INFORMATION ON PERSONAL DATA PROCESSING
In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119 p. 1, hereinafter the “GDPR”), we hereby inform you that:
  1. Personal Data Controller
    1. Controller of your personal data is Stowarzyszenie ML in PL ul. Kochanowskiego 32/125, 01-864 Warszawa, KRS: 0000754960, REGON: 381658081, NIP: 1182183164 (hereinafter referred to as the “Controller”).
    2. Contact e-mail of the Controller: gdpr@mlinpl.org.
    3. Contact phone no. of the Controller:+48 605 589 288.
  2. Purposes of personal data processing
    1. Your personal data is processed by the Controller in connection with your participation in the lecture of Aleksander Mądry organized by Stowarzyszenie ML in PL (hereinafter referred to as the “Event”), including, without limitation, to:
      1. carrying out the Event and providing you with the opportunity to participate in the Event as a speaker or participant;
      2. providing you with access to Event materials and other materials related to the topic of the Event;
      3. forwarding information about future ML in PL meetings;
      4. handling any complaints or claims;
      5. complying with the legal obligations imposed on the Controller.
    2. In addition, your personal data may be processed for marketing purposes related to the Controller’s own products and services or for other purposes to which you give consent.
    3. The Controller does not use personal data to make decisions based solely on its automated processing, including profiling.
    4. Personal data are acquired directly from you.
    5. You provide your personal data on a voluntary basis but in certain situations you may need to do so to participate in the Event.
  3. Types of personal data processed
    1. The Controller processes the following personal data, necessary to carry out the Event:
      1. name and surname / business name;
      2. contact phone number;
      3. email address.
  4. Bases of personal data processing
    1. Processing of personal data by the Controller is based on the provisions of law, in particular, when:
      1. it is necessary for the performance of a contract and/or to carry out the Event, in particular, to carry out activities before the Event;
      2. it is necessary to fulfil legal obligation imposed on the Controller (f.ex. tax obligation);
      3. it is necessary for the purposes of the legitimate interests pursued by the Controller (f.ex. Controller’s marketing activities, pursuing claims in court proceedings).
    2. Further, processing of personal data by the Controller might be based on your consent.
    3. At any time you have a right to withdraw your consent to the processing of personal data if the consent in question is the basis for processing. If the consent is withdrawn, this will not affect the lawfulness of the processing carried out before the consent was withdrawn and it will not affect the processing of personal data which relies on a basis other than the consent. Withdrawal of the consent may make your participation in the Event impossible.
    4. You can grant consent for personal data processing only if you are over 18 years old. If you are below 18, your parents’ and/or legal guardian’s consent is required.
  5. Retention period for personal data
    1. Your personal data will be kept for a period necessary to carry out the purposes  of processing, in particular for the period of:
      1. carrying out the Event and/or carrying out the activities before the Event;
      2. for a period in which you or the Controller have any rights and/or claims regarding the Event, in particular for the limitation period and one year after the expiry of the limitation period;
      3. execution of legal obligations imposed on the Controller.
    2. At the end of the retention period, personal data will be immediately erased by the Controller, except personal data provided to the Controller for marketing purposes, which will continue to be processed until you withdraw the relevant consent or objects to the processing of such information.
  6. Recipients of personal information
    1. Your personal data may be shared with the following categories of recipients:
      1. individuals employed at the Controller or working with the Controller under civil-law agreements and authorised by the Controller;
      2. processors of personal data acting for and on behalf of the Controller, as well as authorised individuals employed in such entities (e.g. external service providers, subcontractors, legal advisers, financial consultants or accountants, IT service providers, etc.); and
      3. governmental authorities or other public bodies, in order to comply with legal requirements.
    2. Your personal data sharing or disclosure takes place with respect to your rights and in compliance with the applicable laws and regulations.
  7. Data protection measures
    1. The Controller protects your personal data against unauthorised third-party access.
    2. The Controller implements appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with legal regulations.
    3. The Controller implements and uses proper technical solutions to protect your personal data. The Controller uses only highest quality technical and IT solutions, as well as physical security.
  8. Your rights in respect of personal data
    1. At any time you may file a complaint in relation to the processing of your personal data – in writing or in electronic form on addresses specified in point 9 below.
    2. You also have the right to obtain from the Controller confirmation whether your personal data is being processed, and, where that is the case, access to that personal information in compliance with the applicable laws.
    3. Further, you have the right:
      1. to file a complaint to the supervisory authority;
      2. to request the Controller to immediately rectify or complete any personal data concerning you;
      3. to object, on grounds relating to your particular situation, to processing of personal data concerning you where so permitted by the applicable laws;
      4. to request the Controller to immediately erase any personal data concerning you (“right to be forgotten”) where so permitted by the applicable laws;
      5. to request the Controller to restrict the processing of personal data where so permitted by the applicable laws;
      6. to request the Controller to provide you with the personal data concerning you which you have given to the Controller, in a structured, commonly used and machine-readable format and to transmit that data to another controller without any obstacles from the Controller, if:
        1. the processing is based on consent or on a contract; and
        2. the processing is carried out by automated means.
  9. Complaint procedure
    1. A complaint may be filed:
      1. in writing, to the address of the Controller’s registered office, i.e. Stowarzyszenie ML in PL ul. Kochanowskiego 32/125, 01-864 Warszawa; or
      2. electronically to the following email address: gdpr@mlinpl.org.
    2. We recommend that as a minimum, a complaint shall include:
      1. a description how a personal data breach has occurred and what that breach involves; and
      2. details allowing to communicate the outcome of the complaint.
    3. If any of the requests listed above in section 8 is made, a complaint must include:
      1. the statement of the request;
      2. the substantiation where applicable; and
      3. details allowing to communicate the outcome of the complaint.
    4. The Controller may ask you to provide further details if such details are required to process the request.
    5. If any of the requests listed above in section 8 is made, such request is handled in accordance with the provisions on the complaint procedure. In this case, the Controller may ask you to prove your identity in order to verify if you have the authority to make such request.
    6. A complaint is investigated immediately but no later than within 14 days of the date of the request.
    7. Where a complaint requires an additional procedure, the period for handling the complaint may be extended.
    8. You may at any stage seek from the Controller information on the status of your complaint.
    9. The Controller will inform you how the complaint has been resolved and what measures have been taken to address the complaint promptly upon resolution of the complaint.
    10. The Controller communicates with you electronically by writing to the email address provided by you. If you have provided no email address, the Controller communicates with you in writing.
    11. If no response to the complaint is received within 30 days, the complaint shall be considered to be accepted. If the Controller takes no action on your complaint, then the Controller will inform you immediately, no later than within a month of the request, of the reasons for not acting and of the possibility to complain to the supervisory authority or to seek legal remedies in court.
    12. If an investigation of a complaint reveals that a personal data breach has occurred, the Controller will take measures provided for in the applicable legislation.
  10. Final provisions
    1. All inquiries or concerns relating to the processing and protection of personal data must be directed to the Controller in writing, by email or by phone to the following details:
Stowarzyszenie ML in PL ul. Kochanowskiego 32/125, 01-864 Warszawa
contact email address: gdpr@mlinpl.org,
I hereby confirm, that I have received the information and I acknowledge the understanding of the information