1.1. Administrator: Stowarzyszenie Instytut Kościuszki (The Kosciuszko Institute Association) with its seat in Kraków (31-130), at ul.Wilhelma Feldmana 4/ 9-10; 31-130; NIP: PL675-130-29-92, entered into the register of associations of the National Court Register maintained by the District Court for Kraków - Śródmieście in Kraków, XI Commercial Division of the National Court Register under no. 0000145838, represented by Izabela Albrycht - Chairperson of the Board and Jarosław Kożuch – Vice-Chairperson of the Board (hereinafter referred to as the "Institute").
1.2. Personal data: all information about a physical person identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
1.4. GDPR: Regulation of the European Parliament and the European Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1.5. User: any natural person using the website.
1.6. Registration System: an Internet application that enables the registration process for participants to CYBERSEC 2018 available at the following Internet address:
1.7. Website: the website available at www.cybersecforum.eu
1.8. Newsletter: the cyclical marketing information sent by the Administrator regarding its activities, available at the web address:
1.9. ECJ subscription: purchase of subscription to the quarterly European Cybersecurity Journal, available at the following web address:
- DATA PROCESSING CONNECTED TO THE USE OF THE WEBSITE.
2.1. The User's access to the Website is associated with data processing by the Administrator who gathers data necessary to provide the offered services, as well as the information on the User's activity. The detailed rules and purposes of processing of personal data collected by the Administrator about the Website's User are described below.
2.2. The scope of the processed personal data includes:
2.2.1. User's first and last name,
2.2.2. User's date and place of birth;
2.2.3. User's nationality;
2.2.4. User's gender;
2.2.5. User's passport data;
2.2.6. User's workplace;
2.2.7. user's official position;
2.2.8. User's phone;
2.2.9. User's e-mail address;
2.2.10. User's IP address.
- PURPOSE AND LEGAL BASIS FOR DATA PROCESSING CONNECTED TO THE USE OF THE REGISTRATION SYSTEM AND TO THE NEWSLETTER SUBSCRIPTION
USE OF THE REGISTRATION SYSTEM
3.1. Personal data of persons using the Registration System (including the IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:
3.1.1. in order to register for a conference within the CYBERSEC project. The legal basis for processing is the necessity of processing data to perform the contract (Article 6 (1) point b of the GDPR);
3.1.2. for analytical and statistical purposes. The legal basis for processing is the Administrator's legitimate interest (Article 6 (1) point f of the GDPR) which involves analyzing the Users' activity, as well as their preferences in order to improve the functionalities and services provided by the Administrator;
3.1.3. in order to establish and enforce potential claims or defend against the claims. The legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) point f of the GDPR) consisting in the protection of its rights;
3.1.4. for the Administrator's and other entities marketing purposes, in particular those related to behavioral advertising. The principles of processing personal data for marketing purposes are described in the MARKETING section.
3.2. The User's activity within the website, including his or her personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). Information collected in system logs are processed primarily for purposes related to the provision of services. The Administrator also processes data for technical and administrative purposes, to ensure the security of the IT system and management of this system, as well as for analytical and statistical purposes. In this respect, the legal basis for data processing is the legitimate interest of the Administrator (Article 6 (1) point f of GDPR).
REGISTRATION IN THE REGISTRATION SYSTEM
3.3. Persons who register in the Registration System are requested to provide the data necessary to register for the conference within the CYBERSEC project. To facilitate the service, the User may provide additional data, thereby agreeing to data processing. Such data can be deleted at any time. Providing data marked as mandatory is required in order to register for participation in a conference within the CYBERSEC project. Failure to provide the required information will result in a lack of the registration. Providing other data is voluntary.
3.4. Personal data is processed:
3.4.1. in order to provide services related to the operation of the Registration System. The legal basis is the necessity of data processing to perform the contract (Article 6 (1) point b of GDPR) and in terms of the voluntarily provided data, the legal basis for processing is consent (Article 6 (1) point a of GDPR);
3.4.2. for analytical and statistical purposes. The legal basis for the processing is the legitimate interest of the Administrator (Article 6 (1) point f of GDPR) involving the analysis of Users' activity in the Registration System as well as the analysis of their preferences in order to improve the Website’s functionalities;
3.4.3. in order to establish and enforce potential claims or defend against them. The legal basis of the data processing is the legitimate interest of the Administrator (Article 6 (1) point f of the GDPR) consisting of the protection of its rights.
3.4.4. for marketing purposes of the Administrator and other entities. The rules for the processing of personal data for marketing purposes are described in the MARKETING section.
3.5. The User can input in the Registration System any personal data of other people (including their name, address, telephone number or e-mail address), only on the condition that it will not violate the applicable law and personal rights of such persons.
4.1. The Administrator processes Users' personal data in order to conduct marketing activities, which may consist of:
4.1.1. displaying to the User marketing content that is not adapted to his or her preferences (contextual advertising);
4.1.2. displaying to the User marketing content corresponding to his or her interests (behavioral advertising);
4.1.3. directing e-mail notifications about interesting offers or content, which, in some cases, contain commercial information (newsletter service);
4.1.4. conducting marketing activities of strategic partners of the CYBERCES conference and other entities cooperating on the basis of mutual consent. The list of strategic partners of the CYBERCES conference and other entities cooperating with the Administrator is available at the following website address:
4.1.5. conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
4.2. The Administrator processes Users' personal data for marketing purposes in connection with the targeting of contextual advertising to users (advertising that is not crafted accordingly to the User's preferences). The processing of personal data takes place then in connection with the implementation of the legitimate interest of the Administrator (Article 6 (1) point f of GDPR).
4.3. The Administrator and its trusted partners process Users' personal data, including personal data collected through cookies and other similar technologies, for marketing purposes in connection with the targeting of behavioral advertising to Users (that is, advertising that is tailored to the User's preferences). The processing of personal data also includes profiling of Users. The use of personal data collected through this technology for marketing purposes, in particular in the promotion of services and goods of third parties, requires the User's consent. This consent can be withdrawn at any time.
4.4. The administrator provides the newsletter service according to the terms set out in the regulations to persons who have given their e-mail address for this purpose. Providing data is required to perform the newsletter service; failure to do so results in the inability of the Administrator to send it.
4.5. Personal data is processed:
4.5.1. in order to provide the newsletter service. The legal basis for collecting and processing data is the necessity of processing to perform the contract (Article 6 (1) point b of the GDPR);
4.5.2. in the case of sending marketing content to the User as part of the newsletter, the legal basis for the data processing, including profiling, is the Administrator's legitimate interest (Article 6 (1) letter f of GDPR) in connection to the User's consent to receive the newsletter;
3.4.2. for analytical and statistical purposes. The legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) point f of GDPR) involving the analysis of Users' activity in order to improve the implemented functionalities;
3.1.3. in order to establish and enforce potential claims or defend against the claims. The legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) point f of the GDPR).
4.6. The User's personal data may also be used by the Administrator to direct marketing content to him/her through various channels, i.e. via e-mail or phone. Such actions are taken by the Administrator only if the User has given his or her consent. The consent can be withdrawn at any time.
- SOCIAL MEDIA
5.1. The Administrator processes personal data of Users visiting Administrator's profiles in social media (Facebook, YouTube, Instagram, Twitter). The data is processed only in connection with maintaining the profile, including to inform Users about the activity of the Administrator and to promote various types of events, services and products. The legal basis for the personal data processing by the Administrator for this purpose is the Administrator legitimate interest (Article 6 (1) letter f of the GDPR), which consists in promoting its own brand.
- COOKIES AND SIMILAR TECHNOLOGY
6.1. Cookies collect information that facilitate the use of the website, for example, by memorizing the User's visits to the Registration System and the activities conducted by the User.
6.2.1. cookies with data entered by the User (session ID) for the duration of the session (user input cookies):
6.2.2. authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
6.2.3. cookies used to ensure security, e.g. used to detect hijacking of the verification (user centric security cookies);
6.2.4. session cookies for multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
6.2.5. persistent cookies used to personalize the User interface for the duration of the session or a bit longer (user interface customization cookies),
6.2.6. cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to create statistics and reports on the operation of the Website).Google does not use the collected data to identify the User nor it links this information to enable User's identification. Detailed information about the scope and rules of data collection in connection with this Google service can be found at: https://www.google.com/intl/pl/policies/privacy/partners .
- THE RETENTION OF THE PROCESSED PERSONAL DATA
7.1. The period of the processed data retention depends on the type of service provided and the purpose of the processing. As a rule, the data is processed for the time necessary to organize and conduct registration for a conference within the CYBERSEC project or until the consent is withdrawn, or till the effective claim to data processing is filed in cases where the legal basis for data processing is the Administrator's legitimate interest.
7.2. The data processing retention period may be extended if the processing is necessary to establish and assert any claims or defend against the claims, and even after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
- USER PERMISSIONS
8.1. The User has the right to: access to the data contents and demand their rectification, deletion, processing restrictions, the right to transfer data and the right to object to the processing of data, as well as the right to file a complaint to the supervisory body dealing with the protection of personal data.
8.2. To the extent that User's data is processed on the basis of the User's consent, the consent may be withdrawn at any time by contacting the Administrator at the following e-mail address: email@example.com.
8.3. The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection to the Administrator's legitimate interest, and, for the reasons related to the particular situation of the User, in other cases when the legal basis for the data processing is the Administrator's legitimate interest (e.g. in relation to the implementation of analytical and statistical objectives).
- RECIPIENTS OF DATA
9.1. Users' personal data will be disclosed to external entities, including in particular:
9.1.1. selected partners of the CYBERSEC conference;
9.1.2. suppliers responsible for the operation of IT systems;
9.1.3. entities such as banks and payment operators;
9.1.4. entities providing accounting services;
9.1.6. marketing agencies (in the scope of marketing services);
9.1.7. to hotels;
9.1.8. service companies (including transportation companies);
9.1.9. printing houses;
9.1.10. entities associated with the Administrator.
9.2. If the User agrees, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
9.3. The Administrator reserves the right to disclose selected information about the User to the competent authorities or to third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the applicable law.
- TRANSFERRING DATA OUTSIDE THE EEA
10.1. The scope of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection provided through:
10.1.1. cooperation with entities that process personal data in countries in relation to which an appropriate decision of the European Commission has been issued;
10.1.2. use of standard contractual clauses issued by the European Commission;
10.1.3. applying the obligatory corporate rules that have been approved by the competent supervisory authority;
10.1.4. in the event of data transfer to the USA, through a cooperation with entities participating in the Privacy Shield program, approved by the European Commission.
10.2. While collecting the data, the Administrator will inform about the intention of the transfer of personal data outside the EEA .
- SECURITY OF PERSONAL DATA
11.1. The Administrator conducts risk analysis on an ongoing basis to ensure that personal data is processed in a secure manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. The Administrator makes sure that all operations on personal data are recorded and made only by the authorized employees and associates.
11.2. The Administrator undertakes all necessary actions, so that its subcontractors and other cooperating entities would guarantee that appropriate security measures will be applied whenever they process personal data at the request of the Administrator.
- CONTACT DETAILS
12.1. Contact with the Administrator is possible via the e-mail address firstname.lastname@example.org or the correspondence address: Stowarzyszenie Instytut Kościuszki, ul. Wilhelma Feldmana 4/9 - 10, 31 - 130 Krakow.
13.1. The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and has been in force since May 25, 2018.