Contents

1. Definitions

2. Information about the Controller

3. Particulars of the Data Protection Officer

4. What data do we process?

5. For what purpose, on what basis and how long do we process your Personal Data?

6. Data recipients

7. What rights do you have?

8. Additional information

1. Definitions

It is our intent to ensure that the wording of the Policy is comprehensible, precise and facilitating the proper interpretation of its contents, which is why we are presenting a glossary of terms used herein:

  1. Controller – the entity that defines purposes and ways of processing your Personal Data;
  2. Personal Data – any information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including IP addresses of devices, e-mail addresses, location data, online identifiers and information collected by cookie files or other similar technologies;
  3. Cookies – pieces of data, in particular text files, which are stored on an end device of the user of the Services;
  4. Clients – entities which, directly or indirectly, outsource activities to us, especially marketing activities in the environment of our Services;
  5. Profiling – the process of automated processing of your data that involves using your data to assess certain factors specific to you, in particular to analyze or predict your interests or other behavior, such as your credibility, approximate location, movement, consumer preferences;
  6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, p. 1);
  7. User – any natural person using one or more WP Services;
  8. Services – websites, apps or services provided on websites and in apps;
  9. Wirtualna Polska, WP – the corporate group having capital links with Wirtualna Polska Holding S.A.;
  10. Co-Controller – the entity cooperating with the Controller with which the Controller jointly defines purposes and ways of processing Personal Data;
  11. Trusted Partners – entities with which the Controller cooperates, including advertisers, e-commerce entities, media houses and advertising networks, brokers and other intermediaries operating on the Internet advertising market, interactive agencies specializing in Internet marketing, advertising networks operating on the online advertising market in the programmatic technology, entities providing analytical services. A list of Trusted Partners along with their processing objectives for your data is available here;
  12. IAB Trusted Partners – Trusted Partners recommended by the Interactive Advertising Bureau. A list of IAB Trusted Partners is available here;

We attach particular importance to protecting privacy of Users using the WP Services. This Policy describes the rules governing the processing of Personal Data of Users in connection with using the Services. The rules governing the processing of processing Personal Data in connection with using the service of e-mail account, including WP Mail, O2 Mail and 1Login are covered by separate regulations and policies.

2. Information about the Controller

The Controller of your Personal Data in connection with your use of the Services is WP. The address below will direct you to registration and contact data of the subsidiaries of Wirtualna Polska: https://holding.wp.pl/kontakt/dane-spolek-grupy.

You may contact the Controller via a contact form onas.wp.pl/formularz_rodo or by sending an e-mail to the address: iodo@grupawp.pl, or by traditional mail to the address: Żwirki i Wigury 16, 02-092 Warsaw, Poland, with the note: "To the Data Protection Officer".

If Personal Data are collected and subsequently provided by Clients to Wirtualna Polska, both Wirtualna Polska and the Client are Co-Controllers of Personal Data. Here you may find the websites of our Clients, from which we may process your Personal Data.

3. Particulars of the Data Protection Officer

We have appointed a Data Protection Officer for the Wirtualna Polska Group, who may be contacted in all matters pertaining to the processing of Personal Data and exercising the rights related to the processing:

Mailing address:

Wirtualna Polska / Oskar Cisiński / IOD / Żwirki i Wigury 16, 02 – 092 Warsaw, Poland

E-mail:

iodo@grupawp.pl

Form:

Fill in the form

4. What data do we process?

We process Personal Data that you provide, leave or to which we may get access during your use of the WP Services and our Trusted Partners, in particular:

a) made available by you in the browsing history of websites and apps and those that you leave when using the WP Services (e.g. data about visited websites, apps and content of interest to you, including advertising, your searches, your clicks, the way you use the WP Services), as well as data from websites of Trusted Partners, including Clients, in particular histories of your purchases, especially those made after clicking on advertisements delivered to you in the environment of the WP Services,

b) information stored on the end-user devices that you use, including information on your browser and data about your approximate geographic location,

c) recorded, among others, in cookies installed in our websites and apps and in websites of our Trusted Partners and outside of the WP Services.

Please remember that provision of Personal Data by you is voluntary; however, a failure to do so (including refusal to provide access to information and have the data stored on your device, including with the use of cookies) with regard to data marked as necessary to provide services for you will prevent their provision, in particular it will make it impossible for you to register and use the Services, and it will make it impossible for us to provide you with information, content and offers you are looking for, to process and respond to your complaint and to respond to your inquiry or some other request.

The scope of Personal Data processed in the various WP Services may vary. You may always find information on this subject in the User panel linked to the respective WP Service, or you may always ask our Data Protection Officer.

5. For what purpose, on what basis and how long do we process your Personal Data?

Purposes of data processing:

Legal basis:

Processing period:

performance of the agreement entered into between WP and the User (e.g. rules and regulations which are accepted by the User before using the respective WP Service), including the provision of the Services for Users and necessary to provide the WP Services adjustment of Services to Users’ needs, maintenance and technical support for the WP Services ("performance of the Services")

Article 6(1)(b) of the GDPR – as needed to perform the agreement to which the User is a party

until the expiration of the agreement

ensuring security, preventing fraud and fixing errors necessary to provide the WP Services ("ensuring security")

Article 6(1)(f)* of the GDPR – legitimate interest of the Controller, involving to ensuring security of the WP Services provided

until an effective objection is raised, but no longer than 3 years

developing and improving services ("optimization"), delivery and presentation of advertising and content, maintenance and technical support of the Services, measurement of content performance, the Services or advertising ("technical provision of the Services"), statistical measurement, getting to know audience due to statistics or combination of data from various sources ("statistics"); marketing (including analysis and profiling of data for marketing purposes) of the Controller’s products and services ("self-marketing");

Article 6(1)(f) of the GDPR – legitimate interest of the Controller

until an effective objection is raised, but no longer than 3 years

marketing (including analysis and profiling of data for marketing purposes) concerning the products and services of third parties ("third party marketing"***). Third party marketing includes profiling** such as: creating a profile for personalized advertising, using limited data to select advertising, creating a profile for personalized advertising, using profiles to select personalized advertising, adjusting the WP Services to Users’ needs, creating profiles with a view to customize content, using profiles to select customized content and measuring content performance, measuring advertising performance,

Article 6(1)(a) – voluntary consent

until the consent is withdrawn

preparation and delivery of responses to requests or other reports submitted to WP

depending on the purpose for which the request or other report was submitted, this includes taking action leading to the execution of an agreement (Article 6(1)(b) of the GDPR), a legal obligation (Article 6(1)(b) of the GDPR in conjunction with Articles 15-22 of the GDPR), or a legitimate interest of the controller (Article 6(1)(f) of the GDPR), which includes the ability to respond to a request or report

until the response to a request or another report to WP is prepared and given; and in the case of reports concerning the exercise of rights of data subjects – 5 years after they are exercised or a response to the report is given

determination and pursuit of claims or defense against them

legitimate interests of the controller (Article 6(1)(f) of the GDPR) involving the ability to determine, pursue or defend against claims

until the claims expire, but no longer than 6 years after the end of the calendar year, in which the event that could become the basis for the claims arose

fulfillment of statutory duties arising under tax regulations and accounting regulations involving, among others, the necessity to issue and archive a bill

legal obligation (Article 6(1)(c) of the GDPR in conjunction with Article 74 of the Accounting Act and other tax legislation)

5 years after the end of the calendar year, starting from the next year when the event causing the legal obligation to arise occurred

storing and/or accessing information on a device

Article 6(1)(a) of the GDPR (a person’s voluntary consent)

until the consent is withdrawn

handling of requests and proceedings conducted by authorized bodies, e.g. courts, prosecution offices, law enforcement authorities, offices that may be related to user data

legal obligation (Article 6(1)(c) of the GDPR in conjunction with the regulations authorizing the relevant body to submit a request)

until the request is satisfied

Functions and special features

To achieve the above purposes, we use the following functions and special features:

Features

Objective

Matching and combining data from other data sources

performance of the Services, optimization, technical provision of the Services, statistics, ensuring security, self-marketing, third party marketing

Linking different devices

Optimization, statistics, ensuring security, self-marketing, performance of the Services, technical provision of the Services

Identifying devices based on information transmitted automatically

Optimization, statistics, ensuring security, self-marketing, third party marketing, technical provision of the Services, performance of the Services,

Actively scanning device characteristics for identification

Ensuring security

* In relation to the processing of your Personal Data based on Wirtualna Polska’s legitimate interest, we perform a test of balance between our legitimate interest and your rights. In the event of the fundamental purposes, functions and special features, such as, e.g. ensuring security, optimization, technical provision of the Services, statistics, your objection may turn out to be ineffective.

** The advertisements and editorials displayed will be profiled using the following of your data and in accordance with the following criteria:

  • Your activity within the WP Services and Services of our Trusted Partners;
  • Your activities and interactions with advertising;
  • Your approximate location, the size of the town/city you reside in;
  • Information stored on your end-user devices, such as the type of end-user device, browser type, operating system you are using, and the language set in the operating system you are using.

Information on your profile may be used to profile advertising and content in the WP Services and Services of our Trusted Partners and outside of the WP Services, especially in advertising networks which aggregate and intermediate in the sales of advertising. Advertising networks collect data on users from all websites cooperating with these networks and then use such data to display advertising that is best suited to your interests.

6. Data recipients

Recipients of your Personal Data in connection with your use of the WP Services will be also Trusted Partners, including Clients. Trusted Partners process your Personal Data, in particular based on your voluntary consent. Please note that in specific cases, they may process your Personal Data without your prior consent. If your Personal Data are processed on the basis of legitimate interest of our IAB Trusted Partners, you may object to the processing in advanced settings. Detailed purposes of processing of your Personal Data by the other Trusted Partners and the manner of informing them of your intention to exercise your rights may be found in the privacy policies of those Trusted Partners.

For objective reasons, we are not able to state the names of all Trusted Partners here, in particular due to the lack of direct relations with some of them, for example when a Client orders advertising to be placed on our space through the intermediation of a Trusted Partner that is an advertising network.

Your Personal Data may be transferred to data processors that process Personal Data under engagement from the Controller, which may include among others: IT service providers, payment service providers, marketing agencies, etc., based on an agreement entered into with the Controller and solely in accordance with the Controller’s instructions. Your Personal Data may also be disclosed to entities authorized to receive it under applicable law.

Your Personal Data may be transferred to recipients in third countries, i.e. countries outside the European Economic Area, especially when:

a) it is necessary to provide Services for you,

b) it is necessary for the execution and performance of a contract between you and WP,

c) you give prior consent to it, e.g. consent to processing Personal Data for marketing purposes by our Trusted Partners coming from third countries.

Before transferring your Personal Data to entities located in third countries, we verify the guarantee of the high level of protection for such data and use standard contractual clauses. However, in certain situations, the transfer of your Personal Data to third countries may entail risks due to the lack of a decision declaring an adequate level of protection outside the EEA and the lack of safeguards and effective legal protection measures in third countries.

7. What rights do you have?

In connection with our processing of your Personal Data, you have the following rights:

  • right of access to your data
  • right to request rectification of the data
  • right to erasure of the data
  • right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Authority
  • right to restriction of processing of the data
  • right to withdraw your consent – if your Personal Data are processed on the basis of consent. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. WP provides you with the opportunity to grant consent and withdraw it using the platform registered and verified by IAB. Our registration number in the Transparency & Consent Framework standard is 72.
  • right to transfer your Personal Data – if your Personal Data are processed on the basis of consent or as part of a provided Service
  • right to object – if your Personal Data are processed on the basis of the controller’s legitimate interest. Once you have effectively made an objection, your Personal Data will not be processed unless there is a valid legitimate basis for processing. Your Personal Data will not be processed for self-marketing after you have filed an objection.

To exercise the above rights, please contact the data controller or the Data Protection Officer (contact data above).

8. Additional information

Cookies and other similar technologies

WP and Trusted Partners upload information in the form of cookies or in a different form to end devices (e.g. computer, laptop, smartphone, Smart TV) and obtain access to information collected with the use of cookies and other technologies which identify end devices.

A publisher’s website may place a cookie on your browser if your browser allows it. Importantly, a browser only allows a website to access cookies placed by that website, not those placed by other websites. 

Cookies contain the domain name of the website from which they originate, the time they are stored on the end device and a unique name. Information stored in cookies is often necessary for the proper operation of a website. Cookies may store a unique number that identifies a device, but the user’s identity is not determined on the basis of the number.

We use cookies and other similar technologies for the following purposes:

  • to provide the Services;
  • to adjust the content of the Services to the User’s preferences and optimize the use of websites;
  • to compile statistics that help us understand how Users use the Services, which enables us to improve their structure and content;
  • to perform research and measurements of the audience of our Services, editorial content including advertisements in order to analyze, evaluate, introduce, improve and develop our Services;
  • to maintain the User’s session so that the User does not have to re-enter their login and password on each sub-page of the respective website and app;
  • to present advertisements and carry out surveys, among others, in a manner that takes into account the User’s interests or place of residence (customization of the advertising message) and with a guarantee of exclusion of the possibility of repeated presentation of the same advertisement to the User, as well as remarketing which involves displaying advertisements of Clients whose sites you have visited or whose goods or services you have been interested in, e.g. you clicked on the Client’s advertisement earlier;
  • to link multiple devices belonging to the same User to achieve one or more of the purposes described above.

What types of cookies do we use?

In view of the lifespan of cookies and other similar technologies, we use two main types of these files:

  • session cookies - temporary files stored on the User’s end device until the user logs out, leaves the website and apps or shuts down the software (web browser);
  • persistent cookies - stored in the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

In view of the purpose of cookies and other similar technologies, we use the following types of cookies:

  • necessary for the operation of Services – making it possible to use our Services, e.g. authentication cookies used for Services which require authentication;
  • files that ensure security, e.g. those used to detect abuses concerning authentication;
  • performance cookies - making it possible to collect information about how websites and apps are used;
  • functional cookies - allowing for "remembering" the User’s selected settings and personalizing the User interface, e.g. with regard to the User’s chosen language or region of origin, font size, appearance of the website and apps, etc.;
  • marketing cookies - making it possible to deliver advertising content to Users more tailored to their interests;
  • statistical cookies - used to count statistics about websites and apps.

Local Storage (LS)

To ensure the convenience of using our services, we use the LS technology, whose operation is similar in principle to cookies, but with slightly different properties. LS is a separate part of the browser’s memory used to store data saved by services. The data in LS is stored long-term by the browser and is not deleted when the browser is closed and neither does it have a specific expiration time. We emphasize that we do not use this technology to "track" or identify Users, but only for convenience and to provide the best possible Service level. We use the LS technology, for example, to remember settings, retain radio configurations, or store data on recommended entries. 

Web Push

We use the Web Push technology to provide you with short current notifications, especially the latest news, information about our Services and offers from our Trusted Partners.

WP Holding Tracking Pixel

WP also provides services using the WP Tracking Pixel technology or a short code embedded in a website, provided by Wirtualna Polska Media S.A. to clients using information flow mechanisms between parties and the Client’s apps and WP’s websites. The technology makes it possible to collect data about Users from Clients’ to WP’s IT systems.

Additional information on cookies and other technologies may be found, among other places, at wszystkoociasteczkach.pl, youronlinechoices.com or in the Help section in the browser’s menu.

Social media plugins

We use social media plugins, including Facebook Social Plugin, by means of which social media service providers may access your Personal Data. Our websites feature the Like and Share buttons associated with Facebook. For this purpose, the code referring to Facebook is placed in the relevant sections and sites. By using the Like button or recommending an image or sections of a site, you are logging into Facebook, where the privacy policy in force is that of Facebook. You may familiarize yourself with this policy at http://pl-pl.facebook.com/help/cookies

Detailed information on the scope and purpose of processing your data within Facebook Social Plugin may be found at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

WP and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) are co-controllers of Personal Data in accordance with Article 26 of the GDPR with respect to the processing of data for statistical purposes. Co-control includes aggregate data analysis for the purpose of displaying activity statistics for users of WP fanpages.

The scope of responsibility of Meta Platforms Ireland for processing your Personal Data:

  • having a legal basis for processing data for the site’s statistics;
  • ensuring that rights of data subjects are exercised;
  • reporting violations to the supervisory authority and notifying affected persons of incidents;
  • providing appropriate technical and organizational measures to ensure the security of Personal Data.

The scope of responsibility of WP for processing your Personal Data:

  • having a legal basis for processing data for statistical purposes;
  • performing information duties concerning purposes of processing pursued by WP
  • providing contact details and contact details of the Data Protection Officer

Meta Platforms Ireland will provide the essential content of the attachment with statistics to data subjects (Article 26(2) of the GDPR) using the data found in the Information about Page Insights data.

The main regulatory authority regarding common data processing is the Irish Data Protection Commission (irrespective of the provisions of Article 55(2) of the GDPR where applicable).

Detailed information on mutual arrangements between the controllers is available at: https://www.facebook.com/legal/terms/page_controller_addendum.

Rules for personal data processing by Meta Platforms Ireland are available at: https://www.facebook.com/privacy/explanation

Managing browser settings

To receive notifications from us, you may give consent, which you may withdraw at any time using your browser settings.

Notifications are provided in real time and handled by the web browser you are using. For this reason, a unique identifier will be stored in your browser. We process data of your approximate geographic location data, among others, to provide you with information about the weather at your location, traffic information, presenting advertisements for restaurants nearby.

In addition, to perform statistical measurements, we use technologies coming from our Trusted Partners, in particular Google Analytics and Gemius. 

The above entities place special codes on your end devices that allow us to collect data used to count statistics and optimize our Services. 

At any time a User may object to the collection of data by Google Analytics or Gemius by changing web browser settings. 

Detailed information about the scope and purpose of processing your data and your rights may be found at the following links:

You may also prevent Gemius from having access to information about your activity on our website using the solutions available here:

  • http://privacypolicy.gemius.com/pl/

Additional information is available at: http://www.gemius.pl/cookie-policy.html

You may also prevent Google Analytics from having access to information about your activity on our website using the solutions available here:

When use our Services and when you provide us with an e-mail address (e.g. to log in, sign up for a newsletter), we may share your Personal Data or other information we receive from you, such as your e-mail address (in hashed, pseudonymized form), IP address, mobile advertising ID or information about the browser or operating system you are using, with our Trusted Partner – LiveRamp, Inc. and companies from its group. LiveRamp uses the information to create an online identification code to recognize you on your devices. This code does not contain any Personal Data allowing for identification and will not be used by LiveRamp for re-identification. We place this code in our site cookie or use a LiveRamp cookie and allow it to be used in online and cross-channel advertising. The code may be provided to our Trusted Partners to make it possible to use content based on interests or targeted advertisements in the whole process of using the Internet (e.g. via websites, e-mail, linked devices, apps, etc.). Trusted Partners may in turn use this code to combine demographic or interest-based information you have provided in your interactions with them. Detailed information on LiveRamp’s data processing activities and how to withdraw consent/make an objection is available in the LiveRamp privacy policy at: https://liveramp.com/privacy/service-privacy-policy/. 

In many cases, a web browser by default allows the storage of information in the form of cookies and other similar technologies on the User’s end device. A User may, however, change these settings at any time. A failure to make changes means that the aforementioned information may be placed and stored, and thus that we will store information on the user’s end device and access that information.

Comprehensive information is available in the browser settings:

We would like to inform you that restricting or disabling the use of cookies and other similar technologies may affect some of the functionalities available in our services.

Please keep in mind that:

  • when you use the same computer together with other users, when you finish using the WP Services to which you are logged in, make sure to log out, i.e. "exit" your settings so that no one may see them;
  • the data you provided at registration is known only to you and WP. For our part, we guarantee that the data will not be disclosed to anyone, and you should also exercise caution when sharing it with third parties;
  • it happens that people using the web want to obtain information about you and use it against you or others. Be careful. Make sure that you know who the person asking you for personal data is and what kind of institution they represent.




My data and consents

manage consents