General Provisions

The Administrator declares that it undertakes all necessary efforts to:
(i) ensure the security and confidentiality of the personal data of Users using the Website provided by the Administrator;
(ii) define the rules for storing and accessing information on the User’s device obtained through Cookies, used for the provision of electronic services requested by the User in connection with their use of the Website made available by the Administrator.

This Privacy Policy and Cookie Policy have been prepared on the basis of, and in accordance with, the applicable provisions of law.

Within these Policies, the Administrator provides information regarding:

• the data it processes;
• the purposes and legal bases for their use;
• the User’s rights in the field of personal data protection;
• the measures and methods applied to secure the data;
• the use of Cookies.

Definitions

Administrator or PRBCC – the Polish-Romanian Bilateral Chamber of Commerce and Industry, with its registered office in Warsaw (00-549), ul. Piękna 24/26a, entered into the Register of Associations of the National Court Register kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000666612, NIP: 7010672035, REGON: 366726791;

Cookies – small text files stored on the User’s end device and intended for the use of websites. They contain the name of the website they originate from, a unique identifier, and their storage time on the end device. Cookies allow the recognition of the User’s device and the adjustment of the Website’s settings to the User’s individual preferences;

Website – the online service operating at www.prbcc.pl

Device – any electronic device used by the User to access the Website;

User – any person who uses the Website;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

PRIVACY POLICY

The introduction of this Privacy Policy serves to define the actions undertaken by the Administrator to ensure the security of personal data processed through the Website provided to the User.

The Administrator’s aim is to appropriately inform Users about matters relating to the processing of personal data, particularly in light of data protection regulations, including GDPR. Therefore, this document explains the legal bases for processing personal data, the methods of their collection and use, as well as the rights of data subjects.

What data is collected by the Administrator?

User data is collected in connection with the provision of electronic services and depends on the extent of the User’s interaction with the Website. In particular, the Administrator collects:

• data provided via the contact form – identification data entered by the User using the Website’s contact form;
• data obtained via Cookies – as described in the Cookie Policy;
• data submitted in complaints, requests and claims – identification data and information provided by the User in the submitted documentation;
• data collected through Google Analytics – usage data for the purpose of preparing reports and analysing User activity, enabling customised services based on User preferences;
• data collected from external service providers – including data obtained through Cookies enabling specific Website functionalities, including:
  • Google Maps widget.

Does the Administrator use Cookies?

Yes. The Administrator uses technologies available within electronic services, including Cookies, as described in the Cookie Policy.

For what purposes does the Administrator process data?

The purposes and scope of data processing depend on the User’s consent and/or applicable law. The Administrator processes User data in particular for the purpose of:

• secure provision of electronic services;
• enabling User access to the Website;
• carrying out permitted marketing activities, including direct marketing conducted by the Administrator or cooperating entities;
• conducting market research and analysis;
• handling complaints, claims and requests submitted by the User;
• fulfilling legal obligations;
• statistical and archiving purposes;
• establishing or pursuing civil-law claims, and defending against such claims.

What are the legal bases for processing data?

User data is processed based on:

• Art. 6(1)(a) GDPR – in the scope of direct marketing of products and services of the Administrator’s partners and sending commercial information;
• Art. 6(1)(b) GDPR – for the provision of electronic services;
• Art. 6(1)(c) GDPR – for the processing of complaints, claims and requests;
• Art. 6(1)(f) GDPR – for handling contact form submissions, direct marketing of the Administrator’s services, establishing and pursuing civil-law claims or defending against such claims, as well as for market research and analytics.

In other situations:

• Art. 6(1)(a) GDPR – based on the User’s consent;
• Art. 6(1)(c) GDPR – to comply with legal obligations;
• Art. 6(1)(f) GDPR – when processing is necessary for legitimate interests pursued by the Administrator or a third party.

Does the Administrator transfer personal data to other entities?

Yes. Recipients may include:

• members of PRBCC governing bodies, employees and volunteers;
• service providers (HR, accounting, administrative, financial, IT including hosting);
• other institutions authorised under applicable law.

What rights does the User have?

The User has the right to:

• access their data;
• rectify data;
• erase data;
• restrict processing;
• data portability;
• object to data processing.

If processing is based on consent, the User may withdraw consent at any time, without affecting the lawfulness of processing carried out prior to its withdrawal.

Requests may be submitted electronically or by traditional mail using the contact information indicated later in this Policy.

The User also has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

Is providing personal data voluntary?

Providing data is voluntary but may be necessary for the use of some or all functionalities of the Website.

Is personal data subject to profiling?

Data may be processed automatically, including profiling, for the purpose of providing personalised information about services and products of the Administrator or its partners.

Can personal data be transferred outside the EEA?

Yes. Data may be transferred outside the European Economic Area (including the United States) to, for example, Google or Facebook, whose services the Administrator uses.

For how long is personal data stored?

• Art. 6(1)(a) GDPR – until consent is withdrawn;
• Art. 6(1)(b) GDPR – for the duration necessary to provide electronic services;
• Art. 6(1)(c) GDPR – for the period needed to process complaints, claims or requests;
• Art. 6(1)(f) GDPR – until legitimate interests are fulfilled or until an objection is raised, including periods required to establish or defend claims.

From when is this Policy effective?

This Privacy Policy and Cookie Policy are effective from 01 January 2024.

Can the Policies be amended?

Yes. Amendments may occur due to:

• introduction of new technologies;
• implementation of new services requiring updated safeguards;
• changes in legal obligations.

All amendments will be published on the Website with the date of entry into force.

What security measures does the Administrator use?

The Administrator applies technical and organisational measures to ensure data security, including:

• preventing access to personal data by unauthorised persons;
• preventing processing in violation of applicable regulations;
• securing data against loss, damage or destruction.

The Administrator also:

• uses systems protecting against power failures;
• stores data on secured devices with authentication and password protection;
• uses measures preventing unauthorised copying of data.

How can the User contact the Administrator?

The User may contact the Administrator via the contact form on the Website or by e-mail or traditional mail at the addresses provided below.

Correspondence address: office@prbcc.pl

COOKIE POLICY

The Administrator uses Cookies through the Website. Information stored in Cookies, combined with other User data, may constitute personal data and may be processed for the purposes indicated in this Policy.

Data processed through Cookies is subject to the Administrator’s Privacy Policy and is protected using appropriate security measures, including encryption.

Does the use of Cookies require User consent? How can consent be given?

The User gives consent to the use and storage of Cookies by adjusting their browser settings.

The User may object at any time and withdraw consent without affecting the lawfulness of processing carried out prior to withdrawal.

Users can modify Cookie settings in their browsers. Example instructions:

• Internet Explorer – https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
• Chrome – https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
• Firefox – https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
• Opera – https://help.opera.com/pl/latest/web-preferences/#cookies
• Safari – https://support.apple.com/pl-pl/guide/safari/sfri11471/mac

Users may manage Cookies by:

• enabling or disabling Cookie support;
• controlling site-specific Cookies;
• applying different settings for session and persistent Cookies;
• blocking or deleting Cookies.

Some settings may limit Website functionality.

What types of Cookies are used?

The Website uses:

• session Cookies – stored until logout or leaving the Website;
• persistent (tracking) Cookies – stored for a defined period or until deleted;
• third-party Cookies – originating from external providers linked to the Administrator, enabling tailored advertising or social media integrations.

For what purposes are Cookies used?

Cookies are used to:

• enable the use of Website functionalities;
• tailor Website content to User preferences;
• optimize Website performance;
• create statistics supporting Website improvement;
• facilitate access and login;
• support marketing and advertising;
• enable multimedia and social media services (e.g. Facebook).

How long is data obtained from Cookies stored?

Data is stored for the period necessary for achieving the Administrator’s purposes, in accordance with the legal basis.

Examples (Google Analytics Cookies):

• _utmc – session
• _utmv – 0 minutes
• _utmb – 30 minutes
• _utma – 2 years
• _utmz – 6 months

Can Cookies be shared with third parties?

Yes. Cookies may be shared with cooperating entities, including advertisers and service providers, in accordance with the Privacy Policy and applicable law.