Privacy Policy of the Chamber of Digital Economy

What will you find in this document?

Information on the protection of your personal data, including your rights.

We have divided the policy into four parts:

  1. an explanation of the terms used in the Policy, information on our contact details and your rights;
  2. details about the processing of your personal data; we have provided information separately for each form you can fill in on our Website and with respect to contacting us using the contact details we provide on the Website;
  3. information on the processing of your data on our Social Media profiles;
  4. information on cookies.

Contents

Part I – General provisions

  • Controller
  • Terms used in the Privacy Policy
  • Personal data protection
  • Your rights with respect to personal data
  • The right of objection
  • A complaint lodged with the President of the Office for Personal Data Protection
  • Questions about the Policy and where it is published

Part II – Information related to the processing of your personal data in our forms and when you contact us 

  • Contact with us via the contact form, by e-mail, or on the phone
  • Members and Partners of the e-Chamber
  • Participation in conferences, galas, competitions, and other events

Part III – Our social media profiles

  • Using our social media profiles

Part IV – Information on cookie files and related processing of personal data 

  • Entering the Website
  • What cookie files are and why we use them
  • Types of cookie files
  • How to delete cookie files
  • The effect of changing browser settings on the experience of using the Website
  • External cookie files

Part I – General provisions

§1

Controller

  1. The controller of your personal data is us, i.e. the Chamber of Digital Economy. In the further parts of this Privacy Policy, we refer to ourselves in the first person or as “the Controller”, “the e-Chamber”,or “We”.
  2. We operate on the grounds of entry in the register of associations, other social and professional organisations, foundations, as well as independent public health care centres, kept by the National Court Register. We are also registered in the Register of Entrepreneurs of the National Court Register. Our National Court Register (KRS) entry No. is 474028 and our Taxpayer ID No. (NIP) is 701-039-19-22.
  3. You can contact us by the following means:
    a. by post: ul. Łucka 18, suite 76, 00-845 Warszawa,
    b. by e-mail sent to: biuro@eizba.pl.

§2

Terms used in the Privacy Policy

If you see any of the following capitalised terms in the further parts of our Privacy Policy, you should understand them as defined below:
a. “Website” – the website whose main page is located at the address www.eizba.pl; if you sign up to participate in competitions, galas, training sessions, or other events organised by us, or use our mediation page, the term Website should also be understood as our other websites, e.g. those dedicated to a particular conference or competition, or to mediation,
b. “Policy” –
means this document, i.e. Privacy Policy, which you are now reading,
c.
“GDPR” – the Regulation of the European Parliament and the Council of the European Union (EU) 2016/679 of April 27, 2016, on the protection of natural persons with respect to the processing of personal data and the free flow of such data, as well as the repealing of Directive 95/46/EC. You can find the text of the GDPR here, “Social media” – Facebook, LinkedIn, Twitter, and other social networks where we have our profiles.

§3

Personal data protection

  1. We process all personal data that you provide on the Website or that we collect about you during your use of the Website as a Controller in accordance with the GDPR.
  2. We use the technical measures required by current data protection legislation to prevent unauthorised persons from obtaining and modifying personal data sent electronically, i.e. via our Website.

§4

Your rights with respect to personal data

  1. We process your personal data, therefore:
    a. you have the right to access and obtain a copy of your personal data, b. you can rectify (amend) your personal data,
    c. you can request the deletion of your personal data where allowed by the GDPR,
    d. you have the right to restrict processing to the extent specified in the GDPR.
  2. See Parts II–IV of the Policy for information on additional rights, as, in certain situations, you will have additional opportunities.
  3. Would you like to exercise your rights or find out more about them? You are welcome to contact us about it. Our contact details are provided in § 1 sec. 3 of the Policy.

§5

The right of objection

  1. Once you have provided us with your personal data or if we collect it on our own, you can exercise your right to object. You have it in two situations where we process your personal data:
    a. for direct marketing purposes; you do not need to justify such an objection;
    b. on the grounds of our other legitimate interests; such an objection requires justification, i.e. your particular situation. Tell us why we should not process your data.
  2. Do you wish to exercise your right of objection? You are welcome to contact us about it. Our contact details are provided in § 1 sec. 3 of the Policy.

§6

Lodging a complaint with the President of the Office for Personal Data Protection

If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the supervisory authority. In Poland, it is the President of the Office for Personal Data Protection, whose website is available at https://uodo.gov.pl/

§7

Questions about the Policy and where it is published

  1. If you have any questions about the Policy, please let us know.
  2. The Policy is available at https://eizba.pl/polityka-prywatnosci/ and in our office, whose address is indicated in § 1 sec. 3 of the Policy.

Part II – information related to the processing of your personal data in our forms and when you contact us

§8

Contact with us via the contact form, by e-mail, or on the phone

If you are contacting us, please note the following:

a. For what purpose and on what legal grounds do we process your data?

  1. The processing is necessary for the purposes of the legitimate interests pursued by the Controller consisting in responding to your message and resolving the matter you have communicated (Article 6 sec. 1 f) of the GDPR).
  2. If your message concerns taking steps to establish a relationship, the processing of your data is necessary for us to take action at your request before entering into an agreement (Article 6 sec. 1 b) of the GDPR).

b. What are your rights?

We describe them in §§ 4 – 6 of the Policy.

c. Do you need to give us your details?

This is voluntary. However, without your contact details, we may not be able to resolve the matter you have raised.

d. Who will we convey your data to?

Entities hosting (storing) the Website or personal data for us and, if necessary, legal advice providers.

e. How long will we process your data?

For as long as it takes to resolve the matter you have raised and, if your message concerns starting cooperation with us, for as long as it takes to act on and discuss the matter with you. Depending on the type of issue you have raised, we will also process your data for the time it takes to demonstrate that we have resolved it, i.e. the period of the statute of limitations for claims – no longer than six years – or three years, respectively, if these would be business-related claims unless the course of this period is interrupted.

§9

Members and Partners of the e-Chamber

If you are joining us as a Member or Partner, and are completing a declaration form to that effect, please note the following:

a. For what purpose and on what legal grounds do we process your data?

  1. To carry out statutory activities, in particular consisting in the following:
    1. taking steps, at your request, to carry out activities leading to the review of the completed declaration,
    1. issuing a decision to admit or refuse admission as a Member or Partner,
    1. processing appeals against decisions,
    1. representing the interests of Members,
    1. conducting activities in the areas of research, publishing, and the dissemination of information.
    1. organising training sessions, meetings, industry conferences, and other educational and dissemination-related initiatives for the development of digital economy,
    1. working with governmental and local authorities towards the development of digital economy,
    1. cooperating and exchanging experiences with various milieus, organisations, and institutions (operating in the fields of education, science, culture, economy, mass media, etc.)

– the legal basis for the processing of your data is the necessity for the performance of an agreement (our Statute is a civil law agreement) to which the data subject is a party, or to act at the request of the data subject prior to entering into an agreement (Article 6 sec. 1 b) of the GDPR). 

  •  Fulfilment of legal obligations incumbent on the Controller pursuant to Article 74 sec. 2 of the Accounting Act of September 29, 1994, and Article 70 of the Tax Ordinance Act of August 29, 1997 (Article 6 sec. 1 c) of the GDPR).
  • The processing is necessary for purposes deriving from the legitimate interests pursued by the Controller or by a third party (Article 6 sec. 1 f) of the GDPR), in particular consisting in the following:
    • asserting or defending against claims,
    • carrying out marketing activities.

b. What are your rights?

We describe them in §§ 4 – 6 of the Policy. You may also exercise your right to the portability of your personal data under the terms of the GDPR.

c. Do you need to give us your details?

This is voluntary. However, failure to provide data will prevent us from accepting the declaration and will make it impossible or difficult for us to perform our statutory tasks.

 d. Who will we convey your data to?

  1. Providers of tools used for mailshots.
  2. Parcel delivery companies.
  3. Entities engaged in the hosting (storing) of the Website and personal data for us.
  4. Accounting offices or law firms.
  5. Businesses involved in claiming outstanding membership fees on our behalf.

e. How long will we process your data?

For the duration of our relationship arising from your membership in the e-Chamber or being our Partner and for the time necessary to demonstrate that we have properly performed our statutory or contractual obligations. This time corresponds to the length of the limitation period for civil claims, i.e. no more than six years – or three years, respectively, if these would be business-related claims unless the period is interrupted. Where personal data is contained in documents submitted to the tax office or in connection with the payment of taxes – the data retention period is 5 years, starting from the end of the calendar year in which the time frame for payment of the tax expired (the limitation period for tax liabilities), i.e. up to a maximum of 6 years.

§10

Participation in conferences, galas, competitions, or other events

If you are applying through the Website for your participation in our conferences, training sessions, galas, competitions, or other events, hereinafter referred to as “Events”, please note the following:

a. For what purpose and on what legal grounds do we process your data?

  1. The processing is necessary for the performance of an agreement to which the data subject is party or to take steps at the request of the data subject prior to entering into an agreement (Article 6 sec. 1 b) of the GDPR). Agreements may involve attendance at conferences, galas, and other events.
  2. Fulfilment of the Controller’s legal obligations pursuant to Article 74 sec. 2 of the Accounting Act of September 29, 1994, and Article 70 of the Tax Ordinance Act of August 29, 1997, in connection with the settlement of payments related to participation in conferences, galas, and other events as well as prizes awarded to winners of competitions (Article 6 sec. 1 c) of the GDPR).
  3. The processing is necessary for purposes deriving from the legitimate interests pursued by the Controller or by a third party (Article 6 sec. 1 f) of the GDPR), consisting in the following:
    1. organising competitions and accrediting participant entries,
    1. conducting marketing activities consisting in sending you the Newsletter, if you subscribe to it and give us your e-mail address for this purpose, as well as analysing whether you read the Newsletter and which content interests you most,
    1. asserting or defending against claims.

b. What are your rights?

We describe them in §§ 4 – 6 of the Policy. You may also exercise your right to the portability of your personal data under the terms of the GDPR.

c. Do you need to give us your details?

This is voluntary. However, you cannot register your participation in an Event without providing these details. Also, you will not be able to receive the Newsletters from us.

d. Who will we convey your data to?

  1. Providers of tools used for sending Newsletters.
  2. Providers of tools for conducting Events in an online format, including webinars.
  3. Couriers, if materials, statuettes, or prizes, for example, are sent to you in connection with your participation in an Event.
  4. Payment operators, if a given Event involves the payment of a fee.
  5. Entities engaged in the hosting (storing) of the Website and personal data for us;
  6. Accounting offices or law firms.

e. How long will we process your data?

  1. For as long as is necessary to perform the agreement with respect to your participation in the Event and to demonstrate that we have performed it properly. This time corresponds to the length of the limitation period for claims, i.e. no longer than six years – or three years, respectively, if these would be business-related claims unless the period is interrupted. Where personal data is contained in documents submitted to the tax office or in connection with the payment of taxes – the data retention period is 5 years, starting from the end of the calendar year in which the time frame for payment of the tax expired (the limitation period for tax liabilities), i.e. up to a maximum of 6 years.
  2. The marketing activities will continue for the duration of the relevant action or until you object to further processing for these purposes, including, for example, sending and improving the Newsletter.

§11

Patronage

If you are an organiser or co-organiser of an event and you are requesting the e-Chamber to become a patron of the event and completing the relevant application for this purpose, please note the following:

a. For what purpose and on what legal grounds do we process your data?

  1. The processing of the data is necessary to carry out the procedure related to the analysis of the application and the decision on whether or not to patronise a given event, i.e. to take action at your request before concluding an agreement (by accepting the Regulations on the granting of patronage by the Chamber of Digital Economy), and to perform the provisions of the Regulations (Article 6 sec. 1 b) of the GDPR).
  2. Fulfilment of the Controller’s legal obligations pursuant to Article 74 sec. 2 of the Accounting Act of September 29, 1994, and Article 70 of the Tax Ordinance Act of August 29, 1997 – Tax Ordinance, in connection with the settlement of payments related to participation in conferences, galas and other events as well as prizes awarded to winners of competitions (Article 6 sec. 1 c) of the GDPR).

b. What are your rights?

We describe them in §§ 4 – 6 of the Policy. You may also exercise your right to the portability of your personal data under the terms of the GDPR.

c. Do you need to give us your details?

This is voluntary. Without these, you cannot submit an event patronage application.

d. Who will we convey your data to?

Entities engaged in the hosting (storing) of the Website and personal data for us;

e. How long will we process your data?

For the time necessary to process the event patronage application and, if patronage over a given event will be exercised, for the duration of the agreement in this respect. In both cases, we will also process the data for the time necessary to demonstrate that we have performed our obligations correctly. This time corresponds to the length of the limitation period for claims, i.e. no longer than six years – or three years, respectively, if these would be business-related claims unless the period is interrupted. Where personal data is contained in documents submitted to the tax office or in connection with the payment of taxes – the data retention period is 5 years, starting from the end of the calendar year in which the time frame for payment of the tax expired (the limitation period for tax liabilities), i.e. up to a maximum of 6 years.

Part III – Our social media profiles

§ 12

Plenipotentiaries and Representatives

If you are a representative or plenipotentiary of a Member, Partner or the entity on whose behalf you are submitting a membership or partnership declaration, please note the following:

a. From what source have we obtained your data?

Your personal data has been made available to us by the entity you represent, it is included in the documents submitted to us by that entity, or it has been obtained by us from public records (KRS, CEIDG) or directly from you. 

b. What scope of your data are we processing?

The scope of your personal data processed by the Controller may include – as appropriate to your role – your name, mailing address, numbers assigned in the relevant state registers (e.g. your personal identification number – PESEL), contact details including e-mail address, telephone number, position or function held within the organisation, and the scope of your plenipotentiary authority.

c. For what purpose and on what legal grounds do we process your data?

  1. Your personal data will be processed in connection with the processing of your declaration or in connection with the fact that the entity you represent is a Member or Partner of the e-Chamber, i.e. in order to perform the provisions of the -e-Chamber’s Statute – the legal basis for the processing of your data is the legitimate interest of the controller and the entity you represent (Article 6 sec. 1 f) of the GDPR); the legitimate interest consists in ensuring the reliable identification of the Member or Partner and its representatives, including plenipotentiaries.
  2. Fulfilment of the Controller’s legal obligations pursuant to Article 74 sec. 2 of the Accounting Act of September 29, 1994, and Article 70 of the Tax Ordinance Act of August 29, 1997, in connection with the settlement of payments related to participation in conferences, galas, and other events as well as prizes awarded to winners of competitions (Article 6 sec. 1 c) of the GDPR).

d. What are your rights?

We describe them in §§ 4 – 6 of the Policy. 

 e. Do you need to give us your details?

This is voluntary, but the failure to provide us with your data will prevent us from achieving the purposes indicated in item c above.

f. Who will we convey your data to?

Your personal data may be transferred to providers of IT systems and services, as well as any entities providing the Controller with services necessary for the performance of the Statute, including legal services.

g. How long will we process your data?

Your personal data will be processed for the duration of the legal relationship between the entity you represent and the e-Chamber. Data may also be processed for the period of the statute of limitations for claims. This time corresponds to the length of the limitation period for claims, i.e. no longer than six years – or three years, respectively, if these would be business-related claims, unless the period is interrupted. Where personal data is contained in documents submitted to the tax office or in connection with the payment of taxes – the data retention period is 5 years, starting from the end of the calendar year in which the time frame for payment of the tax expired (the limitation period for tax liabilities), i.e. up to a maximum of 6 years.

Part III – Information on the processing of your data on our Social Media profiles;

§13

Using our social media profiles

If you use our profile, please note the following:

a. For what purpose and on what legal grounds do we process your data?

The processing is necessary for purposes deriving from the legitimate interests pursued by the Controller or by a third party (Article 6 sec. 1 f) of the GDPR), consisting in:

  •  responding to private messages you send to us,
  • having a discussion with you in the comments section of specific posts,
  • sharing our posts with you as a follower,
  • marketing, through informing you about our activities and ourselves through posts we publish on our profile, including sponsored posts displayed to a broader range of social media users,
  • receiving and analysing statistical data from entities managing social media, e.g. data on our posts’ visibility obtained from Facebook Ireland Ltd., as well as data on the reach of our posts, the number of interactions, and the demographics of our followers; the data presented to us by social media companies is statistical but developed based on such companies’ observations of your behaviour on our profile.

b. What are your rights?

We describe them in §§ 4 – 6 of the Policy. 

c. Do you need to give us your details?

This is voluntary. However, due to the rules applied in social media, we will see your name (or nickname) and photo if you write to us or comment on our post.

d. Who will we convey your data to?

Social media operators, such as, in particular, Meta Platforms Ireland Limited.

e. How long will we process your data?

For the time over which you follow our profile. Remember that you can always delete your comments under our posts, stop following us, or cancel your social media account.

f. Information on joint control of data exercised together with Meta Platforms Ireland Limited:

  • The Controller and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of your data in accordance with Article 26 of the GDPR in respect of processing for statistical and advertising purposes.
  • Joint control includes the aggregate analysis of data in order to display statistics on user activity on the Controller’s Fanpage.
  • Meta Platforms Ireland Limited’s responsibility for processing your data for the purposes indicated:
    • having legal grounds for processing data for the website’s statistics
    • ensuring the exercise of data subjects’ rights
    • reporting violations to the supervisory authority and notifying the persons affected
    • ensuring that appropriate technical and organisational measures are in place to ensure the security of your data.
  • The Controller’s responsibility for processing your data:
    • having legal grounds for processing data for statistical purposes
    • fulfilment of information-related obligations with regard to the purposes of the processing carried out by the Controller
  • Meta Platforms Ireland Limited will make the core content of the website statistics appendix available to data subjects (Article 26 sec. 2 of the GDPR) via the data contained in the website statistics information which can be accessed from all pages.
  • The main supervisory authority for joint processing is the Irish Data Protection Commission (notwithstanding the provisions of Article 55 sec. 2 of the GDPR, where applicable).
  • Details of the mutual arrangements between the controllers are available at: https://www.facebook.com/legal/terms/page_controller_addendum
  • As part of Meta Platforms Ireland Limited’s ICT infrastructure is located in the USA, Facebook/Instagram platform user data may be transferred to a third country (i.e. the USA). The European Commission has not issued a decision stating that the United States provides an adequate level of data protection, however, Meta Platforms Ireland Limited declares that the data transfer complies with the requirements of the GDPR, including through the application of standard contractual clauses.
  • For more information on Meta Platforms Ireland Limited’s processing of your personal data and the protection measures applied with respect to it, please visit https://www.facebook.com/privacy/explanation

Part IV – Information on cookie files and related processing of personal data

§14

Entering the Website

When you enter the Website, we process the information contained in cookie files. Cookies are stored on your terminal device (e.g. computer, tablet, or smartphone) and the information it contains is accessed. These activities take place according to the principles described below.

§15

What are cookie files and why do we use them

  1. On the Website, we use cookies, which are small text files stored on your terminal device (e.g. computer, tablet, or smartphone). Cookies can be read by the Website. Do you want to know more about cookies? Visit the Wikipedia page at this link.
  2. We store cookie files on your computer, phone, or tablet and access the information contained in them for the purposes of a. ensuring the proper operation of the Website, including maintaining your session; b. statistics and analytics, in particular, to enable us to analyse how you use the Website.
  3. In the case described in item b above, the processing of your personal data may take place: a. we carry out the processing on the grounds of our legitimate interest, i.e. Article 6 sec. 1 f) of the GDPR; b. our legitimate interest is to collect statistical data about your use of our Website in order to optimise its performance; c. We have set out your rights in relation to this processing in §§ 4 – 6 of the Policy; d. remember that you can contact us at any time and object to the processing of your personal data; e. We will transfer your personal data to providers of analytical tools; f. We will keep your personal data for the duration of these statistical and analytical activities or until you object to further processing for statistical or analytical purposes; g. Transfers of personal data outside the European Economic Area will be made when the conditions are met to allow this. We will inform you if such a situation arises;
    h. the provision of such personal data is voluntary, and the failure to do so, e.g. through the use of appropriate blocking software, does not entail any negative consequences.

§16

Types of cookie files

There are several types of cookie files on the Website:

a. session files, which remain in the memory of your web browser until you close it;
b. temporary files, which remain in the memory of your web browser until a predetermined time has elapsed (maximum 2 years); remember that you can delete such files on your own earlier (in § 17, we indicate how to do this);
c. external files, which come from providers of analytical tools on the Website, among other entities.

§17

How to delete cookie files

  1. You can configure your Internet browser to prevent cookies from being stored on your computer, phone, or tablet.
  2. You can delete cookies after they have been placed on your device by us. To do so, you can use the following: relevant functions of your Internet browser, software serving this purpose, or relevant tools available within your operating system.
  3. The following links provide information on how to delete cookies in the most popular Internet browsers:

§18

The effect of changing browser settings on the experience of using the Website

Changing the configuration of your Internet browser to one that prevents or restricts the storage of cookies may result in restrictions on the functionality of the Website. Deleting cookies when using the Website may lead to similar consequences. This means that some of our services will not be available without cookies; for instance, you may not be able to complete the membership declaration on our Website.

§19

External cookie files

  1. Cookies placed on your computer, phone, or tablet may come from other service providers. You can remove them from your device on your own. In § 17, we indicate how to do it. These files are stored on your device for varying lengths of time, depending on the file in question (at maximum, for the duration of the session).
  2. The Website uses cookies provided by Google Ireland Limited as part of its Google Analytics services. These services help us analyse traffic on the Website. We use them to obtain statistics and analytical data showing how you and other users use the Website. You can block the operation of Google Analytics. To do this, install this browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout?hl=pl.
  3. Transfers of personal data outside the European Economic Area will be made once the conditions are met to allow this to happen. We will inform you if such a situation arises.

en