THE ASPIRE PRIVACY POLICY
We make every effort to protect the privacy and personal data of all people who come into contact with us and with whom we work.
In order to implement the principle of lawful, reliable and transparent processing of personal data in connection with our activities, we have adopted this document called “The ASPIRE Privacy Policy.”
The Privacy Policy describes what information we collect, how we use and share it, and the rights of the persons whose data we process.
- WHAT TERMS DO WE USE IN THE PRIVACY POLICY?
ASPIRE, we, our, us, the Association, – ASPIRE – Association of IT and Business Services, with its registered office in Kraków, at Rynek Główny 39/8, 31-013 Kraków, entered in the National Court Register under number KRS 0000329793;
Contact Data – data including first name, last name, business e-mail address, business phone number, data identifying the employing entity, position held; in the case of natural persons conducting business activity also data identifying the entrepreneur, i.e., its business address, NIP and REGON numbers;
Our Members – entities that have submitted our Membership Application, accepted as ASPIRE members on the basis of the decision of our Management Board;
Contracting Parties – our service providers and entities with whom we cooperate under sponsorship agreements;
Partners – entities with whom we cooperate, such as local authorities, government agencies, and educational and cultural institutions;
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Service – our website which can be found at www.aspire.org.pl
Communities – groups functioning within ASPIRE, integrating people employed by our members, operating within a given specialisation or area of interest or initiative (ASPIRE Groups, Committees, Task Forces, etc.);
You, Your – each person whose personal data we process.
- WHO IS THE CONTROLLER OF YOUR PERSONAL DATA AND HOW CAN YOU CONTACT THE CONTROLLER?
The Controller of your personal data is ASPIRE – Association of IT and Business Services, with its registered office in Kraków, at Rynek Główny 39/8, 31-013 Kraków, entered in the National Court Register under number KRS 0000329793.
If you have any questions regarding the processing of your personal data by the Controller, please contact us by e-mail at: joinus@aspire.org.pl.
- WHAT PERSONAL DATA IS PROCESSED, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS?
3.1. Data of our Members, Partners and Contracting Parties that are natural persons, and in the case of legal persons – data of persons representing them, as well as data of their employees and associates.
In connection with making decisions about accepting new Members, fulfilling our goals and tasks resulting from the ASPIRE Articles of Association, as well as in connection with concluding and performing contracts with our Partners or Contracting Parties, we process personal data of our Members, Partners and Contracting Parties that are natural persons, in the case of legal persons – data of persons representing them, as well as data of their employees and associates for the following purposes:
3.1.1. Taking action in connection with the decision to admit new Members, and
3.1.2. Taking preparatory action before concluding a contract with a Partner or a Contracting Party
In this respect, we process Contact Data, potentially also data concerning professional experience, references if relevant to the performance of the contract. We use personal data processed for these purposes, among others, in the context of agreeing on the terms and conditions of cooperation, conducting tender procedures, submitting bids for the performance of services or sale of the Association’s own products.
Legal basis in relation to natural persons conducting business activity and persons who, in accordance with the rules of representation, are entitled to act on behalf of Members, Partners and Contractors – taking actions at the request of the data subject before the contract is made (Article 6(1)(b) of the GDPR).
Legal basis in relation to the employees and associates of the above entities – our legitimate interest (Article 6(1)(f) of the GDPR) consisting in ensuring the possibility of admitting new Members, carrying out statutory activities, including business activities.
3.1.3. Implementing statutory objectives and performing statutory tasks; and
3.1.4. Performing obligations arising from the agreements concluded with Partners and Contracting Parties
In this respect we process Contact Data, data on the activity within ASPIRE and within the sector, data you provide us with on your professional interests and preferences, data on your employer, in case of natural persons conducting business activity – data you provide on your activity in the case of agreements on participation in the events and meetings, potentially also your image, voice and speech recording.
We use personal data processed for the purpose of fulfilling our statutory obligations, among other things, to:
a) fulfil the statutory obligations of ASPIRE as an employer organisation;
b) support industry-wide cooperation between our Members and Partners;
c) cooperate in organising events, projects and initiatives,
d) send invitations to events and meetings,
e) admit a person to the Community and manage the Community contact base,
f) provide information relevant to the Community,
g) send newsletters,
h) ask questions and collect information from the Community,
i) communicate on formal and administrative matters;
We use personal data processed for the purpose of fulfilling the obligations arising from the contracts concluded with Partners and Contractors, among other things, to:
a) have operational contact for the purpose of the execution of the concluded agreement,
b) conduct a complaint procedure and settle compensation.
Legal basis in relation to natural persons conducting business activity and persons who in accordance with the rules of representation are entitled to act on behalf of Members, Partners and Contractors – processing is necessary for the performance of a contract to which the data subject is party (Article 6(1)(b) of the GDPR).
Legal basis in relation in relation to the employees and associates of the above entities – our legitimate interest (Article 6(1)(f) of the GDPR) consisting in ensuring the possibility to achieve our statutory objectives and performs statutory tasks or obligations under other agreements, taking into account the results of the so-called “weighing of interests”:
“Weighing of interests”. Having weighed our interests and your interests, rights and freedoms, we believe that the processing of your personal data for the purposes outlined above will not excessively interfere with your privacy or create an undue burden on you. In weighing our interests, rights and freedoms, we have considered the following circumstances:
a) limited scope of data – ASPIRE processes only your Contact Data and the data you provide on your professional life;
b) if you are employed by a company that is an ASPIRE Member, Partner or Contracting Party, you can reasonably expect your company to use your data to enable us to contact you in connection with your ASPIRE activity or to fulfil our obligations under the contract between us and the company that employs you;
c) to the extent covering your activities in the community and sending emails containing newsletters, you have expressed your wish to participate in a given Community / wish to receive communications to the email address you have provided, and we therefore have assumed that you can reasonably expect us to process your data for these purposes;
d) we respect your will and enable you to exercise your right to object to our processing of your personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR) at any time, in a manner convenient to you (by email to joinus@aspire.org.pl).
3.1.5. Marketing activity
In this regard we process your Contact Data, which allows us to contact you on the occasion of:
a) searching for Partners and Contracting Parties, including in particular sponsors;
b) developing new forms of cooperation with our Members or Partners, based on additional agreements.
Your Contact Data may also be used to reach you with communications promoting products and services of our Members, Partners or sponsors. Please note that ASPIRE does not share your Contact Data with other entities for marketing purposes, but you may receive third-party marketing content as part of your ASPIRE activity or in the content you receive directly from us.
“Weighing of interests”. Having weighed our interests and your interests, rights and freedoms, we believe that the processing of your personal data for the purposes outlined above will not excessively interfere with your privacy or create an undue burden on you. In weighing our interests, rights and freedoms, we have considered the following circumstances: a) limited scope of data – ASPIRE only processes your Contact Data for marketing purposes; we do not process data about your preferences or behaviour for this purpose, in particular we do not profile your data; b) in relation to Members and Partners or persons representing them, as well as their employees and associates actively cooperating with ASPIRE – you are involved in the activities of the Association, and our basic statutory task is, among others, to initiate and implement activities promoting the Association and the business activity conducted by its members and to provide members with assistance in solving business and organisational problems related to their business activity, and we have therefore assumed that you can reasonably expect us to process your data for this purpose; your reasonable expectation involves receiving communications relating not only to ASPIRE but also to our Members, Partners or sponsors. Information about our Members, Partners or sponsors (their products, services or image) is, due to the specific nature of the Association, particularly expected by you as people interested in intra-industry cooperation and expecting our support in solving problems and developing business activities; c) in relation to Contracting Parties or persons representing them, as well as their employees and associates – our marketing activity is limited to promoting our own activity, and mutual contact on a professional level is an essential element of searching for business partners, contractors and service providers; d) we respect your will and enable you to exercise your right to object to our processing of your personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR) at any time, in a manner convenient to you (by e-mail to joinus@aspire.org.pl).
3.1.6. Performance of legal, tax and accounting obligations
We process data in order to fulfil legal obligations arising from tax and accounting regulations, in particular with regard to proper documentation of transactions for the purposes of tax settlements, preparation of the Association’s financial statements and to fulfil obligations arising from accounting regulations.
Legal basis. Performance of legal obligations (Article 6(1)(c) of the GDPR).
3.1.7. Assertion or defence of legal claims
For this purpose, we may process your Contact Data, data on how to exercise your rights and obligations as a Member or how to perform a contract between us, if the claims are related to that, other data necessary to prove the existence of the claim, including the extent of damage suffered.
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR) consisting in the establishment, exercise or defence of legal claims, whether in court proceedings or in the proceedings before other authorities.
3.1.8. Archiving and ensuring accountability
We process data for archival purposes and to ensure accountability, i.e. to demonstrate our compliance with our obligations under the law.
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR), consisting in providing the ability to demonstrate compliance of the activity with the law.
3.2. Data processed on the basis of your consent
Subject to and only if you grant your consent to do so (Article 6(1)(a) of the GDPR), ASPIRE processes your personal data to the extent that you have given your consent, which may be the case in the following circumstances:
a) on the occasion of holding competitions (e.g. business card lotteries), where by throwing in your business card or logging in, you consent to the processing of your Contact Data in order to take part in a given contest or lottery, and the lack of your data would make it impossible to achieve that purpose;
b) on the occasion of participation in conferences, events, meetings and webinars organised by ASPIRE (provided that the processing of data is not based on an agreement or the realisation of our legitimate interest), where by the very fact of participation, in particular your speech/appearance in front of the audience, you agree that ASPIRE will process your image, voice and content of your speech in order to record them (archive) and make them available to the participants of a given event / meeting for its duration, and in the case of recorded events (which we always expressly inform about), also in the form of a recording. At the same time, we emphasise that the processing of the above mentioned data by ASPIRE in a wider scope (e.g. dissemination of the recording of the meeting or another use of the data) may take place only if you give your separate, informed consent to it, e.g. in the course of registration for a given event.
Right to withdraw consent. Please note that you have the right to withdraw your consent to the processing of your personal data on these grounds. You can exercise that right at any time by contacting us in the manner indicated in section 2 above.
3.3. Data you provide when using our website (the service at www.aspire.org.pl and related sites):
3.3.1. Data disclosed when communicating with us, including the use of forms
Scope of data. For this purpose, we may process your Contact Data, as well as the data relating to the matter you are contacting us with and the content you provide us with.
The provision of personal data in the form is voluntary. However, a failure to provide data may limit the use of the functionalities of the form, in particular it may prevent us from contacting you.
Users’ personal data provided in the form are processed for the purpose resulting from the functionalities of the contact form, i.e.:
- to contact us for any matters you consider relevant;
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR) consisting in ensuring that you are in touch with us.
- to request our newsletters;
Legal basis in relation to natural persons conducting business activity and persons who in accordance with the rules of representation are entitled to act on behalf of Members, Partners and Contracting Parties – necessary for the performance of the agreement to which the data subject is a party (Article 6(1)(b) of the GDPR).
Legal basis in relation to the employees and associates of the above entities – our legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the possibility of achieving statutory objectives and performing statutory tasks or obligations under other agreements, taking into account the results of the so-called “weighing of interests”. (described in more detail in sections 3.1.3 and 3.1.4 above).
3.3.2 Data gathered by us automatically when you use our Service:
3.3.2.1. Information on how to use the Service and on the device
Scope of data. Information about some user behaviour is subject to automatic logging into the server layer. This data is used solely for the purpose of administering the Service and to ensure the most efficient handling of the hosting services provided.
This data may include such information as dates and times of access, Service functionalities, login time, time of entering the data into the Service, client station name – identification provided by the HTTP protocol, information about errors that occurred during the execution of HTTP transactions, information about the user’s browser. In some cases, we gather this information by means of cookies (see below – Information about cookies), pixel tags and similar technologies that generate and store unique identifiers.
We may also collect information about the device you use to access our services, including information about hardware models, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, serial numbers, device traffic information, and mobile network information.
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of the Service and improving its functionality.
3.3.2.2. Information about cookies
The ASPIRE website uses cookies. Cookies are IT data, in particular text files, which are stored in the end user’s device of the Service and are designed to use the Service’s websites. Cookies usually contain the name of the website from which they come from, the duration of their storage at the terminal device and a unique number, without storing any other personal data such as first and last name. Data stored in cookies are not assigned to other personal data (name, address, etc.). Cookies can only be read by the server that saved them and receives information about what the user browsed the website for and when.
The Service uses session cookies. Session cookies are temporary files that are stored in the user’s terminal device until the user logs out, leaves the website or closes the web browser. In addition, ASPIRE uses so-called persistent cookies on the website to analyse the user’s behaviour while browsing the site.
Personal data collected in this way on users is anonymised by technical means. Therefore, it is no longer possible to assign data to the user starting the website. This data is not stored together with other personal data about users.
We use cookies for the following purposes:
- to create statistics that help us understand how users use the Service;
- to improve the quality of the website and the content posted on it.
The user has the right to decide on the use of cookies on his/her computer and has full control over the use of cookies. The user can disable or limit the transmission of cookies by configuring the settings of his/her Internet browser and the stored cookies can be deleted at any time. Please refer to the help or documentation of your Internet browser for details. If the use of cookies is disabled in relation to the website, it may not be possible to use all functions of the website fully.
By using the banner appearing when the aspire.org.pl website is displayed for the first time, the user has the opportunity to decide whether or not they agree to the use of cookies.
By giving consent through a banner, the user allows for the placement of cookies on the terminal device and processing them for the purposes indicated in this Policy.
At any time the user may withdraw their consent using the contact details indicated in section 1 above. This does not affect the lawfulness of the processing of personal data on the basis of the consent given until its withdrawal.
Legal basis. Our legitimate interest (Article 6(1)(f) of the GDPR) consisting in a reasonable effort to facilitate the use of the Service and to improve its functionality.
- WHERE DO WE HAVE YOUR PERSONAL DATA FROM?
When contacting us in the course of your business activity, you provide your data on a voluntary basis; a failure to provide your data may result in you being unable to establish a membership relationship, to conclude or perform a contract, or to exercise any rights that you may have.
We may also obtain your Contact Data from your employer or the entity with which you are working on the basis of a civil law contract, as well as from publicly available sources (e.g. the website) or otherwise as expressly stated in this Policy.
We may also obtain your personal data, including the categories of data included in publicly available sources, e.g. public registers (in the Register of Entrepreneurs of the National Court Register and in CEIDG) or social networking sites (e.g., LinkedIn) from these publicly available sources.
- WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Your personal data may be provided to the following recipients:
- entities cooperating with ASPIRE, including our Contractors and Partners;
- to an entity with whom ASPIRE has entrusted activities related to the settlement of transactions for participation fees in conferences, events and webinars organised by us,
- to an entity which provides a hosting service for data processed automatically or by e-mail,
- an entity that develops an IT application to be used at conferences and other events organised by ASPIRE,
- an entity with whom ASPIRE cooperates in the field of accounting or legal services,
- ASPIRE members.
If such an obligation results from mandatory legal regulations, the Controller may also make your personal data available to third parties, in particular to authorised public authorities.
In the case of transfer of your personal data to third countries, i.e. to recipients located outside the European Economic Area or Switzerland, we transfer the data using mechanisms in accordance with applicable law, which include, among others, (1) EU “Standard Contractual Clauses”, (2) obtaining a certificate of compliance with the Privacy Shield by a third party (in the case it is located in the United States), (3) when the transfer takes place to a third country for which the European Commission has decided that the third country meets an adequate level of protection. For more information on the existing safeguards implemented by the Controller to ensure the processing of personal data in accordance with applicable law and on the possibility of obtaining a copy of the data or the location of the data, please contact us as indicated in section 2 above.
- HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
ASPIRE makes every effort to ensure that your personal data is processed in an adequate manner and as long as it is necessary for the purposes for which it was gathered. With this in mind, we retain your personal data for no longer than is necessary to achieve the purposes for which the data was gathered or, if necessary, to comply with applicable law.
Personal data of Members and Contracting Parties related to membership or the conclusion and performance of a contract will be processed for the duration of the membership/agreement and then for the period during which claims under the contract may be made known and/or the period resulting from the relevant accounting regulations.
At the same time, for the purpose of accountability, we will store data for the period during which we are required to retain the data or documents containing it in order to document the fulfilment of legal requirements, including allowing public authorities to control its fulfilment.
We store personal data processed on the basis of your consent before the period necessary to achieve the purposes for which it was collected, and in any case not longer than until the date of withdrawal of your consent.
We store personal data of our Service users contained in cookies for a period of time corresponding to the life cycle of cookies stored on their devices.
- WHAT RIGHTS DO YOU HAVE WITH RESPECT TO PERSONAL DATA?
Under the GDPR regulations, you have numerous rights in relation to your personal data. Below is a general description of your rights:
- Access to personal data. You can exercise your right to access your data at any time.
- Rectification and completion of data. You have the right to demand that the Controller immediately correct your personal data that is incorrect, as well as to demand that your incomplete personal data be completed.
- Right to delete your data. Right to delete your data. You have the right to demand that the Controller immediately remove your personal data in any of the following cases:
- when personal data is no longer necessary for the purposes for which it was gathered or otherwise processed;
- when the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- when you object to the processing referred to in item e) below and there are no overriding legal grounds for processing the data;
- when personal data are processed illegally;
- when personal data must be deleted in order to comply with a legal obligation under European Union or Polish law;
- when personal data has been gathered in connection with the offer of information society services.
However, the Controller will not be able to delete your personal data to the extent that its processing is necessary (i) to exercise your right to freedom of expression and information, (ii) to comply with a legal obligation requiring processing under European Union or Polish law, (iii) to establish, exercise or defend claims.
- The right to restrict data processing. You have the right to request that the Controller restrict the processing, in the cases where:
- you question the correctness of your personal data – for the period allowing the Controller to check the correctness of the data;
- the processing is unlawful and you object to the deletion of your personal data, demanding the restriction of its use instead;
- the Controller no longer needs your personal data for the purposes of processing, but you need it to establish, assert or defend your claims;
- you have objected to the processing referred to in item e) below – until it is determined whether the Controller’s legitimate grounds take precedence over your grounds for objection.
- Right to object. You have the right to object to the processing of your personal data if the Controller processes the data in a legitimate interest, including for direct marketing purposes. To the extent that the data is processed for a purpose other than direct marketing, the Controller may disregard your objection if it demonstrates that there are important legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, exercising or defending claims.
- Right to withdraw consent. To the extent that the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing of your consent prior to its withdrawal.
- Right to data portability. To the extent that your data is processed for the purpose of concluding and performing a contract or is processed on the basis of your consent and the processing of your data is carried out in an automated manner, you have the right to receive from the Controller your personal data that you have provided to the Association in a structured, commonly used machine-readable format. You also have the right to send this personal data to another controller.
- Right to complain. You have the right to lodge a complaint against the processing of personal data by the Controller with the supervisory authority, that is the President of the Office for Personal Data Protection in Poland.
The rights referred to in items a) – g) above can be exercised by contacting the Controller in the manner specified in section 2 above, i.e., by contacting joinus@absl.pl.
In order to exercise the right to complain referred to in item h) above, one should contact the supervisory authority directly.
- AUTOMATED DECISION MAKING
ASPIRE does not take decisions in an automated way, including profiling based on your personal data.
- AMENDMENTS TO THE PRIVACY POLICY
We may amend and supplement the Privacy Policy as appropriate, in particular if the need or obligation to introduce such amendments arises from a change in applicable laws.
We will inform you of any changes or supplements by posting the relevant information on our Service page and, in the event of material amendments, we may inform you by e-mail if such communication is customary between you and ASPIRE, in particular if you are our Member, Partner, Contracting Party or have agreed to receive a newsletter from us.
The Privacy Policy does not limit any rights you may have under the law.