Privacy Policy and Personal Data Processing

Privacy Policy and Personal Data Processing
by BRENTI MEDIA Sp. z o.o., Raciborsko 551, 32-020 Wieliczka, NIP: 6832139898

§1. Basic Definitions

1. Personal Data Controller (hereinafter referred to as the Controller) – BRENTI MEDIA Sp. z o.o., Raciborsko 551, 32-020 Wieliczka, NIP: 6832139898
2. Personal Data – means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
3. Processing of Personal Data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4. Policy – this Personal Data Processing Policy.
5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
6. Platform – the website located at akua.pl, owned and managed by the Controller. The Platform allows participation in online training organized by the Controller and serves as a medium for information exchange between the Participant and the Controller, including responding to the Participant’s inquiries, providing technical notifications, etc.
7. Participant – any person who voluntarily registers for a training organized by the Controller and participates in that training. For the purposes of this Policy, a Participant is also considered to be a person who has completed the training but has not deleted their account on the akua.pl platform.
8. Visitor – any person who visits the Platform using any web browser.

§2. Processing of Personal Data by the Controller

1. In connection with its activities, the Controller processes the personal data of Participants as specified below. These data are provided voluntarily by the Participant when registering an account on the Platform or signing up for any selected training offered on the Platform.
2. The legal basis for processing the Participant’s personal data is the Participant’s consent (given when signing up for training or registering an account on the Platform) and legal regulations – the ordinance of the Minister of National Education on continuing education in non-formal education forms regarding the personal data provided by the Participant for the issuance of completion documents.
3. The personal data voluntarily provided by the Participant and processed by the Controller include: name, surname, email address, and the address provided for sending training completion documents. To issue training completion documents, the Controller also processes the following voluntarily provided personal data: date of birth, place of birth, and PESEL number, if it is to be included at the Participant’s request in the certificate issued in accordance with the ordinance of the Minister of National Education on continuing education in non-formal education forms.
4. Personal data are collected and processed solely for the purpose of enabling the Participant to participate in the training and for issuing and delivering the training completion documents. No personal data are transferred to third parties or outside the European Economic Area. The Controller ensures that the voluntarily provided personal data of the Participant and Visitor are collected and processed only to the extent necessary to allow the Participant to participate normally in the training they registered for, and for issuing training completion documents (certificate and MEN form).
5. In connection with the processing of personal data, the Controller guarantees full transparency of personal data processing, in accordance with the applicable GDPR regulation and the Act of 10 May 2018 on the protection of personal data, as well as other applicable legal acts governing the processing of personal data.
6. During the processing of personal data, the Controller guarantees the highest possible technical and IT protection – using antivirus programs, anti-malware software, restricting access to devices where personal data are processed to authorized persons only, and minimizing the number of such persons. The Controller immediately and irreversibly deletes from all media the personal data for which the processing basis has ceased or processing has become unnecessary. The Controller also ensures the highest possible physical protection of data carriers and the premises where devices used for personal data processing are located.
7. Considering that the only means by which the Participant provides personal data is electronic (registration on the Platform, email), the Controller guarantees all possible technical protection of these data, providing the Participant with full and unrestricted access to the personal data provided to the Controller and other rights that the Participant has in connection with the processing of their personal data by the Controller.
8. The processing of Participants’ personal data referred to in §2 section 2 is time-limited – the name, surname, and email address used for account registration on the Platform (Participant’s account) are stored for up to 2 years from the last login of the Participant, and after this period of inactivity, these data are irreversibly deleted from the Platform. The retention of the account for 2 years is intended to allow the Participant to participate in further training without the need to re-register an account.
9. At the Participant’s request, the Controller sets the visibility of the Participant’s profile, as mentioned in §2 point 7 of the Policy.
10. The personal data of Participants are not profiled, nor are they processed in any fully automated way. All operations on the data are performed manually by the Participant or the Controller.

§3. Security of Personal Data

1. To ensure the security of personal data, the Controller limits the number of persons authorized to access and process such data only to those whose duty it is to ensure the Participant’s efficient participation in the training and to issue the documents of completion of the given training. The Controller uses technical solutions to ensure that all operations on personal data are carried out only by authorized persons.
2. Under no circumstances does the Controller grant access to processed personal data to third parties.
3. Entities cooperating with the Controller – accounting offices, IT companies, etc., do not have access to Participants’ personal data and do not participate in their processing.
4. The Controller conducts continuous risk analysis and monitors the adequacy of personal data security systems. If necessary, the Controller implements additional measures and solutions to enhance the security of personal data.

§4. Participants’ Accounts on the Platform

1. The Participant’s account, after registration on the Platform, includes the following personal data: name, surname, login, email address, name, phone. The Participant’s account is necessary to participate in the training.
2. The Participant can modify the data they provided when registering the account. The Participant has the right to delete their registered account on the Platform at any time. At the Participant’s request, the deletion or modification of the account is carried out by the Controller.
3. The Participant’s email addresses are not publicly visible even if the Participant sets the visibility of their profile to public in their account settings.
4. Participants’ accounts on the Platform remain registered for two years from the last login or until they are deleted from the Platform.

§5. Personal Data Provided During Training Registration and Issuance of Training Completion Documents

1. When registering for training, the Participant provides their name, surname, mailing address, phone number for ongoing contacts with the Controller, and email address. Additionally, the Participant may specify data for invoice issuance if they differ from the Participant’s data (e.g., if the invoice is to be issued to the employer).
2. The personal data provided during training registration are visible only to the data controller and the Participant. No third party has access to these data, nor are they shared with third parties.
3. The personal data provided by the Participant during training registration are anonymized after a period of 2 years from the date of training registration, and after a period of 3 years from the date of training registration, they are irreversibly deleted from the system.
4. The Participant has full access to the data they provided when registering for the training and can change, delete, or request the Controller to change or delete this data at any time. This data is automatically deleted along with the deletion of the Participant’s account.
5. The personal data that the Participant provides after completing the training, used for the issuance of training completion documents, are processed solely for the purpose of issuing and sending the training completion documents, and after issuance and sending, they are irreversibly deleted. They are not shared with third parties, nor are they processed for any purpose other than issuing and sending training completion documents.

§6. Cookies

1. The Platform uses cookies.
2. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored in the terminal device of the Service User and are intended for using the Service’s websites. Cookies usually contain the name of the website they come from, the time they are stored on the terminal device, and a unique number.
3. Cookies are used for the following purposes:
   • Creating statistics that help to understand how the Service Users use the websites, which allows improving their structure and content;
   • Maintaining the Service User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Service;
   • Remembering the composition of the user’s cart in the online store;
   • Participating in training, remembering progress in learning after the Participant marks a given lesson as completed.
4. The Platform uses two basic types of cookies: “session”