contacting the Controller via e-mail, you naturally provide your e-mail address as the sender’s address. In addition, you can also include other personal data in the message (e.g. your name and surname, contact details, telephone number, etc.). Providing data is voluntary, but it is necessary to provide at least your e-mail address to establish contact. It is not possible to establish communication without providing at least a basic catalog of data, considering that each electronic message contains certain personal data.

• via post: Wadowicka 7, 30-347 Krakow;
• via contact form available at kcri.org.

Your personal data will be processed for the purpose of:

• providing services offered through the Website,
• contacting persons who use the Website (hereinafter also “Users”) in connection with the services offered,
• enabling the User to contact KCRI,
• adapting the content of the Website to the User’s preferences,
• resolving complaints/appeals lodged by Users,
• keeping statistics, performing analyses and archiving of the data,
• ensuring security at the company’s headquarters (monitoring system).

Moreover, the Controller collects information on IP numbers of any devices that establish connections to the website under the address http://www.kcri.org.

Such collected data are used to analyze and verify the operations of our website. Such data allow the development of, e.g. traffic statistics enabling reliable assessment of the level of interest in the service. We use the information on IP numbers also for technical purposes. In no event are the user personal data merged with the IP numbers of devices establishing connections to the website. Some areas of the service may use cookies, i.e. text files saved on the user’s device which identify the user in the manner necessary to enable the use of certain functions of the service.

The legal basis for the processing of collected personal data is Article 6 (1) lit a) and f) of the GDPR. The data will be processed until withdrawal of the consent granted or raising an objection.

However, the person whose data are processed has the right to withdraw the granted consent at any time. This will not compromise the lawfulness of processing done before withdrawal of consent.

The Controller guarantees the confidentiality of all personal data provided. It ensures that all security and personal data protection measures required by personal data protection regulations are taken. Personal data is collected by the Controller with due diligence and adequately protected against access by unauthorized persons.

In connection with your data processing by the KCRI you have the right to:

• access the content of your data,
• correct the data,
• erase the data (to the extent it is possible in accordance with the applicable laws),
• limit the processing,
• transfer the data,
• object to the processing.

Such requests must be submitted to the Controller.

The rules relating to the implementation of these rights are set out in detail in Articles 16–21 of the GDPR. The rights listed above are not absolute and will not apply to all processing activities involving your personal data.

You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates provisions of the GDPR. As from 25 May 2018, the supervisory authority is the President of the Office for Personal Data Protection.

Providing your personal data to the Controller is voluntary. However, if you do not provide your personal data or if you provide incomplete personal data, the accomplishment by the Controller of the purposes may be seriously impeded or prevented.

Your personal data may be processed by the Controller’s subcontractors, i.e. entities whose services the Controller uses in the processing of data and the provision of services to you or the performance of services, such as:

1) server service providers, e-mail system providers;

2) persons who, when providing services related to technical support for the website, may potentially gain access to your personal data;

3) subcontractors who may be involved in the provision of various services, e.g. legal or accounting services.

All entities to whom the Controller entrusts the processing of personal data guarantee the application of appropriate measures to protect and secure personal data as required by law.

The Controller does not intend to transfer your personal data to any third countries or international organizations.

The Controller will not make any automated decisions with regard to your data on the basis of the personal data shared by you, including decisions resulting from profiling.

The Controller will processing the personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the context in which it was collected.

This Policy is in effect from 25 May 2018 until its revocation and it fulfils the legal obligation under Articles 13 – 14 of the GDPR