Privacy Policy
This Privacy Policy is intended to define the principles of collecting, processing, using, and protecting personal data by the Friends of Bunkier Sztuki Society located at Plac Szczepański 3A, 30-011 Krakow.
Definitions
2.1. Personal Data – any information relating to an identified or identifiable natural person.
2.2. Processing – any operation performed on personal data, whether automated or not.
Data Collection
3.1. The Administrator collects personal data in the following cases: a) registration on the
website, b) placing orders, c) contact via contact form, email, phone, or other communication
channels, d) use of services provided by the Society, e.g., newsletter.3.2. The Administrator may collect the following personal data:
- a) full name,
- b) email address,
- c) phone number,
- d) IP address,
- e) data related to the use of the Society's activities.
Purpose of Data Processing
4.1. The Administrator processes personal data for:
- a) execution of agreements,
- b) handling
complaints and returns, - c) marketing of own services,
- d) fulfilling legal obligations arising
from applicable laws.
Legal Basis for Data Processing
5.1. The processing of personal data is carried out in accordance with applicable law, in
particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 (GDPR).
Data Security
6.1. The Administrator uses appropriate technical and organizational measures to ensure the
security of personal data processing, including SSL encryption, access limited to authorized
personnel, and regular backups.
Sharing of Personal Data
7.1. The Administrator may share personal data with third parties for the purpose of executing
agreements, e.g., couriers, payment service providers, software providers, accounting or legal
services. These third parties act as processors under contracts with the Administrator.
Data Retention Period
8.1. The Administrator retains personal data for as long as necessary to fulfill the purposes of processing, no longer than required by law.
8.2. After this period, personal data is permanently deleted or anonymized.
b9.1. A person whose data is processed by the Administrator has the right to:
- a) access their
personal data, - b) rectify incorrect or incomplete data,
- c) erase personal data,
- d) restrict
processing, - e) data portability,
- f) object to processing,
- g) withdraw consent at any time if
processing is based on consent.
9.2. Data subjects have the right to lodge a complaint with a supervisory authority if they
believe their rights under data protection laws have been violated.
Cookies and Analytics
10.1. The Society's website uses cookies stored on users' end devices. Cookies help identify
the user and their preferences and tailor the website accordingly.
10.2. Users may disable cookies in their browser settings, which may affect website
functionality.
10.3. The Society uses analytics tools (e.g., Google Analytics) to collect information about
user behavior on the website.
Changes to the Privacy Policy
11. The Administrator reserves the right to make changes to this Privacy Policy. Updates
will be published on the Society's website. Registered users will be notified via email.
Contact
12. For questions regarding the Privacy Policy, data processing, or exercising your rights,
contact the Administrator at: kontakt@tpbs.art or by mail at the Administrator's
registered address.
Final Provisions
13.1. This Privacy Policy is effective as of 01.06.2025.
13.2. All changes become effective upon publication on the Society's website.
13.3. If any provision is deemed invalid or unenforceable, the remaining provisions remain in
effect.
13.4. The Administrator undertakes all reasonable efforts to ensure the confidentiality of
users' personal data and protection against accidental or intentional destruction, loss,
alteration, unauthorized disclosure, or access.
Personal Data Breach Notification
14.1. In the event of a personal data breach, the Administrator will notify the relevant
supervisory authority and, if applicable, affected individuals in accordance with the law.
14.2. Notification will be made promptly, no later than 72 hours after the breach is identified,
unless this is impossible due to specific circumstances.
Links to Other Websites
15.1. The Society's website may contain links to other websites. The Administrator is not
responsible for the privacy policies and data protection practices of external sites.
15.2. Users are advised to review the privacy policies of any external websites they visit.
Access to Data by Employees and Society
16.1. The Administrator limits access to personal data to employees and associates who need
it to fulfill responsibilities related to the Society's operations and user support.
16.2. All such individuals are obliged to maintain data confidentiality.
Transfer of Data Outside the EEA
17.1. If personal data is transferred outside the EEA, the Administrator ensures adequate
protection by using safeguards such as Standard Contractual Clauses approved by the
European Commission.
17.2. Data will only be transferred outside the EEA if necessary to perform agreements with
users or to comply with legal obligations.
GDPR Compliance
18.1. The Administrator is committed to complying with the GDPR and all other applicable
data protection laws.
18.2. All data processing activities and procedures within the Society are aligned with GDPR
requirements and relevant legal provisions.