PRIVACY POLICY

1. Who are we and how to find us

We are the Foundation Supporting #OMGKRK and we are the controller of your personal data. Our office is located in Krakow. 

This privacy policy applies to the processing of your personal data by us in relation to:

  1. our cooperation with you as our Member or Partner,
  2. our cooperation with you as an employee of our Member or Partner,
  3. your participation in events organized or co-organized by us,
  4. your participation in acceleration programs organized or co-organized by us,
  5. your participation in networking programs organized or co-organized by us,
  6. our publication of job offers (ours, our Members and Partners or other entrepreneurs from the industry in which we operate),
  7. your participation in recruitment processes organized or co-organized by us,
  8. our cooperation with you as our Supplier,
  9. your visit to our website available at the address: www.omgkrk.com (hereinafter referred to as the ‘Service’),
  10. your contact with us in any way,
  11. your receipt of our Newsletter,
  12. your use of online payment services in connection with our cooperation,
  13. our directing of advertising messages to you as our potential Member or Partner,
  14. our directing of advertising messages to you as potential participant in our events, acceleration programs and research,
  15. our research on the innovation ecosystem,
  16. our use of cookies.

This document explains what information we process and how we secure and use it.

Foundation ensures that its workers and subcontractors were given training in protection of personal data. However, you must know that we have decided not to appoint a personal data protection officer due to the fact that in our situation this is not mandatory. 

If you have any questions regarding this privacy policy you may contact us via e-mail to the address:contact@omgkrk.com

2. How and why we process your personal data

The mission of the Foundation Supporting #OMGKRK is to build a world-class innovation ecosystem in Krakow, Poland.

Our objectives are to:

  1. grow innovative companies and the local digital economy,
  2. create a connected community,
  3. inspire and educate entrepreneurs.

By expanding the diversity of Partners and Members, the Foundation Supporting #OMGKRK works to deliver value and impact for Krakow’s startup community.

OUR MEMBERS AND PARTNERS

If you are our Partner or Member, we process your personal data in order to cooperate in the above-mentioned purposes of the Foundation’s operation.

We process your data to fulfil the contract with you and to fulfil our legal obligations as well tax obligations.

The legal basis for the processing of your data is, therefore, Article 6 section 1 letter b) GDPR (processing is necessary for the performance of the contract with the party to which are related the data, or to take action at the request of that party before concluding the agreement), Article 6 section 1 letter c) GDPR (processing is necessary to fulfil the legal obligation of the controller).

During cooperation or after its completion, we can send you a questionnaire measuring your satisfaction with cooperation with us. We may also send you a message or show our ads if you were our Member or Partner in the past or if you only expressed interest in our services, but then we did not have the opportunity to cooperate. Maintaining contact with you and your opinion are very important to us, and the legal basis for these activities is Article 6 section 1 letter f) of GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).

EMPLOYESS OF OUR MEMBERS OR PARTNERS

We process your data to fulfil the contract with our Member or Partner. The legal basis for these activities is Article 6 section 1 letter f) of GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).

We assume in good faith that our Member or Partner has informed you about the disclosure of your data to us and the purpose of their processing. We believe that by processing your data in the manner described here, we do not do it for other purposes than those in which our Member or Partner has obtained it from you. If it was different – please contact us by sending a message to the address: contact@omgkrk.com.

This being so, we are not obliged to ascertain whether processing for another purpose is compatible with the purpose for which the personal data have initially been collected, under Article 6 section 4 of the GDPR.

EVENTS PARTICIPANTS / ACCELERATION PROGRAMS PARTICIPANTS / NETWORKING PROGRAMS PARTICIPANTS

If you take part in events, acceleration programs or networking programs organized or co-organized by us, we process your personal data in order to organize these events and programs, keep in touch with you, get your feedback and inform you about other programs and events, as well as provide you with promotional and advertising materials regarding our activity in the environment of broadly understood entrepreneurship.

The legal basis for these activities is Article 6 section 1 letter a) GDPR or Article 6 section 1 letter b) GDPR. When you sign up for our events and programs, we always obtain explicit and voluntary consent from you or in some cases we enter into a contract with you.

JOB APPLICANTS

If you wish to participate in our recruitment processes, we will process your personal data to:

  1. contact you in order to conduct the recruitment process,
  2. assess your qualifications for work in a given position,
  3. assess your abilities and skills needed to work in a given position,
  4. choose the right person to work with our Member or Partner.

If our Member or Partner considers you a good candidate for a job, we will provide them with your personal data in order to ensure your participation in the current and future recruitment conducted by them.

The legal basis for the processing of your personal data that you provide to us by yourself when applying to the job offers we publish is Article 6 section 1 letter a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

If there are sensitive data among the data provided to us by you, we can process them only on the basis of your express and separate consent. The consent may be revoked at any time. In the absence of this, the data will be deleted by us immediately.

If you want your CV (and other data contained in your recruitment application and collected in connection with your participation in the recruitment process for a given job position) to be used for the purposes of future recruitment or other currently conducted by our Members or Recruitment Partners, your data will be processed on the basis of your voluntary consent, i.e. based on Article 6 section 1 letter a) of the GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

Our role in this recruitment process is limited to maintaining a database of Members and Partners who will receive your job application (including the data and documents you provide). The course of the recruitment process itself is no longer dependent on us. We are also not responsible for the quality and quantity of job offers you receive.

However, if you are concerned about anything in the recruitment process in which you participate due to the fact that you have submitted a recruitment application through our Service – write to us immediately by e-mail: contact@omgkrk.com.

PARTICIPANTS IN OUR RESEARCH ON THE INNOVATION ECOSYSTEM

When we conduct research on an innovation ecosystem we can sometimes collect data on the companies and the people who build that ecosystem. This applies in particular to founders, owners, shareholders, managers and employees of startups, corporations and business environment institutions.

The legal basis for the processing of your personal data that you provide to us by signing up for our innovation ecosystem research is Article 6 section 1 letter a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes).

SUPPLIERS

We process your data to fulfill the contract with you and to fulfill tax obligations.

The legal basis for the processing of your data is, therefore, Article 6 section 1 letter b) of GDPR (processing is necessary for the performance of the contract with the party to which are related the data, or to take action at the request of that party before concluding the contract), and Article 6 section 1 letter c) GDPR (processing is necessary to fulfill the legal obligation of the controller).

 

VISITORS OF OUR SERVICE

We process data of each user characterizing the way he uses our Service (these are so-called operating data). 

This processing includes an automatic reading of a unique identifier identifying the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.

This data is processed on the basis of Article 6 section 1 letter f) GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.

CONTACT 

By contacting us, you provide us with your personal data, including those contained in the content of the correspondence, in particular the email address, name and surname. Providing this data is voluntary, but necessary to contact us.

The legal basis for the processing of your personal data that you provide by contacting us is Article 6 section 1 letter f) GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party) or Article 6 section 1 letter a) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes). The “legitimate interest for the processing of your personal data” in this case is possibility for us to contact with Service users and answer questions asked by persons interested in the operation of the Service.

NEWSLETTER

Using the Service you may order newsletter to be sent to your e-mail.

In such case, legal basis for processing your personal data is Article 6 section 1 letter b) of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), as newsletter is delivered to you based on an agreement that we enter into.

ONLINE PAYMENT SERVICES

Should you decide to pay for our services through an online payment system, your data will be made available to us by the supplier of the online payments processing services for the purpose of enabling us to comprehensively manage such payments by means of integrated platform. We undertake these actions in order to improve billing control and contact with you in this regard, therefore the legal basis for these activities is Article 6 section 1 letter f) of GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).

POTENTIAL MEMBERS OR PARTNERS

If we think we can help you with our services, we process your personal data for marketing purposes.

Therefore, processing is necessary for the purposes of legitimate interests pursued by the controller of personal data, that is us (Article 6 section 1 letter f of GDPR). In case that we purchased your personal data from a database provider, we make sure that it has been collected by such provider for direct marketing purposes and with your consent. This being so, we are not obliged to ascertain whether processing for another purpose is compatible with the purpose for which the personal data have initially been collected, under Article 6 section 4 of the GDPR.

PURSUING OF CLAIMS

The legal basis for processing your personal data after you have finished contacting us is also our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 section 1 letter f) GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party).

COOKIES 

We process completely anonymous data of each user of the Service, which characterizes the way they use our Service (these are the so-called exploitation data). This processing includes automatic reading of a unique identifier identifying the termination of the telecommunications network or ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about technical parameters of the software and device you use (e.g. whether you are using a laptop or a telephone while browsing our Service) and the place from which you are connecting to our server. Data stored in server logs are not associated with specific people using the service. Server logs are only an auxiliary material used to administer the Service. 

Like almost all websites and applications, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system.

Cookies allow us to:

  1. ensure the proper functioning of the Service;
  2. improve the speed and security of using the Service;
  3. use analytical tools;
  4. use marketing tools, including tools that perform profiling in the understanding of GDPR.

The legal basis for point 1 and 2 above is our legitimate interest as data controller (Article 6 section 1 letter f) of the GDPR). 

The legal basis for point 3 and 4 above is your consent (Article 6 section 1 letter a) of the GDPR). 

The cookies we use do not collect any personal data from you. Anonymous data is completely sufficient for the purposes mentioned above. If we process your personal data for other reasons (e.g. you have an account on our Service and there you provided us with your data), we do not combine them in any way with anonymous data obtained by means of cookies. 

Consent to cookies

During your first visit to our Service, you will be informed about the use of cookies. Accepting and closing this information means that you agree to the use of cookies by the provisions of this privacy policy for all purposes listed above. You can always withdraw your consent regarding points 3 and 4 above (without affecting the lawfulness of processing based on consent before its withdrawal). 

You can always withdraw your consent by deleting cookies and changing the settings of cookies in your browser. Remember, however, that disabling cookies may cause difficulties in using the Service, as well as many other websites that use cookies. Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and maintain the continuity of your session when you jump between subpages). 

Own Cookies

Cookies can be divided into own and coming from third parties. As far as our own cookies are concerned, we use them in order to improve the functioning of the Service and to enable proper use of accounts (session maintenance).

Third party cookies. 

The Foundation Supporting #OMGKRK, like most of today’s web services, uses functions provided by third parties, which involves the use of cookies from third parties. The use of these types of cookies is as follows:

Analysis and statistics. 

On the basis of a legitimate interest, we use cookies to track website statistics, such as the number of visitors, the type of operating system and web browser used to browse the site, time spent on the website, visited subpages, etc. 

We use Google Analytics in this area.

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies. Detailed information about Google Analytics can be found at: https://www.google.com/intl/en_us/analytics/

You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout 

The data collected by Google Analytics we then process further, using the Google Data Studio tool, which takes data from different sources (e.g. Google Analytics) and visualizes it into interactive reports.

Marketing. 

We use the following marketing tools :

  1. we implemented the Facebook’s Pixel in our Service’s code, which remembers your visit. For this purpose, Facebook cookies are used. This results in showing you our ads on Facebook. For information on the purpose and scope of data collection, further processing and use of data by Facebook, as well as your relevant rights and setting options to protect your privacy, please refer to Facebook’s privacy policy: https://www.facebook.com/privacy/explanation .

If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our Service.

  1. We have implemented the so-called in the code of our service Google Ads Pixel to target you when you browse the Internet for some time after visiting our site. You can prevent Google’s from the use of advertising cookies by visiting the special page with Google ad settings, available at this link: https://myaccount.google.com/not-supported?pli=1

Using cookies allows us to provide support services for you and improve the operation of the Service. However, we do not monitor your behaviour on an ongoing basis and we do not process this data in any way that could affect your rights and freedoms.

3. What personal data we process

We process the following personal data:

OUR MEMBERS AND PARTNERS

  1. name and surname,
  2. e-mail address,
  3. phone number,
  4. address of business activity,
  5. company name,
  6. description of organization,
  7. Tax Identification Number (NIP),
  8. Business Registry Number (REGON),
  9. organization website address,
  10. organization LinkedIn page address,
  11. organization Facebook page address,
  12. organization career page address,
  13. point of contact name, e-mail, LinkedIn URL and telephone,
  14. billing information and payment details,
  15. history of transactions,
  16. history of correspondence (including by email).

EMPLOYEES OF OUR MEMBERS OR PARTNERS

  1. name and surname,
  2. phone number,
  3. e-mail address,
  4. personal data contained in the LinkedIn profile.

EVENTS PARTICIPANTS

  1. name and surname,
  2. phone number,
  3. e-mail address,
  4. personal data contained in the LinkedIn profile,
  5. occupation or business field,
  6. information about the reasons for joining the event and your evaluation of the event,
  7. data contained in presentations and other materials shown by you at the event (e.g. Pitch Deck).

JOB APPLICANTS

We process the following personal data of a job candidate:

  1. name and surname,
  2. email address,
  3. telephone number,
  4. image (photo in CV),
  5. education,
  6. the course of previous employment,
  7. professional specialization,
  8. professional experience level,
  9. financial expectations regarding remuneration with a new employer,
  10. level of knowledge of foreign languages,
  11. job search urgency,
  12. skill set,
  13. profile & goals,
  14. data publicly available on social media of a business or professional nature (LinkedIn, GitHub, thematic groups on Facebook, etc.).

PARTICIPANTS IN OUR RESEARCH ON THE INNOVATION ECOSYSTEM

  1. company name,
  2. description of organization,
  3. information about the company’s history and business model,
  4. address of business activity,
  5. organization website address,
  6. organization LinkedIn page address,
  7. organization Facebook page address,
  8. name and surname of the research participant,
  9. email address of the research participant,
  10. telephone number of the research participant,
  11. point of contact name, e-mail, LinkedIn URL and telephone,
  12. history of correspondence with research participant (including by email).

ACCELERATION PROGRAMS PARTICIPANTS / NETWORKING PROGRAMS PARTICIPANTS

  1. name and surname,
  2. phone number,
  3. e-mail address,
  4. occupation or business field,
  5. personal data contained in the LinkedIn profile,
  6. website and electronic portfolio addresses,
  7. data related to the company that the participant represents or data related to the company that the participant plans to set up,
  8. data contained in presentations (e.g. Pitch Deck).

VISITORS OF OUR SERVICE

  1. device IP address,
  2. device screen resolution,
  3. device type (unique device identifiers), operating system and browser type,
  4. geographic location (country only),
  5. preferred language (device interface language),
  6. mouse events (movements, location and clicks),
  7. keystrokes,
  8. referring URL and domain,
  9. pages visited,
  10. server date and time,
  11. location of the terminal device from which the user connects to the service,
  12. UTM tags, determining from which network location the user arrived
  13. online identifiers, including cookie IDs, web protocol addresses and device identifiers.

PEOPLE WHO CONTACT US

  1. name and surname,
  2. phone number,
  3. e-mail address,
  4. other personal data that could potentially be included in the message by the sender.

PEOPLE WHO ORDER THE NEWSLETTER

  1. e-mail address,
  2. data measuring Newsletter performance.

POTENTIAL MEMBERS OR PARTNERS

  1. name and surname,
  2. job position,
  3. e-mail address,
  4. data publicly available on social media of a business or professional nature (e.g. LinkedIn).

ENTITIES USING ONLINE PAYMENT SERVICES

  1. name and surname of the card owner,
  2. email address,
  3. unique customer identifier,
  4. bank account details,
  5. payment card details,
  6. card expiry date,
  7. CVC code,
  8. date / time / amount of the transaction.

SUPPLIERS

  1. name and surname,
  2. e-mail address,
  3. phone number,
  4. fax number,
  5. address of business activity,
  6. company name,
  7. Tax Identification Number (NIP),
  8. Business Registry Number (REGON),
  9. history of transactions with you,
  10. history of correspondence with you (including by email),
  11. contact details of your employees (if they contact us on your behalf).

4. To whom we disclose your personal data

The data of all users of the Service are processed in the IT system, located in part in the so-called public cloud computing provided by third parties (responsible for hosting the Service).

Personal data of people using the contact form are also processed in the IT system, located in part in the so-called cloud computing provided by third parties responsible for hosting email that we use. Due to the location of these entities’ servers, this data may be transmitted, stored and processed in third countries. These entities, however, guarantee an adequate level of data protection.

Our IT systems are serviced by an external specialized entity. When providing services to us, it may have access to your personal data.

Some of the operations described above involve sending your personal data to so-called third countries (outside the European Economic Area) where GDPR does not apply. However, this always happens based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms. Detailed information in this regard can be found in the privacy policies posted by providers on their websites.

Our Members or Partners

If you have taken part in our recruitment and we consider you a good candidate for a job with our Member or Partner, we disclose your personal data to them. We are not able to define in advance what entity it will be in this Privacy Policy. However, we can say that most of our Members and Partners are reputable IT companies.

The current list of our Members and Partners: https://www.omgkrk.com/omgkrk-members/

Our volunteers, employees and associates

People who work for or with us may have access to your personal data. This applies especially to our volunteers, employees and associates of the foundation. They are committed to protecting your personal data and complying with all rules designed to protect your security and privacy.

Zenbox
We entrust the processing of personal data to zenbox sp. z o.o. in order to store data on the server. Our services are located on these servers, so everything you type in our forms must appear there. Your data is stored on secure servers in Poland. The connections we use to connect to the server are encrypted.

More information about the processing of personal data by zenbox sp. z o.o. can be found here:

https://zenbox.pl/regulaminy/

and here:

https://zenbox.pl/files/polityka_prywatnosci_zenbox_pl.pdf 

Google LLC and Google Ireland Limited (Google Analytics)

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies.

The anonymous data of all Service users (in relation to Google Analytics services) contained in cookies are disclosed to Google LLC and Google Ireland Limited providing us the Google Analytics service on the terms set out here: https://privacy.google.com/businesses/processorterms/ and here: https://privacy.google.com/businesses/controllerterms/ 

The servers of these companies are located in different parts of the world, which means that these data can be transferred outside the European Economic Area. However, Google LLC guarantees an adequate level of data protection. Google LLC joined the EU-US-Privacy Shield program which can be verified here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can check the location of Google LLC servers here:
https://www.google.com/about/datacenters/inside/locations/?hl=pl 

You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout

Facebook Ireland Limited (Facebook Analytics)

The anonymous data of all Service users (in relation to Facebook Analytics services) contained in cookies are disclosed to Facebook Ireland Limited providing us the Facebook Analytics service on the terms set out here: https://www.facebook.com/privacy/explanation and here: https://www.facebook.com/policies/cookies/ 

Facebook uses typical contractual clauses approved by the European Commission ‘(What is a standard contract clause?’ – https://www.facebook.com/help/566994660333381?ref=dp) and is based on the decisions of the European Commission stating an adequate level of data protection in relation to specific countries, where applicable, in the scope of data transfer from the European Economic Area to the United States and other countries (‘Adequacy decisions’ – https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

We use the Stripe tool – an online payment processing service and online platform for managing them. This involves processing by us and Stripe Payments Europe, Limited, including data about the payment method you choose, including, for example, information about the payment card used. Stripe Payments Europe, Limited, C / O A&L Goodbody, IFSC, North Wall Quay, Dublin 1, Ireland – is a provider of online payment processing services and an integrated internet platform that enables us to comprehensively manage them.

External services supporting our business

Please bear in mind that in running our business we use the support of specialized external entities which may or must have access to some of your data – these are the entities which provide us with services in the field of:

  • accounting and bookkeeping services,
  • IT services,
  • payment service providers,
  • state administration bodies authorised to do so by law (e.g. tax authorities, self-government bodies of legal advisers, offices, courts),
  • service providers related to the so-called re-marketing (as Google and Facebook).

In our agreements with these entities, we have ensured that your personal data will not be transferred to so-called third countries (outside the European Economic Area), where the GDPR does not apply.

In addition, personal data of Service users contained in cookies may also be disclosed to entities with which the administrator has undertaken affiliate cooperation.

5. How long we process your personal data

OUR MEMBERS AND PARTNERS / SUPPLIERS

We will process your personal data for as long as it is necessary for our cooperation. If the limitations period for claims related to our cooperation is longer than the duration of our cooperation, then this longer period shall apply. 

EMPLOYESS OF OUR MEMBERS OR PARTNERS

We will process your personal data as long as it is necessary for our cooperation with our Partner or Member. If the limitation period for claims related to our cooperation with our Partner or Member is longer than the duration of our cooperation with our Partner or Member, then this longer period shall apply.

EVENTS PARTICIPANTS / ACCELERATION PROGRAMS PARTICIPANTS / NETWORKING PROGRAMS 

We will process your personal data throughout the duration (or time of your participation) in our events, acceleration programs or networking programs. If you agree that we will keep in touch with you after the above mentioned events and programs have ended, we will process your data until your consent is withdrawn.

JOB APPLICANTS

We strive to keep your data up to date. For this purpose, we contact you at least once every 6 months in order to catch up. If for any reason we are unable to contact you within this period, your personal data will be deleted 12 months after its collection.

In terms of personal data processed for the purpose of carrying out future recruitment processes, on the basis of consent, your personal data will be stored for a period of 12 months from the date of consent.

Sensitive data that we have received from you, and for the processing of which we have not been given explicit and separate consent, will be deleted immediately.

Remember, however, that we may also store your personal data for the purpose of establishing, investigating or defending against claims related to the recruitment process for a period of 3 years counted from the end of the recruitment process in which you participated.

PARTICIPANTS IN OUR RESEARCH ON THE INNOVATION ECOSYSTEM

We process the personal data of participants in our research on the innovation ecosystem for the duration of your consent. After this time, we can process the data collected for research on the innovation ecosystem only as statistical data.

VISITORS OF OUR SERVICE

We will process your personal data for as long as it is necessary maintain an account on our Service for you. If the statute of limitations for claims related to our service is longer than the retention period for maintain an account on our Service for you, then this longer period applies.

Our ads related to the use of cookies will appear to you for a 3 months from the last visit to our website (unless you delete our cookies from your browser beforehand).

 

CONTACT

Personal data provided in order to contact us will be stored for no longer than is necessary to answer you, and after that time may be stored in the event of potential claims for the limitation period specified by law.

NEWSLETTER

Personal data processed for purposes of sending you newsletter will be processed as long as the agreement regarding sending the newsletter is in force (which is, until it is terminated by either of the parties) and after that time may be stored in the event of potential claims for the limitation period specified by law.

ONLINE PAYMENT SERVICES

The billing information will be stored for 5 (five) years from the end of the accounting year from which the specific transaction was made. The billing information are proof of payment and an obligation to their storage results indirectly from the Tax Law.

POTENTIAL MEMBERS OR PARTNERS

We contact you within 30 days after collecting your personal data. If we fail to do so – your personal data will be erased immediately. If, however, it is you who willingly left your data to us using our website, then this 30 days deadline does not apply. Anyway, we try to contact you as soon as possible.

You have the right to object at any time, on the reasons relating to your particular situation, to the processing of personal data relating to you based on Article 6 section 1 letter e) or f) of the GDPR, including profiling on the basis of these provisions. In such a case, we may no longer process such personal data unless we demonstrate the existence of valid legal bases for processing, overriding your interests, rights and freedoms, or bases for establishing, asserting or defending your claims.

As your personal data are processed for the purposes of direct marketing, you have the right at any time to object to the processing of personal data relating to you for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

COOKIES

The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.

6. How do we enable you to realize your rights

We make our best efforts to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges which will allow you to have influence on the manner in which we process your personal data, and in some cases you may stop such processing. 

If you are a person to whom the GDPR applies, these rights include:

  • the right to access the personal data (regulated in Article 15 of the GDPR)

Article 15

Right of access by the data subject

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  1. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
  1. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  2. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
  • the right to rectify the data (regulated in Article 16 of the GDPR)

Article 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • the right to erase the data (regulated in Article 17 of the GDPR)

Article 17

Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  1. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  1. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.
  • the right to restrict the processing of data (regulated in Article 18 of the GDPR)

Article 18

Right to restriction of processing

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  1. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  2. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
  • the right to object to the processing of data (regulated in Article 21 of the GDPR)

Article 21

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  • the right to transfer data (regulated in Article 20 of the GDPR)

Article 20

Right to data portability

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  2. the processing is carried out by automated means.
  1. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  2. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  3. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.

In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: contact@omgkrk.com.

7. Lodging a complaint to the supervisory authority

If you are the person to whom the GDPR applies pursuant to Article 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR. 

In Poland, the supervisory body is the President of the Office for Personal Data Protection – you can make a complaint, among others by traditional mail to the address of ul. Stawki 2, 00-913 Warsaw or by email to the address: kancelaria@uodo.gov.pl, you can also get more detailed information (including current phone numbers) on the website: https://uodo.gov.pl/ 

If you are not the person to whom the GDPR applies, you are entitled to lodge a complaint with the office dealing with the protection of personal data in your country in accordance with applicable law.

8. Is submitting personal data necessary for concluding an agreement with us

OUR MEMBERS AND PARTNERS / EVENTS PARTICIPANTS / ACCELERATION PROGRAMS PARTICIPANTS / NETWORKING PROGRAMS PARTICIPANTS / SUPPLIERS / VISITORS OF OUR SERVICE / NEWSLETTER

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfil the obligations arising from the law (tax regulations, accounting regulations, obligations arising from professional regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.

EMPLOYEES OF OUR MEMBERS OR PARTNERS

We do not conclude any agreement with you but you must provide us with your personal data necessary to cooperate with our Member or Partner (probably your employer).

JOB APPLICANTS

We do not enter into any agreement with you at the recruitment stage. Providing data is necessary in order to participate in recruitment

PARTICIPANTS IN OUR RESEARCH ON THE INNOVATION ECOSYSTEM

We do not enter into any agreement with you at the research process. Providing data is necessary in order to participate in our research on the innovation ecosystem.

CONTACT 

We do not conclude any agreement with you at this stage. Some of your details (as email address) are necessary for us to answer your question.

NEWSLETTER

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. If you do not provide us with personal data (in particular e-mail address) it will make it impossible to cooperate with you.

ONLINE PAYMENT SERVICES

Failure to provide personal data required to perform online payments will prevent the service provider from carrying out the payment process, which will make the performance of the agreement impossible. As a result, you will have to choose a different payment method.

COOKIES

Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and allow you to access the account content). 

9. How do we obtain your personal data

OUR MEMBERS AND PARTNERS / EVENTS PARTICIPANTS / ACCELERATION PROGRAMS PARTICIPANTS / NETWORKING PROGRAMS PARTICIPANTS / SUPPLIERS / VISITORS OF OUR SERVICE / PEOPLE WHO CONTACT US / NEWSLETTER

We obtain your personal data directly from you (including automated methods). 

EMPLOYEES OF OUR MEMBERS OR PARTNERS

We obtain your data from our Member and Partners or directly from you.

JOB APPLICANTS

If you applied to our recruitment program using the application form on the website. In this case, we got the first handful of data from you.

PARTICIPANTS IN OUR RESEARCH ON THE INNOVATION ECOSYSTEM

We obtain your data directly from you or from publicly available sources (e.g. your organisation’s website).

ONLINE PAYMENT SERVICES

Data regarding the payment process is provided to us by Stripe Payments Europe, Limited. the provider of online payment processing services and an online platform for managing them.

POTENTIAL MEMBERS OR PARTNERS

We obtain your personal data from publicly available sources (e.g. your organisation’s website) or purchase them form reliable database providers, after ensuring that they have been collected, stored and disclosed to us in a legal manner.

10. Automated processing and profiling

Exploitation data and data related to using cookies are processed in automated way (however, they are not subject to profiling, as understood based on GDPR).

The data related with the use of marketing cookies are subject to profiling.

Other data is not subject to automated processing or profiling.