[Glossary of terms]
Personal Data Administrator [PDA] – the entity that decides on the purposes and means of the processing of personal data.
Data Protection Coordinator [DPC] – an individual who assists the PDA in carrying out his or her responsibilities regarding the protection of personal data.
Cooperating Entities – entities that offer to sell their services or products on the www.cfasofficial.com website::
Center For American & European Studies Foundation, TIN (NIP): 7812019909, REGON: 38871141800000, KRS: 0000895006;
the Center For American Studies Association, TIN (NIP): 7811990247, REGON: 38256651800000, KRS 0000771445,
Łukasz Bartosik Center For American, European & Global Studies, TIN (NIP): 7812015745, REGON: 387711534.
Website – the cfasofficial.com website containing information about the services of the Cooperating Entities and their offers.
User – person using the Website.
Registered user – a person/entity having a user account on the Website.
User account – a set of resources maintained by PDA for a user under a unique name (login) and protected with a password, in which the user's data are stored.
Facebook – the company Facebook Ireland Ltd. operating the social networking site Facebook with headquarters in 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.
Google – Google LLC, a company operating Google's website with registered office at 1600 Amphitheatre Parkway, Mountain View, California, U.S.
Newsletter – personalized information sent periodically to Subscribers containing information about the activities of the Cooperating Entities.
Subscriber – a user who subscribed (signed up for) to the newsletter.
Personal data – any information about an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly.
Cookies – are small pieces of information sent by the Website and stored on user’s end device (computer, laptop, smartphone).
Processing of personal data – an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling – any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyze or predict aspects relating to that individual's performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
[Personal Data Administrator, Data Protection Coordinator, Cooperating Entities]
The administrators of the personal data processed on the Site are the Cooperating Entities, acting as joint administrators of the personal data.
PDA has appointed a Data Protection Coordinator who is responsible for proper protection of personal data. Contact with the DPC is possible:
By post, to the address Stobnicka 5B, 60-480 Poznan, Poland;
[Types, purposes and basis of data processing]
The following data may be processed on the Site:
cookies – for the purposes described in §7 and based on the user's consent;
Article 6(1)(a) and (f) of the GDPR, i.e. the consent expressed by the user, and when processing is necessary in order to carry out purposes mandated by law by a PDA or third parties.
information entered when you create a registered user account on the Site:
the street including the building and apartment number
date of birth,
in order to enable the sales process of the products and services by the Cooperating Entities, as well as to receive personalized messages to the e-mail address or by post as part of the newsletter service on the basis of Article 6(1)(a) of the GDPR, i.e. the consent expressed by the user, and after cancellation of the service on the basis of Article 6(1)(c) and (f) of the GDPR for a period of protection against eventual claims and obligations;
information contained in any correspondence sent to the PDA by email or via the Site, including communication content and metadata, pursuant to Article 6(1)(b) of the GDPR, i.e. at the request of the data subject;
any other personal data that is entered on the Website (and image – in the case of participation with the camera on in recorded events, such as training courses and conferences) on the basis of Article 6(1)(a),(b) and (f) of the GDPR, i.e. consent expressed by the user, when the processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract, and when the processing is necessary for the purposes of the legitimate interests pursued by the PDA.
[Co-administration via Facebook]
In the case of integration of the user's Facebook account with the user's account on the Site, PDA may process the personal data contained in the Facebook profile in accordance with the privacy settings established by the user. In particular, this may include the following personal data:
PDA uses the Facebook Pixel tool. This is a short code placed on the Site that allows you to measure the effectiveness of your ads based on an analysis of the actions taken by users on the Site. Information about the Facebook Pixel tool can be found at: https://www.facebook.com/business/help
[Co-administration by Google]
In the case of integration of the user's Google account with the user's account on the Site, PDA may process the personal data contained in the profile on the Google social network in accordance with the privacy settings established by the user. In particular, this may include the following personal data:
PDA does not use profiling on the Site.
The entity placing cookies on the user's terminal equipment and accessing them is PDA.
PDA processes cookies in order to:
proper functioning of the Site, in particular maintaining the session of the user after logging in, thanks to which the user does not have to enter his/her login and password again on each subpage of the Site;
display personalized advertising to users of the Site,
analyze Site traffic and compile statistics to help us modernize the Sites in the future and provide better service.
adapting the content of the Website to User preferences and optimizing the use of websites; in particular, these files allow for recognition of the Website User's device and appropriate display of the website, adapted to his individual needs;
The following types of cookies are used on the Site:
"necessary" cookies to enable services available on the Site, such as authentication cookies used for services that require authentication on the Site;
cookies used to ensure security, e.g. used to detect abuse of authentication on the Site;
"performance" cookies, which allow the collection of information about how the Site is used;
"functional" cookies, which enable "remembering" the user's selected settings and personalizing the user's interface, e.g. with regard to the selected language or region of the user's origin, font size, website layout, etc;
"advertising" cookies, enabling you to provide users with advertising content more tailored to their interests.
In many cases, the software used to browse the Internet (web browser) allows the storage of cookies on the user's end device by default. Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or inform on their placement on the user's device each time. Detailed information on the possibility and methods of using cookies is available in the software (web browser) settings.
Cookies placed in the end user's device and used can also be by advertisers and partners cooperating with the operator of the Website.
[Time of processing personal data]
PDA processes personal data:
User – for the duration of the use of the Site.
Registered user - from the moment of entering personal data on the Site until the moment of deleting the account of a registered user.
Subscriber - from the moment of subscribing to the newsletter service until the moment of unsubscribing.
After the cancellation of services, PDA shall store personal data for a period of 5 years resulting from the protection against possible claims and obligations imposed on PDA by generally applicable law, based on Article 6(1)(f) of the GDPR;
[Recipients of users' data]
PDA discloses users' personal data to processors under the concluded agreements on entrustment of personal data processing in order to provide services to the administrator, e.g. hosting and Site maintenance, IT services, marketing and PR services, legal and consulting services, while obliging the above entities to confidentiality when processing the data.
The PDA shall disclose personal data, if requested to do so by authorised state authorities, in particular organizational units of the prosecutor's office, the Police, the President of the Office for Data Protection, the President of the Office for Competition and Consumer Protection.
[Transmission of personal data to third countries]
The PDA may transfer and process personal data in third countries. The transfer and processing of data to a third country shall be based on a decision of the European Commission on the adequate level of protection for personal data or standard contractual clauses.
If no decision of the European Commission on the adequate level of protection of personal data has been issued with regard to a given third country, then the transfer to that third country shall be subject to the provision of adequate safeguards as referred to in Article 46(2) of the GDPR.
Third countries are countries outside the European Economic Area. The European Economic Area includes all countries of the European Union and the countries of the so-called European Free Trade Association, which include Norway, Switzerland, Iceland and Liechtenstein.
In connection with the use of ICT providers located in third countries, the PDA may transfer personal data to a third country. The legal basis for such transfer shall be the concluded standard contractual clauses.
[Rights of personal data subjects]
Every person whose personal data is processed has the right:
of access – to obtain confirmation from the PDA as to whether or not his/her personal data is being processed. If data about the person are processed, the person is entitled to access them and obtain the following information: about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data will be stored or the criteria for their determination, the data subject's right to request rectification, erasure or restriction of processing of personal data and to object to such processing (Article 15 GDPR);
to obtain a copy of the data – obtain a copy of the data undergoing processing, with
the first copy being free of charge, and for subsequent copies the data administrator may charge a reasonable fee based on administrative costs (Article 15(3) GDPR);
of rectification – request for the rectification of personal data concerning him/her that is inaccurate or the completion of incomplete data (Article 16 GDPR);
to erasure of data ("right to be forgotten") – a request to erase her personal data if the data administrator no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);
to limit processing – request to limit the processing of personal data (Article 18 GPDR) when:
the data subject contests the accuracy of the personal data - for a period enabling the administrator to verify the accuracy of the data,
the processing is unlawful and the data subject opposes their erasure by requesting the restriction of their use,
the administrator no longer needs the data, but they are necessary for the data subject to establish, exercise or defend a claim,
the data subject has objected to the processing – until such time as it is ascertained whether the legitimate grounds on the part of the administrator override the grounds of the data subject's objection;
of data transfer – to receive in a structured, commonly used and machine-readable format the personal data concerning him or her which he or she has provided to the administrator, and to request that these data be sent to another administrator, where the data are processed on the basis of the data subject's consent or a contract concluded with him or her and where the data are processed by automated means (Article 20 of the GDPR);
objection – objecting to the processing of its personal data for the legitimate purposes of the administrator on grounds relating to its particular situation, including profiling. The administrator shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, in accordance with the assessment, the interests of the data subject override the interests of the administrator, the administrator shall be obliged to cease processing the data for those purposes (Article 21 GDPR).
In order to exercise the aforementioned rights, the data subject should contact the PDC using the contact information provided and inform him/her of which right and to what extent he/she wishes to exercise it. In addition, any data subject has the right to lodge a complaint with a supervisory authority if he or she believes that the processing of personal data concerning him or her violates the provisions of the RODO.
Sign up to our Newsletter
Get a free ebook
Your e-mail is safe . We promise not to send you spam.