1. Definitions

1.1.Administrator - the company under the name Apius Technologies S.A. with its seat in Kraków (31-523), 50 Moniuszki Street, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków Śródmieście in Kraków, XI Economic Department of the National Court Register under KRS number: 0000565486, NIP: 9452155088.
1.2.Personal Data - any information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
1.3.Policy - this Privacy Policy.
1.4.RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5.Service - the website operated by the Administrator at www.apius.pl.
1.6.User - any natural person visiting the Service or using one or more services or functionalities described in the Policy.
1.7.Application - a mobile application provided by Apius for the purpose of providing event-related services or for other purposes.

2.Processing of data in connection with the use of the Website

2.1.In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide the various services offered, as well as information about the User's activity on the Website. The detailed principles and purposes of processing Personal Data collected during the User's use of the Website are described below.

3.Purposes and legal basis of data processing on the Website
 
USE OF THE SERVICE
3.1.Personal Data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies), and who are not registered Users (i.e. persons who do not have a profile on the Service), are processed by the Administrator:
3.1.1.for the purpose of providing services electronically in the scope of providing Users with access to content collected on the Website - in which case the legal basis for processing is the necessity of processing for the performance of the agreement (Article 6.1.b RODO);
3.1.2.for analytical and statistical purposes - then the legal basis of processing is the Administrator's legitimate interest (Article 6.1.f RODO), consisting of conducting analysis of Users' activity, as well as their preferences in order to improve applied functionalities and provided services;
3.1.3.for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the protection of its rights;
3.1.4.for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising - the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
3.2.The User's activity on the Service, including his/her Personal Data, is recorded in system logs (data created with the help of a special computer program used to collect and store a chronological record containing information about events and activities that relate to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical, administrative purposes, for the purpose of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO).

CONTACT FORMS
3.3.The Administrator provides the possibility to contact it using electronic contact forms. Using the form requires the User to provide Personal Data necessary to contact the User and respond to the inquiry. The User may also provide other data in order to facilitate contact or service the inquiry. Provision of data marked as mandatory is required in order to accept and service the inquiry, and failure to provide such data will result in the impossibility of service. Provision of other data is voluntary.

3.4.Personal data is processed:
3.4.1.for the identification of the sender and the handling of his/her inquiry sent through the form provided - the legal basis for processing is the necessity of processing for the performance of the service contract (Article 6(1)(b) RODO); with regard to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) RODO);
3.4.2.for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the RODO), consisting of conducting statistics on queries submitted by Users via the Service in order to improve its functionality.
 
ORGANIZATION OF WEBINARS AND ONLINE EVENTS
3.5 In connection with the organization of webinars and other online events, the Administrator processes participant data in order to identify the participant and efficiently organize the event. Using the sign-up form requires providing Personal Data necessary to contact the User and register for the event. The User may also provide other data in order to facilitate contact or handle an inquiry. Provision of data marked as mandatory is required in order to accept and service the inquiry, and failure to provide such data will result in the impossibility of service. Provision of other data is voluntary. In addition, your personal data is processed in connection with the use of the specified IT solution.
3.6 Personal data shall be processed:
3.6.1. for the purposes of sender identification and event registration - the legal basis for processing is the necessity of processing for the performance of the service contract (Article 6(1)(b) RODO); with regard to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) RODO);
3.6.2. for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Administrator and possible co-organizers of the event (Article 6(1)(f) of the RODO), consisting of statistics of queries submitted and accounting for events.
3.6.3. in order to pursue Apius' legitimate interest in examining the satisfaction of event participants (Article 6(1)(f) of the DPA).
3.7 Where a third party is involved in the organization of an event, Users' personal data may be transferred to such third party for the purposes indicated in Section 3.6.2 to the extent necessary. In cases where such entity is located outside the European Economic Area, the transfer shall be carried out with the additional safeguards specified by law. For more details, please see Section 12 of this Privacy Policy - Transfers of Data Outside the EEA.
APPLICATIONS
3.8 In connection with the organization of events and its activities, the Administrator may provide an Application through which it processes the data of participants in order to identify the participant and the efficient organization of the event and for other purposes indicated in the regulations of the Application. Registration of the Application of providing Personal Data necessary to establish contact with the User. The User may also provide other data to facilitate contact. Provision of data marked as mandatory is required to enable the use of the Application, and failure to provide such data will result in the inability to provide the service. Provision of other data is voluntary. The detailed scope of data processed by the Application is placed in the regulations of the Application.
4.Marketing
4.1.The Administrator processes the Users' Personal Data in order to carry out marketing activities, which may consist in:
4.1.1.displaying to the User marketing content that is not tailored to the User's preferences (contextual advertising);
4.1.2.conducting other types of activities related to direct marketing of goods and services (sending commercial information by e-mail and telemarketing activities).

CONTEXTUAL ADVERTISING
4.2.The Administrator processes the Users' Personal Data for marketing purposes in connection with directing contextual advertising (i.e. advertising that is not tailored to the User's preferences) to the Users. The processing of Personal Data then takes place in connection with the realization of the Administrator's legitimate interest (Article 6.1.f RODO).

DIRECT MARKETING
4.3.The User's Personal Data may also be used by the Administrator to direct marketing content to the User through various channels, i.e. via email, MMS / SMS or telephone. Such activities are undertaken by the Administrator only if the User has given his/her consent, which can be withdrawn at any time.
4.4.The Administrator may, in some cases, also carry out direct marketing via snail mail. The User will be informed separately about the intention to conduct this type of marketing. With respect to this type of marketing, the User has the right to object.

5.Social Networks
5.1.The Administrator processes Personal Data of Users visiting the Administrator's profiles maintained on social media (e.g. YouTube, LinkedIn, Twitter). The Data is processed solely in connection with the operation of the profile, including for the purpose of informing Users about the Administrator's activities and promoting various events, services and products. The legal basis for the Administrator's processing of Personal Data for this purpose is its legitimate interest (Article 6.1.f of the DPA) in promoting its own brand.

6.Cookies and similar technology

6.1.Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the Website - for example, by remembering the User's visits to the Website and the activities performed by the User.

"SERVICE" COOKIES
6.2.The Administrator uses so-called "service cookies" primarily to provide the User with services provided electronically and to improve the quality of such services. In this regard, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies, storing information or accessing information already stored in the User's telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:
6.2.1.user input cookies for the duration of the session (session ID);
6.2.2.authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
6.2.3.security cookies, such as those used to detect authentication abuse (user centric security cookies);
6.2.4.multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
6.2.5.persistent user interface customization cookies for the duration of the session or slightly longer (user interface customization cookies).

7.Analytical and marketing tools used by the Administrator's partners
7.1.The Administrator and its Partners apply various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools. Detailed information in this regard, on the other hand, can be found in the privacy policy of the respective Partner.  

8.Managing cookie settings

8.1.The use of cookies for the purpose of collecting data through them, including gaining access to data stored on the User's device, requires the User's consent. This consent may be withdrawn at any time.
8.2.Consent is not required only in the case of cookies, the use of which is necessary for the provision of telecommunications service (data transmission to display content).
8.3.Withdrawal of consent for the use of cookies is possible through browser settings. Detailed information on this subject can be found at the following links:
8.3.1.Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
8.3.2.Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
8.3.3.Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
8.3.4.Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
8.3.5.Safari: https://support.apple.com/kb/PH5042?locale=gb-GB
8.4.The user can at any time verify the status of his/her current privacy settings for the browser used using the tools available at the following links:
8.4.1.http://www.youronlinechoices.com/pl/twojewybory
8.4.2.http://optout.aboutads.info/?c=2&lang=EN

9.Period of processing of Personal Data

9.1.The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data are processed for the duration of providing the service or fulfilling the order, until the withdrawal of the expressed consent or filing an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator.
9.2.The period of data processing may be extended in cases where the processing is necessary for the establishment and assertion of possible claims or defense against claims, and after that time only in the case and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.  

10.Rights of the User
10.1.The User has the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint to the supervisory authority dealing with the protection of Personal Data.
10.2.To the extent that the User's data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator or using the functionalities provided on the Website, including the contact form https://apius.pl/kontakt.
10.3.The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the legitimate interest of the Administrator, as well as - for reasons related to the User's specific situation - in other cases where the legal basis for data processing is the Administrator's legitimate interest (e.g. in connection with the implementation of analytical and statistical purposes).
10.4.For more information about your rights under the RODO, click here.

11.Recipients of data

11.1.In connection with the performance of services, Personal Data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems, marketing agencies (for marketing services) and entities affiliated with the Administrator.
11.2.If the User's consent is obtained, his/her data may also be made available to other entities for their own purposes, including marketing purposes.
11.3.The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who make a request for such information, relying on the relevant legal basis and in accordance with the provisions of applicable law.

12.Transfer of data outside the EEA

12.1.The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
12.1.1. cooperating with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of protection for Personal Data;
12.1.2. applying standard contractual clauses issued by the European Commission - provided that an adequate level of protection of Personal Data is guaranteed;
12.1.3. application of binding corporate rules approved by the relevant supervisory authority - provided that an adequate level of protection of Personal Data is guaranteed;
12.1.4. with the express consent of the data subject, after informing him/her of the risks involved in such data transfers.
12.2.The Administrator shall always inform the data subject of its intention to transfer Personal Data outside the EEA at the stage of collection.

13.Security of Personal Data

13.1.The Administrator shall, on an ongoing basis, conduct a risk analysis to ensure that Personal Data is processed by the Administrator in a secure manner - ensuring, in particular, that only authorized persons have access to the data and only to the extent necessary for their tasks. The Administrator shall ensure that activities on Personal Data are recorded and performed only by authorized employees and associates.
13.2.The Administrator shall take all necessary measures to ensure that also its subcontractors and other cooperating entities provide a guarantee of the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.  

14.Contact Information

14.1.Contact with the Administrator is possible through the e-mail address daneosobowe@apius.pl or the mailing address Stanisława Moniuszki 50 Street, 31-523 Kraków with the note Personal Data Protection.
14.2.The Administrator has appointed a Personal Data Protection Coordinator who can be contacted via e-mail daneosobowe@apius.pl on any matter concerning the processing of Personal Data. The coordinator does not perform the function of Data Protection Officer.

15.Changes to the Privacy Policy

15.1.The adequacy of the content of the Policy is monitored on an ongoing basis and updated as necessary.
15.2.The current version of the Policy has been adopted and is effective as of 13.03.2019.