Przekaż 1,5 % Twojego podatku na wsparcie działalności ZUL. Nr KRS 0000682444

I.Preliminary Information

In order to ensure the most effective principles of transparency and fairness in personal data processing, we hereby present the personal data protection rules applicable at the West Pomeranian Folk University – Foundation, established in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).This Privacy Policy is addressed to all individuals interested in the training and services provided by the West Pomeranian Folk University – Foundation, as well as visitors to the website www.zul.org.pl (hereinafter referred to as the “Service”), hereinafter referred to as “Users”.

Personal data is collected and processed in accordance with the principles set out in this Policy.

II. Data Controller and Data Protection Officer

The Data Controller is the West Pomeranian Folk University – Foundation, with its registered office in Mierzyn, ul. Welecka 13 B, 72-006 Mierzyn, NIP: 8513210155, REGON: 367538703 (hereinafter: “Controller”).

In matters related to the processing of your personal data, you may contact us using the above details or via the Data Protection Officer at:biuro@zul.org.plor by phone: ……………….

The data acquisition policy using cookies is regulated in a separate document, which is an integral part of this Privacy Policy.

III. How We Use Your Personal Data

The Controller uses the collected data to conclude and efficiently execute service contracts related to training, respons to inquiries, and analyze website traffic. Clients’ data is particularly processed to execute contracts and provide services, including training, EU projects, and workshops.

In addition to the above purposes, the Controller may use Users’ data for marketing purposes—to effectively present offers to persons interested in training and related services.

User data may only be shared with third parties with the User’s consent or when required by applicable law.

With your consent, the Controller may use your image to document the course of training, workshops, or projects you have participated in, as well as for marketing purposes.

IV. Scope and Purpose of Collected Data

The Controller collects personal data for the following purposes:

1. To enable Users and third parties to contact the Controller, including identification data, contact data, and message content.
2. To collect data on User activity, such as time spent on the website, search phrases, number of pages viewed, visit date, and source.
3. For marketing purposes, including newsletters, with prior consent.
4. To deliver services as per agreement with the User or interested party, which may include:

• First name;
• Last name;
• Email address;
• Phone number;
• Company data (if provided).

The Controller also collects data to fulfill legal obligations, such as issuing invoices, maintaining accounting records, and meeting other statutory duties.

V. Source of Data

1. If the User or interested party contacted the Controller, the data was provided directly.
2. If the data was submitted by another individual handling a specific matter, that person is the source of the data.

VI. Legal Basis and Principles for Processing

We ensure that personal data is:

• Processed lawfully, fairly, and transparently;
• Collected for specified, legitimate purposes;
• Adequate, relevant, and limited to what is necessary;
• Accurate and kept up to date;
• Stored in a way that permits identification for no longer than necessary;
• Protected by appropriate security measures.

In some cases, data processing is required to fulfill legal obligations, e.g. labor law or accounting. It may also be necessary for the Controller’s legitimate interests, such as pursuing claims related to business operations.

VII. Your Rights

We ensure that you can exercise your rights under GDPR, including:

• Right to information upon data collection;
• Right of access (Article 15 of the GDPR);
• Right to rectification;
• Right to erasure (“right to be forgotten”);
• Right to restrict processing;
• Right to data portability;
• Right to object;
• Right not to be subject to automated decision-making, including profiling;
• Right to be informed about data breaches.

If processing is based on consent, you may withdraw it at any time, without affecting the legality of prior processing.

If you believe we have violated GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

VIII. Administrator’s Communication

We provide information in writing, electronically, or orally if identity is confirmed. If you submit a request electronically, we will respond in the same form unless otherwise specified.

IX. Response Time

We strive to respond within one month. In complex cases, the period may be extended by an additional two months.

X. Subcontractors / Data Processors

The Controller may share data with trusted partners and service providers acting on our behalf.

Your data may be shared with:

• Authorities legally entitled to process it;
• Banks (for financial settlements);
• Software providers;
• Subcontractors;
• Courier services;
• Cloud service providers;
• Legal advisors.

XI. Data Protection Measures

To comply with the law, the Controller implements procedures covering:

• Data protection by design and by default;
• Risk analysis and privacy impact assessments;
• Breach notification;
• Data processing records;
• Storage and deletion rules;
• Exercising data subject rights.

We update our documentation regularly and aim to adopt best practices for privacy and data security.

XII. Data Retention and Deletion

The Controller stores personal data only as long as necessary to fulfill the purposes for which it was collected.

Data is then deleted or anonymized. The retention period is defined by legal regulations or the Controller’s legitimate interests, e.g. for marketing purposes.

Examples of retention rules:

• Contract-related data – for the duration of the agreement;
• Complaint-related data – until the claim is resolved;
• Data needed for claims – until the dispute is settled;
• Marketing data – until the person objects.

XIII. Authorizations

We ensure that anyone authorized to process your data does so only on our instructions, unless otherwise required by law.

XIV. Changes to the Privacy Policy

The Privacy Policy may be modified or updated as needed. Changes will be published on the website www.zul.org.pl.

XV. Automated Data Processing

Your data is not subject to automated processing or profiling that could lead to legal or similarly significant effects.