Pursuant to Art. 173 of the Telecommunications Law, we would like to inform you that by continuing to browse this website, you consent to the so-called cookies being saved on your computer. cookies. Cookies allow us to collect information about website viewing statistics. If you do not agree to saving them, change the settings of your web browser.
1. Data Controller: EXELMEDIA Ltd. with its registered office in Opole, ul. Głogowska 23C, KRS: 0000535644, REGON: 360329184, NIP: 7543087865, CEO: Marcin Atamańczuk / Proxy: Paweł Oleś (hereinafter referred to as "Company").
2. Providing any personal data is voluntary, but it is necessary to achieve the purpose or take actions related to their provision.
3. The Administrator processes the following Customer data:
a. Last name and first names,
b. Business name,
c. Email address,
d. Phone number,
e. Address and postal code,
f. Tax identification number (NIP),
g. Activity regarding the use of individual services,
h. Personal data or information to which we are obliged to collect under applicable legal acts, recommendations, or guidelines.
The Administrator also processes the email address, phone number, and name of the newsletter recipient. For employees, the scope of processed data is determined by personnel regulations.
4. Based on Article 6 of the General Data Protection Regulation (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR, the legal basis for the processing of personal data by the Administrator is the consent of Users, legal obligation, and the performance of the contract.
5. Data Processing Purposes:
a. Sale of services and products offered (Article 6(1)(b) GDPR),
b. Proper execution of contracts with exelmedia (Article 6(1)(b) GDPR),
c. Delivery of informational and advertising mailings with user's consent (Article 6(1)(a) GDPR),
d. Ongoing informational, educational, and advertising communication with recipients.
6. Persons with Access to Personal Data: All members of the Company's team have access to personal data. Access to individual categories of persons is separated by restricting technical permissions to access the shared drive or folder. Similarly, documents are physically secured in key-locked cabinets. The list of external entities with access to personal data can be found here.
The privacy policy of each of these entities is available on their websites provided in the above link. These entities guarantee compliance with the Regulation or standards equivalent to the Regulation regarding the protection of personal data, and the Administrator's use of their technology in personal data processing is in accordance with the law. Agreements for data processing have been concluded with these entities, usually in the form of updates to their regulations.
The Administrator will not sell or transfer customers' personal data to entities other than those listed in the link.
The user acknowledges that their personal data may be disclosed to authorized state authorities in connection with proceedings conducted by them, at their request and upon meeting the criteria confirming the necessity of obtaining this data from us.
7. User's Rights:
a. Right to withdraw consent – withdrawal of consent may, however, prevent further use of services that the Administrator can provide only with consent. Moreover, withdrawal of consent does not make the processing of personal data until the withdrawal unlawful.
b. Right to object to data usage – if the Administrator processes data based on a legitimate interest, the User may object to their use. If the objection proves valid, and the Administrator has no other legal basis for processing the data, the data subject to objection will be deleted.
c. Right to erasure of data ("right to be forgotten") – the Administrator will delete data upon request in case of consent withdrawal, legitimate objection to marketing or statistical use, unlawful processing, or when they are no longer necessary for the purposes for which they were collected or processed. The Administrator reserves the right to retain certain personal data to the extent necessary for backups or for the purpose of establishing, investigating, or defending claims and relationships with state authorities.
d. Right to restrict data processing – in case of questioning the correctness, legality, or necessity of data processing and filing an objection.
e. Right of access to data – the Administrator undertakes to confirm the processing of personal data when it occurs. In such a case, the User has the opportunity to obtain a copy of the data, access them, and obtain information contained in this Policy and any other requested information.
f. Right to rectify data – the Administrator undertakes, upon request of the User or Customer, to rectify inaccurate data and supplement incomplete data.
g. Right to data portability – upon request of the user or customer, the Administrator will send, in the form of a file in pdf or other agreed format, personal data to the requesting party or directly to another Administrator indicated by them.
h. In addition, the User has the right to lodge a complaint with the President of the Personal Data Protection Office.
The Administrator ensures the exercise of rights by writing an email to bok@exelmedia.pl, clearly specifying in the subject line which right the User wishes to exercise. The Administrator will fulfill the request within 30 days after receiving the message.
8. Data Storage
a. The data retention period will not be shorter than required by applicable laws (special acts), including but not limited to the Accounting Act, Tax Ordinance, Act on Pensions and Disability Pensions from the Social Insurance Fund, or the Act on Social Insurance System.
b. Data of newsletter recipients will be kept until a request for their deletion is submitted,
c. Customer data will be stored until the expiration of the limitation period for claims arising from them.
The Company undertakes to destroy temporarily created documents containing personal data (e.g., a list of participants in a specific event or classes) and ensures the circulation of data and their minimization in accordance with the procedures recorded in the Register of Processing Activities.
The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data covered by protection, in particular, securing data against unauthorized access, taking by an unauthorized person, processing in violation of applicable law, and change, loss, damage, or destruction.
The Personal Data Administrator hereby informs that it has not appointed a Data Protection Officer (DPO) and independently performs duties related to the processing of personal data.