Privacy Policy - Festiwal A Part

I. Data Controller

The controller of personal data is:

Stowarzyszenie Teatralne A Part
Barlickiego 15B/4
40-820 Katowice, Poland
NIP: 6342523187
KRS: 0000198114

info [at] festiwalapart [dot] art [dot] pl

The Controller processes personal data in accordance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”),
the Act of 10 May 2018 on the protection of personal data,
the Act of 18 July 2002 on the provision of electronic services.

II. Scope, purposes and legal bases for data processing

Personal data may be processed for the following purposes:

performance of contracts and orders – Article 6(1)(b) GDPR,
customer service and conducting correspondence – Article 6(1)(f) GDPR,
fulfillment of legal obligations (e.g. accounting or tax) – Article 6(1)(c) GDPR,
sending marketing content or newsletters – after consent – Article 6(1)(a) GDPR,
conducting technical analyses and administrative statistics of the service (e.g. server logs, security statistics) – Article 6(1)(f) GDPR,
conducting statistical analyses regarding the use of the website using analytical tools – after consent – Article 6(1)(a) GDPR.

Scope of processed data. Depending on the purpose, the Controller may process:

name and surname,
email address,
phone number,
address data,
company data (name, tax identification number, registered office address),
technical data related to the use of the website (e.g. IP address, browser information, date and time of the visit).

The Controller processes data only to the extent necessary to achieve the indicated purposes.

Personal data may be transferred to:

entities supporting the Controller, such as hosting providers, payment operators, courier companies, accounting companies, IT service and other entities providing supporting services,
public authorities if required by applicable law.

These entities process data in accordance with entrustment agreements and only to the extent necessary to provide services to the Controller.

III. Data retention period

Personal data is stored:

for the period necessary to achieve the purpose for which it was collected,
for the period required by law (e.g. accounting, taxes),
or until consent is withdrawn — if processing is based on consent.

IV. Forms and Contact

Data provided through contact forms is processed solely in order to respond to the user’s inquiry and to conduct correspondence related to the submitted matter. Providing data is voluntary, but necessary to establish contact. The legal basis for processing is Article 6(1)(f) GDPR – the legitimate interest of the Controller consisting in handling inquiries.

V. Server logs

When using the service, the server automatically records technical data such as the device IP address, date and time of the request, browser information and operating system. This data is processed only for administrative purposes, ensuring security and proper functioning of the website. Server logs are not used to identify the user and are not subject to profiling.

VI. Cookies

The website uses cookies necessary for its proper functioning and – after obtaining user consent – statistical and marketing cookies for the following purposes:

Necessary – enable the basic functioning of the website, such as session handling, security, proper display of content and remembering the choice regarding cookies. These cookies cannot be disabled.

Statistical – enable analysis of how the website is used by collecting information about the number of visits, traffic sources and user behaviour on the website. This data is used solely for statistical purposes and helps improve the functioning of the website. For this purpose we use analytical tools such as SlimStat Analytics.

Marketing – enable displaying content from external services such as YouTube. When activated, technical user data may be transferred to providers of these services (e.g. IP address, cookie identifiers and information about the device and browser). Providers may also process this data for their own purposes, including analytical or marketing purposes, in accordance with their privacy policies.

VII. External services

External services that are not necessary for the functioning of the website are activated only after consent has been given to the appropriate categories of cookies.

Wordfence Security

To ensure the security of the service, the Wordfence Security service provided by Defiant, Inc. (USA) is used. Wordfence processes technical data such as IP address, browser information and data regarding login attempts in order to protect against attacks, abuse and unauthorized access. As part of the service operation, technical data may be transferred to Defiant, Inc. servers in the USA solely for security analysis purposes. Processing takes place on the basis of Article 6(1)(f) GDPR – the legitimate interest of the Controller consisting in ensuring the security of the website. Wordfence may use technical cookies that are necessary for the functioning of security mechanisms. These cookies do not require user consent.
Privacy policy Wordfence Security:
https://www.wordfence.com/privacy-policy/

SlimStat Analytics

The website uses the SlimStat Analytics tool used to analyse how the service is used. Data is processed locally on the Controller’s server and may include e.g. IP address (in shortened or anonymized form), browser information, visit time and visited subpages. The tool is activated only after consent to statistical cookies has been given.
SlimStat Analytics privacy policy:
https://www.wp-slimstat.com/privacy/

YouTube

Embedded video materials from YouTube may cause cookies to be stored and data (including IP, device information) to be transferred to Google. Videos may be loaded only after consent to marketing cookies has been given.
Google (YouTube) privacy policy:
https://policies.google.com/privacy

MailPoet

The website may use the MailPoet service to operate the newsletter and send e-mail messages. In the case of subscribing to the newsletter, data such as e-mail address, IP address and technical information related to the subscription may be processed. Data processing takes place on the basis of the user’s consent (Article 6(1)(a) GDPR).
MailPoet privacy policy:
https://www.mailpoet.com/privacy-notice/

VIII. Managing cookie and similar technology settings

Before cookies are stored on the user’s device, a consent banner is displayed which allows selecting preferences regarding individual cookie categories.

The user may at any time change or withdraw consent to data processing based on cookies (except necessary cookies) using the consent management tool available on the website or by changing the settings of their web browser.

In most web browsers it is possible to block storing all or selected cookies. Changing these settings may require confirmation by the user. Completely blocking cookies may cause some functions of the service to not work properly.

The method of managing cookies depends on the browser used. In the browser settings the user may specify preferences regarding saving and deleting cookies and similar technologies.

External entities may use their own cookies and similar technologies in accordance with the rules specified in their privacy policies. The Controller has no influence on the operation of cookies used by third parties.

IX. Rights of the data subject

In accordance with the GDPR the user has the right to:

access their data and obtain a copy of it,
rectify (correct) data,
delete data (“right to be forgotten”),
restrict processing,
data portability,
object to processing,
withdraw consent at any time (without affecting the lawfulness of earlier processing).

In order to exercise the above rights, please contact the Controller:

Stowarzyszenie Teatralne A Part
Barlickiego 15B/4
40-820 Katowice, Poland
NIP: 6342523187
KRS: 0000198114

info [at] festiwalapart [dot] art [dot] pl

If the user believes that data is processed in violation of regulations, they have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

X. Data security

The Controller applies appropriate technical and organizational measures ensuring data security, including:

encrypted connection (SSL certificate),
control of access to data,
backups and ongoing software updates.

The purpose of these actions is to ensure the confidentiality, integrity and availability of personal data.

XI. Contact

If you have any questions regarding the privacy policy and cookies, please contact:

Stowarzyszenie Teatralne A Part
Barlickiego 15B/4
40-820 Katowice, Poland
NIP: 6342523187
KRS: 0000198114

info [at] festiwalapart [dot] art [dot] pl