Personal data of the users of the website located at the domain https://curiosum.com are administered by Curiosum sp. z o.o. with its
registered seat at Grudzieniec 32/1, 60-601 Poznań, Poland, entered in the Register of Entrepreneurs kept by the
District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court
Register, under KRS number 0000833883, with the share capital of PLN 5,000 paid in full, REGON: 385781950, NIP:
7812007384 (hereinafter: "Administrator").
through writing at Administrator’s adress: Grudzieniec 32/1, 60-601 Poznań, Poland.
The purpose of the Policy is to set forth the actions taken with respect to personal data collected through
the Administrator's website and related services and tools used by its users, as well as in the activity of
entering into and performing contracts in contact outside the website (e.g., collaboration agreements).
If necessary, the provisions of this Policy may be amended. The change will be communicated to users by
announcing the new content of the Policy, and in the case of the base of persons who have consented to the
processing of data by e-mail or have provided e-mail data in the performance of contracts, they will also be
notified of the change by e-mail.
of processing, purposes and
storage of personal data
Users' personal data are processed in accordance with the European General Data Protection Regulation, and
in the territory of Poland also in accordance with Polish Personal Data Protection Act of 10.05.2018 and Polish
Act on Provision of Electronic Services of 18.07.2002.
In the case of processing of personal data on the basis of a query or complaint sent by the user through
email, such processing shall be based on Article 6(1)(b) of the General Data Protection Regulation, according to
which the processing is necessary in order to take action at the request of the data subject.
In the case of obtaining a separate consent of the user, his personal data can be processed by the
administrator also for marketing purposes (e.g. newsletter), including in order to send commercial information
electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection
In the case of the conclusion and performance by the Administrator of a contract for the provision of
services, the other party is required to provide the data necessary for the conclusion of the contract (which is
a contractual requirement, and in terms of tax numbers also a statutory requirement) and for this purpose the
Administrator processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
In the case of research and analysis for the purpose of improving the performance of available services (e.g.
tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for
In connection with the Administrator's organization of training/meetings in the form of videoconferences subject to recording,
the personal data of participants enrolling in training via an intermediary platform (eg MeetUp, ClickMeeting) and the Administrator's website will be processed.
The legal basis for the processing of personal data of training participants, including the name and surname and other biometric data (image, tone of voice and manner of moving)
is the consent of the training participant to the processing of their personal data, i.e. Article 6(1)(a) of the General Data Protection Regulation.
By signing up for the training/meeting, the participant agrees to the recording and such processing of his personal data.
Organizing training sessions/meetings by the Administrator in the form of videoconferences subject to recording involves the processing of personal data of persons conducting the training.
The legal basis for the processing of personal data, including name and surname and other biometric data, including image, voice and manner of movement, is the prior consent of the data subject,
i.e. Article 6(1)(a) of the General Data Protection Regulation, expressed in a separate contract concluded for the provision of services by the operator.
The processing of personal data of trainers and participants as in par. 6 and 7 is also associated with the Administrator sharing recordings from training on Youtube or other streaming services,
The legal basis for the processing of personal data in this case is the consent of the data subjects, i.e. Article 6(1)(a) of the General Data Protection Regulation.
Users' personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until
the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims
of the Administrator and the other party for the execution of concluded agreements (in the case of agreements
for the provision of services, in accordance with Polish law, the statute of limitations is 2 years, counting
from the end of the year) and until the execution of an inquiry directed by e-mail or until the end of the
investigation of a complaint.
Processing of personal data of collaborators or candidates in the recruitment process
The controller shall ensure that any personal data collected are used solely for the purpose of carrying out
and servicing the cooperation with the controller and are not stored for longer than necessary for the
aforementioned reasons. The data processing here takes place on the basis of Article 6(1)(b) of the General
The CV and the data contained therein sent by the candidates for cooperation are processed and stored only
the purpose of recruitment to the Administrator's team and only until the end of the recruitment process,
unless the candidate has given his consent to participate in further recruitment (in this case the processing
takes place for a period of 3 years or until the withdrawal of consent). Data is processed here on the basis
paragraph 1(b) of the General Data Protection Regulation.
Candidates for cooperation, as well as cooperating entities, have the right to request access to their
personal data, rectification, erasure or restriction of processing, as well as the right to object to
processing, and the right to data portability and the right to lodge a complaint with a supervisory authority.
The provision of personal data by candidates for associates is voluntary, but failure to provide data will
halt the recruitment process.
The Administrator processes the image of a co-worker or candidate for co-worker only after obtaining his/her
prior consent to do so. The processing here is based on Article 6(1)(a) of the General Data Protection
§ 4 Data sharing
The Administrator shall ensure that any personal information collected is used to fulfill obligations to
users. This information will not be shared with third parties except:
prior consent of the data subjects to do so has been expressed, or
such transfer is necessary when the Administrator uses cooperating entities, e.g., accountants,
subcontractors, law firms, web hosts, service providers, including marketing services,
if the obligation to provide such data arises or will arise under applicable law, e.g. to law
The Administrator may share anonymized data (i.e., data that does not identify specific Users) with
service providers in order to better identify the attractiveness of advertisements and services to Users,
this regard, due to the location of the software providers, data may be transferred - subject to the
of their protection - to third countries, however, ensuring standard contractual provisions approved by the
European Commission for the processing of personal data. These entities in the case of the Administrator
Google Inc. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google
analytics tools used to analyse web site statistics, Google Tag manager: used to manage scripts by
adding code snippets to a website or application and to track users' actions on the website, Google
used to display sponsored links in Google search results and on sites cooperating within the Google
programme. Using the link below: https://tools.google.com/dlpage/gaoptout it is
possible to disable activity measured by Google Analytics,
LinkedIn Corporation (registered office: 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) for the
Linkedin Pixel used to collect data from the Website and an applicant tracking system to better
the type of audience for content,
Facebook Inc. (registered office: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) for
Facebook pixel used to track conversions from Facebook ads, optimize them on the basis of collected data
statistics and build a targeted audience list for future ads,
Microsoft Corporation, One Microsoft Way, (registered office: Redmond, WA 98052-6399) for Clarity to
analyze user behavior to understand how users interact with the Site, including through session replays
Disqus Inc. (registered office: 301 Howard Street Suite 300, San Francisco, CA, 94105, USA) for Discus
used to host blog comments and reactions with an interface available on the Site.
The Administrator also uses a data processor on its behalf with whom it has entered into a processing
contract, i.e. Engagebay Inc. (registered office: 255 W Verano Way, Mountain House, CA, 95391, USA), which
responsible for handling chat on the website, collection of personal data through forms, including
§ 5 User rights
The user whose personal data are processed has the right to inspect their data, complete, update,
temporarily or permanently restrict their processing, request their deletion and transfer the data to
controller (subject to the technical possibilities of the parties). The access, supplementation, update,
rectification, restriction of processing, deletion of data or transfer of data is carried out on the basis
the user's request sent to the e-mail address email@example.com.
request shall include the name of the user for identification purposes.
Where the Administrator has obtained your consent to process your personal data, you have the right to
withdraw your consent at any time. This will not affect the lawfulness of the processing that was carried
the basis of consent before its withdrawal.
The user ensures that the data provided or published by him on the site are correct.
We make every effort to ensure that the processing of your personal data is carried out in accordance
law. However, if you feel that we have committed an infringement, you have the right to lodge a complaint
supervisory authority (President of Polish Office for Personal Data Protection, 2 Stawki Street 00-193
§ 6 Cookies Policy
Cookies are understood to be computer data, in particular text files, stored on the end user's
(usually on the computer's hard drive or mobile device) used to store certain settings and data by
user's browser in order to use websites. These files allow for recognition of the user's device
appropriate display of the website, ensuring comfort during its use. The storage of cookies enables the
and the offer to be tailored to your preferences. The server recognises and remembers your preferences,
visits, clicks and previous actions.
"Cookies" include, in particular, the domain name of the website from which they originate,
of storage on the terminal device and a unique number used to identify the browser from which you
connect to the
Cookies are used for:
Adapting the content of websites to user preferences and optimizing the use of websites,
To create anonymous statistics, which by helping to determine how the user uses the web pages make
possible to improve their structure and content,
Provide website users with advertising content tailored to their interests.
Cookies are not used to identify users and their identity is not determined on their basis.
The basic division of "cookies" is their distinction into:
Persistent cookies are stored on the user's device for the time specified in the parameters of
or until they are manually deleted by the user.
Session cookies are temporary files that are deleted automatically when you log out of the website
close your web browser window.
of any information to identify the user, although this information may sometimes have the nature of
data, i.e. data allowing the attribution of certain behaviors to a particular user. Personal data
using "cookies" may only be collected in order to perform certain functions for the user. Such
encrypted in a manner that prevents unauthorized access.
Cookies used by this website are not harmful to the user or the terminal device used by him, so in
the website to function properly it is recommended not to disable their use in browsers. In many cases,
used to browse the Internet (web browser) by default allows to store information in the form of
"cookies" and other similar technologies on the user's terminal device. The user can
changing the settings varies depending on the software (web browser) used. Relevant instructions can be
the subpages, depending on the browser you use: