GDPR

INFORMATION CLAUSE -for participants in the event Kongres 590

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), acting on behalf of the company Kongres590 Sp. z o.o. with its registered seat at ul Flory 3 lok. 1; 00-586 Warsaw, we inform you:

Who is the controller of your personal data?

The administrator, i.e. the entity that decides how your personal data is used, is Kongres 590 Spółka z ograniczoną odpowiedzialnością based in Warsaw, at ul. Flory 3 lok. 1, 00-586 Warsaw, NIP: 5242838755, REGON: 368205642, registered in the District Court for the Capital City of Warsaw, XII Economic Department of the National Court Register under KRS number 0000693119, tel. Warsaw, XII Economic Department of the National Court Register under KRS number 0000693119, tel. +48 600 517 856, e-mail: biuro@kongres590.pl, which is the organizer of the Kongres 590 event and the owner of all rights to the Kongres 590, including trademark protection rights (hereinafter referred to as “Administrator”).

How to contact us for more information about the processing of your personal data?

If, after reading the following information, you have questions or concerns about the processing of your personal data, please contact us by email at: iod@kongres590.pl

Where do we get your data from?

We received them in the form of an application form filled out by you, by means of which you register for the Kongres 590 and through which you purchase a ticket for the event. The registration form is available at the EVENEA.PL website or from the partners who have registered you as a participant in the event.

What is the purpose and legal basis for processing your personal data?

We process the personal data entrusted to us solely for the purpose of preparing and organizing the Kongres 590 event (hereinafter: “Event”). As part of this undertaking, we may send you a newsletter containing current information about the preparations for the event and provide you with the best possible conditions for your participation in the event.

The basis for our processing of personal data is:

  • Article 6 section (1) paragraph (b) of the GDPR – acceptance of the rules and regulations (contract) for the organization and conduct of the Event,
  • Article 6 section (1) paragraphs(b) and (c) of the GDPR – acceptance of the rules and regulations (contract), for the purpose of organizing and conducting the event, for the purpose of fulfilling the concluded contract (enabling the participant to participate in the event) and obligations under the contract and the law, including tax and accounting regulations.
  • Article 6 section (1) paragraph (a) GDPR – consent to send newsletter (marketing information),
  • Article 6 section (1) paragraph (f) of the GDPR – the legitimate interest of the Administrator for the documentation, reporting, advertising and promotional purposes of the Administrator, for the publication on social media (including Facebook, Instagram, LinkedIn, YouTube) and the Administrator’s website of photographic and video materials from the event, and other public access and distribution in a manner that allows the above materials to be viewed at the viewer’s convenience at any place and time, and for the purpose of conducting the event with the use of audio and video recording devices, for the purpose of possible establishment, investigation or defense against possible claims.

What data does the Administrator collect?

The Administrator collects the following personal data of the participants of the event: first and last name, e-mail address, telephone number (if provided to the Administrator) and additionally company/residence address, position or function held, Tax ID, PESEL number.

Submission of personal data by the participant is voluntary, but necessary for the conclusion and proper execution of the contract, failure to provide data will result in the inability to conclude the contract with the Administrator and the inability to participate in the event.

What rights do you have against Kongres 590 Sp. z o.o. regarding the processed data?

We guarantee all your rights under the General Data Protection Regulation (known as GDPR), i.e.: access to your data, the right to rectification and deletion. You can also withdraw your consent to the processing of your personal data and object to its processing at any time.

If you feel that we are mishandling your data, you can file a complaint with the President of the Data Protection Authority.

Among other things, you can use these rights:

  • When you notice that the data is incomplete or untrue with respect to the request for rectification of data,
  • When the data is no longer necessary for purposes for which it was collected, you may withdraw your consent to the processing of the data, object to the processing of the data, or request the deletion of the data,
  • when you notice that the data is inaccurate you can request that the processing be restricted for a period of time to allow us to check the accuracy of the data.
  • you can request a restriction of processing if the data is processed unlawfully, but you do not want it deleted, or the data is no longer needed by us, but you may need it to raise, pursue or substantiate a claim, or to object to the processing.

You have the right to data portability, i.e. to receive from the Administrator information about the personal data processed, in a structured, commonly used machine-readable format, to the extent that your data is processed on the basis of consent.

When can you withdraw your consent to data processing?

Consent can be revoked at any time.

Submission of personal data by the participant is voluntary, but necessary for the conclusion and proper execution of the contract, failure to provide data will result in the inability to conclude the contract with the Administrator and the inability to participate in the event.

How long will your data be processed by us?

Personal data is processed by us until:

  • data processed on the basis of consent will be processed until the consent is withdrawn,
  • data processed on the basis of statutory requirements will be processed for the period of time for which the data retention is mandated by the law,
  • data processed on the basis of the legitimate interest of the Administrator will be processed until an objection is effectively lodged (when such an objection is entitled in accordance with the law) or this interest ceases, in particular, data processed for the purpose of investigating or defending against possible claims will be processed until such claims would be expired and no longer admissible.

Who has access to your data?

The Administrator may entrust personal data to entities that cooperate with it for the purpose of preparing and conducting the event, including EventLabs Sp. z o.o. which operates the EVENEA.PL website (ticket sales), to ConnectTo Sp. z o.o. (identity verification, preparation of the list of participants and identity badges of participants registered to participate in the event) as well as entities participating in the processing of electronic payments and other entities, in particular with regard to: information and telecommunications solutions used, legal support of the Administrator, accounting, legal and marketing services. The data will also be transferred to relevant services, in particular to the State Protection Service (identity verification, in order to maintain security during the event).

The Administrator does not transfer personal data outside the European Economic Area (EEA), except for publications on social media, i.e. Facebook, Instagram, LinkedIn, Twitter, YouTube Where necessary to achieve the purpose, we will ensure an adequate degree of protection, primarily by:

  1. cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
  2. Use of standard contractual clauses issued by the European Commission;
  3. application of binding corporate rules approved by the relevant supervisory authority;

When applicable, the Administrator will inform the Participant of its intention to transfer personal data outside the EEA at the stage of collection. Upon the Participant’s request, the Administrator will provide the Participant with a copy of their data that will be transferred outside the EEA.

We further inform you that your data is not profiled.