§ 1
[Introductory information]
This document, the Privacy Policy, contains information on the processing of personal data and other information regarding the users of the www.cfasofficial.com website. In this privacy policy, the administrator has included all the information that data subjects should receive in accordance with the GDPR.
§ 2
[Glossary of terms]
− Center For American & European Studies Foundation, TIN: 7812019909, REGON: 38871141800000, KRS: 0000895006;
− Center For American Studies Association, TIN: 7811990247, REGON: 38256651800000, KRS 0000771445,
− Łukasz Bartosik Center For American, European & Global Studies, TIN: 7812015745, REGON: 387711534
§ 3
[Personal Data Administrator, Data Protection Coordinator, Cooperating Entities]
1. The administrators of the personal data processed on the Site are the Cooperating Entities,
acting as joint administrators of the personal data.
2. PDA has appointed a Data Protection Coordinator who is responsible for proper protection of personal data. Contact with the DPC is possible:
a) By post, to the address Stobnicka 5B, 60-480 Poznan, Poland;
b) By email, to: [email protected].
3. PDA processes personal data within the scope and for the purposes described in this
Privacy Policy.
§ 4
[Types, purposes and basis of data processing]
1. The following data may be processed on the Site:
c) information entered when you create a registered user account on the Site:
i. first name,
ii. last name,
iii. sex/gender,
iv. mailing address,
− country,
− city,
− the street including the building and apartment number
− zip code,
v. phone,
vi. date of birth,
vii. e-mail,
viii. password,
in order to enable the sales process of the products and services by the Cooperating Entities, as well as to receive personalized messages to the e-mail address or by post as
part of the newsletter service on the basis of Article 6(1)(a) of the GDPR, i.e. the
consent expressed by the user, and after cancellation of the service on the basis of Article 6(1)(c) and (f) of the GDPR for a period of protection against eventual claims and obligations;
d) information contained in any correspondence sent to the PDA by email or via the
Site, including communication content and metadata, pursuant to Article 6(1)(b)
of the GDPR, i.e. at the request of the data subject;
e) any other personal data that is entered on the Website (and image – in the case of participation with the camera on in recorded events, such as training courses and conferences) on the basis of Article 6(1)(a),(b) and (f) of the GDPR, i.e. consent expressed by the user, when the processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract, and when the processing is necessary for the purposes of the legitimate interests pursued by the PDA.
§ 5
[Co-administration via Facebook]
1. In the case of integration of the user's Facebook account with the user's account on the
Site, PDA may process the personal data contained in the Facebook profile in
accordance with the privacy settings established by the user. In particular, this may
include the following personal data:
a) first name,
b) last name,
c) sex/gender,
d) e-mail,
e) phone,
f) location data,
g) image,
h) profile picture.
2. The purposes and processing of personal data decided by Facebook, the legal basis
and other information required by law are described at:
https://www.facebook.com/privacy/explanation.
3. PDA uses the Facebook Pixel tool. This is a short code placed on the Site that allows
you to measure the effectiveness of your ads based on an analysis of the actions taken
by users on the Site. Information about the Facebook Pixel tool can be found at:
https://www.facebook.com/business/help/742478679120153
§ 6
[Co-administration by Google]
1. In the case of integration of the user's Google account with the user's account on the
Site, PDA may process the personal data contained in the profile on the Google social
network in accordance with the privacy settings established by the user. In particular,
this may include the following personal data:
a) first name,
b) last name,
c) sex/gender,
d) e-mail,
e) phone,
f) location data,
g) image,
h) profile picture.
2. The purposes and processing of personal data decided by Google, the legal basis and
other information required by law are described at:
https://policies.google.com/privacy.
3. PDA uses the Google Analytics tool to analyse the anonymous data collected on the
website traffic, e.g. number of visits, country, browser, time of visit, etc. The tool uses
cookies and does not provide personally identifiable information. Information about
the Google Analytics tool can be found at: https://support.google.com/analytics/.
§ 7
[Profiling]
PDA does not use profiling on the Site.
§ 8
[Cookie Policy]
1. The Site uses cookies to provide the highest level of service, including in a manner
tailored to individual needs. Using the site without changing the settings for cookies
means that they will be placed on your terminal device.
2. The entity placing cookies on the user's terminal equipment and accessing them is
PDA.
3. PDA processes cookies in order to:
1) proper functioning of the Site, in particular maintaining the session of the user
after logging in, thanks to which the user does not have to enter his/her login and
password again on each subpage of the Site;
2) display personalized advertising to users of the Site,
3) Analyze Site traffic and compile statistics to help us modernize the Sites in the
future and provide better service.
4) adapting the content of the Website to User preferences and optimizing the use of
websites; in particular, these files allow for recognition of the Website User's
device and appropriate display of the website, adapted to his individual needs;
4. The following types of cookies are used on the Site:
1) "necessary" cookies to enable services available on the Site, such as
authentication cookies used for services that require authentication on the Site;
2) cookies used to ensure security, e.g. used to detect abuse of authentication on the
Site;
3) "performance" cookies, which allow the collection of information about how the
Site is used;
4) "functional" cookies, which enable "remembering" the user's selected settings
and personalizing the user's interface, e.g. with regard to the selected language or
region of the user's origin, font size, website layout, etc;
5) "advertising" cookies, enabling you to provide users with advertising content
more tailored to their interests.
5. In many cases, the software used to browse the Internet (web browser) allows the
storage of cookies on the user's end device by default. Users can change their cookie
settings at any time. These settings can be changed in particular in such a way as to
block the automatic handling of cookies in the settings of the web browser or inform
on their placement on the user's device each time. Detailed information on the
possibility and methods of using cookies is available in the software (web browser)
settings.
6. PDA informs that restrictions on the use of cookies may affect some of the
functionalities available on the Site.
7. Cookies placed in the end user's device and used can also be by advertisers and
partners cooperating with the operator of the Website.
§ 9
[Time of processing personal data]
1. PDA processes personal data:
1) User – for the duration of the use of the Site.
2) Registered user - from the moment of entering personal data on the Site until
the moment of deleting the account of a registered user.
3) Subscriber - from the moment of subscribing to the newsletter service until the
moment of unsubscribing.
2. After the cancellation of services, PDA shall store personal data for a period of 5
years resulting from the protection against possible claims and obligations imposed on
PDA by generally applicable law, based on Article 6(1)(f) of the GDPR;
§ 10
[Recipients of users' data]
1. PDA discloses users' personal data to processors under the concluded agreements on
entrustment of personal data processing in order to provide services to the
administrator, e.g. hosting and Site maintenance, IT services, marketing and PR
services, legal and consulting services, while obliging the above entities to
confidentiality when processing the data.
2. The PDA shall disclose personal data, if requested to do so by authorised state
authorities, in particular organizational units of the prosecutor's office, the Police, the
President of the Office for Data Protection, the President of the Office for Competition
and Consumer Protection.
§ 11
[Transmission of personal data to third countries]
1. The PDA may transfer and process personal data in third countries. The transfer and
processing of data to a third country shall be based on a decision of the European
Commission on the adequate level of protection for personal data or standard contractual clauses.
2. If no decision of the European Commission on the adequate level of protection of personal data has been issued with regard to a given third country, then the transfer to that third country shall be subject to the provision of adequate safeguards as referred to in Article 46(2) of the
GDPR.
3. Third countries are countries outside the European Economic Area. The European
Economic Area includes all countries of the European Union and the countries of the
so-called European Free Trade Association, which include Norway, Switzerland, Iceland and
Liechtenstein.
4. In connection with the use of ICT providers located in third countries, the PDA may
transfer personal data to a third country. The legal basis for such transfer shall be the
concluded standard contractual clauses.
§ 12
[Rights of personal data subjects]
1. Every person whose personal data is processed has the right:
a) of access – to obtain confirmation from the PDA as to whether or not his/her personal
data is being processed. If data about the person are processed, the person is
entitled to access them and obtain the following information: about the purposes of
processing, the categories of personal data, the recipients or categories of
recipients to whom the data have been or will be disclosed, the period for which
the data will be stored or the criteria for their determination, the data subject's right
to request rectification, erasure or restriction of processing of personal data and to
object to such processing (Article 15 GDPR);
b) to obtain a copy of the data – obtain a copy of the data undergoing processing, with
the first copy being free of charge, and for subsequent copies the data administrator may
charge a reasonable fee based on administrative costs (Article 15(3) GDPR);
c) of rectification - request for the rectification of personal data concerning him/her that
is inaccurate or the completion of incomplete data (Article 16 GDPR);
d) to erasure of data ("right to be forgotten") - a request to erase her personal data if
the data administrator no longer has a legal basis for processing them or the data are no
longer necessary for the purposes of processing (Article 17 of the GDPR);
e) to limit processing - request to limit the processing of personal data (Article
18 GPDR) when:
▪ the data subject contests the accuracy of the personal data - for a period
enabling the administrator to verify the accuracy of the data,
▪ the processing is unlawful and the data subject opposes their erasure by
requesting the restriction of their use,
▪ the administrator no longer needs the data, but they are necessary for the data
subject to establish, exercise or defend a claim,
▪ the data subject has objected to the processing – until such time as it is
ascertained whether the legitimate grounds on the part of the administrator
override the grounds of the data subject's objection;
f) of data transfer–- to receive in a structured, commonly used and machine-readable
format the personal data concerning him or her which he or she has provided to the
administrator, and to request that these data be sent to another administrator, where the
data are processed on the basis of the data subject's consent or a contract concluded
with him or her and where the data are processed by automated means (Article 20
of the GDPR);
g) objection – objecting to the processing of its personal data for the legitimate
purposes of the administrator on grounds relating to its particular situation, including
profiling. The administrator shall then assess the existence of valid legitimate grounds
for the processing which override the interests, rights and freedoms of the data
subject, or grounds for the establishment, exercise or defence of claims. If, in
accordance with the assessment, the interests of the data subject override the
interests of the administrator, the administrator shall be obliged to cease processing the
data for those purposes (Article 21 GDPR).
2. In order to exercise the aforementioned rights, the data subject should contact the PDC using the contact information provided and inform him/her of which right and to what extent he/she wishes to exercise it. In addition, any data subject has the right to lodge a complaint with a supervisory authority if he or she believes that the processing of personal data concerning him or her violates the provisions of the RODO.
§ 13
[Changes to the Privacy Policy]
1. The Privacy Policy may be supplemented or updated in accordance with PDA's
ongoing needs to provide current and accurate information to users of the Site
regarding their personal data and information. Registered users will be notified of any
changes to the privacy policy by email to the address provided at registration.
2. This privacy policy is effective as of September 29, 2021.