For the Owner of this website, the protection of Users’ personal data is of the utmost importance. The Owner makes every effort to ensure that Users feel safe when entrusting their personal data while using the website.
A User is a natural person, a legal person, or an organizational unit without legal personality to which the law grants legal capacity, using electronic services available on the website.This Privacy Policy explains the principles and scope of processing the User’s personal data, the rights to which the User is entitled, as well as the obligations of the data controller, and also informs about the use of cookies.
The Controller applies the most modern technical measures and organizational solutions to ensure a high level of protection of processed personal data and safeguards against access by unauthorized persons.
I. PERSONAL DATA CONTROLLER
The controller of personal data is Stowarzyszenie Sfora, with its registered office at:
ul. Adama Mickiewicza 17/23, 15-214 Białystok, Poland,
NIP: 5423507223, REGON: 00001203341
(hereinafter referred to as the “Controller”).
II. PURPOSE OF PERSONAL DATA PROCESSING
The Controller processes the User’s personal data for the purpose of:
selling tickets for the event organized by the Controller called “Sfora Festival.”
This means that the data are necessary in particular to:
a. register on the website;
b. conclude a contract;
c. settle payments;
d. deliver goods ordered by the User;
e. enable the User to exercise all consumer rights.
The User may also consent to receiving information about new products and promotions, which will result in the Controller processing personal data in order to send commercial information to the User, including information about new products or services, promotions, or sales.
Personal data are also processed in order to fulfill legal obligations incumbent on the Controller and to carry out tasks in the public interest, including tasks related to security and defense or the storage of tax documentation.
Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or defending against claims by the User or third parties, as well as marketing of services and products of third parties or the Controller’s own marketing that is not direct marketing.
III. TYPES OF DATA
The Controller processes the following personal data, the provision of which is necessary to:
a. register on the website:
– first and last name;
– email address;
b. make purchases via the website:
– first and last name;
– gender;
– delivery address;
– email address;
c. data provided optionally by the User:
– date of birth;
– PESEL number (if an invoice is requested);
– NIP number (if an invoice is requested for an entrepreneur).
In the event of withdrawal from a contract or acceptance of a complaint, where the refund is made directly to the User’s bank account, the Controller also processes information regarding the bank account number in order to make the refund.
IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA
Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
The Controller processes personal data only after obtaining the User’s prior consent, expressed at the time of registration on the website or at the time of confirmation of a transaction made on the website.
Granting consent to the processing of personal data is completely voluntary; however, failure to grant consent prevents registration on the website and making purchases via the website.
V. USER RIGHTS
The User may at any time request information from the Controller about the scope of processing of personal data.
The User may at any time request correction or rectification of their personal data.
The User may at any time withdraw their consent to the processing of personal data without giving any reason. The request may concern a specific purpose of processing (e.g., withdrawal of consent to receive commercial information) or all purposes. Withdrawal of consent for all purposes will result in deletion of the User’s account from the website along with all personal data previously processed by the Controller. Withdrawal of consent does not affect actions already taken.
The User may at any time request deletion of their data without providing a reason. Deletion does not affect actions already taken and results in deletion of the User’s account together with all stored and processed personal data.
The User may at any time object to the processing of personal data, either in full or in part (e.g., for a specific purpose). The objection does not affect actions already taken and results in deletion of the User’s account along with all processed personal data.
The User may request restriction of processing of personal data, either for a specified period or without a time limit but within a specified scope. This does not affect actions already taken.
The User may request that the Controller transfer their personal data to another entity. The User must submit a request specifying the entity (name and address) and the data to be transferred. After confirmation, the Controller will transfer the data electronically. Confirmation is required for data security purposes.
The Controller informs the User of actions taken within one month of receiving a request.
VI. PERIOD OF STORAGE OF PERSONAL DATA
Personal data are stored only as long as necessary to fulfill contractual or statutory obligations. They are deleted immediately when no longer necessary for evidentiary purposes or legal obligations.
Contract-related information is stored for evidentiary purposes for three years from the end of the year in which the business relationship ended. Data are deleted after the statutory limitation period for contractual claims expires.
The Controller may retain archival information related to transactions, as storage is connected with claims available to the User (e.g., under warranty).
If no contract has been concluded, the User’s personal data are deleted immediately after an unfinished transaction expires or upon the User’s request, withdrawal of consent, or objection to processing.
VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES
The Controller may entrust personal data processing to cooperating entities to the extent necessary to carry out transactions, such as preparing ordered goods, delivering shipments, or sending commercial information (the latter applies only to Users who consented).
Apart from the purposes indicated in this Privacy Policy, Users’ personal data will not be shared with third parties or transferred for their marketing purposes.
Users’ personal data are not transferred outside the European Union.
This Privacy Policy complies with Article 13(1) and (2) of the GDPR.
VIII. COOKIES
The website uses cookies or similar technologies (“cookies”) to collect information about User access and preferences for advertising, statistical, and customization purposes.
Cookies are pieces of information containing a unique reference code sent to the User’s device for storage and sometimes tracking. They usually do not identify the User personally.
Some cookies are session-based and expire when the browser is closed; others remain stored to recognize returning Users.
Cookies used on the website include:
Technical or functional cookies – ensure proper functioning of the website and remember User preferences; these may be placed without consent.
Analytical cookies – used to optimize website usage; consent is required.
All cookies are set by the Controller.
Cookies comply with applicable EU law.
Most browsers automatically accept cookies unless settings are changed.
Users can change cookie preferences in their browser settings.
Blocking or deleting cookies may prevent full use of the website.
Cookies are used for session management, including:
a. creating login sessions;
b. recognizing returning Users;
c. identifying registered Users;
d. collecting device data (cookies, IP address, browser information);
e. adjusting layout and content;
f. collecting statistical data to improve the website.
Terms and Conditions / Privacy Policy
The organizer of the event and the ticket seller is:
STOWARZYSZENIE SFORA
NIP: 5423507223
REGON: 00001203341
ul. Adama Mickiewicza 17/23
15-214 Białystok, Poland