Privacy Policy

PRIVACY AND COOKIES POLICY

  1. General information
  1. This privacy policy of website https://lafinstitute.org (hereinafter “the Website”) is addressed to users of the Website (hereinafter “the Users” or “Users”) and defines type, scope and ways of using cookies, as well as the rights and obligations of the User.
  2. The administrator of your personal data is: Tomasz Świerszcz conducting business activity under the name of Cricket Software Tomasz Świerszcz with its headquarters at Warszawska 32c/12, 05-500 Piaseczno, registered in the Central Register and Information on Business Activity, with Tax Identification Number: 5381693757 and statistical number (REGON): 141256977 (hereinafter “the Administrator”).
  3. Provision of data by the User is voluntary but in contractual relations is a requirement for the conclusion and performance of the contract.
  4. The scope of data processed by Administrator is: first name, last name, email address.
  5. If personal data are processed by Administrator on the basis of consent, such consent of the User may be withdrawn by the User at any time. Withdrawal of consent may entail loss of access to the service performed on the basis of previously granted consent. Withdrawal of consent does not affect the lawfulness of personal data processing performed by the Administrator before its withdrawal.
  6. Data shall be processed for contact purposes, including granting access to the online forum for registered persons, and in other matters. The Website performs functions of obtaining information about Users and their behaviour through voluntarily entered data in forms, which are entered into the Administrator’s systems.
  7. The above is carried out on the basis of legitimate interests, i.e. in accordance with Article 6(1)(f) of the GDPR. The data may also be processed when it is necessary to conclude or execute a contract and fulfil the Administrator’s legal obligations, i.e. on the basis of Article 6(1)(b) and (c) GDPR.
  8. You have the opportunity to object to the processing of your data, to request access, rectification, deletion, restriction of processing and transfer. The data shall be stored until you raise an objection, and in contractual relations – for the duration of the contract and after its termination for the period resulting from the regulations on archiving and limitation of claims.
  9. You have the right to lodge a complaint with the President of the Office for Personal Data Protection. Questions regarding privacy protection can be addressed to: contact@lafinstitute.org.
  10. Selected methods of personal data protection used by the Administrator
  1. The passwords of Website users are stored in hashed form. The hashing function works one-way – it is not possible to reverse its operation, which is the current modern standard for storing user passwords.
  2. The Administrator periodically changes his administrative passwords.
  3. In order to protect data, the Administrator regularly makes security copies.
  4. An important element of data protection is the regular updating of all software used by the Administrator to process personal data, which in particular means regular updates of software components.

3. Hosting

  1. The Website is hosted (technically maintained) on the Operator’s server: linuxpl.com.
  2. Registration data of the hosting company: H88 S.A. with its headquarters in Poznań, Franklin Roosevelt 22, 60-829 Poznań, registered in the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Economic Department of the National Court Register under the number KRS 0000612359, REGON 364261632, NIP 7822622168, share capital 210,000.00 PLN fully paid up.
  3. At https://linuxpl.com you can learn more about hosting and check the privacy policy of the hosting company.
  4. The hosting company:
  • applies measures to protect against data loss (e.g., disk arrays, regular backups),
  • applies adequate measures to protect processing sites in case of fire (e.g., special firefighting systems),
  • applies adequate measures to protect processing systems in case of sudden power failure (e.g., dual power paths, generators, UPS voltage backup systems),
  • applies measures to physically protect access to data processing sites (e.g., access control, monitoring),
  • applies measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. control of environmental conditions, specialized air conditioning systems),
  • applies organizational solutions to ensure the highest possible degree of protection and confidentiality (training, internal regulations, password policies, etc.),
  • has appointed a Data Protection Inspector.

5. The hosting company, in order to ensure technical reliability, keeps logs at the server level. The record may be subject to:

  • resources specified by URL identifier (addresses of requested resources – pages, files),
  • time of arrival of the request,
  • time of sending the response,
  • the name of the client station – identification carried out by the HTTP protocol,
  • information about errors that occurred during the execution of HTTP transactions,
  • URL address of the page previously visited by the user (referer link) – in case the passage to the Site occurred through a link,
  • information about the user’s browser,
  • information about the IP address,
  • diagnostic information related to the process of self-ordering of services through registrars on the site,
  • information related to the handling of e-mails addressed to the Operator and sent by the Operator.

4. Additional information on the use and storage of personal data

  1. Data may be transferred to other entities (hereinafter “Subcontractors”) through which the Administrator carries out the purposes of processing indicated in Section 1 of the Privacy Policy. The Administrator will implement agreements with Subcontractors that meet the requirements of applicable privacy laws. Subcontractors will be required to use appropriate security measures to protect personal data and will not be allowed to use personal data other than that designated by the Administrator.
  2. When the User uses the Website, data such as IP address, domain name, browser type, operating system type are automatically collected. This data may be collected by cookies.
  3. Your personal data will be stored for a period depending on the situations listed in the table below:
Purpose of processingLegal basisPeriod of data processing
Maintaining an account on the Website, providing ordered services electronically, providing contact in connection with the performance of services.Article 6(1)(b) GDPR (necessity for performance of the contract) Article 18(1) of the Act on Provision of Electronic ServicesPersonal data will be processed until the User deletes the account.
Data processing within social networks (including: Linkedin, Twitter)Article 6(f) of the GDPR, the Administrator’s legitimate interest is to respond to inquiries made in a private message and/or to comment on posts, to receive information about activity on the fanpage and to conduct other marketing activities. User activity related to the use of our social network will not be archived outside the service.Personal data will be processed until you object to the processing. The objection can be expressed by deleting messages or comments. In the case of offensive, vulgar and infringing content, the Administrator may delete comments and posts at any time. Personal data collected by social networks, i.e. history of posts, history of activity in the application, is subject to retention under the terms of the rules of each social network.
Investigation or defense of possible claims.Article 6(1)(f) GDPRUntil the expiration of the statute of limitations for possible claims.
Conducting correspondence, handling requests, applications, inquiries or handling complaints. Demonstrating the content of statements or requests made by the User.Article 6(1)(c) GDPRUntil the expiration of the statute of limitations for possible claims.
Provision of personal data at the request of public authorities or entities authorized to do so by law.Article 6(1)(c) GDPRUntil the fulfilment of the Administrator’s legal obligations.
Processing of personal data by the Administrator in information systems.Article 6(1)(c) in conjunction with Article 32(1) GDPRAccording to the Administrator’s backup schedule.
  1. The Administrator may disclose your personal data in the following cases:
  1. when it is necessary for the stated purposes;
  2. when required by law;
  3. in connection with the reorganization or merger of our company with another company;
  4. when, in our opinion, such disclosure is necessary to implement or comply with the terms of a contract and other agreements, or, to otherwise protect and defend rights, property or security;
  5. to comply with a legal proceeding, court judgment or legal obligation, or inquiry by authorities; or
  6. with your consent.
  7. It is the Administrator’s legal obligation to report suspicious transactions and other activities to relevant authorities in connection with anti-money laundering, terrorist financing, illegal insider trading or related laws. The Administrator may also notify the police and other law enforcement agencies of suspected criminal offenses without any obligation to inform you.

5. Administrator logs

  1. Information of Users’ behaviour on the website may be subject to logging. This data is used to administer the site.

6. Information and management of cookies

  1. The Website https://lafinstitute.org uses cookies.
  2. Cookies are IT data consisting of a sequence of numbers and letters, in particular text files, which are stored on the Website User’s terminal device and are intended for use by the Website User. Cookies usually contain the name of the website from which they come, the time they are stored on the end device and their unique number.
  3. The entity placing cookies on the Website User’s terminal device and accessing them is the Administrator.
  4. Cookies are used to maintain the session of the Website user (after logging in), so that the User does not have to re-enter the login and password on each sub-page.
  5. The Website uses “session” cookies. These are temporary files that are stored on the User’s terminal device until the User logs out, leaves the Website or shuts down the browser.
  6. The Internet browser by default allows the storage of cookies on the User’s terminal device. The User may block the storage of cookies, delete existing cookies and change the duration of their storage on his/her computer by configuring the browser settings. The above actions may affect the operation of the browser.
  7. Regular disabling of cookies in the browser prevents the user from using certain services or functionalities offered by the Website, but does not constitute a loss for the user, who is not entitled to any compensation for this.
  8. Browsers allow you to reject all cookies or only cookies from third parties. To manage your cookie settings, please follow the Website’s instructions.

7. Changes to the Privacy and Cookies Policy

  1. The Administrator reserves the right to make changes to the Privacy Policy if required by law or changes made to the Administrator’s websites.
  2. The effective date of the Privacy Policy in its latest version: 01 August 2023.