• Polski
  • English
    • Home > Privacy Policy

    Privacy Policy

    Privacy Policy – Personal Data Processing at Skowronscy Art Gallery (SoA)<.h1>

    Information clauses regarding the processing of personal data in connection with the use of websites and services provided by Skowronscy Art Gallery, as listed below.

    1. Introduction

    This Privacy Policy provides information on the processing of personal data in connection with the use of the website https://www.soagallery.pl/(hereinafter the “Website”) operated by Skowronscy Art Gallery (SoA) (hereinafter the “Gallery”), as well as in connection with the use of other services provided by the Gallery, in particular registration for or participation in events (hereinafter the “Events”). The Gallery is operated by EURO Limited Liability Company (EURO Spółka z ograniczoną odpowiedzialnością).

    This document provides information required under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”).

    The Privacy Policy also defines the terms of use of the Website and the services available through it.

    The information clauses regarding the processing of personal data are grouped according to the functionalities of the Website or the Gallery’s services used by a given individual (hereinafter the “User”), in particular divided into:

    • Users visiting the Website (e.g. in connection with contact forms, newsletters, cookies);
    • Participants of Events (in connection with registration and participation processes).

    2. Data Controller

    The controller of your personal data is EURO Limited Liability Company (EURO Spółka z ograniczoną odpowiedzialnością), with its registered office at Franciszka Salezego Jezierskiego 7/23, 00-457 Warsaw, Poland.

    You may contact the Controller via e-mail: rodo@soagallery.pl.

    3. Purposes and Legal Bases for Data Processing

    3.1. Data processing in connection with the use of the Website

    Data: Your personal data that may be processed in connection with the use of the Website includes:

    • Data provided voluntarily in forms or when registering a user account: full name, e-mail address, phone number, delivery address, billing information, message content.
    • Data collected automatically: IP address, browser type, URL of the previously visited page (referrer link), visit time, information on website activity, data collected through cookies.

    Data will be processed for the following purposes:

    • fulfilment of ordered services or goods (including preparation, packaging, and shipping);
    • handling of inquiries submitted via the contact form;
    • newsletter management and distribution of marketing information; by subscribing to the newsletter, the User agrees that it may contain information about products, services, and events organized by Skowronscy Art Gallery (SoA)
    • administration of the Website and ensuring its proper operation and security (including server log analysis);
    • conducting statistics and traffic analysis on the Website (e.g. using Google Analytics);
    • marketing purposes, including remarketing and tailoring advertisements to user behavior (e.g. using Facebook Pixel, Google Ads).

    The legal bases for processing are: the data subject’s consent (Article 6(1)(a) GDPR – e.g. for sending newsletters or using marketing/analytical cookies), necessity for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR – e.g. for processing orders or handling inquiries), compliance with a legal obligation (Article 6(1)(c) GDPR – e.g. for tax or accounting purposes), and the legitimate interests pursued by the Controller (Article 6(1)(f) GDPR).

    The Controller’s legitimate interests include Website administration, ensuring security, handling user inquiries (not leading to a contract), performing basic analytics and statistics, and direct marketing of its own products and services.

    Data provided in forms are processed according to the purpose of each form. The Website may also record connection parameters (timestamp, IP address).

    3.2. Data processing in connection with participation in Events

    Data: Your personal data that may be processed in connection with Events includes: full name, e-mail address, phone number (landline/mobile), company/institution/organization/editorial office/university name, position/student status, country, postal code, city, province, login details (e-mail address, password – if applicable), data confirming eligibility (e.g. ticket, invitation, ID badge, ticket type), image (photos and video materials), and other voluntarily provided data or data required by law or necessary for the stated purposes (e.g. statistical data, data needed for legal defense).

    Data will be processed for the following purposes:

    • organization and execution of the event (including registration, account creation if applicable, access to online transmissions – if applicable);
    • informing about future events and Gallery activities (direct marketing);
    • identity verification when entering event venues (including printing and issuing badges);
    • additional identity verification for access to restricted zones (e.g. Premium/VIP areas);
    • enabling contact and meeting arrangements between registered participants (networking), including possible publication of participant lists or access to an online communication tool – if applicable;
    • sharing data with event partners and sponsors for marketing purposes;
    • statistics, quality measurement, and performance evaluation;
    • establishing, pursuing, or defending legal claims;
    • compliance with legal obligations of the Controller;
    • recording of image (photos and videos) from the event.

    The legal bases for processing are: necessity for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR – e.g. event organization), consent of the data subject (Article 6(1)(a) GDPR – e.g. for marketing, image registration, or data sharing with partners), compliance with a legal obligation (Article 6(1)(c) GDPR – e.g. tax and accounting), and legitimate interests of the Controller (Article 6(1)(f) GDPR).

    The Controller’s legitimate interests include ensuring security and access control at the event venue, evaluating event effectiveness, improving service quality, establishing or defending claims, and promoting events organized by the Gallery (e.g. through group photos where the participant’s image is incidental).

    For photos or recordings where the participant’s image is the main element, processing is based solely on explicit consent, which may be withdrawn at any time.

    Contact data sharing with other participants occurs only with explicit consent.

    4. Data Recipients

    • Entities providing services to the Gallery (e.g. IT support, accounting, security, catering, registration systems, payment processing, hotels for accommodation bookings) – to the necessary extent and under data processing agreements.
    • Event partners and sponsors – only with your explicit consent.
    • The Website hosting provider – only to the extent of data collected within the server logs of soagallery.pl.
    • Courier companies – to the extent necessary for fulfilling and delivering orders (if applicable).
    • Authorized public authorities (e.g. courts, police) – based on applicable legal regulations.

    5. Data Retention Period

    • For event organization and execution: as long as necessary for the event and related settlements.
    • For marketing purposes: until consent is withdrawn or an objection is lodged.
    • For establishing, pursuing, or defending legal claims: until the expiry of limitation periods.
    • For legal compliance purposes: for the duration required by law.
    • For image recording: until consent is withdrawn or an objection is lodged, or for a period justified by promotional purposes, not exceeding 5 years after the event.

    6. Data Subject Rights

    • Right of access: to obtain confirmation whether your personal data is being processed and access related information, such as purposes, categories, and recipients.
    • Right to rectification: to request the correction of inaccurate data and completion of incomplete data.
    • Right to erasure (“right to be forgotten”): to request the deletion of your personal data without undue delay, where one of the grounds under Article 17 GDPR applies (e.g. data no longer necessary for the purposes collected).
    • Right to restriction of processing: to request restriction of processing in cases provided for under Article 18 GDPR (e.g. contesting data accuracy).
    • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
    • Right to object: to object at any time, on grounds relating to your particular situation, to processing based on Article 6(1)(e) or (f) GDPR, including profiling. You may object at any time to direct marketing.
    • Right to withdraw consent: if processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
    • Right to lodge a complaint: to the President of the Personal Data Protection Office (PUODO) if you believe that data processing violates GDPR.

    7. Voluntary Nature of Data Provision

    Providing personal data is voluntary.

    However, in order to use certain services or functionalities, specific data (marked as mandatory) are necessary. This applies in particular to:

    1. Using the Website: registering an account, placing an order, or submitting an inquiry via the contact form requires providing essential data. Failure to provide them may prevent account creation, order processing, or receiving a response.
    2. Participation in Events: if participation (e.g. in an opening, workshop) requires prior registration or form completion, providing necessary data (e.g. name for guest list) is essential. Failure to do so prevents registration and participation.

    8. Automated Decision-Making and Profiling

    Your personal data will not be used for automated decision-making or profiling in a way that produces legal effects concerning you or similarly significantly affects you.

    9. Changes to the Privacy Policy

    The Controller reserves the right to amend this Privacy Policy at any time. Any changes will be published on the Gallery’s website https://www.soagallery.pl/.

    10. Effective Date

    This Privacy Policy enters into force on November 04, 2025.

    Newsletter

    Jako pierwszy/a dowiesz się o nowych kolekcjach, limitowanych pracach i wydarzeniach online

    Back to Top
    Używamy plików cookie, aby zapewnić Państwu jak najlepsze wrażenia podczas korzystania z naszej strony internetowej. Kontynuując korzystanie z tej strony, wyrażają Państwo zgodę na używanie przez nas plików cookie.
    Akceptuję
    Odmawiam
    czytaj więcej…