The following document defines the rules of processing User’s personal data and access to information collected through Cookies, in order to fulfill the obligations and services provided to the User electronically by the ART TRANSPARENT Foundation, 59-069 Wrocław, ul. Ofiar Oświęcimskich 1/2.
Controller – ART TRANSPARENT Foundation, 59-069 Wrocław, ul. Ofiar Oświęcimskich 1/2 as the owner and operator of the www.arttransparent.org portal.
Cookies – IT data, especially small text files, recorded and stored on devices used to access the Portal websites by the User.
Controller’s Cookies – Cookies placed by the Controller, related to the provision of services by electronic means by the Controller via the Portal.
External Cookies – Cookies placed by the Controller’s partners (e.g. Google, Facebook) via the Website.
Server Logs – files located on the server that collect information about server activity, e.g. requests sent by an internet browser or errors in the functioning of an application.
Portal – www.arttransparent.org website, used by the Controller to conduct its activity in the internet.
Device – electronic device used by the User to obtain access to the Portal.
User – an entity which, in accordance with the Rules and the provisions of applicable laws, may be provided services by electronic means or which may conclude an Agreement on provision of services by electronic means.
Personal Data – means information about an identified or identifiable natural person – data subject; an identifiable natural person is a person who can be identified, directly or indirectly, in particular based on an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing – means an operation or a set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling – means any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects concerning the effects of the natural person’s work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Sources of data
1. The Portal obtains data, including personal data about the User and his/her behaviour, by:
a. Voluntary provision of data by the User in a form.
a. Placing Cookies on a Device.
a. Collecting web server logs by the hosting operator.
III. Type of collected data
1. When ordering a newsletter, the User provides the following information:
a. e-mail address (obligatory);
2. When completing the contact form, the User provides:
a. full name (obligatory);
b. e-mail address (obligatory);
3. The Portal may also record information about connection parameters. The viewed resources are identified by URL addresses. The following may also be subject to recording:
a. time of request;
b. time of response;
c. client’s workstation name – identification via HTTP protocol;
d. information about errors that occurred during HTTP transaction;
e. URL address of the previously visited website (referrer link) – if the User entered the Portal through a link;
f. information about the user’s browser;
g. information about the IP address.
IV. The purpose of data processing
1. The data, including the personal data provided by the User at the time of signing up for the newsletter, are used for the purpose of sending information about exhibitions, program events, and other messages related to ART TRANSPARENT Foundation’s activity.
V. The purpose of data processing in cookies
2. Cookies are stored on the Device until the User leaves our website, closes the Internet browser or until they are deleted by the User.
3. The Data Controller is the entity that places Cookies on the Device and obtains access to them.
4. The Controller’s Cookies are used for the following purposes:
a. compiling statistics about the ways in which the users of the Portal use the websites, which allows to improve their structure and content.
5. External Cookies are used for the following purposes:
a. collecting general and anonymous statistical data via Google Analytics analytic tools (Cookies controller: Google Inc. with its registered office in the USA).
b. promoting the Portal with the use of interactive features of the Facebook.com social website (Cookies controller: Facebook Inc. with its registered office in the USA or Facebook Ireland with its registered office in Ireland).
7. The Data Controller recommends reading Google’s and Facebook’s privacy policies, which set out the rules for using Cookies used to compile statistics.
8. The User may view and edit information stored in Cookies collected by the Google advertising network using: google.com/ads/preferences/.
9. The default settings of the internet browser typically allow for storing Cookies on the Device. The User may delete the collected Cookies and block their further collecting by changing the settings of his/her internet browser.
VI. The purpose of data processing in server logs
1. Information about certain behaviours of the Users are recorded on the Controller’s server, on which the Portal is hosted. The data are used only for the administration of the Portal and the above-mentioned server.
The Data collected in server log files will not be combined with the User’s personal data.
VII. Sharing and processing of data
1. The data provided by the User in any of the forms will not be shared with third parties without the User’s consent.
2. The data provided by the User will not be shared with third parties, with the exception of IT companies that enable the ART TRANSPARENT Foundation to provide relevant services and who have concluded agreements on outsourcing of personal data processing.
3. The Data Controller is obligated to share information collected by the Portal with authorised bodies on the basis of lawful requests, to the extent resulting from such requests.
VIII. Period of data processing
1. The period of data processing by the Controller depends on the type of provided service and the purpose of processing.
2. In principle, the data are processed for the time of service provision or completion of an order, until the time of withdrawal of consent, or submission of an effective objection to the processing of data in the cases where the legal grounds for processing of the data is the Controller’s legitimate interest.
3. The period of data processing may be extended in the case where processing is necessary to establish, pursue or defend against possible claims, however, not longer than for 10 years. After this time – only in the case and to the extent required by law. After the expiry of the period of processing, the data are irreversibly deleted or anonymised.
IX. Legal grounds for the processing of data provided in the form
The personal data from the form are processed pursuant to Article 6(1)(a) of the General Data Protection Regulation, i.e. the data subject’s consent.
X. Legal grounds for the processing of data in cookies and logs
The personal data stored in cookies are processed pursuant to Article 6(1)(a) of the General Data Protection Regulation, i.e. the data subject’s consent. The processing is necessary for purposes resulting from legitimate interests of the Controller (internet analytics / statistics on the use of the Portal by the Users).
XI. User’s Rights
1. The User has the right to access his/her personal data, the right to request their rectification, erasure or restriction of their processing, the right to data portability, the right to object, the right to withdraw consent at any time, which does not affect the lawfulness of processing based on the consent before its withdrawal.
2. The User has the right to lodge a complaint with the PDPA, if he or she finds that the processing the User’s personal data violates the provisions of the General Data Protection Regulations of 27 April 2016 and the provisions of the act of 10 May 2018 on personal data protection (Journal of Laws of 2018, item 1000).
The Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy is published on the Portal and enters into force on the date of its publication.