[Glossary of terms]
Personal Data Administrator [PDA] – the entity that decides on the purposes and means of the processing of personal data.
Data Protection Officer [DPO] – an individual who assists the PDA in carrying out his or her responsibilities regarding the protection of personal data.
Cooperating Entities – entities that offer to sell their services or products on the www.cfasofficial.com website::
the Center For American & European Studies Foundation, TIN (NIP): 7812019909, REGON: 38871141800000, KRS: 0000895006;
the Center For American Studies Association, TIN (NIP): 7811990247, REGON: 38256651800000, KRS 0000771445,
Łukasz Bartosik Center For American, European & Global Studies - Research and Education, TIN (NIP): 7812015745, REGON: 387711534
Website – the cfasofficial.com website containing information about the services of the Cooperating Entities and their offers.
User – person using the Website.
Registered user – a person/entity having a user account on the Website.
User account – a set of resources maintained by PDA for a user under a unique name (login) and protected with a password, in which the user's data are stored.
Facebook – the company Facebook Ireland Ltd. operating the social networking site Facebook with headquarters in 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.
Google – Google LLC, a company operating Google's website with registered office at 1600 Amphitheatre Parkway, Mountain View, California, U.S.
Newsletter – personalized information sent periodically to Subscribers containing information about the activities of the Cooperating Entities.
Subscriber – a user who subscribed (signed up for) to the newsletter.
Personal data – any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly.
Cookies – are small pieces of information sent by the Website and stored on user’s end device (computer, laptop, smartphone).
Processing of personal data – an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling – any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or predict aspects relating to that individual's performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
[Personal Data Administrator, Data Protection Officer, Cooperating Entities]
The administrators of the personal data processed on the Site are the Cooperating Entities, acting as joint administrators of the personal data.
PDA has appointed a Data Protection Officer who is responsible for the processing of personal data on the Site. Contact with the DPO is possible:
By post, to the address Stobnicka 5B, 60-480 Poznan, Poland;
[Types, purposes and basis of data processing]
The following data may be processed on the Site:
cookies – for the purposes described in §7 and based on the user's consent;
information about your computer, including IP address, geographical location, browser type and version and operating system, information about visits to and use of the Site, including referrer source, length of visit, page views and navigation paths on the site – to enable the proper functioning of the Site on your end device, analysis of traffic on the Site, pursuant to Article 6(1)(a) of the GDPR, i.e. the consent expressed by the user;
information entered when you create a registered user account on the Site:
the street including the building and apartment number
date of birth,
in order to enable the sales process of the products and services by the Cooperating Entities, as well as to receive personalized messages to the e-mail address or by post as part of the newsletter service on the basis of Article 6(1)(a) of the GDPR, i.e. the consent expressed by the user, and after cancellation of the service – for a period of 5 years resulting from the protection against possible claims and obligations imposed on PDA by generally applicable law, on the basis of Article 6(1)(f) of the GDPR;
information contained in any correspondence sent to the PDA by email or via the Site, including communication content and metadata, pursuant to Article 6(1)(b) of the GDPR, i.e. at the request of the data subject;
any other personal data that is entered on the Site, on the basis of. article 6(1)(a) of the GDPR, i.e. the consent given by the user.
[Co-administration via Facebook]
In the case of integration of the user's Facebook account with the user's account on the Site, PDA may process the personal data contained in the Facebook profile in accordance with the privacy settings established by the user. In particular, this may include the following personal data:
PDA uses the Facebook Pixel tool. This is a short code placed on the Site that allows you to measure the effectiveness of your ads based on an analysis of the actions taken by users on the Site. Information about the Facebook Pixel tool can be found at: https://www.facebook.com/business/help
[Co-administration by Google]
In the case of integration of the user's Google account with the user's account on the Site, PDA may process the personal data contained in the profile on the Google social network in accordance with the privacy settings established by the user. In particular, this may include the following personal data:
PDA does not use profiling on the Site.
The entity placing cookies on the user's terminal equipment and accessing them is PDA.
PDA processes cookies in order to:
proper functioning of the Site, in particular maintaining the session of the user after logging in, thanks to which the user does not have to enter his/her login and password again on each subpage of the Site;
display personalized advertising to users of the Site,
analyze Site traffic and compile statistics to help us modernize the Sites in the future and provide better service.
adapting the content of the Website to User preferences and optimizing the use of websites; in particular, these files allow for recognition of the Website User's device and appropriate display of the website, adapted to his individual needs;
The following types of cookies are used on the Site:
"necessary" cookies to enable services available on the Site, such as authentication cookies used for services that require authentication on the Site;
cookies used to ensure security, e.g. used to detect abuse of authentication on the Site;
"performance" cookies, which allow the collection of information about how the Site is used;
"functional" cookies, which enable "remembering" the user's selected settings and personalizing the user's interface, e.g. with regard to the selected language or region of the user's origin, font size, website layout, etc;
"advertising" cookies, enabling you to provide users with advertising content more tailored to their interests.
In many cases, the software used to browse the Internet (web browser) allows the storage of cookies on the user's end device by default. Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or inform on their placement on the user's device each time. Detailed information on the possibility and methods of using cookies is available in the software (web browser) settings.
Cookies placed in the end user's device and used can also be by advertisers and partners cooperating with the operator of the Website.
[Time of processing personal data]
PDA processes personal data:
User – for the duration of the use of the Site.
Registered user - from the moment of entering personal data on the Site until the moment of deleting the account of a registered user.
Subscriber - from the moment of subscribing to the newsletter service until the moment of unsubscribing.
After the cancellation of services, PDA shall store personal data for a period of 5 years resulting from the protection against possible claims and obligations imposed on PDA by generally applicable law, based on Article 6(1)(f) of the GDPR;
[Recipients of users' data]
PDA discloses users' personal data to processors under the concluded agreements on entrustment of personal data processing in order to provide services to the administrator, e.g. hosting and Site maintenance, IT services, marketing and PR services, legal and consulting services, while obliging the above entities to confidentiality when processing the data.
The PDA shall disclose personal data, if requested to do so by authorised state authorities, in particular organizational units of the prosecutor's office, the Police, the President of the Office for Data Protection, the President of the Office for Competition and Consumer Protection.
[Transmission of personal data to third countries]
The PDA may transfer and process personal data in third countries. The transfer and processing of data to a third country shall be based on a decision of the European Commission on the adequate level of protection for personal data. If no decision of the European Commission on the adequate level of protection of personal data has been issued with regard to a given third country, then the transfer to that third country shall be subject to the provision of adequate safeguards as referred to in Article 46(2) of the GDPR.
Third countries are countries outside the European Economic Area. The European Economic Area includes all countries of the European Union and the countries of the so-called European Free Trade Association, which include Norway, Switzerland, Iceland and Liechtenstein.
In connection with the use of ICT providers located in third countries, the PDA may transfer personal data to a third country. The legal basis for such transfer shall be the concluded standard contractual clauses.
[Rights of personal data subjects]
Every person whose personal data is processed has the right:
of access – to obtain confirmation from the PDA as to whether or not his/her personal data is being processed. If data about the person are processed, the person is entitled to access them and obtain the following information: about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data will be stored or the criteria for their determination, the data subject's right to request rectification, erasure or restriction of processing of personal data and to object to such processing (Article 15 GDPR);
to obtain a copy of the data – obtain a copy of the data undergoing processing, with the first copy being free of charge, and for subsequent copies the data administrator may charge a reasonable fee based on administrative costs (Article 15(3) GDPR);
of rectification – request for the rectification of personal data concerning him/her that is inaccurate or the completion of incomplete data (Article 16 GDPR);
to erasure of data ("right to be forgotten") – a request to erase her personal data if the data administrator no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);
to limit processing – request to limit the processing of personal data (Article 18 GPDR) when:
the data subject contests the accuracy of the personal data - for a period enabling the administrator to verify the accuracy of the data,
the processing is unlawful and the data subject opposes their erasure by requesting the restriction of their use,
the administrator no longer needs the data, but they are necessary for the data subject to establish, exercise or defend a claim,
the data subject has objected to the processing – until such time as it is ascertained whether the legitimate grounds on the part of the administrator override the grounds of the data subject's objection;
of data transfer – to receive in a structured, commonly used and machine-readable format the personal data concerning him or her which he or she has provided to the administrator, and to request that these data be sent to another administrator, where the data are processed on the basis of the data subject's consent or a contract concluded with him or her and where the data are processed by automated means (Article 20 of the GDPR);
objection – objecting to the processing of its personal data for the legitimate purposes of the administrator on grounds relating to its particular situation, including profiling. The administrator shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, in accordance with the assessment, the interests of the data subject override the interests of the administrator, the administrator shall be obliged to cease processing the data for those purposes (Article 21 GDPR).
In order to exercise the aforementioned rights, the data subject shall contact the DPO using the contact details provided and inform him/her of which right and to what extent he/she wishes to exercise it.
Sign up to our Newsletter
Get a free ebook
Your e-mail is safe . We promise not to send you spam.