Privacy and Cookies Policy

Version in force since 25 May 2018

The Controller of your Personal Data:

1) The Controller of your personal data (‘Personal Data’) collected via the website in the domain at the address www.enrs.eu (‘Website’), excluding the personal data for which separate rules regarding their processing have been developed and published on the Website, shall be the state cultural institution Institute of the European Network Remembrance and Solidarity seated in Warsaw at ul. Zielna 37, 00-108 Warsaw, acting on the basis of an entry into the register of cultural institutions kept by the Minister of Culture and National Heritage under the number of RIK 90/2015, holding the unique taxpayer’s NIP number 701-045-62-60 (hereinafter the ‘Controller’). You can get in touch with the Controller using the following email address: ado.enrs@enrs.eu.

2) You can get in touch with the personal data inspector Adam Barbasiewicz by sending a message to the following email address: iod.enrs@enrs.eu.

3) Your Personal Data shall be processed by the Controller pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L No 119), hereinafter the ‘GDPR’, in order to analyse the traffic on the Website as well as to promote the Controller’s own activities. The Controller also uses IP addresses collected in the course of internet connections for technical purposes related to server administration. We make information concerning the way you use our Website available to our analytical partners. The partners may combine such information with other data received from you or acquired when their services are used. Additionally, IP addresses serve to collect general statistical information. The Controller uses cookies in order to collect information related to your use of the Website. Cookie files are IT data, in particular small text files, saved and stored on devices by means of which you use the pages of the Website. Such files make it possible to:
a) adjust and optimise the operation of the Website to the needs of its users;
b) generate viewing statistics concerning subpages of the Website;
c) personalise marketing messages;
d) ensure an appropriate security level and reliability of the operation of the Website.

4) The Website uses session cookies, which are deleted once the web browser window has been closed, and persistent cookies, saved on devices by means of which a given natural person uses the Website over a period set in the parameters of the cookies or until their deletion. The Website uses, inter alia, the following types of cookies:

A. Types of cookies in terms of their indispensability for service provision:

Essential:
They are absolutely indispensable for the correct operation of the Website or the functionalities which the users wishes to use.
They are vital for the operation of the Website: they serve to enrich the functionality of the Website, which will operate correctly without them yet will not be adjusted to the user’s preferences.

B. In terms of time over which a cookie will be present on the user’s end device:

Session cookies: a cookie inserted for the time when the browser is used (a session) and deleted once the session is terminated

Persistent cookies: a cookie not deleted after the browser has been closed and remaining on the user’s device for a specific time or without an expiry date depending on the settings of the website owner

C. In terms of the origin of the cookies:

First-party cookie: a cookie inserted directly by the Website owner

Third-party cookie: a cookie inserted by external entities whose website components have been activated by the Website owner

Note: Cookies may be activated by the Controller by means of scripts, components present on servers of the Controller’s partner, located elsewhere – another country or even a completely different legal system. In the case of the activation by the Website Controller of Website components from outside of the Controller’s system, other standard cookies policy rules may be applicable than the cookies policy of the Controller.

D. In terms of the purpose they serve:

Security and of reliability of the Website: They facilitate authenticity verification and Website efficiency optimisation

Session status: They facilitate recording of information on how the users use the site. They may concern most frequently visited websites or possible error messages displayed on certain Website pages. The cookies serving to save the ‘session status’ help improve services and page viewing comfort.

Processes: They facilitate efficient operation of the Website itself and the functions available thanks to it

Location: They facilitate the adjustment of the information displayed to the user’s location

Analysis and research, viewing audit: They facilitate the Controller’s better understanding of its users’ preferences as well as improving and developing products and services through analysis

E. Types of cookies in terms of user privacy interference:

Harmless: They include cookies:
- indispensable for the correct operation of the Website
- necessary for making it possible for a Website functionality to operate, yet their functioning has nothing to do with tracking the user

Probing: Used to monitor user behaviour yet excluding information making it possible to identify a specific user.

5) In many cases, internet site browsing software (a web browser) by default allows cookies storage on the end device via which the Website is used. Each Website user may, on their own and at any time, change the settings related to cookies, specifying the conditions of their storage and access to the user’s device. The change of settings referred to in the preceding sentence may be effected by the user via web browser settings or service configuration. Such settings may be changed in particular in such a way as to block automatic support of cookies in web browser settings or provide information on each cookie insertion on the user’s device. Detailed information concerning cookies management possibilities and options is available in software (web browser) settings.

6) Using the Website, despite not having performed any changes in those settings, each of the users grants their consent to the use, by, inter alia, the Controller, of cookies and their insertion on the end device by means of which the Website is used as per the current browser settings and provisions of this Cookies Policy. The user may at any time remove cookies using the functions available in the web browser via which they use the Website. Restricting the use of cookies may have an impact on some functionalities available on the Website. The Controller informs you that once the user or another natural person has been connected to the Website, information about the number (including IP) and type of the user’s end device used for the connection with the Website appears in the Website system logos. The Controller informs you that it is going to also process, in compliance with legislation in force in Poland, data concerning the number (including IP) and type of the end device of the user or another natural person using the Website as well as the duration of the connection of the persons referred to above with the Website and other exploitation data related to the activity of the user or another natural person on the Website.

7) The Controller also uses services of third parties, such as Google (in compliance with the definition below), which may use cookies for the following purposes:
a) Website traffic monitoring;
b) collection of anonymous collective statistics which facilitate understanding of the way the user uses the Website and make it possible for the Controller to constantly improve its services;
c) learning about the number of anonymous users of the Website;
d) verification of the frequency with which the user is shown selected content;
e) analysing the frequency of the user’s interest in a given website service or content.

8) Your Personal Data shall be processed on the basis of the following legal bases:
a) pursuant to Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) pursuant to Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Controller, i.e. making statistical measurements, improving the operation of the Website as well as promoting its own activities.

9) Your Personal Data shall be received by the following categories of entities:
- providers of technical services or other serviced in the internet (including, for instance, telecommunication and hosting services, owners of servers and spaces where data are stored, inter alia Google LLC) by means of which the Controller carries out its activities,
- the company Google LLC of Delaware, referred to in paragraph 21) below.

10) Your Personal Data shall be processed as of their submission throughout the period indicated in paragraph 4) B. above, subject to a possible earlier termination of the processing of personal data to the processing of which a consent has been granted, i.e. upon the revocation of such consent.

11) You shall have the right to request from the Controller access to your Personal Data, i.e. you can obtain from the Controller a confirmation whether Personal Data concerning your person are processed, and if that is the case you shall be entitled to information as to such processing in the scope provided for in Article 15(1) of the GDPR and you may receive from the Controller, free of charge, one copy of the Personal Data subject to processing, while the Controller may charge you for each successive copy.
You may send the request referred to in this paragraph to the following email address: iod.enrs@enrs.eu

12) You shall have the right to request from the Controller that your incorrect Personal Data be rectified without delay as well as to request (considering the purpose for which the data are processed) that incomplete Personal Data be completed. You can make that latter request by means of submitting an additional declaration.
You may send the requests referred to in this paragraph to the following email address: ado.enrs@enrs.eu

13) You shall have the right to request from the Controller that your Personal Data be erased without delay and the Controller shall be obliged to erase such Personal Data without undue delay (subject to the exceptions provided for in Article 17(3) of the GDPR), in the case of one of the following circumstances:
a) your Personal Data are not necessary any more for the purposes for which they were collected or otherwise processed;
b) you have revoked your consent which is the basis for the processing of your Personal Data and there exists no other legal basis for their processing;
c) you have objected pursuant to Article 21(1) of the GDPR against the processing of your Personal Data and there are no overriding legitimate grounds for the processing, or you have raised the objection referred to in the last sentence of paragraph 16 below (objection against Personal Data processing for the purposes of direct marketing, including profiling);
d) your Personal Data have been unlawfully processed;
e) your Personal Data have to be erased for compliance with a legal obligation;
f) your Personal Data have been collected on the basis of a consent expressed by an authorised entity or entities, in relation to the offer of information society services directly to a child, referred to in Article 8(1) of the GDPR.
You may send the request referred to in this paragraph to the following email address: ado.enrs@enrs.eu

14) You shall have the right to request from the Controller that the processing of your Personal Data be restricted, when:
a) you contest the accuracy of the Personal Data - for a period enabling the Controller to verify their accuracy;
b) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
c) the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
d) you have objected to the processing of your Personal Data pursuant to Article 21(1) of the GDPR (described in the second sentence of paragraph 16 below) pending the verification whether the legitimate grounds of the Controller override yours.
You shall be informed by the Controller before the restriction of the processing of your Personal Data referred to above is lifted.
You may send the request referred to in this paragraph to the following email address: ado.enrs@enrs.eu

15) You shall have the right to transmit the Personal Data you provide, i.e. you shall have the right to receive from the Controller, in a structured, commonly used and machine-readable format, your Personal Data you provide the Controller with and that you shall have the right to transmit those Personal Data to another controller unhindered by the Controller, if the processing takes place by automated means and is performed on the basis of consent granted or a contract.
In exercising the right referred to above, you shall have the right to request that the Personal Data be transmitted directly from one controller to another, where technically feasible.
You may send the request referred to in this paragraph to the following email address: ado.enrs@enrs.eu

16) You shall have the right to object to the processing of your Personal Data pursuant to Article 21 of the GDPR. This right, however, shall concern only cases where there are reasons related to your special circumstances and the processing: a) takes place on the basis of legitimate purposes pursued by the Controller or a third party, or b) is necessary for the performance of a task carried out by the Controller in the public interest or in the exercise of official authority entrusted to the Controller, including the performance of profiling on the bases specified in letters a) or b) above. You shall have the right to object to the processing of your Personal Data also when on the basis of legitimate interests pursued by the Controller or a third party they are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
You may send the objection referred to in this paragraph to the following email address: ado.enrs@enrs.eu

17) You shall have the right to revoke your data processing consent at any time with no bearing on the legality of the processing performed under the consent prior to its revocation – this pertains to cases when your data are processed on the basis of your data processing consent.

18) Pursuant to Article 77 of the GDPR, you shall have the right to lodge a complaint with the President of the Office for Personal Data Protection (Polish abbreviation: ‘PUODO’) or another body competent for personal data protection to replace the PUODO, as well as another supervising authority, should you find that the processing of your Personal Data infringes on the provisions of the GDPR.

19) The submission of your Personal Data shall be voluntary, yet not submitting them shall make it impossible for you to use the Website.

20) You shall not be subject to any decisions based solely on automated processing which produce legal effects concerning you or similarly significantly affect you.

21) As part of Website operation, the Controller also uses Google Analytics, a service of website viewing analysis, i.e. tools made available by Google (in compliance with the definition below). The Controller intends to transfer the personal data of Website users to the company Google LLC of Delaware seated at Amphitheatre Parkway nr 1600, Mountain View, California 94043, USA (‘Google). The Controller informs you that Google Analytics uses cookies. You can find more details concerning this on: https://policies.google.com/technologies/partner-sites?hl=pl. Google is going to use that information in order to assess the way you use the Website, generate website traffic reports for the Website Controller as well provide other services related to Website traffic or internet use. You may make it impossible for Google, as well as any other entity, to collect and process data from cookies (including the IP address) by downloading and installing relevant applications on your end devices (such possibility is available, for example, here: https://tools.google.com/dlpage/gaoptout/). The Google Analytics functions activated in the Website are:
• Google Analytics demographic data and interest reports;
Using the Website, without a prior change of the settings, you grant your consent to the processing of your data by the Controller and Google in the way and for the purposes specified above.
The Controller uses services offered by Google, which may process (including transmit and store) them also outside of the European Economic Area (EEA), including the United States of America and other countries where Google or its partners has/have relevant infrastructure.
By its Decision 2016/1250, the European Commission found that the United States of North America ensured an adequate level of protection of personal data transmitted from the Union to entities in the United States in the context of the EU-U.S. Privacy Shield.
To ensure safety, contracts with Google LLC feature also standard contractual clauses approved by the European Commission. Google gives its assurances that when processing your personal data it at all times applies appropriate safeguards. You can find more details concerning this on: https://policies.google.com/privacy?gl=PL&hl=pl#enforcement