Hestia Artistic Journey Foundation (APH)
The safety and confidentiality of your data has been our top-priority. We would like to reiterate to have been abiding by the regulations and will remain doing so in order to ensure protection of the data bestowed by applying adequate technical and organizational measures, including respective protection of data whenever designing new services and solutions.
The hereby policy aims at specifying the terms of notifying clients and involved third parties of the objective, range and categories of the data processed, applicable time frame and data providers’ rights. The aforementioned framework remains in compliance with the (applicable as of May 25th, 2018) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the so-called GDPR General Data Protection Regulation or RODO):
Your personal Data Processor is Hestia Artistic Journey Foundation, HQ address: Sopot (81-731), Hestii 1; entered into the National Court Register (Krajowy Rejestr Sądowy – KRS) of Associations, Other Social and Professional organizations, foundations and public institutions of social service, under the following: KRS 0000518962, NIP (tax ID no) 5851469283 and REGON (company ID no) 222134421 established by the notary act as of June 30th, 2014, by the notary office of Anna Tarasiuk by ERGO Hestia (Sopockie Towarzystwo Ubezpieczeń ERGO Hestia Spółka Akcyjna) with its registered office in Sopot.
As a Data Processor we are bound to protect your personal data and its lawful processing in compliance with binding legal regulations. Shall a need occur to contact the Processor on the matters of your personal data protection do notify the Data Protection Officer (DPO) via contact point e-mail: firstname.lastname@example.org or by mail at the Foundation’s HQ address provided.
In order to protect your personal data and the lawful use of the processing itself, we have undertaken the Evaluation of Data Processing Outcomes, considering stakes of its lawful processing and the risk analysis of our security provisions. Currently, we are applying top-notch, verified and functional prevention security measures and data processing monitoring mechanisms, data portability and granted access in order to secure not solely the lawful processing, but also to remain in compliance with best practices applied in terms of data securing and IT solutions. Provided data, is retained and restricted to the European Economic Area (EU).
CATEGORIES OF PERSONAL DATA
The categories of personal data processed, whether provided directly by the interested parties or shared on their behalf, or personal data gathered from open-source, public known domains, may include, among other: the name and surname, an e-mail address, contact data such as phone or mailing address. In the light of our current scope of activities, we are bound to inform you, that we do process (or may process) personal data in the following processes:
- Personal data of our clients and points of contact persons.
Data processing is required by law to comply with our obligations and enforce our agreements to provide clients with top-notch quality services. The failure in providing the indispensable data shall carry with it the impossibility to process the information, therefore dismissal of your application or exclusion from concluding contract.
All personal data, whether of particular clients or entities, shall be retained for the time of service provision and 5 consecutive years after the contract was accomplished. (art. 6, par. 1, point b of GDPR/RODO).
- Personal data of those interested in co-operation.
Although the provision of data is voluntary, it is indispensable to initiate co-operation with new clients, based on their expression of interest in our services, solely for the time of negotiation and trade process.
The aforementioned data provided is based on an explicit consent and in compliance with the specific scope (art. 6, par. 1, point a of GDPR/RODO).
- Personal data of our contractors and trusted partners.
Data processing is done as necessary to comply with our obligations and enforce our agreements to provide and secure rightful co-operation with our contractors, in compliance with binding legal regulations.
The failure in providing data shall carry with it the impossibility to accomplish the aforementioned objectives. All personal data, whether of particular clients or entities, shall be retained for the time of service provision and 10 consecutive years after the contract was accomplished, yet not less than required by law (if applicable) (art. 6, par. 1, point b of GDPR/RODO).
- Data used for newsletters circulation and marketing
The provision of data is voluntary. Newsletter content is provided based on explicit consent to receive it on subscription basis. Your personal data shall be processed for purposes of information and marketing until your consent is withdrawn. (art. 6, par. 1, point a GDPR/RODO).
- Trusted partners data
Data processing is necessary to comply with legal obligations, such as accounting regulation, which provides the time framework for data processing for 6 consecutive years (in compliance with current legal framework – 5 full years). The failure in providing data shall carry with the impossibility to conclude a contract (art. 6, par. 1, point c GDPR/RODO).
- Contractors and job applicants data
Data processing is necessary to comply with legal obligations, such as the labour code, which provides legal framework for time scope of data processing in compliance with law. The failure in providing data shall carry with the impossibility to conclude a contract (art. 6, par. 1, point c GDPR/RODO).
Job applicants data is provided based on their explicit consent and may be processed for the time of recruitment process. Shall a candidate grant a separate consent on retaining and processing data for the sake of future recruitment process, we may retain it for up to 1 year onwards (art. 6, par. 1, point a GDPR/RODO).
Data obtained as a result of vision surveillance is being processed for personal and property security reasons, considered to be a justified cause. Data gathered in the aforementioned manner is retained for up to 1 month onwards. (art. 6, par. 1, point f GDPR/RODO).
- Mail contact or form filling contact
Processing data is done as necessary to comply with our obligations and enforce our agreements to provide our service, while addressing client enquiries by e-mail, text message or phone. Providing data is voluntary. (art. 6, par. 1, point a GDPR/RODO).
GDPR COOKIE CONSENT
The Processor uses ‘cookies’ (files of respective website stored and retained by the browser), in order to improve the customer experience. Cookies may be consequently stored at the user’s hard drive or device’s memory. Using cookies improves navigation process the Processor’s website, moreover, may foster recognition of user preference within the website. We are bound to inform you of the possibility to decline or delete such files off the hard drive. This may, however, affect some functions. The way of introducing such amendments depends on the internet browser used. Alterations may be implemented by adequate configuration of browser’s settings or your device settings.
Failure to alter the aforementioned settings may and will be interpreted as a consent to accept cookies. One needs to bear in mind, however, that failure in accepting cookies might affect, or fully prevent from using selected functions of the website. The Processor’s website in question applies cookie technology to track user preference and better understand how they find and use our web pages and their journey through the website. Collected data may be subject to profiling and marketing purposes such as creating personalized recommendations or assembling demographic reports. For the sake of compliance with the objective, the Processor uses Google Analytics to track users interactions at APH website.
- Moreover, the Processor informs of a possible automatized decision making process, regarding data processing, including but not limited to profiling and targeting, yet not affecting conclusion or refusing to conclude a contract or providing a service.
- One of the outcomes of profiling based on subscription might be a bonus or targeted marketing recommendation based on customer preference. In each and every case, the person in question shall make a voluntary decision whether to benefit from the profiled marketing recommendations or not.
PERSONAL DATA PORTABILITY POLICY
Personal data may be shared with the following:
- entitled employees or trusted partners of the Processor, trusted partners, whenever they provide the Organizer with particular outsourced services, including IT, accounting, legal and counseling – based on a adequate contract;
- couriers, carriers, transport and dispatch entities – restricted to indispensable actions required to provide service for the Client;
- Technical and organizational support units and legal entities in compliance with binding legal regulations.
Each and every aforementioned case should require updating and amending data, while considering your privacy, all personal data shall be minimized to the extent allowing for rightful data processing.
LEGAL RIGHTS OF DATA PROVIDERS
The Processor acknowledges that at each and every stage of data processing you have the right:
- to access your personal data, including the information on the scope of data being processed, and access to its copies;
- to correct and amend inaccurate data, including a restrain its processing, should there be no other legal circumstances preventing it;
- to delete your data ultimately (‘the right to be forgotten/ to vanish’), should there be no other legal circumstances;
- to defy automated profiling decisions;
- to lodge an objection to inaccurate data processing, had it occurred, (including the right to withdraw the consent at any time with no impact, however, on the lawful processing based on hereby given consent prior to its withdrawal);
- to cession data to be processed by a different Data Processor, should the data be processed in compliance with granted consent or binding contract;
- to lodge a complaint. Shall you consider the compliance of processing of your personal data in breach with the GDPR (RODO) a query can be lodged and directed to the supervisory body responsible for personal data protection. In the Republic of Poland it would be the President of Personal Data Protection Office, shall you consider the compliance of processing of your personal data in breach with the GDPR (RODO);
In order to ensure the rightful response to your inquires and due diligence while these are being processed, you may apply to acknowledge your rights with a respective request sent to the following address: email@example.com. Each and every application might require individual consideration and is processed in compliance with binding legal regulations.
We need to reiterate that that the eligibility for particular right may depend on the legal framework applied for the specific objective of processing your data and, e.g. whether the processing of data is bound with the performance of a contract or service.
Your inquiries shall be processed without undue delay, up to one month since the query was lodged. It may occur, however, that due to the nature of the request we may not be able to comply within such a time framework. Should such a case occur, you will be duly notified of the delay and the circumstances.
Similarly, should such circumstances occur, we are bound to inform you about the decline to accept and execute the inquiry.
Please be advised that the first inquiry is processed free of charge, however, in the event that your request is unfounded or may be considered excessive, we preserve the right to charge a fee consecutive provision of information.
You will be informed immediately about the fee or any other circumstances preventing us from addressing the inquiry.
Moreover, should we be unable to identify you as being authorized to collect data, in order to protect the information provided, we may apply changes of protocol or procedure of data provision which you will be duly notified of.
In the event of exercising the right to data portability, the Data Processor shall send such data directly to another Data Processor, if only technically viable. The inquirer applying for the exercise of this right shall be informed of the portability options.
Hereby presented rules are effective as of May 25th ,2018. until further notice and fulfill the legal obligation resulting from art. 13 – 14 GDPR/RODO. We reserve the right to alter the applicable rules, whenever this may foster improvement in the quality of our services provided and to respect your rights and privacy.
Hestia Artistic Journey Foundation
I hereby confirm to have read and consent