You are currently entitled to receive this information, processing of your personal data that is being carried out, the retention periods which apply to your personal data, and any rights to rectification, erasure, or restriction of processing that may exist under the EU General Data Protection Regulation (GDPR).
We will endeavour to respond promptly and in any event within one month of the latest of the following:
– Our receipt of your written request; or
– Our receipt of any further information we may ask you to provide to enable us to comply with your request.
The objective of this Policy is to inform users of the sphere.it website (the Website) (the Users) which personal data might be processed on the Website; further, it informs the Users about processing purposes and the manner of using the data, and about associated rights available to the Users. The personal data controller (the Controller) does not process any personal data in an automated manner. The Controller protects the Users’ privacy and ensures security of the data provided by the Users. The Controller complies with personal data processing rules and ensures technical and organisational measures which guarantee that the data are secure and processed as prescribed by law. The Users’ personal data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR).
The Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP): 5170312965, Industry Id. No. (REGON) 180526627. Contact address: [email protected]. Data subjects can contact the Controller also in another preferred manner, including verbally and in writing.
Purposes of, and a legal basis for, the processing:
- to enable the purchase of tickets and the conclusion of a sponsorship agreement:
The personal data are processed in order to take up activities, at the User’s request, prior to the conclusion of an agreement (e.g. to submit an offering) and to exercise an agreement (Art. 6.1.b of the GDPR). The personal data have to be provided for an agreement to be concluded; failure to provide them results in impossibility to conclude the agreement;
- in order to exchange e-mail correspondence:
The personal data are processed in order to exchange information with the User (Art. 6.1.f of the GDPR). The provision of the personal data is voluntary but necessary to receive a reply from the Controller. In such a case, the personal data are processed due to legitimate interests of the Controller. The legitimate interest of the Controller consists in communication with an individual who requests of the Controller to provide an answer. As its legitimate interests, pursuant to Art. 6.1.f of the GDPR, the Controller also considers: direct marketing of its own services, pursuit of and protection against claims, fraud prevention, statistics and analytics, ensuring ICT environment security and application of internal control systems;
- financial settlements:
the personal data are processed in order to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). The provision of personal data is a statutory requirement.
Personal data recipients:
With regard to financial notifications and settlements, the Controller has engaged Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, Reg. No. 4742147 to further process the personal data. Eventbrite is a party to the EU-U.S. Privacy Shield Framework. The personal data may be processed also by the Controller’s other service providers rendering, among others, financial settlements, legal, advisory, consulting, archiving and IT services. The Users’ data will not be shared with any third parties, unless this proves necessary and the User consents thereto or a data disclosure obligation results from mandatory laws, a final and non-appealable court judgment or a final decision of a relevant body. The Website might also contain references to other webpages. The Controller shall not be liable for personal data processing in connection with the use of these webpages by the User. Having moved to the other webpages, the User should first consult their privacy policies and personal data protection procedures. The Controller does not transfer personal data to any third countries other than the USA.
What does profiling involve and are any data on the Website subject to profiling?
Profiling consists in any automated personal data processing allowing for the assessment of individual factors of a natural person, and in particular for analysing and forecasting aspects pertaining to work results, economic standing, health, personal preferences or interests, reliability or behaviour, location or moves of a data subject – insofar as this produces legal effects in reference to the person or materially affects the person in a similar manner. The data on the Website are not subject to profiling. If, following the Website’s development, the personal data were to be profiled, the Controller will inform the Users thereof, and profiling will be carried out in accordance with relevant regulations. In case of profiling, the Controller will implement appropriate measures safeguarding rights, freedoms and legitimate interests of the Users, including ensuring human intervention at the Controller’s side and a possibility to express a personal position and challenge a decision.
How can personal data be changed?
The User has the right of access to content of their personal data and the right of rectification and erasure of the personal data, the right to restrict processing of the data and the right to data portability. The User has the right to object to processing of the personal data. To this end, the User can contact the Controller at the e-mail address: [email protected]. The Users can contact the Controller also in another preferred manner, including verbally and in writing.
How does the Controller protect the personal data?
The Controller protects the Users’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT systems. Further, the Controller uses anti-virus software and firewalls. The Users’ data can be accessed exclusively by authorised individuals bound by confidentiality and subcontractors that have entered into personal data sub-processing agreements with the Controller.
How long will the personal data be processed?
The Users’ data are processed for a period of using the Website. In case of purchasing tickets and sponsorship agreements, the personal data are processed for such agreements’ term. In case of e-mail correspondence, the personal data are processed for a period necessary to provide the User with an answer. In case of financial settlements, the personal data are processed for a period of five years from the end of a calendar year when a transaction was conducted. The personal data may also be processed upon the lapse of the indicated periods, until any potential claims are time-barred or for as long as it is possible or required in compliance with applicable laws. Upon the lapse of the processing period, the personal data are permanently deleted or anonymised.
Other data processing related rights of the Users
The User has the right to file a complaint with the President of the Personal Data Protection Office if they consider that the personal data referring to them are processed in breach of applicable laws.
This Policy and any amendments hereto shall apply as of the moment of their posting on the Website.
The purpose of this Policy is to inform users of the sphere.it website (the Website) (the Users) about purposes of storing of, and access to, cookies in the Users’ terminal equipment and about options of setting terms of storing of, and access to, the cookies through browser settings or service configuration. The Website controller (the Controller) can store cookies in the Users’ terminal equipment and have access thereto. Except for information included in the cookies, the Controller does not automatically collect any information.
What are cookies?
Cookies are information saved in text files sent by the Website to the User’s browser and resent by the User’s browser when the User revisits the Website. The cookies are stored in the User’s terminal equipment (computer, laptop, smartphone). The cookies are used to maintain the User’s session and to save other data so that the User does not need to enter the same information each time they use the Website. Among other things, the cookies remember a website name, data of the User’s browser, unique settings and a period for which the data will be stored. Data saved in the cookies are not matched with individual Users of the Website.
Which kind of cookies are used by the Website?
Session cookies – files stored in a browser’s memory until it is closed; required for the Website’s functionalities to operate correctly.
Permanent cookies – files stored in a browser’s memory for a specific period. Among other things, they guarantee the proper navigation and layout of the Website. A period for which these files are stored depends on a choice which the User can make in their browser settings. This type of the cookies allows for information to be passed to the Website whenever the Website is visited by the User.
Google Analytics cookies – files stored in a browser’s memory for the purposes of the Website traffic statistics and analytics. The analysis service is provided by Google Inc. of USA. Information obtained with the use of this tool is not shared with any entities other than Google, and serves only to report the User’s interactions on the Website.
Advertising cookies – files stored in a browser’s memory in order to match advertisement content with the User’s behaviour on the Website. Any information obtained in this manner may be shared with advertisers and partners that cooperate with the Controller.
The Website’s Controller
The Website’s Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP): 5170312965, Industry Id. No. (REGON) 180526627. Contact address: [email protected]
The Users’ browser can by default allow for storing of the cookies. At any time, the User can set terms of storing of, and access to, any data saved in the cookies, with the use of browser settings. The cookies can be blocked; a possibility of storing the cookies can be restricted (e.g. by informing the User about installation of the cookies on a case-by-case basis) or access to the cookies can be limited; however, any blocking or restricting of the cookies may affect the Website’s quality or even prevent the proper display of the Website on the User’s terminal equipment. Detailed information on the options and manner of handling the cookies is available in browser settings. The cookies-related settings can be changed:
- in Google Chrome – in the Settings/Privacy tab,
- in Mozilla Firefox – in the Tools/Options/Privacy & Security tab,
- in Internet Explorer – in the Tools/Internet Options/Privacy tab,
- in Safari – in the Preferences/Security tab,
- in Opera – in the Tools/Preferences/Advanced tabs.
More information on cookies management is available in a given browser’s functionalities.
This Policy and any amendments hereto shall apply as of their posting on the Website.