- why we are able to process your information
- what purpose we are processing it for
- whether you have to provide it to us
- how long we store it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country
- whether we do automated decision-making or profiling and
- what rights do you have
Our activities related to storing and processing of all data aim to guarantee you a sense of complete security and lawful processing at a level appropriate to the data protection law applicable in Poland, including Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - called GDPR.
Personal Data Controller
The entity deciding on the purposes and methods of using your personal data (meaning their controller according to GDPR) is ChallengeRocket Sp. z o.o. with its registered office in Rzeszow (Poland), entered in the Register of Entrepreneurs of the National Court Register under number 0000638669.
You can contact us in many ways, by:
- phone +48 790 226 753
- e-mail email@example.com
- mail: Rynek 60/U6 st., 50-116 Wroclaw
- contact form
More details here.
Due to the possibility of publishing on the Platform events and registration of participation, the Controller of your personal data may also be the organizer of the event in which you participate.
We are not responsible for compliance with the rules of protection of personal data by the organizers with GDPR regulations. In any case, before registering for the event, we recommend you to read the information provided by the organizer.
We conscientiously approach the protection of data concerning you and constantly develop our systems and security processes. The security measures we use include:
- limited physical access to our buildings and user access to our systems - only for those who are entitled
- control mechanisms such as firewall, user verification, strong data encryption and separation of roles, systems and data
- proactive monitoring
We also use the highest standards in the industry to support the maintenance of a solid information security management system.
What data do we process?
Most of the personal data processed by us is passed directly to us due to one of the following reasons:
- you use the services we provide
- we service as the processor of the who is the controller of your data and these data have been made available to us in the scope binding us with the client
- we obtained it directly from you or from a third party authorized to provide us with your information
- you have filed a complaint or inquiry
- you have asked us for information
- you took part in the event organized by us
- you represent your organization
We only require the information, necessary for the proper functioning of certain parts of our services. Failure to provide the required data will block the performance of certain fields, requiring the data concerned. Remember that your password and e-mail address will never be displayed publicly!
The basis for the processing
In any case, when we process your personal data, we must have so-called "Legal basis". The legal bases result directly from the law (GDPR), below are those on which we most often rely:
- Consent: You have indicated to us that you agree to the processing of your data for a specific purpose
- Legitimate interests: only if processing is necessary for us to conduct our business and it does not interfere with the right to respect your privacy
- Performance of the contract: we must process your personal data in order to be able to provide you with one of our services
- Legal claims: when data processing is necessary to establish, enforce or defend our legal claims
- Legal obligation: when we are obliged under law to process your personal data.
How we use your personal data?
There are many ways and possibilities to use personal data regarding you, depending on how you interact with us. For example, if you do not provide us with your contact details, we will not be able to create an account for you on the Platform or provide other services.
We may also want to tell you about our (or our partners) job offers, ideas, products and services that we think may interest you. If we have your consent or it is in our legitimate interest, we can do it via mail, email, text message or other electronic means of communication. We will not send you marketing messages if you do not want to, but if you purchase a service from us, we can send you messages related to the service.
Evaluation of your preferences and interests
Our Platform aims to match events and messages to your interests and preferences (profiling) as best as possible. In order to provide you with the most transparent information below, we describe what profiling is about.
Recommended events or jobs may be presented to you on the Platform after logging in, as well as in the form of notifications in the web browser and sent to the email address provided by you.
For this purpose, we process personal data provided by you, about your activity on the Platform, recorded and stored via cookies, in particular information about sent applications on events, achieved results and pageviews that have not been completed by sending a registration.
We can use the above data to create your professional profile that suits your skills, interests and preferences. Then, based on the profile created in this way, we can choose and present to you the best matching events or jobs for you.
After weighing our interest and your interests, rights and freedoms, we believe that event marketing combined with profiling will not interfere excessively with your privacy or will not be too burdensome for you.
We respect your will and facilitate the realization of Your rights. For this purpose, we provide the opportunity to easily withdraw consent or object to processing.
Who might we share your personal information with?
In addition to us, access to your data may have a number of entities. They may be service providers with whom we cooperate, and who help us in delivering services that you expect from us or support us in our business. These entities process personal data on our behalf and must meet high security standards. We only share information that allows them to provide us services or facilitate their provision to you.
In some circumstances, we may also be legally obliged to disclose information about you - for example, by court order, law or public authority decision. In any case, we make sure that we have a legal basis to share information about you and document our decisions.
International transfers of personal data
For the purposes of the processing purposes described in this policy, we may transfer your personal information to our suppliers, partners or service providers located outside the European Economic Area (EEA). In any case, if your data can be transfer outside the EEA, we will inform you about it.
At the same time taking care of the security of your data we strictly follow the rules of their transfer resulting directly from the GDPR and provide data only where the degree of security is guaranteed in accordance with the decisions of the European Commission (eg. to the USA only to entities located on the so-called Privacy Shield list).
How long we keep your personal data?
Is there an obligation to provide personal data?
As a rule, providing your personal data is completely voluntary, however, it may be necessary for the implementation of specific services or your requests, eg. creating an account on the Platform, execution of your processing rights, participation in the event etc. Providing data may also be necessary due to the applicable law.
In accordance with the provisions of the law on the protection of personal data - GDPR, you have specific rights depending on the basis for processing your data.
Right to access personal data
You have the right to know if and how we use or store your personal data - the so-called right to access personal data. By using this right, you can also ask us for a copy of your data.
Right to correct personal data
You may question the accuracy of the data we process and ask us to correct it. This is the so-called "right to correct personal data". If your data is incomplete, you can also ask us to complete it, eg. by adding new information.
Right to erasure
You can ask us to delete your data and in some circumstances we must do so. This entitlement is also known as so-called "The right to erasure". This right is not absolute and applies, among others in the following circumstances when:
- we do not require your data anymore
- you initially agreed to the processing, but now you have withdrawn it
- you opposed the use of your data
- We processed your data unlawfully
We may deny you the right to "erasure" in the following circumstances:
- when we are legally obliged to store your data
- data storage is necessary to establish, enforce or defend legal claims
Right to restrict use of your data
You have the authority to limit the way we use your data, especially if you are concerned about the accuracy of the data or how it is used. If necessary, you can also submit a request to delete certain information about you. This right is closely related to your rights to question the accuracy of your data and the ability to object to their use.
The right to export the data
You have a right to gain the access to your personal data in a version which can be open on the computer, e.g. csv file. You can also ask the company for sending your personal data to the other economic subject. We can do this only if, as it was said in GDPR, it will be technically possible. It concerns only the information given for us on your own and the export goes in electronic format.
The right to withdraw the consent
If the processing of personal data is based on the sign consent, you can withdraw the permission at any moment. However, it doesn’t involve the data processed earlier.
The right to make a complaint to supervisory authority
The processing of personal data in our company covers the highest standards of security. If you have some questions or doubts, please contact with us and we answer. If you still be unpleased by the given answer or the execution of your privileges, you can make a complaint to supervisory authority (in Poland President of the Personal Data Protection Office) about the way how we process your personal data.
The execution of your rights
You can ask for the execution of your privileges in a written or oral form. If your request will be in oral for, we advise you to send us also a written form or e-mail message to provide us with the correspondence trace. The correspondence gives us a clear evidence of your action and helps with answering according to your expectations as soon as possible.
The execution of your rights is free of charges and we answer no longer that a month after the request. In case of possible delays, you will be informed immediately.
Our website may use the cookies files, which are the IT data, especially text files, which are stored on the Data Terminal Equipment (DTE). In general, cookie files contain the www address of the page from which they came from, the time of storing in DTE and the unique number.
The subjects, who can insert information in the form of cookies files in the device which you use to browse the website and who can get the access to them is ChallengeRocket and our partners who for instance provide analytical services, advertisers or applications providers.
The cookies files are used to:
- service provision;
- make browsing the websites in an easy way;
- identify the end device, on which the files were already downloaded, in case of reconnecting with the website;
- create the statistics, which help in understanding how the users browse the website or what can make the structure and content of the website better;
- adjust the content of website to the specific preferences and optimize browsing the web pages, all adjusted to the individual needs of users;
- exchange information with our business partners in order to broker in supplying their services while using the website.
The types of cookies files
We can use the following types of the cookie files on our website:
- “sessional”- they are stored on the DTE till the user leaves the page or closes the browser;
- “permanent”- they are stored on users DTE for the time which is determined in their parameters or to the deleting them by the user;
- “performance testing”- they record the information how the web pages are used;
- “functional”- they make possible to remember settings chosen by the user and the personalization of the interface;
- “internal”- provided by the website;
- “external”- sourced on the other site than our website.
The website settings management
The software to browse the website, i.e. web browser, usually by default allows storing the cookies files on DTE. You can change those settings.
The web browser allows delaying the cookies files. You can also automatically block the cookies. More detailed information about the case might be found in “help” option or in the records of your browser.
Using the Platform by children (<13 years)
ChallengeRocket does not collect personal information from children under the age of 13. If you're under 13, you must ask your parents or legal guardians for permission to use the service before sending any information about yourself.
We pas great attention to the security of your personal information. We also encourage you to protect your data from unauthorized access to your account. Please remember to log out of the service every time after using a shared computer.
Information that ChallengeRocket processes on your behalf
If you are the organizer of the event whose registration and course you conduct using the Platform in accordance with the GDPR, you are the controller of the participants' data. We hold the data of your participants in your account as long as you choose to use Platform. After you terminate your account, your data will be deleted.
The data processing of participants in your event takes place on your behalf in accordance with the Terms and art 28 of GDPR.
According to article 28 of GDPR we:
- ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- take all measures required pursuant to article 32 of GDPR;
- taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of GDPR;
- assist you in ensuring compliance with the obligations pursuant to articles 32 to 36 of GDPR taking into account the nature of processing and the information available to us;
- make available to you all information necessary to demonstrate compliance with the obligations laid down in article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.