PRIVACY POLICY
1. Definitions
1.1.Controller - PROCTER AND GAMBLE POLSKA Spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw (postal code: 03-872), at ul. Zabraniecka 20, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw – 14th Commercial Division of the National Court Register, ul. Czerniakowska 100, 00-454 Warsaw, under KRS number 0000013964, with share capital of PLN 20.7 million, REGON: 012010319, NIP (Tax Identification Number): 5260211535.
1.2.Personal Data - information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
1.3.Policy - this Privacy Policy.
1.4.GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5.Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.6.Terms and Conditions - the terms and conditions of the App are available on the App store and Google Play
1.7.App - a conference app operated by the Controller, available for download on the Apple Store and Google Play.
1.8.User - any natural person visiting the Application or using one or more of the services or functionalities described in the Policy.
1.9.Participant - a natural person cooperating with the Controller on the basis of a service or business cooperation agreement, who received an invitation from the Controller to download and use the Application for the purpose of participating in an internal corporate event, and logged in to it using his/her corporate Microsoft account.
1.10.Other capitalized terms in the Policy that are not defined in sections 1.1. to 1.9. above shall be given the meaning as defined in the Terms of Use.
2.Data processing in connection with the use of APLICATIONS
2.1.In connection with the User's use of the Application, the Controller collects data to the extent necessary to provide the individual services offered, as well as information about the User's activity in the Application. The detailed principles and purposes of the processing of the Personal Data collected during the User's use of the Application are described below.
3.Purposes and legal basis of data processing in APLIKATION
USE OF THE APPLICATION
3.1.The personal data of all persons using the Application (including IP address or other identifiers and information collected through cookies or other similar technologies), and who are not Participants (i.e. persons who do not have an Account in the Application), are processed by the Controller:
3.1.1.for the purpose of providing electronic services in terms of providing Users with access to the content collected in the Application, including for the purpose of handling complaints - in which case the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) GDPR);
3.1.2.for the purpose of possibly establishing and investigating claims or defending against claims - the legal basis for processing is the Controller 's legitimate interest (Article 6(1)(f) GDPR) in protecting your rights.
3.2.The User's activity in the Application, including his/her Personal Data, is recorded in system logs (a special computer program used to keep a chronological record containing information about events and activities that concern the IT system used to provide the Controller's services). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the Controller's legitimate interest (Article 6(1)(f) GDPR).
ACCOUNT AND FORMS
3.3.As part of the Application, the Controller provides selected Users with an Account service, which allows them to use the functionality of the Application. The use of the Account and the functionalities provided within it requires logging in to the Application via a corporate Microsoft account. In order to log in to the Application, you must download the Application from the App Store or Google Play. The processing of Personal Data is necessary for the establishment and operation of the Account and failure to do so will result in an inability to log in to the Application. In connection with the use of the Account, the Personal Data will be processed for:
3.3.1.in order to provide the service electronically in terms of making the Account service available to Users, including the handling of complaints - in which case the legal basis for the processing is the necessity of the processing for the performance of the agreement (Art. 6(1)(b) GDPR);
3.3.2.in order to possibly establish and assert claims or defend against claims - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of his/her rights.
3.4. Within the Account, the Participant has the possibility of confirming his/her participation in Tech Hub Summit 2025 and taking part in the survey by means of a dedicated registration form. The rules for the organisation of the Tech Hub Summit 2025 are set out in separate regulations, which are available on the Application. The processing of Personal Data in order to use the registration form is necessary, and failure to do so will result in the impossibility of confirming participation in the Tech Hub Summit 2025 Providing Personal Data in order to participate in the survey referred to in paragraph 3.5.2. is voluntary.
3.5.The use of the registration form involves the processing of Participants' Personal Data for the following purposes:
3.5.1.in order to handle the registration of participation in Tech Hub Summit 2025- the legal basis of the processing is the necessity of the processing for the conclusion of a contract and the performance of a contract to which the Data Subject is a Party(Art. 6.1.b GDPR);
3.5.2.in the case of answering voluntary questions in order to carry out a survey on the interest in particular discussion panels during Tech Hub Summit 2025 - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting of adapting the subject matter of the event to the interests and preferences of the Participants;
3.5.3.for the purposes of possible establishment and investigation of claims or defence against claims - the legal basis of the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights.
3.6.The Controller provides the possibility to ask questions about the organised event in the Application through a dedicated form. The questions are not made available to other Users - only Żabka Polska has access to them. When using the form to ask questions, Personal Data will be processed in order to:
3.6.1.to handle the request and answer the question asked - the legal basis for processing is the necessity of the processing for the performance of the contract for the provision of the service (Article 6(1)(b) of the GDPR); with regard to the processing of optional data, the legal basis for processing is the consent given (Article 6(1)(a) of the GDPR).
3.6.2.for the purposes of possible establishment and investigation of claims or defence against claims - the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of the User's rights.
3.7.If the User posts any Personal Data of others on the Application, he/she may only do so on the condition that he/she does not violate the law or the personal rights of those persons.
4.Cookies and similar technology
4.1.Cookies are small text files installed on the User's device. Cookies collect information to facilitate the use of the Application - e.g. by storing information about the User, e.g. concerning login. The Controller uses its own files in the Application, which are installed directly by the Application.
4.2.The Application uses cookies to ensure the correct functioning of the Application.
4.3.Below are details of the cookies that the Controller uses on the Application. The Controller uses regular tools to scan the Application to determine what cookies are stored on the User's device, so that the list of cookies used is as accurate as possible. The Controller uses the following categories of cookies: essential and functional.
ESSENTIAL COOKIES
4.4.The Controller’s use of essential cookies is necessary for the proper functioning of the Application. These cookies are installed in particular for the purposes of remembering login sessions and also for the setting of privacy options.
4.5.The legal basis for the processing of data in connection with the use of essential cookies is that the processing is necessary for the performance of the contract (Article 6(1)(b) of the GDPR).
4.6.If the User wishes to obtain more information about individual cookies in this category, i.e. the name of the individual cookie, description of the operation, validity period and origin, click on the button available in the Application.
FUNCTIONAL COOKIES
4.7.The Controller's use of functional cookies allows the Application to remember and adapt to the User's choices, such as language or regional preferences. You may set the Application to block or alert you to functional cookies, but if you do so, the Application may not function fully properly.
4.8.The legal basis for the processing of data in connection with the use of necessary cookies is the User's consent (Article 6(1)(a) GDPR).
4.9.If the User wishes to obtain more information about individual cookies in this category, i.e. the name of the individual cookie, description of the operation, validity period and origin, please click on the button available in the Application.
5.Managing cookie settings
5.1.The Controller uses essential cookies in the Application, the use of which is necessary for the proper functioning of the website, and functional cookies that allow the Application to remember and adapt to the User's choices.
5.2.Consent to the use of essential cookies is not required because their use is necessary for the provision of the telecommunications service (data transmission to display content) - the User does not have the possibility to opt out of these cookies if he/she wishes to use the Application. Consent to the use of functional cookies is required when downloading and installing the Application. The User has the possibility to opt out of these cookies, which may result in a lack of full functionality of the website.
6.Period of processing of Personal Data
6.1.The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a rule, the data shall be processed for the duration of the service provision or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Controller or until the withdrawal of consent.
6.2.The processing period may be extended where the processing is necessary for the establishment and assertion of possible claims or the defence against claims, and thereafter only if and to the extent required by law. After the end of the processing period, the data are irreversibly deleted or anonymised.
7.User rights
7.1.The User has the following rights:
the right to be informed about the processing of personal data - on this basis, the Controller provides the individual making the request with information about the processing of data, including, in particular, the purposes and legal basis of the processing, the scope of the data held, the entities to which the data are disclosed, and the planned date of deletion of the data;
the right to obtain a copy of data - on this basis the Controller shall provide a copy of the processed data concerning the individual making the request;
right to rectification - the Controller is obliged to remove any inconsistencies or errors in the processed Personal Data and to complete them if they are incomplete;
the right to erasure - on this basis, it is possible to request the erasure of Data the processing of which is no longer necessary for the performance of any of the purposes for which they were collected;
the right to restrict processing - if such a request is made, the Controller shall cease performing operations on the Personal Data - with the exception of operations to which the Data Subject has given his/her consent - and their storage in accordance with the retention rules adopted or until the reasons for restricting the processing cease to exist (e.g. a decision is issued by a supervisory authority authorising further processing of the data);
the right to data portability - on this basis - to the extent that the data are processed by automated means in connection with the concluded contract or the consent given - the Controller shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that this data be sent to another entity, provided, however, that the technical capacity to do so exists both on the part of the Controller and the designated entity;
right to object - the User may object at any time - on grounds related to his/her particular situation - to the processing of Personal Data that takes place on the basis of the legitimate interest of the Controller (e.g. for analytical or statistical purposes); the objection in this respect should contain a justification;
right to withdraw consent - if the Data is processed on the basis of the consent given, the User has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of the consent;
right to lodge a complaint - if the processing of Personal Data is considered to be in breach of the provisions of the GDPR or other provisions relating to the protection of Personal Data, the User may lodge a complaint with the supervisory authority for the processing of Personal Data, which has jurisdiction over the Data Subject's habitual place of residence, place of work or place where the alleged breach has been committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
8.Recipients of the data
8.1.In connection with the provision of services, the Personal Data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, marketing and advertising agencies involved in the management of the Application, and entities related to the Controller, including companies in its capital group.
8.2.The Controller reserves the right to disclose selected information concerning the User to the competent authorities or to third parties who request such information on the appropriate legal basis and in accordance with the provisions of the applicable law.
9.Transfers of Data outside the EEA
9.1.The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
9.1.1.cooperating with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of protection for Personal Data;
9.1.2.applying standard contractual clauses issued by the European Commission;
9.1.3.applying binding corporate rules approved by the competent supervisory authority.
9.2.The controller always informs you of its intention to transfer Personal Data outside the EEA at the stage of collection.
10.Contact details
10.1.Contact with the Controller is possible via e-mail address: adam.j@topart.pl or postal address: Zabraniecka 20, 03-872 Warszawa
10.2.The Controller has appointed a Data Protection Officer who can be contacted by e-mail: adam.j@topart.pl on any matter concerning the processing of Personal Data. frogs
11.Changes to the Privacy Policy
11.1.The Policy is reviewed on an ongoing basis and updated as necessary.
11.2.The current version of the Policy has been adopted and is effective as of 03.03.2025.