effective from 08/08/2025
(“Privacy Policy”)
Data protection, especially the protection of your personal data, is extremely important to us. We therefore wish to present our data protection rules as transparently as possible. In this Privacy Policy we explain how we process your personal data on the highlinewarsaw.com website (the “Website”).
Personal data are processed under the rules set out in data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – “GDPR”), and Polish laws issued in connection with the GDPR, including the Polish Act of 10 May 2018 on the Protection of Personal Data.
We keep personal data confidential and protect them against unauthorized access by third parties in accordance with the above-mentioned legal acts and this Privacy Policy.
Terms not defined separately in this Privacy Policy have the meanings given in the GDPR.
Our Website may contain links to other websites. The administrators of those websites are responsible for their own privacy policies and processing of personal data. We encourage you to read the data protection rules in force on those websites before providing your personal data.
The controller of your personal data is:
“MAGNICITY WARSAW” spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Warsaw, ul. Złota 59 (Skylight Office Building / 14th floor), 00-120 Warsaw, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0001043051, NIP 5252961210, REGON 525637863, with share capital of PLN 5,000.00.
(the “Controller”, “MAGNICITY WARSAW”, communication conducted in the first person – e.g., we, us).
You can contact the Controller by sending an email to
info@highlinewarsaw.com or by post to the Controller’s registered address indicated above.
This Privacy Policy is addressed to users of the Website, i.e., all natural persons visiting the Website, including users who use the forms available on our Website. In this Privacy Policy we may also address users directly, e.g., using “you/your”.
When you visit our Website your personal data are generally not collected. This occurs only when data are voluntarily provided to us for further processing, e.g., through online forms, including the contact form or recruitment form.
Some metadata are analyzed and stored in the form of cookies on your device or on our server according to the information provided in the cookie banner, where you can set your individual preferences.
This may include your IP address, individual pages visited on our Website and the amount of data transmitted during the visit. The date and duration of the visit and the website or link from which you accessed our site are also recorded.
Personal data processed via the Website are processed for the purposes listed below, on the legal bases and for the periods indicated there. We also indicate whether the provision of personal data is voluntary or constitutes a contractual or statutory requirement.
Purpose:
Processing personal data to conduct correspondence, including responding to messages via email, contact forms and other communication channels. The purpose also includes providing commercial information about the Controller’s activities, analyzing interest in the Controller’s offer and tailoring marketing content to such interests. In addition, the purpose includes entering into and performing a contract where a natural person acts on their own behalf, entering into and performing a contract with an entity other than a natural person, the Controller’s compliance with legal obligations arising from laws applicable to its activities, and archiving documentation and communications, including correspondence created by the Controller as part of its business operations.
Legal basis:
Art. 6(1)(f) GDPR – the Controller’s legitimate interests, namely maintaining contact with persons interested in the Controller’s activities, timely conducting all communications related to its activities, ensuring the quality of cooperation with clients and contractors and other interested parties. Art. 6(1)(b) GDPR in case of entering into and performing a contract with a natural person. Art. 6(1)(c) GDPR for compliance with legal obligations, in particular tax and accounting obligations.
Categories of data:
First and last name, position or role, email address, phone number, company name, company contact details, and the content of correspondence.
Sources of data:
Data obtained directly from the data subject or provided by an employer/client/principal in connection with entering into a contract. Where data are obtained from other sources (e.g., public registers, websites), we act in accordance with Art. 14 GDPR – in particular we inform data subjects about the source of the data and the scope of processing within the time limit specified therein.
Recipients:
Entities providing IT support services to the Controller, including maintenance and servicing of IT systems, data hosting and cloud services, authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, group companies for internal administrative purposes.
Transfers outside the EEA:
As a rule, the Controller does not transfer personal data to a third country (i.e., outside the European Economic Area). Where such transfer occurs, appropriate safeguards are used: standard contractual clauses (Art. 46(2) GDPR) or other legally compliant mechanisms ensuring appropriate guarantees. Transfers to the United States are based on the European Commission’s adequacy decision of 10 July 2023 regarding the EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Personal data will be processed for contact purposes until the matter is handled or a valid objection is raised. Thereafter, data may be processed for marketing purposes if the Controller has a legitimate interest, and for the period specified by limitation laws. Where a contract is concluded/performed, data will be processed for the term of the contract and then for 5 years from the end of the year in which a tax or accounting obligation arose.
Voluntariness: Providing personal data is voluntary but necessary to initiate and conduct communication and to achieve the purposes indicated above.
Purpose
The Controller processes personal data in connection with administering and managing its profile (fan page) on LinkedIn, Facebook, Instagram and its YouTube channel. The purposes include in particular: publishing videos and sharing content (including informational, promotional, marketing, educational etc.), responding to visitors’ comments and messages, ensuring proper communication and interaction with users (followers/subscribers). The purposes also include analyzing user activity on the fan page (e.g., interactions: likes, shares, comments, views, subscriptions, etc.) for statistical and analytical purposes (to better understand user needs, the market and improve communication strategy), marketing and promotion of the Controller’s products or services (identifying users interested in a given topic, activities to increase engagement and followers), moderating and supervising published content (ensuring order and user safety, preventing fraud and protecting the IT environment) and conducting communication, including responding to messages via email.
Legal basis
Processing is based on Art. 6(1)(f) GDPR – the Controller’s legitimate interests. These interests include: conducting marketing and promotional activities regarding its own products or services, ensuring continuity of business communication and maintaining contact with current and potential clients and contractors, care for the Controller’s brand image, maintaining contact with persons interested in the Controller’s activities, timely communications related to its operations, and ensuring quality cooperation with clients and other interested entities.
Categories of data
Information on your individual account that you have marked as public, such as account name (which may contain your name), profile photo, followers/following, posts (which may be photos), tags of you in other users’ photos, stories and bio data. We also process your activity on the Account such as: following the Account, sending a message to the Controller, liking posts, commenting on posts, sharing posts, tagging the Controller in your posts. We also process private messages addressed to the Controller (their content and any personal data therein) and statistical data: aggregate statistics created on the basis of certain events recorded by social platforms’ servers when users use profiles and related content.
Retention period
LinkedIn: personal data processed on the fan page will be processed for as long as the fan page is operated by the Controller unless a valid objection is raised earlier.
YouTube: personal data processed on the YouTube Channel are stored for the duration of operating the Channel by the Controller or until a valid objection is raised. Data published as comments and other user activity may remain visible until deleted (by the user or the Controller, where technically possible).
Facebook & Instagram: personal data processed on the fan page are processed for as long as the fan page is operated by the Controller unless a valid objection is raised. Data published as comments and other user activity may remain visible until deleted (by the user or the Controller, where technically possible).
Voluntariness
LinkedIn: providing data when using the fan page is voluntary. Failure to provide data may prevent use of some platform features (e.g., posting comments, sending messages).
YouTube: providing data when using the YouTube Channel is voluntary (results, among others, from Google/YouTube account settings). Not providing data (e.g., not logging in) may limit the ability to use some features (e.g., commenting, subscribing).
Facebook & Instagram: providing data when using the fan page is voluntary. Failure to provide data may prevent the use of certain features (e.g., commenting, sending messages).
For processing statistical data relating to activity on the fan page (LinkedIn Page Insights), the data controller alongside the Controller is LinkedIn Ireland Unlimited Company, Gardner House, Wilton Place, Wilton Plaza, Dublin 2, Ireland (“LinkedIn”), acting jointly as joint controllers for this scope. Details on LinkedIn’s data processing are available in the official LinkedIn Privacy Policy at:
https://pl.linkedin.com/legal/privacy-policy
LinkedIn also provides separate European Regional Privacy Policy information at:
https://pl.linkedin.com/legal/privacy/eu
Otherwise, the Controller has no influence over LinkedIn’s purposes, scope or retention for its own processing – which is conducted under LinkedIn’s own conditions and policies.
LinkedIn is responsible for enabling users to exercise their GDPR rights where it processes data independently and for joint controllership relating to Page Insights: https://legal.linkedin.com/pages-joint-controller-addendum
Where the Controller receives from YouTube (Google Ireland) aggregated statistical data about activity of visitors to the Channel (e.g., via YouTube Studio/Analytics), Google Ireland may act as a joint controller or (more often) as an independent controller for data it processes for its own purposes. Details on Google and YouTube processing can be found in Google’s Privacy Policy (Polish version) at:
https://policies.google.com/privacy?hl=pl
That policy explains what data are collected by Google (and services such as YouTube), for what purpose, how they are used, and users’ rights. It also covers data sharing, security and how to manage or delete data.
Otherwise, purposes and means of processing are determined solely by YouTube (Google Ireland), especially regarding data collected via cookies, pixels, server logs or similar technologies.
Google Ireland is responsible for enabling users to exercise their GDPR rights for processing it conducts on its own platforms.
Regarding processing of statistical data about (i) your activity on the fan page and (ii) use of Messenger in relation to the fan page, the controllers are the Controller and Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland (“Meta Ireland”), acting as joint controllers.
More information on Meta Ireland’s processing can be found in Meta’s Privacy Policy: https://www.meta.com/pl/legal/privacy-policy/
Further details on joint controllership and allocation of responsibilities are set out in Meta documents (controller addendum): https://www.metaenterprise.com/legal/terms/european_data_transfer_addendum
Meta Ireland provides the Controller with aggregate statistics based on certain events recorded by Meta’s servers when users use the fan page and related content. Page administrators (including the Controller) do not have access to event-level data – only to aggregate page statistics.
Meta Ireland and the Controller have agreed that the Irish Data Protection Commission is the lead supervisory authority for the processing for page statistics.
Scope and purposes:
On our Website we use analytics and advertising tools (“remarketing/retargeting”) which – upon consent – process online identifiers (e.g., cookies, pixel IDs), device data and data about on-site activity and campaign effectiveness. The purpose is statistics and measurement of Website use, content optimization and serving interest-based advertising (audience building).
Legal basis:
For analytics and marketing – consent: Art. 6(1)(a) GDPR (and consent for storing/reading information on a device under electronic communications laws).
Tools used:
Google Analytics 4; Meta Pixel (Facebook/Instagram); Google Ads (including remarketing lists); TikTok Ads Pixel. The providers of these tools act as independent controllers for their advertising platforms; we remain the controller for processing related to operation of the Website.
Recipients:
Google Ireland/LLC, Meta Platforms Ireland, TikTok Technology Limited and entities supporting their services (as per tools’ configurations).
Transfers outside the EEA:
Use of the above tools may involve transfers to third countries (e.g., the USA). Appropriate safeguards are used (e.g., standard contractual clauses, adequacy decisions where applicable). Details are available in the providers’ privacy policies.
Retention:
Identifiers used for analytics and marketing are stored for the period configured in the tools or until consent is withdrawn. Specific storage periods (for categories of cookies/IDs) are given in the Cookie Policy.
Withdrawal of consent and settings:
You can withdraw or change your consent at any time via the “Cookie settings” link available on our site. Withdrawal does not affect lawfulness of processing before withdrawal.
Profiling / automated decisions: We use profiling to tailor advertising content (e.g., assigning to an audience), but we do not make decisions producing legal effects concerning you or similarly significantly affecting you within the meaning of Art. 22 GDPR.
Purpose:
Personal data will be processed for archiving documentation and communications, including correspondence created by the Controller as part of its business operations, and for the establishment, exercise or defence of legal claims.
Legal basis:
Art. 6(1)(f) GDPR – the Controller’s legitimate interests, namely the need to document evidence of business activities in accordance with applicable laws and to use archived material to establish, pursue or defend claims.
Retention period:
Personal data will be processed for the period specified by limitation laws unless a valid objection is raised earlier.
Categories of data:
Personal data contained in documentation and correspondence created by the Controller as part of its business operations.
Sources of data:
Data obtained directly from the data subject or in the course of business operations.
Recipients:
Entities providing IT support, including maintenance of IT systems, data hosting and cloud services, authorized employees and contractors, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data.
Transfers outside the EEA: As a rule, the Controller does not transfer personal data to a third country. If such transfer occurs, standard contractual clauses (Art. 46(2) GDPR) or other lawful mechanisms are used.
Voluntariness: Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
Purpose:
Personal data will be processed for internal administrative purposes arising from the Controller’s capital, personnel or organizational links with other entities.
Legal basis:
Art. 6(1)(f) GDPR – the Controller’s legitimate interests, namely data exchange within the group to which the Controller belongs for internal administrative purposes.
Retention period:
Personal data will be processed until the purpose is achieved unless a valid objection is raised earlier.
Categories of data:
Personal data processed for internal administrative purposes arising from the Controller’s capital, personnel or organizational links with other entities.
Sources of data:
Data obtained directly from the data subject or in the course of business operations.
Recipients:
Group companies, authorized employees and contractors of the Controller, IT support providers.
Transfers outside the EEA:
As a rule, the Controller does not transfer personal data to a third country. If such transfer occurs, standard contractual clauses or other lawful mechanisms are used.
Voluntariness:
Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
Purpose:
The Controller may process personal data for analytical and statistical purposes (analyzing activity, monitoring traffic on the Website, determining purchasing preferences and improving functionalities and service quality).
The Controller uses marketing and analytical profiling – within partially automated processing (e.g., browsing history) it evaluates selected factors to improve the Website and better tailor content to users’ individual preferences.
We do not, however, take fully automated decisions that produce legal effects concerning you or similarly significantly affect you (per Art. 22 GDPR).
This means any potential marketing or analytical activities are statistical in nature and personalize displayed content without producing serious legal effects.
Our ability to process data collected via cookies and similar technologies for analytical and statistical purposes depends on your consent to store such information on your end device (e.g., computer, phone).
Legal basis:
Art. 6(1)(f) GDPR in connection with your consent to use cookies or similar technologies (in line with the Polish Electronic Communications Law of 12 July 2024) – processing is necessary for the Controller’s legitimate interests of analyzing user activity to improve functionalities and service quality, including Website development. You may withdraw consent at any time by reopening the cookie banner and adjusting your settings.
Retention period:
Personal data will be processed for the period indicated in the cookie banner unless a valid objection is raised or consent for cookies/similar technologies is withdrawn earlier.
Categories of data: IP address, browsing history, data about Website activity, user preferences, browser and device identifiers.
Sources of data:
Data collected automatically when using the Website via cookies and similar technologies.
Recipients:
IT service providers, data hosting and cloud services, analytics tool providers, authorized employees and contractors of the Controller.
Transfers outside the EEA:
Data may be transferred to a third country on the basis of standard contractual clauses or another lawful mechanism. Transfers to the United States may rely on the European Commission’s adequacy decision of 10 July 2023.
Voluntariness:
Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
Purpose:
Personal data will be processed to ensure the security of the Website (services provided electronically) and to prevent abuses, including actions violating the Terms or generally applicable laws.
Legal basis:
Art. 6(1)(f) GDPR – the Controller’s legitimate interests, namely ensuring the factual and legal security of the Website and its users.
Retention period:
Personal data will be processed for as long as you use the Website unless a valid objection is raised earlier.
Sources of data: Data collected automatically while using the Website for security purposes.
Recipients: IT service providers responsible for system security, authorized employees and contractors of the Controller.
Transfers outside the EEA: As a rule, data are not transferred outside the EEA. If necessary, transfers are carried out on the basis of appropriate legal safeguards.
Voluntariness: Providing data is voluntary, but failure to do so may limit the ability to fully use the Website’s services or functionalities.
We use technical and organizational security measures that protect data entrusted to us against accidental or deliberate manipulation, loss, destruction and unauthorized access. These measures are constantly developed and improved in line with technological progress.
The Controller may disclose personal data to the following categories of recipients: IT support providers (maintenance and servicing of IT systems, data hosting, cloud services), postal operators and couriers, law firms, auditors, banks and payment service providers, insurers, entities responsible for archiving or destroying data, authorized employees and contractors of the Controller and group companies.
After clicking links on the Website you may be redirected to websites or services managed by entities independent of the Controller. In such cases the processing of personal data is subject to the rules established by the providers of those websites or services.
Purpose:
Sending a newsletter and other commercial and marketing information about the Controller’s products and services by electronic means – including information tailored to the industry or business profile for persons representing business entities. In addition, archiving documentation and communications, including correspondence created by the Controller as part of its business operations, due to the Controller’s legitimate interest in documenting its activities (including compliance) and using archived material to establish, pursue or defend claims.
Legal basis:
Consent, i.e., Art. 6(1)(a) GDPR, in connection with Art. 398(1) and (2) of the Polish Electronic Communications Law of 7 July 2023 (for newsletter sign-ups), or the Controller’s legitimate interests (Art. 6(1)(f) GDPR) consisting of sending information about products and services to contact persons representing business entities within existing business relationships – until objection (Art. 21 GDPR). Archiving is based on Art. 6(1)(f) GDPR.
Categories of data:
First and last name, email address; for persons representing business entities also position/role, phone number, company name and contact details.
Sources of data:
Data obtained directly from you in connection with newsletter sign-up or in the course of business correspondence. For persons representing business entities, data may be obtained from public sources (public registers, company website, etc.).
Recipients:
Entities providing IT support, including maintenance of IT systems, data hosting and cloud services, our authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, and group companies for internal administrative purposes (Art. 6(1)(f) GDPR).
Transfers outside the EEA:
Personal data may be transferred to a third country on the basis of standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission’s adequacy decision of 10 July 2023 under the EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Data will be processed for the duration of consent (for newsletter sign-up) or until objection to processing for marketing purposes (where based on legitimate interest), and thereafter for the period necessary to establish or defend against potential claims.
Voluntariness:
Providing your personal data to subscribe to the newsletter is voluntary, but failure to provide data will prevent receipt of the newsletter.
Profiling:
To tailor newsletter and marketing content we may analyze general information about industry or business profile (e.g., based on a corporate email domain) or previous business relations. Such activities may constitute profiling within the meaning of the GDPR but are standard and do not lead to automated decision-making producing legal effects concerning you or similarly significantly affecting you.
Purpose:
Processing personal data for recruitment purposes, including contacting candidates, assessing qualifications, and conducting the selection process. Where employing a foreign national, also to verify the lawfulness of employment or to carry out legalization procedures due to obligations under the Act on Foreigners, the Act on Employment Promotion and Labour Market Institutions and the Act on the Consequences of Entrusting Work to Foreigners Staying Illegally in Poland. Also, conducting future recruitment processes based on the candidate’s voluntary consent, if given, and archiving documentation and communications, including correspondence created by the Controller as part of its business operations, due to the Controller’s legitimate interest in documenting activities and using archived material to establish, pursue or defend claims.
Legal basis:
For employment under a contract of employment – necessary to comply with legal obligations (Art. 6(1)(c) GDPR in connection with Art. 22 §1 of the Polish Labour Code) and, for a broader scope, voluntary consent understood as sending a CV and/or cover letter or completing a recruitment form on the candidate’s own initiative (Art. 6(1)(a) GDPR). For employment under a civil law contract – necessary to take steps at the request of the candidate prior to entering into a contract (Art. 6(1)(b) GDPR). For employment of a foreign national – in addition to the above bases, to verify legality of employment or conduct legalization procedures (Art. 6(1)(c) GDPR) and because it is necessary to conclude and perform the contract (Art. 6(1)(b) GDPR). Future recruitment processes – candidate’s voluntary consent (Art. 6(1)(a) GDPR). Archiving – Art. 6(1)(f) GDPR.
Categories of data:
For employment under an employment contract: first name(s) and surname, date of birth, contact details indicated by the candidate, education, professional qualifications, employment history, and any additional data contained in the CV, cover letter or recruitment form provided voluntarily by the candidate.
Sources of data:
Data obtained directly from the candidate when applying for a job or provided by recruitment agencies cooperating with the Controller.
Recipients:
Entities providing IT support (including maintenance of IT systems, data hosting and cloud services), authorized employees and contractors, postal operators and couriers, law firms, auditors, banks, insurers, cooperating recruitment agencies and administrators of recruitment portals (e.g., e-recruiter, pracuj.pl, LinkedIn); entities responsible for archiving or destroying data; for executive-level candidates – group companies for internal administrative purposes (Art. 6(1)(f) GDPR).
Transfers outside the EEA:
Personal data may be transferred to a third country based on standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission’s adequacy decision of 10 July 2023 under the EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Personal data will be processed for 6 months from the date the application is submitted; during the same period the data are subject to anonymization. If consent for future recruitment is given, data will be processed until the candidate withdraws consent, but no longer than 12 months from application submission.
Voluntariness:
Providing personal data is voluntary. Failure to provide data prevents participation in recruitment. Failure to provide data processed on the basis of consent will not affect participation in the recruitment and candidate selection.
Profiling:
No automated decision-making, including profiling, will be carried out with respect to candidates.
Cookies are text files that contain data from visited websites and are stored on a user’s computer by the browser. A cookie primarily stores information about the user during or after a visit to online services.
Stored data may include, for example, the language settings on the website, login status, shopping cart or the point where a video was viewed. The term “cookies” also includes other technologies that perform the same functions (e.g., where user information is stored using online identifiers, also called “user IDs”).
Purpose:
Processing personal data in connection with the use of cookies and similar technologies to: ensure proper functioning of the Website (strictly necessary cookies), analyze traffic and user activity on the Website for statistical and analytical purposes (better understanding of user needs and improving functionalities and service quality), personalize content and ensure extended Website functionality. In addition, to conduct marketing and advertising activities (including marketing profiling), enable social media features and ensure system security and stability.
Legal basis:
Strictly necessary cookies: Art. 6(1)(f) GDPR – the Controller’s legitimate interests in ensuring proper functioning of the Website. Other cookie categories: Art. 6(1)(a) and (f) GDPR in connection with the user’s consent to use cookies (in line with the Polish Electronic Communications Law of 12 July 2024). The Controller’s legitimate interests include analyzing user activity to improve functionalities and quality of services, conducting marketing activities and ensuring Website security.
Categories of data:
IP address, pages visited, visit duration, source of entry to the site, language settings, login status, browsing history, user interests, browser and device identifiers, data on interactions with content and other metadata related to use of the Website.
Types of cookies
Session cookies – deleted after leaving the site and closing the browser; persistent cookies – stored even after closing the browser; first‑party cookies – set by the Controller; third‑party cookies – set by external providers.
Cookie functions:
Strictly necessary cookies – essential for the website to function and cannot be disabled
Analytical/statistical cookies – allow counting visits and traffic sources and measuring Website performance
Functional cookies – provide enhanced functionality and personalization
Marketing cookies – used to create interest profiles and display targeted advertising
Social media cookies – enable content sharing on social networks
Recipients:
IT service providers, data hosting and cloud services, advertising partners, social media providers, analytics providers, authorized employees and contractors of the Controller.
Transfers outside the EEA:
Data may be transferred to a third country based on standard contractual clauses (Art. 46(2)(c) and (d) GDPR) or another lawful mechanism. Transfers to the United States may rely on the European Commission’s adequacy decision of 10 July 2023 under the EU–US Data Privacy Framework (Art. 45 GDPR).
Retention period:
Data processed via cookies will be stored for the period indicated in the cookie banner unless a valid objection is raised or consent is withdrawn earlier. Session cookies are deleted after leaving the site and closing the browser; persistent cookies are stored even after closing the browser according to settings defined for each category.
Voluntariness:
Consent for cookie use (except strictly necessary cookies) is voluntary. Lack of consent may limit Website functionality but will not prevent basic use. Consent can be withdrawn at any time via the cookie banner available under “Cookie Settings”.
Profiling:
The Controller uses marketing and analytical profiling – within partially automated processing (e.g., browsing history) it evaluates selected factors to improve the Website and better tailor content to individual preferences. We do not, however, make fully automated decisions that produce legal effects or similarly significantly affect the user (per Art. 22 GDPR).
Managing cookie settings:
Cookie settings can be changed at any time via the link at the top of the page under “Cookie Settings”. Detailed information is available in the Cookie Policy on a separate page.
If we process data in a third country (i.e., outside the EU/EEA) or if processing occurs in the context of using third‑party services or disclosing or transferring data to other persons, authorities or companies, this is done only in accordance with legal requirements.
The Controller processes data in third countries on the basis of standard contractual clauses (Art. 46(2)(c) or (d) GDPR) or other lawful mechanisms ensuring appropriate guarantees. Transfers to the United States rely on the European Commission’s adequacy decision of 10 July 2023 under the EU–US Data Privacy Framework (Art. 45 GDPR).
Data subjects (you) have the right to:
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO), ul. Stanisława Moniuszki 1A, 00‑014 Warsaw.
No automated decisions – i.e., decisions based solely on automated processing, including profiling – that produce legal effects concerning data subjects (e.g., you) or similarly significantly affect them will be made with respect to personal data processed on the Website.
The content of this Privacy Policy may be amended by the Controller if there are factual or legal changes regarding personal data processing on the Website. You will be informed of changes in particular by publication of the new content on the Website.
Varso Tower
Chmielna 69, 00-801 Warszawa,
Poland
