As part of fulfilling the obligations of a controller of personal data laid down in Art. 13 and 14 of the Regulation of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation”), we inform you that Bunkier Sztuki Gallery of Contemporary Art in Kraków prepared the following information for the persons whose data it processes. The purpose of communicating the information by the Gallery is to enable you to use the rights specified in General Data Protection Regulation, in particular the right of access to personal data, the right to rectification of data, to erasure of data, and other rights specified in the General Data Protection Regulation.
Information on processing personal data by Bunkier Sztuki Gallery of Contemporary Art in Kraków
Pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation”), Bunkier Sztuki Gallery of Contemporary Art in Kraków informs you as the Controller of personal data:
- Controller of personal data details are:
Bunkier Sztuki Gallery of Contemporary Art in Kraków, pl. Szczepański 3a, 31-011 Kraków, entered in the register of cultural institutions maintained by the Kraków Municipality under the number IV/94 on 01.01.1994, NIP: 6750004494, REGON: 000278008, represented by Dr Maria Anna Potocka – Director.
- The Data Controller can be contacted in the following ways:
- • by mail: Rynek Główny 20, 31-008 Kraków
- • by phone: +48 12 4231243
- • by e-mail at: email@example.com
The Controller appointed a data protection officer, who can be contacted in matters concerning the processing of personal data by Bunkier Sztuki Gallery of Contemporary Art in Kraków. Contact via e-mail at: firstname.lastname@example.org.
- Your personal data, including first name, last name, e-mail address, telephone number, will be processed for the purposes of:
- • newsletter subscription,
- • establishing cooperation and the proper course of our cultural, educational and service offer, should they be necessary, including contact by electronic means and the fulfilment of orders and bookings placed,
- • performing the contracts concluded, pursuant to Art. 6(1)(b) of the General Data Protection Regulation,
- • compliance with legal obligations to which the Controller is subject, pursuant to Art. 6(1)(c) of the General Data Protection Regulation – for tax and accounting purposes, for the fulfilment of the obligation to document the Gallery’s work,
- • legitimate interests pursued by the Controller and ensuing therefrom, pursuant to Art. 6(1)(f) of the General Data Protection Regulation, namely:
- · for the Controller services-related marketing purposes,
- · for determining, defending and asserting claims,
- · for preparing syntheses, analyses and statistics for the Controller’s internal needs, which encompasses reports, marketing research, analysis of services offered and their progress,
- · for administrative purposes and for ensuring network and information security.
- The recipients of your personal data are:
- • Gallery staff who are tied up with the performance of a given task/service for which the Gallery has been given access to the personal data, entities with a supporting role in operationally performing the said task/service,
- • the entities that service the Gallery’s devices by means of which the personal data can be processed; entities that provide and maintain the software used to process the personal data whose Controller is the Gallery;
- • the entities that handle destroying the documentation given after storage period is over,
- • the entities which provide advisory, consultation, auditing services and/or legal, tax, accounting aid to the Controller, control bodies.
- Personal data shall be stored until the moment of fulfilling the task/service, full performance of the contract, and the end of the limitation period for potential claims ensuing from performing a task/service of contract; for contracts – no less than the period of keeping the contract and the contract-related documentation archived, as stipulated by the Act of 14 July 1983 on national archival resources and archives (Journal of Laws 2002 item 164) and the regulation of 20 October 2015 by the Minister of Culture and National Heritage on classification and qualification of documentation, sending archive material to state archives and discarding non-archived documentation (Journal of Laws 2015, item 1743).
- With regard to your personal data, you have the right, to the extent delineated in and subject to restrictions ensuing from the General Data Protection Regulation or other legal provisions, to:
- • request access to the personal data from the Controller,
- • request rectification of the personal data from the Controller,
- • request data erasure,
- • request restriction of processing,
- • object to processing of personal data,
- • request data portability as specified by Art. 20 of the General Data Protection Regulation,
- • lodge a complaint to the President of the Personal Data Protection Office, should you deem our processing of your personal data to breach the data protection provisions.
- Data submission is voluntary but necessary to pursue the aims – the above-mentioned tasks/services and contracts.
- Transfer and sharing of the personal data
Bunkier Sztuki Gallery of Contemporary Art in Kraków as the data Controller reserves the right to transfer or share the Users’ personal data whose data it manages to third parties in the event when:
- • the User consents to it or it is warranted by legal provisions or necessary to be able to provide a service,
- • it is related to asserting claims and explaining the circumstances surrounding Users’ unauthorised use of electronic services.
Your personal data shall be subject to neither automated decision-making nor profiling.
Your personal data shall not be transferred to third countries.
- Data security
Data Controller ensures personal data security through appropriate technical and organisational means that aim to prevent illegal data processing.
In addition, the Controller spares no effort to make the personal data:
- • correct and lawfully processed,
- • accurate and up-to-date,
- • not stored longer than is necessary,
- • stored and processed securely.