Privacy Policy

I. GENERAL INFORMATION 

Welcome to the East x West Summit website. We respect your privacy and take steps to protect  your personal data (hereinafter: "Data"). This Privacy Policy (hereinafter: "Policy") explains what  Data we collect, how we use it, with whom we share it, and what rights you have with respect to  your Data - under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27  April 2016 on the protection of individuals with regard to the processing of personal data and on  the free movement of such data and repealing Directive 95/46/EC (general data protection  regulation, hereinafter: "GDPR"). 

The Policy is for informational purposes and is intended, in particular for: 

a. persons using the website at https://exwsummit.com/ (hereinafter: "Site"); b. people attending our events, including the East x West Summit; 

c. our business contractors; 

d. contact persons. 

II. DATA CONTROLLER AND CONTACT INFORMATION 

1. The Controller of the Data is Bridge Foundation with its registered office in Wrocław (50-024),  Świdnicka 40 Street, registered in the register of associations, other social and professional  organizations, foundations and independent public health care facilities by the District Court for  Wrocław Fabryczna in Wrocław, VI Economic Department of the National Court Register under  KRS number: 0001110537, NIP: 8971939014, REGON: 528903101 (hereinafter: "Controller"). 

2. The Controller can be contacted at at the following email address: maciek@exwsummit.com

III. FOR WHAT PURPOSES AND ON WHAT BASIS ARE THE DATA PROCESSED? 1. WEBSITE 

If you use the Site, the Controller may process your Data for the following purposes: 

a. providing electronic services to give users access to the content available on the Site - the  legal basis for the processing is the necessity to perform the contract for the provision of  electronic services or to take action prior to its conclusion at your request (Article 6(1)(b)  GDPR);  

b. managing and administering of the Site, including troubleshooting, data analysis, testing,  research, and for statistical and analytical purposes - the legal basis for the processing is  the Controller’s legitimate interest in the form of analysis of your activities, as well as your  preferences in order to improve the functionalities used and services provided (Article  6(1)(f) GDPR).  

In connection with your use of the Site, the Controller may process, in particular, such Data as  your IP address, browser version and type, time zone settings, browser plug-in types and  versions, operating system and platform and other technologies used on the devices you use to  access the Site, as well as other identifiers and information collected through cookies or other  similar technologies (files that can identify your browser or device). 

2. EVENT PARTICIPANTS  

If you participate in events organized or co-organized by the Controller, including the East x West  Summit, the Controller may process your Data in order to enable you to participate in these  events, including registration for the events, ensuring participation in the events according to the  rules and regulations of the individual events, ensuring the proper organization of the events,  including safety rules during the events - the legal basis for the processing is the necessity to  perform the contract concluded with the Controller or to take action before its conclusion at your  request (if you are a party to the contract) (art. 6(1)(b) GDPR) and fulfillment of the Controller's  legal obligations (Art. 6(1)(c) GDPR). Exceptionally, if there is a threat to life or health during an 

event - the basis for processing may be the necessity to protect the vital interests of the Data  Subject or another natural person (Article 6(1)(d) GDPR).  

In connection with the promotion of events organized or co-organized by the Controller,  promotional materials, including those containing the image of participants, may be created from  the events - depending on the scope of their use, the legal basis for the processing may be the  Controller' legitimate interest in promoting the events and the Controller's image (Article 6(1)(f)  GDPR) - particularly if your image is only a detail of the whole, or your consent (Article 6(1)(a)  GDPR). 

In connection with the organization of events, the Controller may process, in particular, such Data  as Identification Data, Contact Data, image and other Data obtained in the course of organizing  events.  

3. DONORS  

When you make a donation to the Controller, Data will be processed for the following purposes: 

a. handling the process of concluding and executing the donation agreement - the basis for  processing is the necessity to execute the agreement concluded with the Controller or to  take actions prior to its conclusion at your request (if you are a party to the agreement)  (Article 6(1)(b) GDPR); 

b. settlement of the concluded donation agreement - the legal basis for processing is the  implementation of obligations imposed on the Controller by law, including accounting and  tax obligations (Article 6(1)(c) GDPR). 

In connection with the donation, the Controller may process the following Data: Identification Data,  Contact Data and other Data provided in connection with the donation.  

4. BUSINESS CONTRACTORS 

In connection with business relationships, the Controller may process Data for the following  purposes: 

a. establishing cooperation and concluding and performing a contract- the legal basis for  processing is the necessity to perform the contract concluded with the Controller or to take  actions prior to its conclusion at your request (if you are a party to the contract) (Article  6(1)(b) GDPR), and in the case of contractor's representative Data, the basis for processing  is the Controller's legitimate interest in the form of the need to ensure the proper  performance of the contract (Article 6(1)(f) GDPR);  

b. settling the concluded agreement, including issuing and storing settlement documents - the  basis for processing is the implementation of obligations imposed on the Controller by law,  including accounting and tax obligations (Article 6(1)(c) GDPR). 

In connection with the business relationship, the Controller may process the following Data:  Identification Data, Contact Data, Data regarding job position and professional qualifications , and  other Data provided to the Controller in connection with the cooperation.  

5. CONTACT 

When you contact the Controller, the Data will be processed in order to contact you for the  purpose of handling your request sent via email, among other things, to contact you in connection  with our contract or other arrangements, to conduct further correspondence with you - the legal  basis for processing is the Controller's legitimate interest in contacting you, including conducting  correspondence (Article 6(1)(f) GDPR). 

In connection with the initiation of contact, the Controller may process the following Data:  Identification Data, Contact Data and other Data provided to the Controller in connection with the  initiation of contact. 

6. MARKETING ACTIVITIES

Your Data will be processed for the purpose of marketing activities (including informing you about  the Controller's services, news and events) - the legal basis for processing is the Controller's legitimate interest in direct marketing (Article 6(1)(f) GDPR).  

Marketing activities via email address or telephone number, are carried out only after obtaining  your consent to use the appropriate communication channel to receive such information (including  by providing an email address or telephone number for this purpose) - in this regard, the legal  basis for processing is your consent (Article 6(1)(a) GDPR).  

In connection with marketing activities, the Controller may process the following Data: contact  details, including e-mail address and other Data obtained in connection with marketing activities.  

7. OTHER PROCESSING PURPOSES 

The Controller may also process your Data for the following purposes: 

a. fulfillment of legal obligations imposed on the Controller - the legal basis for processing is  the necessity to fulfill a legal obligation imposed on the Controller (Article 6(1)(c) GDPR); b. fulfillment of the Controller's internal administrative purposes - the legal basis for the  processing is the Controller's legitimate interest in the form of the need to fulfill the  Controller's internal purposes (Article 6(1)(f) GDPR);  

c. for statistical or analytical purposes (e.g. surveying customer opinions and satisfaction,  analyzing them for optimization of service processes or improvement of service quality) - the legal basis for processing is the Controller's legitimate interest in the form of statistical  and analytical purposes (Article 6(1)(f) GDPR), 

d. for the purpose of establishing, investigating or defending against claims - the legal basis  for processing is the Controller's legitimate interest in establishing, investigating or  defending against claims (Article 6(1)(f) GDPR).  

In connection with other processing purposes, the Controller may process the following Data:  Identification Data, Contact Data and other Data obtained from external sources 

IV. DATA SOURCE 

The Data may have been obtained directly from you or another entity (e.g., a provider of systems  that monitor your activity on the Site) or come from publicly available sources. 

V. DATA PROCESSING PERIOD  

1. The Controller will not use or store your Data for longer than necessary to achieve the  aforementioned purposes, and the collected Data will be deleted after the expiration of the period  necessary to achieve the purposes of processing: 

a. in the case of processing of your Data in order to provide access to the content  collected on the Site - the Data will be processed for the period necessary to provide the  functionality of the Site; 

b. in the case of processing your Data for the performance of a contract - the Data will  be processed for the period of time necessary for the performance of the concluded  contract (e.g. partnership agreement);  

c. in the case of processing your Data on the basis of a legitimate interest - the Data will  be processed until we have this legitimate interest or until you successfully file an objection; d. in the case of processing your Data on the basis of consent - the Data will be  processed until the consent is withdrawn or the Data is no longer up-to-date or no longer  useful for the specified purposes. 

2. In addition, in each case, the Data may also be processed for the time necessary to: 

a. implementation of the Controller's obligations under applicable laws; 

b. establish, exercise or defend against claims - for the period of their limitation period  specified by applicable law.

3 

3. Depending on the scope of the Data and the purposes of its processing, the Data may be stored  for different periods. In each case, the longer period of retention of the Data shall be decided. 

VI. DATA RECIPIENTS 

1. Data is collected with due diligence and properly protected from unauthorized access. 2. Recipients of Data processed by the Controller may be, in particular: 

a. entities that support the Controller in its operations, in particular, entities to which the Data  is transferred for the purpose of organizing events and conferences; 

b. entities that provide support and operation of the Controller's tools and information  systems, including, in particular, providers of hosting, registration forms, and entities that  support the Controller in maintaining and improving the Site; 

c. legal or tax advisors, accounting and HR service providers, postal operators, electronic  payment system providers; 

d. if the obligation to provide Data results from mandatory legal regulations - the recipients of  the Data may also be the competent state authorities. 

3. Data stored in some cookies may be accessed by entities whose technologies we use, or entities  whose plug-ins are on the Site. 

VII. RIGHTS OF DATA SUBJECTS 

1. You have the right to access the Data, including the right to obtain a copy of such Data, to request  their rectification, deletion or restriction of processing, to object to their processing (to the extent  that the Data are processed based on the legitimate interests of the Controller), to transfer them  to another controller, as well as the right to lodge a complaint to the President of the Office for  Personal Data Protection - under the terms of the law. 

2. If the processing of Data is based on consent, you have the right to revoke it at any time without  affecting the lawfulness of the processing carried out on that basis before the withdrawal of  consent. 

VIII. DATA TRANSFER TO THIRD COUNTRIES 

As a general rule, the Data is not transferred outside the European Economic Area (hereinafter:  "EEA"). Exceptionally, the Controller may transfer Data to processing partners outside the EEA,  but only to the extent necessary, related to the provision of services by these partners to the  Controller. In such cases, the Controller shall ensure the protection of the Data, in particular, by  applying standard data protection clauses adopted pursuant to a decision of the European  Commission or transfer to countries on which the European Commission has issued a decision  finding an adequate level of protection. In such cases, you may obtain a copy of the safeguards  in place by contacting the Controller (contact information indicated above).  

IX. AUTOMATED DECISION-MAKING, INCLUDING PROFILING 

The Controller does not carry out activities involving automated decision-making, including  profiling, with respect to individuals whose Data is processed.  

X. THE NEED FOR DATA 

As a rule, providing Data is voluntary, but it may be necessary in order to fulfill one of the above mentioned purposes, including, for example, taking part in organized events, enabling you to use  the Site, or conducting correspondence in a selected form. Refusal to provide Data may result  respectively in inability to participate in organized events, use the Site or conduct correspondence.  

XI. SECURITY DATA 

We take reasonable measures to protect Data from unauthorized access, use or disclosure.  However, despite our efforts, no data transmission over the Internet or data storage system can  be guaranteed to be completely secure.

XII. UPDATE POLICY  

The Controller may update the Policy from time to time. Changes will be effective upon publication  on the Site. We encourage you to review this page regularly for any changes. 

Thank you for choosing East x West Summit. The Controller is committed to ensuring the  protection of your privacy and the security of your Data.