European Games 2023 GDPR
PRIVACY POLICY
1. GENERAL PROVISIONS
The Data Controller of the personal data collected via the communication platform is European Games 2023 Ltd.; registered office and place of business address and address for service: Zyczkowskiego Street 20, 31-846 Krakow, Poland; entered in the Register of Entrepreneurs of the National Court Register under KRS no.: 0000947256; NIP (tax number): 6762610220, REGON (identification number) 521030271; e-mail address of the Data Protection Inspector: iod@ie2023.pl; being at the same time the service provider, hereinafter referred to as the Data Controller.
1.2 The personal data collected by the Data Controller through the communication platform is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO and the Data Protection Act of 10 May 2018.
2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
2.1 PURPOSE OF PROCESSING AND LEGAL BASIS.
The Data Controller processes personal data through the communication platform in order to carry out the registration and communication process for users of the platform.
2.2 TYPE OF PROCESSED PERSONAL DATA.
The data controller processes the following categories of user personal data:
a. first and last name
b. e-mail address
c. telephone number
d. address
e. other contact details
2.3 ARCHIVING PERIOD FOR PERSONAL DATA.
Users' personal data shall be stored by the Data Controller:
a. where the basis of data processing is the performance of a contract, for as long as is necessary for the performance of the task, and thereafter for a period corresponding to the period of limitation of claims. Unless specifically provided otherwise, the period of limitation shall be six years, and for claims for periodic performance and claims related to the conduct of a business activity, three years.
b. where data processing is based on consent, for as long as the consent is not revoked, and after revocation of the consent for a period of time corresponding to the period of limitation of claims which the Data Controller may raise and which may be raised against him. Unless a specific provision provides otherwise, the period of limitation shall be six years, and for claims for periodic benefits and claims related to the conduct of business activity - three years.
2.4 When using the communication platform, additional information may be collected, in particular: the IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
2.5 Navigation data may also be collected from users, including information about the links and references they choose to click on or other actions they take on the communication platform. The legal basis for such activities is the Data Controller's legitimate interest (Article 6(1)(f) RODO) in facilitating the use of the services provided electronically and in improving the functionality of these services.
2.6 The provision of personal data by the user is voluntary.
2.7 Personal data may also be processed by automated means in the form of profiling, provided that you have given your consent pursuant to Article 6(1)(a) of the RODO. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning him or her or to analyse or predict his or her preferences, behaviour and attitudes.
2.8 The data controller shall take special care to protect the interests of the data subjects, and in particular shall ensure that the data it collects are:
a. processed lawfully
b. collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes
c. Substantially correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
3. SHARING OF PERSONAL DATA
3.1 Users' personal data may be transferred to the service providers used by the Data Controller to operate the communication platform. The service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the Data Controller's instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of data processing (controllers).
3.2 Your personal data is stored exclusively in the European Economic Area (EEA).
4. THE RIGHT TO CONTROL, ACCESS AND CORRECT PERSONAL DATA
4.1 The data subject has the right of access to the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
4.2 Legal grounds for the user's request:
a. Access to data - Article 15 of the RODO
b. Correction of data - Article 16 RODO
c. Deletion of data (so-called right to be forgotten) - Article 17 RODO
d. Restriction of processing - Article 18 RODO
e. Data portability - article 20 RODO
f. Objection - article 21 RODO
g. Withdrawal of consent - Article 7(3) RODO
4.3 In order to exercise the rights referred to in paragraph 4.1, you can send a relevant email to: iod@ie2023.pl.
4.4 If the user makes a request for the exercise of his/her rights under the above rights, the Data Controller shall either comply with the request or refuse to comply with it immediately, but no later than within one month of receiving the request. However, if - due to the complexity of the request or the number of requests - the Data Controller is not able to comply with the request within one month, the Data Controller shall comply with the request within another two months, informing the user in advance - within one month of receiving the request - of the intended extension of the deadline and the reasons for it.
4.5 If it is established that the processing of personal data violates the provisions of the RODO, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
5. COOKIES FILES
5.1 The Data Controller's website uses cookies files.
5.2 The installation of cookies is necessary for the proper provision of services on the website. Cookies contain the information necessary for the proper functioning of the website, and they also provide the possibility of developing general statistics about the website.
5.3 The website uses the following types of cookies: session cookies and permanent cookies
a. 'Session cookies' are temporary files that are stored on the user's terminal equipment until they log off (leave the website).
b. 'Permanent cookies' are stored on the user's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the user.
5.4 The Data Controller uses its own cookies to better understand how the user interacts with the content of the website. The cookies collect information about the user's use of the website, the type of website from which the user was redirected and the number of visits and the length of the user's visit to the website. This information does not record specific personal data about the user, but is used to compile statistics.
5.5 The user has the right to decide on the access of cookies to his/her computer by selecting them in advance in his/her browser window. Detailed information on the possibility and handling of cookies is available in the settings of your software (browser).
6. FINAL PROVISIONS
6.1 The controller shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected, and in particular to protect the data against their access to unauthorised persons, against their being taken by an unauthorised person, against their being processed in breach of the applicable regulations, and against their alteration, loss, damage or destruction.
6.2 The controller shall make available appropriate technical measures to prevent acquisition and modification by unauthorised persons, of personal data sent electronically.
6.3 In matters not regulated by this Privacy Policy, the provisions of RODO and other relevant provisions of Polish law shall apply accordingly.