PRIVACY POLICY OF BLUPLATFORM.IO PLATFORM

GENERAL INFORMATION

This document outlines the Privacy Policy for the online platform, which is a tool that facilitates participation in online events, provided by the Service Provider (hereinafter referred to as the “Platform” or “Online Platform”). The Data Controller (also referred to as the “Administrator”) is Blu Experience sp. z o.o., with its registered office in Kraków, at ul. Warszawska 15, 31-155 Kraków, entered in the Register of Entrepreneurs of the National Court Register by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Division KRS, under number 0000495773, NIP: 9452177517, REGON: 123030655, with share capital of 50,000.00 PLN.

The personal data collected by the Administrator is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), hereinafter referred to as “GDPR.”

Terms capitalized in this document have the meanings assigned to them in the Platform’s Terms and Conditions..

The Administrator takes special care to protect the privacy and information entrusted to it. The Administrator diligently selects and applies appropriate technical, programming, and organizational measures to ensure the protection of processed data, particularly protecting the data from unauthorized access, disclosure, loss, destruction, unauthorized modification, and processing in violation of applicable law.

The Platform’s services are not intended for individuals under 16 years of age. The Administrator does not intentionally collect data related to individuals under 16.

The Platform may use so-called plugins and other social tools, allowing the User to share content with other users or recommend content within the accounts of these service providers. The providers of these services may also process personal data as independent controllers. In such cases, the Administrator and the provider of the plugin act as joint controllers of the personal data.

PERSONAL DATA

Personal Data Controller – You can contact the Personal Data Controller through:

• Registered mail sent to the postal address: ul. Warszawska 15, 31-155 Kraków;

• Email sent to: kontakt@wydarzeniaonline.pl 
• The interactive chat available on the Platform. 

PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

The Personal Data Controller processes your personal data for the following purposes and to the following extent:

• To contact the User – if you contact us via the interactive chat available on the Platform, we may process your personal data provided in the chat form, including device session data, operating system, browser, location, unique ID, and IP address;
• To establish, assert, and enforce claims or defend against claims in court and before other authorities – in this case, we may process your personal data necessary to prove the existence of a claim or required by legal, court orders, or other legal procedures;
• Marketing our services and those of our partners, including remarketing – for this purpose, we process data recorded and stored via “cookies,” particularly search history, clicks on the Platform, login dates, and your activity related to our communication. In the case of remarketing, we use your activity data to send you marketing communications, including personalized ads outside the Platform, using third-party services. These services display our communications on websites other than the Platform. You can find details on this in the “cookies” section of the Cookie Policy;
• Handling complaints, claims, and requests, and responding to User inquiries – we process your personal data provided in the contact form, complaints, claims, and requests, as well as inquiries submitted in other forms. For this purpose, we also process other personal data provided by you, including those contained in documents attached to complaints, claims, and requests; 

PERSONALIZED ADS AND SOCIAL PLUGINS

To ensure full transparency, we once again highlight that the Administrator may use personal data to prepare and present personalized ads, including through third-party tools and cookies, as detailed in the Cookie Policy. 

Due to the use of social plugins on the Platform, which allow the User to share content with other users or recommend content within their account with the service provider, these providers may also process your personal data as independent controllers. When you visit the Platform, the browser you use may establish a direct connection with the servers of the entities providing these plugins/tools, so these entities receive information about your use of the Platform, including your IP address. This information may be transmitted regardless of whether you have an account with the service provider and whether you are currently logged in. If you have an account and are logged in, this information may be linked and assigned to your profile on the social network. Certain content may also be published on your profile and visible to other users, particularly those with whom you interact on these platforms. 

If you do not want plugin/tool providers/social networks to associate the data collected during your visit to the Platform with your account on the given platform, log out of that social network before visiting the Platform. Remember, you can also prevent plugins from loading on the page by using appropriate mechanisms within the browser you are using, following its settings. 

The Administrator makes every effort to choose software, including the aforementioned plugins, from reputable providers who clearly outline their personal data protection policies. 

The purposes, scope, and principles of collecting and further processing personal data by these entities can be found in their privacy policies. We encourage you to read them, which you can find, among others, at the following addresses: 

http://www.facebook.com/policy.php;

https://policies.google.com/privacy;

CATEGORIES OF RELEVANT PERSONAL DATA

The data controller processes the following categories of relevant personal data:

• Contact details;
• Data related to complaints, claims, and requests;
• Marketing data.

VOLUNTARY NATURE OF PROVIDING PERSONAL DATA

Providing the required personal data is voluntary and constitutes a condition for the provision of services. 

DATA PROCESSING DURATION

Personal data will be processed by us as the data controller for the time necessary to carry out marketing activities and other services performed for the user. Personal data will be deleted in the following cases:

• When the data subject requests their deletion or withdraws the given consent;
• When the data subject takes no action for more than 10 years (inactive contact);
• Upon receiving information that the stored data is outdated or inaccurate.

Some data, such as email address, name, and surname, may be stored for an additional period of 3 years for evidentiary purposes, handling complaints, claims, and inquiries related to the Platform. These data will not be used for marketing purposes.

We store the data of non-logged users for a period corresponding to the lifecycle of the cookies saved on their devices or until they are deleted by the user from their device.

Your personal data related to preferences, behavior, and marketing content choices may be used as the basis for making automated decisions to determine sales opportunities. 

RECIPIENTS OF PERSONAL DATA

We share your personal data with the following categories of recipients:

• Public authorities, e.g., the prosecutor’s office, police, Data Protection Office, if they request it; 
• Service providers with whom we cooperate in providing the Platform infrastructure.

Personal data may also be transferred to other entities – tool providers whose cookies we use. Information about these entities and the purposes of cookie usage can be found in the Cookie Policy. 

Our providers are mainly based in the countries of the European Economic Area (EEA), but also outside the EEA. Your personal data transferred outside the EEA will be protected by appropriate legal safeguards, ensuring a high level of data protection. These guarantees stem in particular from commitments to apply standard contractual clauses adopted by the European Commission or participation in the Privacy Shield Program established by the European Commission’s Implementing Decision (EU) 2016/1250 of July 12, 2016, on the adequacy of protection provided by the EU-US Privacy Shield

RIGHTS OF THE DATA SUBJECT WHOSE PERSONAL DATA WE PROCESS

Under the GDPR, you have the right to:

1. Access personal data (Art. 15 GDPR) – you can obtain from the data controller information on whether your data is being processed and, if it is, you have the right to:

• Access the data;
• Obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of the data, the planned retention period or the criteria for determining that period, the rights you have under GDPR, the right to file a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Union;
• Obtain a copy of your personal data.

2. Rectify personal data (Art. 16 GDPR) – if your personal data is inaccurate, you can request the data controller to rectify it immediately. You can also request the controller to complete the data. 
3. Delete personal data, i.e., the “right to be forgotten” (Art. 17 GDPR) – you can request this when:

• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• You have withdrawn your consent, insofar as the processing of personal data was based on your consent;
• Your personal data has been unlawfully processed;
• You have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
• You have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the data controller or a third party.

Despite a request for the deletion of personal data, the controller may continue to process your data for the establishment, exercise, or defense of legal claims, of which you will be informed.

4. Request the restriction of the processing of personal data (Art. 18 GDPR) – you can request this when:

• You contest the accuracy of your personal data – the data controller will restrict the processing of your personal data for a period allowing them to verify the accuracy of the data;
• When the processing of your data is unlawful, and instead of deletion, you request the restriction of processing;
• Your personal data is no longer needed for processing purposes but is necessary for the establishment, exercise, or defense of your legal claims;
• When you have objected to the processing of your personal data – until it is determined whether the legitimate interests pursued by the data controller override the grounds for your objection.

5. Object to the processing of personal data (Art. 21 GDPR) – you may object at any time to the processing of your personal data, including profiling, in connection with:

• Processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes arising from the legitimate interests pursued by the data controller or a third party;
• Processing for direct marketing purposes.

6. Request the portability of personal data (Art. 20 GDPR) – you have the right to receive your personal data from the data controller in a structured, commonly used, machine-readable format and transmit it to another data controller or request that the data controller transmit your personal data directly to another controller (if technically feasible).
7. Withdraw consent to personal data processing – you can do this at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal.
8. File a complaint with a supervisory authority – if you believe that the processing of your personal data violates GDPR, you have the right to file a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or where the alleged violation occurred.

You can exercise all your rights by contacting the data controller at the contact details provided in this document. The controller will provide you with information on actions taken in response to your request without undue delay – in any case, within one month of receiving the request. If necessary, the one-month period may be extended by another two months due to the complexity of the request.