Privacy Policy
Dear Sir or Madam,
You provide us with your personal data both directly (e.g. by using our website, mobile application, subscribing to a newsletter, or purchasing a subscription) and through our Partners (e.g. by participating in events organized or co-organized by Visteria, subscribing to our social media pages).
We process your data in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Please read the “VISTERIA” Privacy Policy (“Privacy Policy”), which contains information about what happens to your personal data – how it is protected and what rights you have in connection with its processing.
---
1. General Provisions
The controller of your personal data is VISTERIA FOUNDATION, with its registered office in Warsaw at ul. Krakowskie Przedmieście 13, 00-071 Warsaw, entered into the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number 0001155707, NIP 5253035184, REGON 540906573 (“Controller” or “Visteria”).
You can contact the Controller at: contact@visteriafoundation.pl
The Controller makes every effort, both legally, technically and organizationally, to ensure the highest possible level of protection of all personal data received from you and used by the Controller.
All personal data held by the Controller is stored and processed in accordance with applicable laws, in particular the GDPR.
The Controller makes every effort to ensure that the data necessary for the proper functioning of the Service is not collected from you in a burdensome manner, and that only data necessary to achieve the purposes indicated in the Privacy Policy is processed.
---
2. Categories of Data Subjects
The Controller processes personal data of the following groups:
Partners – entities cooperating with Visteria on an ongoing basis.
Subscribers – persons subscribing to Visteria’s social media pages (e.g. Facebook, Instagram, Twitter).
Guests – persons participating in events and cultural or promotional activities organized or co-organized by Visteria.
Clients – persons using Visteria subscriptions and other services or products.
Service Users – users of the Visteria.pl website.
---
3. Categories of Data
Identification and contact data: name, phone number (including mobile), email address, correspondence address (for subscriptions and services).
Social media activity data: posts, likes, shares, tagging Visteria, and other interactions on platforms such as Facebook and Instagram.
Subscription data: preferences used to tailor offers from Visteria.
Event-related data: data necessary for participation, opinions, and image recordings (photos/videos) used on Visteria’s social media.
Data received from Partners: e.g. name, email, phone number, and social media usernames.
---
4. Purposes of Processing
1. Partners’ data:
* Promotion and marketing (with consent) – Art. 6(1)(a) GDPR.
* Contract performance – Art. 6(1)(b) GDPR.
* Legal obligations – Art. 6(1)(c) GDPR.
* Legitimate interests (promotion, claims, archiving) – Art. 6(1)(f) GDPR.
2. Guests, Clients, Subscribers:
* Marketing (with consent) – Art. 6(1)(a) GDPR.
* Newsletter distribution – Art. 6(1)(a) GDPR.
* Legal obligations – Art. 6(1)(c) GDPR.
* Legitimate interests (marketing, claims, archiving, profiling where necessary) – Art. 6(1)(f) GDPR.
* Social media activity monitoring and content optimization.
* Event organization.
* Ensuring service functionality and security.
* Handling inquiries.
3. Service Users:
* Marketing and monitoring (with consent) – Art. 6(1)(a) GDPR.
* Legal compliance – Art. 6(1)(c) GDPR.
* Analytics and optimization – Art. 6(1)(f) GDPR.
* Inquiry handling.
4. Visitors to Visteria office:
*Security monitoring (CCTV, entry logs) – Art. 6(1)(f) GDPR.
---
5. Data Retention
Personal data will be stored for as long as necessary to achieve the purposes described above.
If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
---
6. Additional Consents
You may consent to receiving commercial information electronically from the Controller and its Partners. Consent is voluntary and may be withdrawn at any time.
---
7. Data Recipients
Personal data may be shared with third parties providing services such as IT, courier, publishing, marketing (e.g. YouTube, Facebook, Vimeo, Instagram), security, legal, tax, and statistical services.
In some cases, data may be transferred outside the European Economic Area.
---
8. Data Subject Rights
You have the right to:
* Access your data and obtain copies
* Rectify inaccurate or incomplete data
* Erase data (“right to be forgotten”)
* Restrict processing
* Data portability
* Withdraw consent
* Object to processing (including marketing)
* Lodge a complaint with a supervisory authority
Contact: contact@visteriafoundation.pl
Providing data is voluntary but may be necessary to use certain services.
We do not knowingly collect data from children under 16.
---
9. Transfers Outside the EEA
Some tools used by the Controller may transfer data outside the EEA. In such cases, appropriate safeguards are applied (e.g. adequacy decisions or standard contractual clauses).
---
10. External Links
The website may contain links to external sites (e.g. YouTube, Facebook, Instagram). The Controller is not responsible for their privacy practices.
Users should review external privacy policies.
---
11. Final Provisions
This Privacy Policy describes how personal data is processed in connection with the use of the Service, social media, subscriptions, and cooperation with Visteria.
The Policy is regularly reviewed and updated. Changes will be communicated via the website or email.
Changes enter into force no earlier than 14 days after notification.