Last updated: May 2020
Pursuant to Article 13 (1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), we would like to inform you that:
- Ultimo Sp. z o.o., with its registered office at ul. Raduńska 40, 83-333 Chmielno, Poland, NIP [taxpayer’s identification number] 957-102-71-84, REGON [statistical number] 220837957 (hereinafter Ultimo Sp. z o.o. or Organizer or Controller) is the Controller of your personal data.
- Your information is used for the purposes of proper organisation of Event, which is understood as a three-day barcamp and conference event called ProductCamp, and for the purposes of maintaining contact with its participants afterwards.
- You provide your personal data voluntarily; however, for the participation in Event and the purchase of tickets the provision of true personal data is a necessary condition. The minimum scope of data to be used by Organizer to identify a Participant shall cover: full name, e-mail address, job title, company name, Linkedin profile, country – individual designation of the company that purchased Tickets for Participants – unless Participant purchased tickets as a natural person. Failure to provide the aforementioned personal data or provision of false information shall exclude Participant from participation in Event.
- Your personal data may be disclosed to the Controller’s employees or associates authorised to process personal data in connection with the performance of their duties, in particular where your identity needs to be confirmed to provide you with means of access to enter and participate in Event.
- Barcamp Speakers give permission to Organizer to share their identity including first and last names, job title, employer company and Barcamp Speaker’s face image & video with other Participants of Event and in social media for purposes of promoting the talk, publishing on the Barcamp agenda, streaming to other Participants and recording for further distribution.
- Conference Speakers give permission to Organizer to share their identity including first and last names, job title, employer company and Speaker’s face image & video with other Participants of Event and in social media for purposes of promoting the talk, publishing on the agenda, streaming to other Participants and recording for further distribution.
- If you want to obtain any information which is not included herein or if you have any questions regarding the processing of your personal data, contact us at: firstname.lastname@example.org
Ultimo Sp. z o.o. uses its best efforts to ensure that all personal data are processed in accordance with the purpose for which they were collected, and used in accordance with the scope of the authorisations (consents) granted and the processing areas permitted by law; moreover, we ensure the confidentiality, integrity and accountability of the personal data we process.
The personal data processed shall not be made available without the consent of the data subjects, unless such data are made available to individuals authorised to process personal data, entities to whom the data were transferred under a personal data processing agreement (including those which cooperate with the Controller: HR and accounting offices of BCS Consulting plc., Rafał Nastały trading as SKY31, who provides the services of an advertising agency; electronic payment services, such as: PayU, Mailchimp – emailing software; third-party Service providers as outlined in Terms and Conditions par. 2.9) and other entities authorised under applicable provisions of law.
All personal data shall be processed in accordance with the requirements of generally applicable law, in particular Regulation (EU) 216/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ L 2016.119.1 of 04.05.2016), the Personal Data Protection Act of 10 May 2018 (Dz.U. [Journal of Laws] of 2018, item 1000 of 24.05.2018), the Act on Rendering Electronic Services of 18 July 2002 (Dz.U. of 2019, item 123, i.e. of 21.01.2019, as amended) and the Telecommunications Law (Dz.U. of 2018, item 1954, i.e. of 12.10.2018, as amended), including in accordance with the scope of the consent given.
The personal data processed shall be transferred to countries outside the European Union and the European Economic Area in order to process electronic payments for the purchase of Event Tickets or to use third-party applications and software.
PURPOSE OF PERSONAL DATA PROCESSING
- Your personal data shall be processed for the following purposes:
a) purchasing tickets, under Article 6 (1) (f) of GDPR,
b) informing Event Participants of the details, course and changes in the agenda of Event, under Article 6 (1) (a) of GDPR,
c) performing a contract for the rendering of services offered by Organizer as part of the purchase of Tickets for individual days of Event, under Article 6 (1) (b) of GDPR,
d) sending notifications of services rendered by Organizer, in particular marketing notifications, to the email address and telephone number provided during registration / purchase of Event tickets or in the course of creating Participant’s account, also in the form of commercial information, under Article 6 (1) (a) of GDPR,
e) implementing electronic communication aimed at the provision of on-going communication between Organizer and Participants, under Article 6 (1) (a) of GDPR.
f) enabling various online activities inside third party apps (1:1 chats, surveys, quizzes, games, competitions) for purposes of facilitating networking and group discussions.
- Our Service, which is delivering the online Event provides Participants with the means of making connections with other Participants. You can provide your personal information such as name, Linkedin profile or contact details by adding your personal information on the login/profile creation page of third party applications (LiveStorm, Slack or Slido, Google Sheets), which we use to facilitate various side activities and Participant to Participant communications. Once this happens, you automatically consent to the sharing of your voluntarily provided information with other Participants. Sharing your basic personal information might be required to use some of the above-mentioned applications, however, you are free to withdraw from using them at any time
- We may utilize some third-party software applications to help us operate, provide, improve, understand, customize, support, and market our Services. These third parties provide us with services including customer support, data storage and website hosting, ticketing and payment processing, legal advice and compliance, and marketing and data analysis. These third parties are contractually required to use it only to provide their service to us, and prohibited from using it for their own purposes ie. market directly to you or use your details for any other purposes than helping us deliver Event.
- We may also share aggregated or de-identified information, such as counts of Participant job titles or their affiliated companies, with companies we do business with, including our Partners as well as other organizational members.
- In instances where Ultimo Sp. z o.o., the entity of Organizer, is subject to a reorganization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with such corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status.
PERSONAL DATA RETENTION PERIOD
- Participants’ personal data shall be stored during the use of productcamp.pl website and after that period to the extent necessary to settle transactions, assert and limit claims for payment for Tickets purchased or for the period necessary to achieve the purposes for which they were collected.
- Where justified on the basis of generally applicable legal regulations, Participants’ personal data shall be stored for the period provided for by law.
- Organizer respects the rights of any person whose data are processed, including:
a) right of access to personal data,
b) right to rectification of data,
c) right to erasure of data (“right to be forgotten”),
d) right to restrict the processing of data,
e) right to data portability,
f) right to object,
g) right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning such person or similarly significantly affects such person.
- Where the data are processed based on the consent of the data subject, such a person shall have the right to withdraw their consent at any time, with the reservation that this will not affect the legality of the processing made on the basis of the consent prior to its withdrawal.
- Withdrawal of consent of data processing is equivalent to cancellation of Participation in Event and is pursuant to cancellation by Participant rules as outlined in general Terms and Conditions Part. 8.2.
- Participants whose personal data are processed by Organizer may exercise their rights as mentioned above by sending an email to Organizer’s address: email@example.com with their requests.
- A data subject has the right to lodge a complaint with a supervisory authority, if the data subject believes that their rights have been violated.
USE OF PHYSICAL LIKENESS
- Participant’s physical likeness shall be used solely for the purposes of promotional and marketing activities undertaken by the Controller.
- Pursuant to Article 173 of the Telecommunications Law of 16 July 2004, the Controller hereby notifies you that it collects information about Clients/Participants via “cookies”.
- Cookies are IT data and in particular small text information which is saved and stored on the Client’s and Participant’s terminal devices, through which Ultimo Sp. z o.o. and productcamp.pl websites can be accessed, such as for instance a computer, smartphone or tablet.
- The Controller shall store cookies on the Client’s/Participant’s terminal device to ensure proper operation of its websites, to remember the settings selected by the Client/Participant and personalise the interface in the selected language, to provide greater security, including to detect possible fraud or abuse, and for direct marketing purposes.
- The Client/Participant may change cookie settings on their own and at any time, determining the conditions of their storage and access. These changes can be made via settings of the Internet browser used by the Client/Participant.
- The Client/Participant can delete cookies at any time via the available functions in their web browser.
- Comprehensive information can be found in the software (web browser) settings. Details for the Client/Participant who uses the following web browsers:
– Internet Explorer: https://support.microsoft.com/en-gb/help/278835/how-to-delete-cookie-files-in-internet-explorer
– Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
– Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
– Opera: http://help.opera.com/Linux/9.60/pl/cookies.html
– Safari: https://support.apple.com/en-gb/HT201265
SECURITY AND STORAGE OF INFORMATION
- Ultimo Sp. z o.o. shall ensure the security of personal data through appropriate technical and organisational measures to prevent unlawful processing and accidental loss, destruction and damage.
- Personal data shall be processed with confidentiality and integrity.
- The Controller shall delete Participant’s data in accordance with their rights and in all circumstances provided by law, in particular at Participant’s request.
- The Controller may assign another entity, a processor, to process Participant’s personal data on the basis of a written contract referred to in Article 28 of GDPR.
- Communication between the user’s computer and Organizer’s server during the collection of personal data and making purchase transactions shall be encrypted with the SSL protocol (Secure Socket Layer).