Personal Data Protection Notice

Europejskie Centrum Solidarności (The European Solidarity Centre) in Gdańsk, pl. Solidarności 1, 80-863 Gdańsk, Poland, phone +48 58 772 40 00, email ecs@ecs.gda.pl, is the Personal Data Controller.

Our Data Protection Officer is Grzegorz Wąsacz / iodo@ecs.gda.pl.

The Data Controller processes Personal Data in order to perform its tasks, as outlined in our Statute available at: https://ecs.gda.pl/wp-content/uploads/2022/10/statut_ECS.pdf . The activities include a wide range of initiatives and projects aimed at performing the following tasks:

• running a permanent exhibition dedicated to Solidarity
• organising temporary exhibitions with reference to the legacy, values and message of Solidarity
• inspiring artistic and cultural creativity with reference to the message of Solidarity
• organising training for leaders of local governments and trade unions, with reference to the legacy of Solidarity
• providing education in recent history, civic attitudes and contemporary international relations
• creating and making available collections on the legacy of Solidarity and freedom movements
• in-house activity in information, publishing, film-making and multimedia
• research on recent history, freedom movements, social and economic issues, European law and international legal relations with reference to the values of Solidarity
• promoting the cultural heritage of Gdańsk and Poland in the international domain
• organising and co-organising artistic and cultural events.

In performing the said tasks, the Data Controller may process Personal Data based on the following legal grounds:

• GDPR Article 6.1(a) for the purpose of performing a task to which the natural person has consented,
• GDPR Article 6.1(b) for the purpose of performing a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
• GDPR Article 6.1(c) in connection with generally applicable laws in order to comply with the legal obligations to which the Data Controller is subject,
• GDPR Article 6.1(f) for the purpose of the legitimate interests pursued by the Data Controller, including direct marketing of our own products and/or services.

Recipients of your Personal Data may include natural persons, legal entities, public authorities that are not engaged in a specific legal proceeding under European Union or Member State law, as well as institutions and/or other entities to whom Personal Data may be disclosed. Examples of such recipients include: entities with whom the Data Controller has concluded data processing agreements, law firms, statutory auditors, entities providing correspondence delivery services, and service providers, particularly in the area of ICT.

The Personal Data will be stored for a period necessary to achieve the purposes specified above, in particular:

• from the point when consent is given for Personal Data processing until it is withdrawn,
• from the point when steps are taken at the request of the data subject prior to entering into a contract, or from the time the contract is entered into until its term ends and/or until limitation periods for legal claims expire / until court and/or administrative proceedings are completed,
• from the point when the Personal Data is obtained until the time specified in generally applicable laws, and/or
• from the point when the Personal Data is obtained until the completion of a task specified by the Data Controller / until the actual exercise of the rights referred to below.

To the extent specified in GDPR Articles 15–22, you have the following rights:

• the right to access your Personal Data, including the right to obtain a copy of these data,
• the right to request rectification (correction) of your Personal Data,
• the right to request erasure of your Personal Data (the so-called right to be forgotten),
• the right to request restriction of processing of your Personal Data,
• the right to data portability,
• the right to object to data processing.

Requests for the exercise of these rights may be submitted in any form (in writing, whenever possible): in person at the Data Controller’s registered office / by post to the Data Controller’s registered address / electronically, including via email to iodo@ecs.gda.pl.

In the event of becoming aware of any unlawful processing of your Personal Data by the Controller, you have the right to lodge a complaint with the President of the Polish Office for Personal Data Protection (UODO).

If the processing of your Personal Data is based on consent (GDPR Article 6.1(a)), you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If the processing of Personal Data is based on the data subject’s consent, providing Personal Data is voluntary. However, providing Personal Data is mandatory when processing is required by law or by a contract between the parties.

The Data Controller obtains data in two ways:

• directly from the data subject,
• from sources other than the data subject.

When obtaining Personal Data from sources other than the data subject, the Data Controller may obtain them, for example, from websites, publicly accessible registers maintained by administrative bodies (such as CEIDG, KRS), business cards, press sources and/or other entities that share Personal Data.

If Personal Data are obtained from sources other than data subjects, the data processed by the Data Controller may include: first and last name, residential and/or business address, email address, phone number, image, and other data that are publicly available or obtained from the sources listed above.

During processing, Personal Data may be transferred to third countries.

The Personal Data obtained by the Data Controller will not be the basis for any automated decision-making, nor will they be subject to profiling.