This Policy is aimed at informing users of the Sphere.it website (the Website) (the Users) about purposes of and legal bases for processing personal data on the Website, the manner of using the data and about related rights available to the Users. A personal data controller (the Controller) protects the Users’ privacy and ensures security of data provided by the Users. The Controller complies with personal data processing rules and applies technical and organisational measures which guarantee that the data are secure and processed as prescribed by law. The Users’ personal data are always processed in conformity with applicable laws, including in particular pursuant to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR). The personal data might be processed in the Users’ cookies, in line with rules laid down in the Cookies Policy.
Who is the Controller?
The Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627. Contact address: [email protected]. Data subjects can contact the Controller also otherwise as preferred, including verbally and in writing.
Purposes of, and legal bases for, processing of personal data
⎯ Evaluation and selection of a speaker or a speaker’s presentation, promotion of a speaker, attainment of the Controller’s advertising goals related with presentations:
Personal data are processed on the basis of consent of a data subject (Art. 6.1.a of the GDPR). A data subject provides their personal data in a contact form (Become a Speaker or Propose a Topic form). A data subject is not obliged to provide their personal data; however, if personal data are not provided, it shall be impossible to evaluate and select a speaker or a presentation, as the case may be, and to promote a speaker and attain the Controller’s advertising goals related to presentations. The User may withdraw their consent at any time – without affecting the lawfulness of processing prior to the withdrawal;
⎯ Newsletter distribution:
Personal data are processed on the basis of consent of a data subject (Art. 6.1.a of the GDPR), and in the case of direct marketing – also to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller sends out a newsletter to the Users who have provided their e-mail address for this purpose. Personal data are provided on a voluntary basis. The User may withdraw their consent at any time – without affecting the lawfulness of processing prior to the withdrawal. In case of sending the Controller’s commercial information, a legal basis for processing, including profiling, involves the Controller’s legitimate interest. The Controller’s legitimate interest consists in carrying out direct marketing activities;
⎯ Enabling to participate in Sphere.it events online, conclusion and performance of an agreement governing participation in Sphere.it events online, conclusion and performance of a sponsorship agreement, conclusion and performance of an agreement with a speaker:
Personal data are processed in order to take up activities, at the User’s request, prior to the conclusion of an agreement (e.g. to submit an offer) and to perform an agreement (Art. 6.1.b of the GDPR). Providing personal data is necessary for an agreement to be concluded; if they are not provided, it shall be impossible to conclude an agreement, and in particular to participate in events online, access an online video library and attain goals of a sponsorship agreement and an agreement with a speaker;
⎯ E-mail correspondence:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). Personal data are provided on a voluntary basis, but the provision thereof is necessary to receive a reply from the Controller. In such a case, personal data are processed due to the Controller’s legitimate interests. The Controller’s legitimate interests consist in communicating with an individual who requests of the Controller to provide an answer;
⎯ Contact with a speaker proposed by another User:
Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller’s legitimate interest consists in communicating with an individual whose data have been provided by another User. In such a case, the Controller processes a speaker’s personal data provided by another User: name, surname and e-mail address or name and surname only. A source of a speaker’s personal data is information provided by the User in a contact form (Nominate a Speaker form). With a speaker’s consent, personal data may be used to evaluate and select a speaker’s presentation, to promote a speaker and to attain the Controller’s advertising goals related to presentations;
⎯ Direct marketing of own services, pursuit of and protection against legal claims, fraud prevention, statistics and analytics, ensuring ICT environment security, and application of internal control systems: Personal data are processed to pursue the Controller’s legitimate interests (Art. 6.1.f of the GDPR). The Controller’s legitimate interest consists in a possibility to undertake the aforementioned activities;
⎯ Financial settlements:
Personal data are processed in order to comply with the Controller’s legal obligations resulting in particular from accounting policies and tax related regulations (Art. 6.1.c of the GDPR). The provision of personal data is a statutory requirement.
Recipients of personal data:
The Controller may have personal data sub-processed in terms of registration and handling of Sphere.it events online by third-party platforms’ operators: Airmeet, Zoom and Hopin. Personal data may be processed also by the Controller’s other service providers rendering, among others, financial settlements, legal, advisory, consulting, archiving and IT services. The Users’ data will not be shared with any third parties, unless this proves necessary and the User consents thereto or a data disclosure obligation results from mandatory rules of law, a final and non-appealable court judgment or a final decision of a relevant body. On the Website, there can be references to other webpages. The Controller shall not be liable for the processing of personal data connected with the use of these webpages by the User. Having moved to the other webpages, the User should first consult their privacy policies and personal data protection procedures. The Controller shall not transfer personal data to any third parties outside the EEA or to any international organisations, apart from Airmeet (India), Zoom (the US) and Hopin (the US), in the case of which personal data will be transferred only if the entities comply with GDPR requirements.
What does profiling involve and are any data on the Website subject to profiling?
Profiling consists in any form of automated processing of personal data evaluating the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning a data subject’s work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects the data subject. Data on the Website may be profiled exclusively with regard to a newsletter, which includes direct marketing. If, following the Website’s development, personal data were to be profiled, the Controller will inform the Users thereof, and profiling will be carried out in accordance with relevant regulations. In case of profiling, the Controller shall implement appropriate measures safeguarding rights, freedoms and legitimate interests of the Users, including ensuring an option of a human intervention at the Controller’s side and a possibility to express a personal position and challenge a decision.
How can personal data be changed?
The User has the right of access to content of their personal data and the right of rectification and erasure of the personal data, the right to restrict processing of the data and the right to data portability. Further, the User has the right to object to processing of their personal data, including in particular to profiling. To this end, the User can contact the Controller at the e-mail address: [email protected]. The User can contact the Controller also otherwise as preferred, including verbally and in writing.
How does the Controller protect personal data?
The Controller protects the Users’ data against unauthorised access, disclosure, change or destruction. In particular, the Controller makes use of data encryption, physical security measures and verification in IT
systems. Further, the Controller uses anti-virus software and firewalls. The Users’ data may be accessed exclusively by authorised individuals bound by confidentiality and subcontractors that have entered into personal data sub-processing agreements with the Controller.
How long will personal data be processed?
The Users’ data shall be processed for as long as the Users use the Website. In case of processing personal data:
⎯ in connection with the evaluation and selection of a speaker or a speaker’s presentation, the promotion of a speaker or the attainment of the Controller’s advertising goals – the Users’ data shall be processed until consent is withdrawn;
⎯ in connection with newsletter distribution – the Users’ data shall be processed until consent is withdrawn or an objection is effectively raised;
⎯ prior to the conclusion of an agreement or in connection with the performance thereof, personal data shall be processed for the duration of an agreement performance term, and if an agreement has not been concluded – until either party resigns from concluding an agreement, regardless of a reason; in connection with e-mail correspondence – personal data shall be processed for a period necessary to provide the User with an answer or until the User raises an effective objection; for the purposes of contact with a speaker proposed by another User – personal data shall be processed until a speaker effectively objects to further contact, in any case not longer than for two years;
in case of financial settlements – personal data shall be processed for a period of five years from the end of a calendar year when a transaction has been conducted. Personal data may also be processed upon the lapse of the indicated periods, until any potential legal claims are time-barred or for as long as is possible or required in compliance with applicable laws. In particular, if a processing period based on a given legal basis has expired, this shall not mean that personal data may not be processed based on another legal basis. Upon the lapse of a processing period, in the absence of any bases for processing, personal data shall be permanently deleted or anonymised.
Other data processing related rights of the Users
The Users have the right to file a complaint with the President of the Personal Data Protection Office if they consider that their personal data are processed in breach of mandatory rules of law.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.
This Policy is aimed at informing users of the Sphere.it website (the Website) (the Users) about purposes of storing and gaining access to cookies in the Users’ terminal equipment and about options to set terms of storing or gaining access to the cookies through browser settings or service configuration. The Website’s controller (the Controller) might store the cookies in the Users’ terminal equipment and have access thereto.
What are cookies?
Cookies are information saved in text files sent by the Website to the User’s browser and resent by the User’s browser when the User re-visits the Website. The cookies are stored in the User’s terminal equipment (computer, laptop, smartphone). They are used to maintain the User’s session and to save other data so that the User does not need to enter the same information whenever they use the Website. Among other things, the cookies remember a website name, data of the User’s browser, unique settings and a period for which the data will be stored. Data saved in the cookies are not matched with individual Users of the Website.
What kind of cookies are used by the Website?
Session cookies – files stored in a browser’s memory until it is closed, required for the Website’s functionalities to operate correctly.
Permanent cookies – files stored in a browser’s memory for a specific period. Among other things, they guarantee the proper navigation and layout of the Website. A period for which these files are stored depends on a choice which the User can make in their browser settings. This type of the cookies allows for information to be passed to the Website whenever the Website is visited by the User.
Google Analytics cookies – files stored in a browser’s memory for the purposes of website traffic statistics and analytics. The analytics service is provided by Google Inc., USA. Information obtained with the use of this tool is not shared with any entities other than Google, and serves only to report the User’s interactions on the Website.
Advertising cookies – files stored in a browser’s memory in order to match advertising content with the User’s behaviour on the Website. An advertising service is provided by Facebook Inc. as part of Facebook Pixel. Any information obtained in this manner might be shared with advertisers and partners that cooperate with the Controller.
Who is the Controller of the Website?
The Website’s Controller is Virtus Lab Sp. z o.o. with registered office in Rzeszów (35-211), Poland, ul. Zofii Nałkowskiej 23, National Court Register entry No. KRS 0000349785, Tax Id. No. (NIP) 5170312965, Industry Id. No. (REGON) 180526627. Contact address: [email protected].
The User’s browser might by default allow for storing of the cookies. At any time, the User can set terms of storing and accessing data saved in the cookies, through browser settings. The cookies can be blocked; an option of storing the cookies can be restricted (e.g. by informing the User about installation of the cookies on a case-by-case basis) or access to the cookies can be limited; however, any blocking or restricting of the cookies may affect the Website’s quality or even prevent the proper display of the Website on the User’s terminal equipment. Detailed information on the options and manner of handling the cookies is available in browser settings. More information on cookies management is available in a given browser’s functionalities.
This Policy and any amendments hereto shall apply as of the moment when they are published on the Website.