It is our intent to ensure that the wording of the Policy is comprehensible, precise and facilitating the proper interpretation of its contents, which is why we are presenting a glossary of terms used herein:
- Controller – the entity that defines purposes and ways of processing your Personal Data;
- Personal Data – any information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including IP addresses of devices, e-mail addresses, location data, online identifiers and information collected by cookie files or other similar technologies;
- Cookies – pieces of data, in particular text files, which are stored on an end device of the user of the Services;
- Clients – entities which, directly or indirectly, outsource activities to us, especially marketing activities in the environment of our Services;
- Profiling – the process of automated processing of your data that involves using your data to assess certain factors specific to you, in particular to analyze or predict your interests or other behavior, such as your credibility, approximate location, movement, consumer preferences;
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, p. 1);
- User – any natural person using one or more WP Services;
- Services – websites, apps or services provided on websites and in apps;
- Wirtualna Polska, WP – the corporate group having capital links with Wirtualna Polska Holding S.A.;
- Co-Controller – the entity cooperating with the Controller with which the Controller jointly defines purposes and ways of processing Personal Data;
- Trusted Partners – entities with which the Controller cooperates, including advertisers, e-commerce entities, media houses and advertising networks, brokers and other intermediaries operating on the Internet advertising market, interactive agencies specializing in Internet marketing, advertising networks operating on the online advertising market in the programmatic technology, entities providing analytical services. A list of Trusted Partners along with their processing objectives for your data is available here;
- IAB Trusted Partners – Trusted Partners recommended by the Interactive Advertising Bureau. A list of IAB Trusted Partners is available here;
We attach particular importance to protecting privacy of Users using the WP Services. This Policy describes the rules governing the processing of Personal Data of Users in connection with using the Services. The rules governing the processing of processing Personal Data in connection with using the service of e-mail account, including WP Mail, O2 Mail and 1Login are covered by separate regulations and policies.
2. Information about the Controller
The Controller of your Personal Data in connection with your use of the Services is WP. The address below will direct you to registration and contact data of the subsidiaries of Wirtualna Polska: https://holding.wp.pl/kontakt/dane-spolek-grupy.
You may contact the Controller via a contact form onas.wp.pl/formularz_rodo or by sending an e-mail to the address: firstname.lastname@example.org, or by traditional mail to the address: Żwirki i Wigury 16, 02-092 Warsaw, Poland, with the note: "To the Data Protection Officer".
If Personal Data are collected and subsequently provided by Clients to Wirtualna Polska, both Wirtualna Polska and the Client are Co-Controllers of Personal Data. Here you may find the websites of our Clients, from which we may process your Personal Data.
3. Particulars of the Data Protection Officer
We have appointed a Data Protection Officer for the Wirtualna Polska Group, who may be contacted in all matters pertaining to the processing of Personal Data and exercising the rights related to the processing:
Wirtualna Polska / Oskar Cisiński / IOD / Żwirki i Wigury 16, 02 – 092 Warsaw, Poland
4. What data do we process?
We process Personal Data that you provide, leave or to which we may get access during your use of the WP Services and our Trusted Partners, in particular:
a) made available by you in the browsing history of websites and apps and those that you leave when using the WP Services (e.g. data about visited websites, apps and content of interest to you, including advertising, your searches, your clicks, the way you use the WP Services), as well as data from websites of Trusted Partners, including Clients, in particular histories of your purchases, especially those made after clicking on advertisements delivered to you in the environment of the WP Services,
b) information stored on the end-user devices that you use, including information on your browser and data about your approximate geographic location,
c) recorded, among others, in cookies installed in our websites and apps and in websites of our Trusted Partners and outside of the WP Services.
The scope of Personal Data processed in the various WP Services may vary. You may always find information on this subject in the User panel linked to the respective WP Service, or you may always ask our Data Protection Officer.
5. For what purpose, on what basis and how long do we process your Personal Data?
Purposes of data processing:
performance of the agreement entered into between WP and the User (e.g. rules and regulations which are accepted by the User before using the respective WP Service), including the provision of the Services for Users and necessary to provide the WP Services adjustment of Services to Users’ needs, maintenance and technical support for the WP Services ("performance of the Services")
Article 6(1)(b) of the GDPR – as needed to perform the agreement to which the User is a party
until the expiration of the agreement
ensuring security, preventing fraud and fixing errors necessary to provide the WP Services ("ensuring security")
Article 6(1)(f)* of the GDPR – legitimate interest of the Controller, involving to ensuring security of the WP Services provided
until an effective objection is raised, but no longer than 3 years
developing and improving services ("optimization"), delivery and presentation of advertising and content, maintenance and technical support of the Services, measurement of content performance, the Services or advertising ("technical provision of the Services"), statistical measurement, getting to know audience due to statistics or combination of data from various sources ("statistics"); marketing (including analysis and profiling of data for marketing purposes) of the Controller’s products and services ("self-marketing");
Article 6(1)(f) of the GDPR – legitimate interest of the Controller
until an effective objection is raised, but no longer than 3 years
marketing (including analysis and profiling of data for marketing purposes) concerning the products and services of third parties ("third party marketing"***). Third party marketing includes profiling** such as: creating a profile for personalized advertising, using limited data to select advertising, creating a profile for personalized advertising, using profiles to select personalized advertising, adjusting the WP Services to Users’ needs, creating profiles with a view to customize content, using profiles to select customized content and measuring content performance, measuring advertising performance,
Article 6(1)(a) – voluntary consent
until the consent is withdrawn
preparation and delivery of responses to requests or other reports submitted to WP
depending on the purpose for which the request or other report was submitted, this includes taking action leading to the execution of an agreement (Article 6(1)(b) of the GDPR), a legal obligation (Article 6(1)(b) of the GDPR in conjunction with Articles 15-22 of the GDPR), or a legitimate interest of the controller (Article 6(1)(f) of the GDPR), which includes the ability to respond to a request or report
until the response to a request or another report to WP is prepared and given; and in the case of reports concerning the exercise of rights of data subjects – 5 years after they are exercised or a response to the report is given
determination and pursuit of claims or defense against them
legitimate interests of the controller (Article 6(1)(f) of the GDPR) involving the ability to determine, pursue or defend against claims
until the claims expire, but no longer than 6 years after the end of the calendar year, in which the event that could become the basis for the claims arose
fulfillment of statutory duties arising under tax regulations and accounting regulations involving, among others, the necessity to issue and archive a bill
legal obligation (Article 6(1)(c) of the GDPR in conjunction with Article 74 of the Accounting Act and other tax legislation)
5 years after the end of the calendar year, starting from the next year when the event causing the legal obligation to arise occurred
storing and/or accessing information on a device
Article 6(1)(a) of the GDPR (a person’s voluntary consent)
until the consent is withdrawn
handling of requests and proceedings conducted by authorized bodies, e.g. courts, prosecution offices, law enforcement authorities, offices that may be related to user data
legal obligation (Article 6(1)(c) of the GDPR in conjunction with the regulations authorizing the relevant body to submit a request)
until the request is satisfied
Functions and special features
To achieve the above purposes, we use the following functions and special features:
Matching and combining data from other data sources
performance of the Services, optimization, technical provision of the Services, statistics, ensuring security, self-marketing, third party marketing
Linking different devices
Optimization, statistics, ensuring security, self-marketing, performance of the Services, technical provision of the Services
Identifying devices based on information transmitted automatically
Optimization, statistics, ensuring security, self-marketing, third party marketing, technical provision of the Services, performance of the Services,
Actively scanning device characteristics for identification
* In relation to the processing of your Personal Data based on Wirtualna Polska’s legitimate interest, we perform a test of balance between our legitimate interest and your rights. In the event of the fundamental purposes, functions and special features, such as, e.g. ensuring security, optimization, technical provision of the Services, statistics, your objection may turn out to be ineffective.
** The advertisements and editorials displayed will be profiled using the following of your data and in accordance with the following criteria:
- Your activity within the WP Services and Services of our Trusted Partners;
- Your activities and interactions with advertising;
- Your approximate location, the size of the town/city you reside in;
- Information stored on your end-user devices, such as the type of end-user device, browser type, operating system you are using, and the language set in the operating system you are using.
Information on your profile may be used to profile advertising and content in the WP Services and Services of our Trusted Partners and outside of the WP Services, especially in advertising networks which aggregate and intermediate in the sales of advertising. Advertising networks collect data on users from all websites cooperating with these networks and then use such data to display advertising that is best suited to your interests.
6. Data recipients
Recipients of your Personal Data in connection with your use of the WP Services will be also Trusted Partners, including Clients. Trusted Partners process your Personal Data, in particular based on your voluntary consent. Please note that in specific cases, they may process your Personal Data without your prior consent. If your Personal Data are processed on the basis of legitimate interest of our IAB Trusted Partners, you may object to the processing in advanced settings. Detailed purposes of processing of your Personal Data by the other Trusted Partners and the manner of informing them of your intention to exercise your rights may be found in the privacy policies of those Trusted Partners.
For objective reasons, we are not able to state the names of all Trusted Partners here, in particular due to the lack of direct relations with some of them, for example when a Client orders advertising to be placed on our space through the intermediation of a Trusted Partner that is an advertising network.
Your Personal Data may be transferred to data processors that process Personal Data under engagement from the Controller, which may include among others: IT service providers, payment service providers, marketing agencies, etc., based on an agreement entered into with the Controller and solely in accordance with the Controller’s instructions. Your Personal Data may also be disclosed to entities authorized to receive it under applicable law.
Your Personal Data may be transferred to recipients in third countries, i.e. countries outside the European Economic Area, especially when:
a) it is necessary to provide Services for you,
b) it is necessary for the execution and performance of a contract between you and WP,
c) you give prior consent to it, e.g. consent to processing Personal Data for marketing purposes by our Trusted Partners coming from third countries.
Before transferring your Personal Data to entities located in third countries, we verify the guarantee of the high level of protection for such data and use standard contractual clauses. However, in certain situations, the transfer of your Personal Data to third countries may entail risks due to the lack of a decision declaring an adequate level of protection outside the EEA and the lack of safeguards and effective legal protection measures in third countries.
7. What rights do you have?
In connection with our processing of your Personal Data, you have the following rights:
- right of access to your data
- right to request rectification of the data
- right to erasure of the data
- right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Authority
- right to restriction of processing of the data
- right to withdraw your consent – if your Personal Data are processed on the basis of consent. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. WP provides you with the opportunity to grant consent and withdraw it using the platform registered and verified by IAB. Our registration number in the Transparency & Consent Framework standard is 72.
- right to transfer your Personal Data – if your Personal Data are processed on the basis of consent or as part of a provided Service
- right to object – if your Personal Data are processed on the basis of the controller’s legitimate interest. Once you have effectively made an objection, your Personal Data will not be processed unless there is a valid legitimate basis for processing. Your Personal Data will not be processed for self-marketing after you have filed an objection.
To exercise the above rights, please contact the data controller or the Data Protection Officer (contact data above).
8. Additional information
Cookies and other similar technologies
A publisher’s website may place a cookie on your browser if your browser allows it. Importantly, a browser only allows a website to access cookies placed by that website, not those placed by other websites.
Cookies contain the domain name of the website from which they originate, the time they are stored on the end device and a unique name. Information stored in cookies is often necessary for the proper operation of a website. Cookies may store a unique number that identifies a device, but the user’s identity is not determined on the basis of the number.
- to provide the Services;
- to adjust the content of the Services to the User’s preferences and optimize the use of websites;
- to compile statistics that help us understand how Users use the Services, which enables us to improve their structure and content;
- to perform research and measurements of the audience of our Services, editorial content including advertisements in order to analyze, evaluate, introduce, improve and develop our Services;
- to maintain the User’s session so that the User does not have to re-enter their login and password on each sub-page of the respective website and app;
- to present advertisements and carry out surveys, among others, in a manner that takes into account the User’s interests or place of residence (customization of the advertising message) and with a guarantee of exclusion of the possibility of repeated presentation of the same advertisement to the User, as well as remarketing which involves displaying advertisements of Clients whose sites you have visited or whose goods or services you have been interested in, e.g. you clicked on the Client’s advertisement earlier;
- to link multiple devices belonging to the same User to achieve one or more of the purposes described above.
What types of cookies do we use?
In view of the lifespan of cookies and other similar technologies, we use two main types of these files:
- session cookies - temporary files stored on the User’s end device until the user logs out, leaves the website and apps or shuts down the software (web browser);
- persistent cookies - stored in the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
In view of the purpose of cookies and other similar technologies, we use the following types of cookies:
- necessary for the operation of Services – making it possible to use our Services, e.g. authentication cookies used for Services which require authentication;
- files that ensure security, e.g. those used to detect abuses concerning authentication;
- performance cookies - making it possible to collect information about how websites and apps are used;
- functional cookies - allowing for "remembering" the User’s selected settings and personalizing the User interface, e.g. with regard to the User’s chosen language or region of origin, font size, appearance of the website and apps, etc.;
- marketing cookies - making it possible to deliver advertising content to Users more tailored to their interests;
- statistical cookies - used to count statistics about websites and apps.
Local Storage (LS)
To ensure the convenience of using our services, we use the LS technology, whose operation is similar in principle to cookies, but with slightly different properties. LS is a separate part of the browser’s memory used to store data saved by services. The data in LS is stored long-term by the browser and is not deleted when the browser is closed and neither does it have a specific expiration time. We emphasize that we do not use this technology to "track" or identify Users, but only for convenience and to provide the best possible Service level. We use the LS technology, for example, to remember settings, retain radio configurations, or store data on recommended entries.
We use the Web Push technology to provide you with short current notifications, especially the latest news, information about our Services and offers from our Trusted Partners.
WP Holding Tracking Pixel
WP also provides services using the WP Tracking Pixel technology or a short code embedded in a website, provided by Wirtualna Polska Media S.A. to clients using information flow mechanisms between parties and the Client’s apps and WP’s websites. The technology makes it possible to collect data about Users from Clients’ to WP’s IT systems.
Social media plugins
Detailed information on the scope and purpose of processing your data within Facebook Social Plugin may be found at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.
WP and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) are co-controllers of Personal Data in accordance with Article 26 of the GDPR with respect to the processing of data for statistical purposes. Co-control includes aggregate data analysis for the purpose of displaying activity statistics for users of WP fanpages.
The scope of responsibility of Meta Platforms Ireland for processing your Personal Data:
- having a legal basis for processing data for the site’s statistics;
- ensuring that rights of data subjects are exercised;
- reporting violations to the supervisory authority and notifying affected persons of incidents;
- providing appropriate technical and organizational measures to ensure the security of Personal Data.
The scope of responsibility of WP for processing your Personal Data:
- having a legal basis for processing data for statistical purposes;
- performing information duties concerning purposes of processing pursued by WP
- providing contact details and contact details of the Data Protection Officer
Meta Platforms Ireland will provide the essential content of the attachment with statistics to data subjects (Article 26(2) of the GDPR) using the data found in the Information about Page Insights data.
The main regulatory authority regarding common data processing is the Irish Data Protection Commission (irrespective of the provisions of Article 55(2) of the GDPR where applicable).
Detailed information on mutual arrangements between the controllers is available at: https://www.facebook.com/legal/terms/page_controller_addendum.
Rules for personal data processing by Meta Platforms Ireland are available at: https://www.facebook.com/privacy/explanation
Managing browser settings
To receive notifications from us, you may give consent, which you may withdraw at any time using your browser settings.
Notifications are provided in real time and handled by the web browser you are using. For this reason, a unique identifier will be stored in your browser. We process data of your approximate geographic location data, among others, to provide you with information about the weather at your location, traffic information, presenting advertisements for restaurants nearby.
In addition, to perform statistical measurements, we use technologies coming from our Trusted Partners, in particular Google Analytics and Gemius.
The above entities place special codes on your end devices that allow us to collect data used to count statistics and optimize our Services.
At any time a User may object to the collection of data by Google Analytics or Gemius by changing web browser settings.
Detailed information about the scope and purpose of processing your data and your rights may be found at the following links:
You may also prevent Gemius from having access to information about your activity on our website using the solutions available here:
Additional information is available at: http://www.gemius.pl/cookie-policy.html
You may also prevent Google Analytics from having access to information about your activity on our website using the solutions available here:
In many cases, a web browser by default allows the storage of information in the form of cookies and other similar technologies on the User’s end device. A User may, however, change these settings at any time. A failure to make changes means that the aforementioned information may be placed and stored, and thus that we will store information on the user’s end device and access that information.
Comprehensive information is available in the browser settings:
Please keep in mind that:
- when you use the same computer together with other users, when you finish using the WP Services to which you are logged in, make sure to log out, i.e. "exit" your settings so that no one may see them;
- the data you provided at registration is known only to you and WP. For our part, we guarantee that the data will not be disclosed to anyone, and you should also exercise caution when sharing it with third parties;
- it happens that people using the web want to obtain information about you and use it against you or others. Be careful. Make sure that you know who the person asking you for personal data is and what kind of institution they represent.