This Privacy Policy describes how Gibivu Rikenu, operating the educational website at gibivu-rikenu.info (hereinafter "the Website"), collects, uses, stores, and protects personal data. This policy is issued in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, "GDPR"), as implemented in Poland through the Act of 10 May 2018 on the Protection of Personal Data (Dz.U. 2018 poz. 1000, as amended, referred to as "UODO"). By using this Website, you acknowledge that you have read and understood this policy.
1. Data Controller
The data controller responsible for personal data processed through this Website is Gibivu Rikenu, located at Garbary 35, 61-131 Poznań, Poland. You may contact the data controller at any time by email at [email protected] or by telephone at +48 500 768 682. All requests relating to personal data rights should be directed to this contact address and will be handled in accordance with applicable law.
2. Categories of Personal Data Collected
The Website may collect the following categories of personal data, depending on how you interact with the site. When you submit the contact form, we collect your name, email address, the subject of your inquiry, and the content of your message. When you visit the Website, technical data such as IP address, browser type, operating system, referring URL, and pages visited may be collected automatically through server logs and analytics tools. Cookie identifiers and similar tracking data may be collected subject to your consent preferences, as described in the Cookie Policy. We do not collect sensitive personal data as defined under Article 9 of the GDPR.
3. Purposes and Legal Bases for Processing
Your personal data is processed for the following purposes, each with a corresponding legal basis under Article 6 of the GDPR. Contact form submissions are processed for the purpose of responding to your inquiry, on the legal basis of your consent (Article 6(1)(a) GDPR) and, where applicable, the legitimate interest of the data controller in managing communications (Article 6(1)(f) GDPR). Technical data collected through server logs is processed for the purpose of ensuring the security and functionality of the Website, on the legal basis of legitimate interest (Article 6(1)(f) GDPR). Analytics data, where collected with your consent, is processed for the purpose of understanding how visitors use the Website, on the legal basis of consent (Article 6(1)(a) GDPR). No personal data is processed for automated decision-making or profiling as defined under Article 22 of the GDPR.
4. Data Retention Periods
Personal data collected through the contact form is retained for a period of twelve months from the date of the last communication, after which it is securely deleted unless a longer retention period is required by applicable law. Technical log data is retained for a maximum of ninety days for security and diagnostic purposes. Analytics data, where collected, is retained in accordance with the data retention settings of the applicable analytics platform and for no longer than twenty-six months. Cookie consent preferences are stored for a period of twelve months from the date of consent and are renewed upon your next visit to the Website.
5. Recipients and Data Transfers
Personal data is not sold, rented, or disclosed to third parties for commercial purposes. Data may be shared with technical service providers who assist in operating the Website, including hosting providers and email delivery services, acting as data processors under written data processing agreements in accordance with Article 28 of the GDPR. Where analytics services are used, data may be transferred to providers located outside the European Economic Area. In such cases, transfers are made subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. The data controller does not transfer personal data to third countries without ensuring an adequate level of protection in accordance with Chapter V of the GDPR.
6. Your Rights Under GDPR
As a data subject under the GDPR and UODO, you have the following rights with respect to your personal data: the right of access (Article 15 GDPR), the right to rectification of inaccurate data (Article 16 GDPR), the right to erasure in certain circumstances (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability where processing is based on consent or contract (Article 20 GDPR), the right to object to processing based on legitimate interest (Article 21 GDPR), and the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. To exercise any of these rights, please contact us at [email protected]. We will respond to requests within thirty days as required by Article 12 of the GDPR.
7. Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR or applicable Polish data protection law, you have the right to lodge a complaint with the supervisory authority. In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, PUODO), located at ul. Stawki 2, 00-193 Warsaw, Poland. Further information about lodging a complaint is available on the PUODO website at uodo.gov.pl.
8. Data Security
The data controller implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 of the GDPR. These measures include encrypted data transmission using HTTPS, access controls limiting data access to authorised personnel only, and regular review of security practices. No method of electronic transmission or storage is completely secure, and the data controller cannot guarantee absolute security of personal data transmitted to the Website.
9. Cookies and Tracking Technologies
The Website uses cookies and similar tracking technologies. Detailed information about the types of cookies used, their purposes, and your options for managing cookie preferences is provided in the separate Cookie Policy available at gibivu-rikenu.info/cookies.html. Cookies requiring consent are only placed after you have provided explicit consent through the cookie consent mechanism on the Website.
10. Changes to This Policy
This Privacy Policy may be updated from time to time to reflect changes in applicable law, our data processing practices, or the services offered through the Website. The date of the most recent revision is indicated at the top of this document. Continued use of the Website following the publication of a revised policy constitutes acceptance of the updated terms. Where changes are material, we will make reasonable efforts to notify users through a prominent notice on the Website.