General Personal Data Processing Information

  1. We inform that with the entry into force on 25 May 2018 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), your data controller is the Kosciuszko Institute Association (hereinafter ‘the Association’), with its registered seat in Krakow, William Feldman 4/9-10, 31-130 Krakow, entered into the register of associations, other social and professional organisations, foundations and independent public healthcare institutions of the National Court Register by the District Court for Krakow Śródmieście in Krakow, XI Commercial Division, under Registration No 0000145838, TIN 6751302992, REGON No 356683760.
    ‏‏‎ ‎‎
  2. You can contact the controller by sending a message to the following e-mail address: rodo@ik.org.pl or by posting a letter to the address of the registered office of the Kosciuszko Institute Association: Wilhelma Feldmana 4/9-10, 31-130 Krakow. 
    ‏‏‎ ‎‎
  3. Your personal data: name and surname, nationality, employment-related data (workplace and job title), phone number and contact e-mail address will be processed:
    a) for the purposes of registering you for the conference organised by the Association, and if you qualify, of assisting in the organisation of a conference that is part of the CYBERSEC project, and providing you with current information and logistic service; the legal basis for processing is the execution of the contract to which the data subject is a party (Art. 6 (1)(b) of GDPR), and the consent you have given – as the extent to which the provision of data is optional (Art. 6(1)(a) of GDPR); 
    b) for the purpose of sending marketing messages by the Association; the legal basis for processing is your consent (Art. 6 (1)(a) of GDPR) and the legitimate interests of the controller (Art. 6(1)(b)(f) of GDPR). The legitimate interests of the controller involve sending you marketing messages by phone, email or by a newsletter, depending on the channel of communication you have consented to; 
    c) for the purposes of data processing in order to send marketing messages relating to the strategic partners of the conference whose list is constantly updated and available at www.cybersecforum.eu; the legal basis for processing is your consent (Art. 6(1)(a) of GDPR); 
    d) for the purposes of establishing or investigating any claims or defending against such claims by the Association; the legal basis for data processing is the legitimate interest of the Association (Art. 6(1)(f) of GDPR). The legitimate interests of the Association involve determination, investigation or defence against legal claims.  
    ‏‏‎ ‎‎
  4. Your personal data may be transferred to selected partners of the CYBERSEC conference, entities processing personal data on behalf of the controller, for example IT service providers, service companies (e.g. freight), hotels, accounting service providers with which the controller has signed relevant agreements, printing houses in order to produce conference materials and postal service providers/couriers to deliver documents if the need arises. Every time your data is transferred to entities outside the EEA, the Association shall introduce adequate safeguards to ensure that this transfer is carried out in accordance with the applicable data protection rules. For more information on the transfer of data outside the EEA can be found in the Privacy Policy.  
    ‏‏‎ ‎‎
  5. Your personal data processed in connection with the organisation of the conference will be processed in the period of time necessary to organise and conduct the conference. The processing period may be extended each time by the limitation period for claims if the processing of your personal data will be necessary for the establishment or investigation of any claims or defence against such claims by the Association. After this period, the data will be processed only to the extent and for the time required by law. If you have given consent to the processing of data for marketing purposes, the data will be processed until the withdrawal of consent or raising objections to the processing of data. 
    ‏‏‎ ‎‎
  6. You have the right to access your data and to request their rectification, erasure, restriction of processing, as well as the right to transfer data and the right to object to the processing of data and the withdrawal of consent. 
    ‏‏‎ ‎‎
  7. Each expressed consent may be withdrawn at any time. Withdrawal of consent does not affect the legality of the processing carried out prior to its withdrawal. For evidence purposes, the Association asks for the withdrawal of consent to be sent via electronic channels.   
    ‏‏‎ ‎‎
  8. You have the right to lodge a complaint with a personal data protection competent supervisory authority if you believe that the processing of your personal data violates the GDPR.  
    ‏‏‎ ‎‎
  9. The Association requires personal data (in addition to the date and place of birth, gender and passport details) to register you for the conference and offer additional services, such as booking of accommodation or airport transfer. Should personal data not be provided, participation in the conference will not be possible. Providing these data is required for booking flight tickets to the conference. Should personal data not be provided, the purchase of flight tickets by the Association will not be possible. 
    ‏‏‎ ‎‎