Privacy & Cookies Policy

§ 1 General provisions

  1. Personal data of the users of the website located at the domain https://curiosum.com are administered by Curiosum sp. z o.o. with its registered seat at Grudzieniec 32/1, 60-601 Poznań, Poland, entered in the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court Register, under KRS number 0000833883, with the share capital of PLN 5,000 paid in full, REGON: 385781950, NIP: 7812007384 (hereinafter: "Administrator").
  2. Contact with the Administrator is possible:
    • through email at dpo@curiosum.com,
    • through writing at Administrator’s adress: Grudzieniec 32/1, 60-601 Poznań, Poland.
  3. The purpose of the Policy is to set forth the actions taken with respect to personal data collected through the Administrator's website and related services and tools used by its users, as well as in the activity of entering into and performing contracts in contact outside the website (e.g., collaboration agreements).
  4. If necessary, the provisions of this Policy may be amended. The change will be communicated to users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or have provided e-mail data in the performance of contracts, they will also be notified of the change by e-mail.

§ 2 Basis of processing, purposes and storage of personal data

  1. Users' personal data are processed in accordance with the European General Data Protection Regulation, and in the territory of Poland also in accordance with Polish Personal Data Protection Act of 10.05.2018 and Polish Act on Provision of Electronic Services of 18.07.2002.
  2. In the case of processing of personal data on the basis of a query or complaint sent by the user through email, such processing shall be based on Article 6(1)(b) of the General Data Protection Regulation, according to which the processing is necessary in order to take action at the request of the data subject.
  3. In the case of obtaining a separate consent of the user, his personal data can be processed by the administrator also for marketing purposes (e.g. newsletter), including in order to send commercial information electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).
  4. In the case of the conclusion and performance by the Administrator of a contract for the provision of services, the other party is required to provide the data necessary for the conclusion of the contract (which is a contractual requirement, and in terms of tax numbers also a statutory requirement) and for this purpose the Administrator processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
  5. In the case of research and analysis for the purpose of improving the performance of available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for processing.
  6. In connection with the Administrator's organization of training/meetings in the form of videoconferences subject to recording, the personal data of participants enrolling in training via an intermediary platform (eg MeetUp, ClickMeeting) and the Administrator's website will be processed. The legal basis for the processing of personal data of training participants, including the name and surname and other biometric data (image, tone of voice and manner of moving) is the consent of the training participant to the processing of their personal data, i.e. Article 6(1)(a) of the General Data Protection Regulation. By signing up for the training/meeting, the participant agrees to the recording and such processing of his personal data.
  7. Organizing training sessions/meetings by the Administrator in the form of videoconferences subject to recording involves the processing of personal data of persons conducting the training. The legal basis for the processing of personal data, including name and surname and other biometric data, including image, voice and manner of movement, is the prior consent of the data subject, i.e. Article 6(1)(a) of the General Data Protection Regulation, expressed in a separate contract concluded for the provision of services by the operator.
  8. The processing of personal data of trainers and participants as in par. 6 and 7 is also associated with the Administrator sharing recordings from training on Youtube or other streaming services, to which the trainers separately, and the participants, by accepting this Privacy Policy, agree. The legal basis for the processing of personal data in this case is the consent of the data subjects, i.e. Article 6(1)(a) of the General Data Protection Regulation.
  9. Users' personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims of the Administrator and the other party for the execution of concluded agreements (in the case of agreements for the provision of services, in accordance with Polish law, the statute of limitations is 2 years, counting from the end of the year) and until the execution of an inquiry directed by e-mail or until the end of the investigation of a complaint.

§ 3 Processing of personal data of collaborators or candidates in the recruitment process

  1. The controller shall ensure that any personal data collected are used solely for the purpose of carrying out and servicing the cooperation with the controller and are not stored for longer than necessary for the aforementioned reasons. The data processing here takes place on the basis of Article 6(1)(b) of the General Data Protection Regulation.
  2. The CV and the data contained therein sent by the candidates for cooperation are processed and stored only for the purpose of recruitment to the Administrator's team and only until the end of the recruitment process, unless the candidate has given his consent to participate in further recruitment (in this case the processing takes place for a period of 3 years or until the withdrawal of consent). Data is processed here on the basis of paragraph 1(b) of the General Data Protection Regulation.
  3. Candidates for cooperation, as well as cooperating entities, have the right to request access to their personal data, rectification, erasure or restriction of processing, as well as the right to object to processing, and the right to data portability and the right to lodge a complaint with a supervisory authority.
  4. The provision of personal data by candidates for associates is voluntary, but failure to provide data will halt the recruitment process.
  5. The Administrator processes the image of a co-worker or candidate for co-worker only after obtaining his/her prior consent to do so. The processing here is based on Article 6(1)(a) of the General Data Protection Regulation.

§ 4 Data sharing

  1. The Administrator shall ensure that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except:
    • prior consent of the data subjects to do so has been expressed, or
    • such transfer is necessary when the Administrator uses cooperating entities, e.g., accountants, subcontractors, law firms, web hosts, service providers, including marketing services,
    • if the obligation to provide such data arises or will arise under applicable law, e.g. to law enforcement agencies.
  2. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with external service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of the software providers, data may be transferred - subject to the principles of their protection - to third countries, however, ensuring standard contractual provisions approved by the European Commission for the processing of personal data. These entities in the case of the Administrator are:
    • Google Inc. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google analytics tools used to analyse web site statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a website or application and to track users' actions on the website, Google Ads: used to display sponsored links in Google search results and on sites cooperating within the Google AdSense programme. Using the link below: https://tools.google.com/dlpage/gaoptout it is possible to disable activity measured by Google Analytics,
    • LinkedIn Corporation (registered office: 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) for the Linkedin Pixel used to collect data from the Website and an applicant tracking system to better understand the type of audience for content,
    • Facebook Inc. (registered office: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) for the Facebook pixel used to track conversions from Facebook ads, optimize them on the basis of collected data and statistics and build a targeted audience list for future ads,
    • Microsoft Corporation, One Microsoft Way, (registered office: Redmond, WA 98052-6399) for Clarity to analyze user behavior to understand how users interact with the Site, including through session replays and heat maps,
    • Disqus Inc. (registered office: 301 Howard Street Suite 300, San Francisco, CA, 94105, USA) for Discus used to host blog comments and reactions with an interface available on the Site.
  3. The Administrator also uses a data processor on its behalf with whom it has entered into a processing contract, i.e. Engagebay Inc. (registered office: 255 W Verano Way, Mountain House, CA, 95391, USA), which is responsible for handling chat on the website, collection of personal data through forms, including newsletter, webinar/e-book sign-up.

§ 5 User rights

  1. The user whose personal data are processed has the right to inspect their data, complete, update, rectify, temporarily or permanently restrict their processing, request their deletion and transfer the data to another controller (subject to the technical possibilities of the parties). The access, supplementation, update, rectification, restriction of processing, deletion of data or transfer of data is carried out on the basis of the user's request sent to the e-mail address dpo@curiosum.com. Such request shall include the name of the user for identification purposes.
  2. Where the Administrator has obtained your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
  3. The user ensures that the data provided or published by him on the site are correct.
  4. We make every effort to ensure that the processing of your personal data is carried out in accordance with the law. However, if you feel that we have committed an infringement, you have the right to lodge a complaint to the supervisory authority (President of Polish Office for Personal Data Protection, 2 Stawki Street 00-193 Warsaw).

§ 6 Cookies Policy

  1. Cookies are understood to be computer data, in particular text files, stored on the end user's device (usually on the computer's hard drive or mobile device) used to store certain settings and data by the user's browser in order to use websites. These files allow for recognition of the user's device and appropriate display of the website, ensuring comfort during its use. The storage of cookies enables the website and the offer to be tailored to your preferences. The server recognises and remembers your preferences, such as visits, clicks and previous actions.
  2. "Cookies" include, in particular, the domain name of the website from which they originate, the time of storage on the terminal device and a unique number used to identify the browser from which you connect to the website.
  3. Cookies are used for:
    • Adapting the content of websites to user preferences and optimizing the use of websites,
    • To create anonymous statistics, which by helping to determine how the user uses the web pages make it possible to improve their structure and content,
    • Provide website users with advertising content tailored to their interests.
  4. Cookies are not used to identify users and their identity is not determined on their basis.
  5. The basic division of "cookies" is their distinction into:
    1. Persistent cookies are stored on the user's device for the time specified in the parameters of cookies or until they are manually deleted by the user.
    2. Session cookies are temporary files that are deleted automatically when you log out of the website or close your web browser window.
  6. The use of cookies to adapt the content of websites to user preferences does not generally mean the collection of any information to identify the user, although this information may sometimes have the nature of personal data, i.e. data allowing the attribution of certain behaviors to a particular user. Personal data collected using "cookies" may only be collected in order to perform certain functions for the user. Such data is encrypted in a manner that prevents unauthorized access.
  7. Cookies used by this website are not harmful to the user or the terminal device used by him, so in order for the website to function properly it is recommended not to disable their use in browsers. In many cases, software used to browse the Internet (web browser) by default allows to store information in the form of "cookies" and other similar technologies on the user' terminal device. The user can change the way the browser uses cookies at any time. In order to do so, the browser settings must be changed. The method of changing the settings varies depending on the software (web browser) used. Relevant instructions can be found on the subpages, depending on the browser you use:
  8. Please refer to the user guide for your mobile device for details on how to manage cookies on your cell phone or other mobile device.
  9. This version of Privacy and Cookies Policy is valid from 2021-06-15. Previous versions of the Policy are available from the Administrator upon request via e-mail.