Strong Women in IT Privacy Policy

1. Definitions

In this Privacy Policy:

• “Controller” means Strong Women in IT, operated by Fundacja Network Creations.
• “Personal Data” refers to any information relating to an identified or identifiable natural person.
• “Processing” means any operation or set of operations performed on Personal Data.
• “User” means the individual whose Personal Data is processed.

2. Who is the Data Controller?

The controller of your personal data is:
Strong Women in IT, operated by Fundacja Network Creations,
Address: ul. Łazy 32, 25-677 Kielce, Poland
Email: [email protected]

The Controller has not appointed a Data Protection Officer (DPO).

3. What Data Do We Collect?

Depending on how you interact with our community, we process the following categories of data:

• Identification data (e.g., first name, last name, job title, company)
  
• Contact data (e.g., email address)
  
• Newsletter data (e.g., email opens, clicks)
  
• Technical data (e.g., IP address, cookies)

4. Purposes and Legal Bases for Processing

We process your data for the following purposes:

• Sending newsletters and reports – based on your consent.
  
• Organizing online and offline events – based on contract (your registration).
  
• Building and developing the community, based on the Controller’s legitimate interest.
  
• Analytical and statistical activities – based on the Controller’s legitimate interest.
  
• Compliance with legal obligations (e.g., tax obligations).

We may use data for profiling, for example, to segment audiences. However, we do not make automated decisions producing legal effects on this basis. You have the right to object to profiling.

5. Data Retention Periods

• Newsletter data: until consent is withdrawn.
  
• Event-related data: up to 3 years after the event ends.
  
• Analytical data: up to 26 months.
  
• Accounting/legal obligations: in accordance with applicable laws.

After the retention period expires, data is securely deleted or anonymized.

6. Data Sharing

We may share personal data with:

• Providers of IT and mailing tools.
  
• Partners and co-organizers of events (if necessary).
  
• Hosting providers and entities maintaining the website.

7. Data Flows and IT Tools

Personal Data may be processed using IT systems such as Google Workspace or GetResponse. We ensure full accountability of processing operations by maintaining a register of processing activities in accordance with the law.

8. Your Rights

You have the right to:

• Access your data and obtain a copy.
  
• Rectify inaccurate data.
  
• Erase your data (“right to be forgotten”).
  
• Restrict processing.
  
• Data portability to another controller.
  
• Object to processing based on legitimate interest or profiling.
  
• Withdraw consent at any time.
  
• Lodge a complaint with the President of the Personal Data Protection Office (UODO).

You can exercise these rights by sending a request via email. We will respond within 30 days.

In the event of a data breach, the Controller will notify the UODO and, if required, the affected individuals within 72 hours of becoming aware of the incident.

9. Cookies and Analytical Tools

The website uses cookies and similar technologies for:

• Proper functioning of the website.
  
• Analytical and statistical purposes.
  
• Marketing activities.

10. Security Measures

We apply the following security measures:

• SSL encryption.
  
• Regular security testing.
  
• Role-based access control.
  
• Data backups and monitoring.
  
• Staff training.
  
• Incident logging.

All documentation is regularly updated.

11. Data Protection Officer

The Controller has not appointed a Data Protection Officer.
For data protection matters, please contact us directly at [email protected].

12. Exercising Your Rights

Requests to exercise your data protection rights should be sent by email to: [email protected].
The Controller will verify the identity of the requester and fulfill the request within 30 days.

13. Compliance with Local Regulations

When providing services to individuals located outside the European Union, we make reasonable efforts to comply with local data protection regulations. However, the primary legal framework governing our activities is the GDPR and Polish data protection law. Where local laws significantly differ from GDPR, compliance will depend on the organizational and legal capacity of the Controller.

14. Changes to the Policy

This Privacy Policy may be updated from time to time. We will notify you of any significant changes by email or through a notice on our website.