Personal data of the users of the website located at the domain
https://curiosum.com
are administered by Curiosum sp. z o.o. with its
registered seat at Grudzieniec 32/1, 60-601 Poznań, Poland, entered in the Register of Entrepreneurs kept by the
District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Department of the National Court
Register, under KRS number 0000833883, with the share capital of PLN 5,000 paid in full, REGON: 385781950, NIP:
7812007384 (hereinafter: "Administrator").
through writing at Administrator’s address: Grudzieniec 32/1, 60-601 Poznań, Poland.
The purpose of the Policy is to set forth the actions taken with respect to personal data collected through
the Administrator's website and related services and tools used by its users, as well as in the activity of
entering into and performing contracts in contact outside the website (e.g., collaboration agreements).
If necessary, the provisions of this Policy may be amended. The change will be communicated to users by
announcing the new content of the Policy, and in the case of the base of persons who have consented to the
processing of data by e-mail or have provided e-mail data in the performance of contracts, they will also be
notified of the change by e-mail where required by applicable law.
§ 2 Basis of processing, purposes and storage of personal data
Users' personal data are processed in accordance with the European General Data Protection Regulation, and
in the territory of Poland also in accordance with Polish Personal Data Protection Act of 10.05.2018 and Polish
Act on Provision of Electronic Services of 18.07.2002.
In the case of processing of personal data on the basis of a query or complaint sent by the user through
email, such processing shall be based on Article 6(1)(b) of the General Data Protection Regulation, according to
which the processing is necessary in order to take action at the request of the data subject.
In the case of obtaining a separate consent of the user, his personal data can be processed by the
administrator also for marketing purposes (e.g. direct e-mail communication), including in order to send commercial information
electronically to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection
Regulation).
In the case of the conclusion and performance by the Administrator of a contract for the provision of
services, the other party is required to provide the data necessary for the conclusion of the contract (which is
a contractual requirement, and in terms of tax numbers also a statutory requirement) and for this purpose the
Administrator processes personal data (Article 6(1)(b) and, in the case of tax and accounting data, also Article 6(1)(c) of the General Data Protection Regulation).
In the case of research and analysis for the purpose of improving the performance of available services (e.g.
tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for
processing.
In connection with the Administrator's organization of training/meetings in the form of videoconferences subject to recording,
the personal data of participants enrolling in training via an intermediary platform (eg MeetUp,
ClickMeeting) and the Administrator's website will be processed.
The legal basis for the processing of personal data of training participants, including the name and surname and other biometric data (image, tone of voice and manner of moving)
is the consent of the training participant to the processing of their personal data, i.e. Article 6(1)(a) of the General Data Protection Regulation.
By signing up for the training/meeting, the participant agrees to the recording and such processing of his personal data.
Organizing training sessions/meetings by the Administrator in the form of videoconferences subject to recording involves the processing of personal data of persons conducting the training.
The legal basis for the processing of personal data, including name and surname and other biometric data, including image, voice and manner of movement, is the prior consent of the data subject,
i.e. Article 6(1)(a) of the General Data Protection Regulation, expressed in a separate contract concluded for the provision of services by the operator.
The processing of personal data of trainers and participants as in par. 6 and 7 is also associated with the Administrator sharing recordings from training on Youtube or other streaming services,
to which the trainers separately, and the participants, by accepting this Privacy Policy, agree.
The legal basis for the processing of personal data in this case is the consent of the data subjects, i.e. Article 6(1)(a) of the General Data Protection Regulation.
Users' personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until
the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims
of the Administrator and the other party for the execution of concluded agreements (in the case of agreements
for the provision of services, in accordance with Polish law, the statute of limitations is 3 years (or 6 years in other cases), counting from the end of the year) and until the execution of an inquiry directed by e-mail or until the end of the
investigation of a complaint.
§ 3 Processing of personal data of collaborators or candidates in the recruitment process
The controller shall ensure that any personal data collected are used solely for the purpose of carrying out
and servicing the cooperation with the controller and are not stored for longer than necessary for the
aforementioned reasons. The data processing here takes place on the basis of Article 6(1)(b) of the General
Data Protection Regulation.
The CV and the data contained therein sent by the candidates for cooperation are processed and stored only
for the purpose of recruitment to the Administrator's team and only until the end of the recruitment process,
unless the candidate has given his consent to participate in further recruitment (in this case the processing
takes place for a period of 3 years or until the withdrawal of consent). Data is processed here on the basis
of paragraph 1(b) of the General Data Protection Regulation.
Candidates for cooperation, as well as cooperating entities, have the right to request access to their
personal data, rectification, erasure or restriction of processing, as well as the right to object to
processing, and the right to data portability and the right to lodge a complaint with a supervisory authority.
The provision of personal data by candidates for associates is voluntary, but failure to provide data will
halt the recruitment process.
The Administrator processes the image of a co-worker or candidate for co-worker only after obtaining his/her
prior consent to do so. The processing here is based on Article 6(1)(a) of the General Data Protection
Regulation.
§ 4 Data sharing
The Administrator shall ensure that any personal information collected is used to fulfill obligations to
users. This information will not be shared with third parties except:
prior consent of the data subjects to do so has been expressed, or
such transfer is necessary when the Administrator uses cooperating entities, e.g., accountants, subcontractors, law firms, web hosts, service providers, including marketing services,
if the obligation to provide such data arises or will arise under applicable law, e.g. to law enforcement agencies.
The Administrator may share anonymized data (i.e., data that does not identify specific Users) with
external service providers in order to better identify the attractiveness of advertisements and services to Users,
and in this regard, due to the location of the software providers, data may be transferred - subject to the
principles of their protection - to third countries; however, where such transfers occur, the Administrator applies standard contractual clauses approved by the
European Commission. These entities in the case of the Administrator are:
Google Inc. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google
analytics tools used to analyse web site statistics, Google Tag manager: used to manage scripts by
easily adding code snippets to a website or application and to track users & actions on the website, Google
Ads: used to display sponsored links in Google search results and on sites cooperating within the Google
AdSense programme. Using the link below:
https://tools.google.com/dlpage/gaoptout
it is possible to disable activity measured by Google Analytics,
LinkedIn Corporation (registered office: 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) for the Linkedin Pixel used to collect data from the Website and an applicant tracking system to better understand the type of audience for content,
Microsoft Corporation, One Microsoft Way, (registered office: Redmond, WA 98052-6399) for Clarity to analyze user behavior to understand how users interact with the Site, including through session replays and heat maps,
Disqus Inc. (registered office: 301 Howard Street Suite 300, San Francisco, CA, 94105, USA) for Discus used to host blog comments and reactions with an interface available on the Site.
The Administrator also uses data processors on its behalf with whom it has entered into data-processing agreements:
MailerLite Limited (registered office: 88 Harcourt Street, Dublin 2, D02 DK18, Ireland) – provides Curiosum with email communication services, including web forms, transactional and marketing messages, campaign automation and performance analytics. MailerLite stores all customer data on EU-based Google Cloud servers located in Germany and the Netherlands; therefore no personal data processed by MailerLite is transferred outside the European Economic Area.
Hetzner Online GmbH (registered office: Industriestr. 25, 91710 Gunzenhausen, Germany) – hosts Curiosum’s internal customer-relationship management system used to store conversation history with clients and prospects. All data remains exclusively within the EU.
§ 5 User rights
The user whose personal data are processed has the right to inspect their data, complete, update,
rectify, temporarily or permanently restrict their processing, request their deletion and transfer the data to
another controller (subject to the technical possibilities of the parties). The access, supplementation, update,
rectification, restriction of processing, deletion of data or transfer of data is carried out on the basis
of the user's request sent to the e-mail address
dpo@curiosum.com. Such request shall include the name of the user for identification purposes.
Where the Administrator has obtained your consent to process your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
The user ensures that the data provided or published by him on the site are correct.
We make every effort to ensure that the processing of your personal data is carried out in accordance with the law. However, if you feel that we have committed an infringement, you have the right to lodge a complaint to the supervisory authority (President of Polish Office for Personal Data Protection, 2 Stawki Street 00-193 Warsaw).
The Administrator does not apply automated decision-making that produces legal effects or similarly significantly affects the user, within the meaning of Article 22 of the General Data Protection Regulation. Basic profiling (e.g., email segmentation in MailerLite) may be used to personalize marketing content, but it does not produce significant effects for the user.
§ 6 Cookies Policy
Cookies are small text files stored on the end user’s device that let the website remember your settings, measure performance and display personalised content.
“Cookies” typically contain the domain name they come from, their lifetime and a unique identifier of the browser.
We use cookies to:
adapt the site to your preferences and optimise its operation
create anonymous statistics that help improve the structure and content
show advertising or job content tailored to your interests
Categories of cookies and legal basis:
Necessary
– ensure basic site functions; processed under our legitimate interest – art. 6 (1)(f)
GDPR.
Analytics
– measure site traffic and behaviour; loaded only after your consent – art. 6 (1)(a)
GDPR.
Marketing
– personalise recruitment/advertising content (e.g. LinkedIn); loaded only after
consent – art. 6 (1)(a) GDPR.
Retention: persistent cookies remain until you manually delete them, withdraw consent via the “Cookie settings” panel, or they expire automatically according to the provider’s default settings (currently anywhere from minutes up to 25 months). Exact lifetimes are managed by the providers listed below and may change—see their policies.
Key cookies we set or load:
curiosum_session
– Curiosum – maintains user session – session /
until logout – Necessary
bcookie
– LinkedIn – browser ID – provider-defined – Marketing
Cookies are not used to identify you personally; any data collected is encrypted to prevent
unauthorised access.
Most browsers accept cookies by default, but you can change this in your settings or through the
“Cookie settings” link in the footer to give or withdraw consent.
For mobile devices, refer to your OS user guide for cookie management options.
This version of the Privacy and Cookies Policy is valid from 2025-06-25. Previous versions are
available from the Administrator upon request.
This website uses cookies for analytics and to improve provided services. By closing this box, you consent to our use of them and other tracking technologies according to our
Privacy Policy.