Privacy Policy

GENERAL PROVISIONS

The controller of personal data collected through the website https://www.elevatedance.pl is Elevate Dance Sp. z o.o. with its registered office in Gdańsk (80-454) at ul. Nad Stawem 7, entered in the Register of Entrepreneurs of the National Court Register by the District Court Gdańsk-Północ, 7th Commercial Division of the National Court Register under KRS number: 0001215896, NIP: 9571197609, email address: elevate.danceworkshops@gmail.com, hereinafter referred to as the "Controller".

Personal data collected by the Controller through the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Polish Act on Personal Data Protection of 10 May 2018.

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data through the website https://www.elevatedance.pl in the following cases:

• when a user uses the event registration form or contact form. Personal data is processed on the basis of Art. 6(1)(f) GDPR as the legitimate interest of the Controller.
• when a user subscribes to the Newsletter for the purpose of receiving commercial information electronically. Personal data is processed upon giving separate consent, on the basis of Art. 6(1)(a) GDPR.

TYPE OF PERSONAL DATA PROCESSED. The Controller processes the following categories of user personal data:

• First and last name,
• Address (residential),
• Email address,
• Phone number,
• Age

PERSONAL DATA RETENTION PERIOD. Users' personal data is stored by the Controller:

• where the basis for processing is the performance of a contract, for as long as necessary for the performance of the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic claims and claims related to business activity — three years.
• where the basis for processing is consent, for as long as the consent is not withdrawn, and after withdrawal of consent, for a period corresponding to the limitation period for claims that the Controller may raise or that may be raised against the Controller. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic claims and claims related to business activity — three years.

When using the website, additional information may be collected, in particular: the IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

Navigation data may also be collected from users, including information about links and references they choose to click or other actions taken on the website. The legal basis for this type of activity is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), consisting of facilitating the use of electronically provided services and improving the functionality of those services.

Providing personal data by the user is voluntary.

Personal data will also be processed in an automated manner in the form of profiling, provided that the user gives consent on the basis of Art. 6(1)(a) GDPR. The consequence of profiling will be the assignment of a profile to a given person for the purpose of making decisions concerning them or analyzing or predicting their preferences, behaviors and attitudes.

The Controller takes special care to protect the interests of the data subjects and in particular ensures that the data collected is:

• processed lawfully,
• collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,
• substantively correct and adequate in relation to the purposes for which it is processed, and stored in a form that permits identification of data subjects for no longer than is necessary to achieve the purpose of processing.

DISCLOSURE OF PERSONAL DATA

Users' personal data is transferred to service providers used by the Controller in operating the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Controller's instructions regarding the purposes and methods of processing such data (data processors) or independently determine the purposes and methods of processing (controllers).

Users' personal data is stored exclusively within the European Economic Area (EEA).

RIGHT OF CONTROL, ACCESS TO AND CORRECTION OF PERSONAL DATA

The data subject has the right to access their personal data, the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

Legal bases for user requests:

• Access to data — Art. 15 GDPR
• Rectification of data — Art. 16 GDPR
• Erasure of data (right to be forgotten) — Art. 17 GDPR
• Restriction of processing — Art. 18 GDPR
• Data portability — Art. 20 GDPR
• Objection — Art. 21 GDPR
• Withdrawal of consent — Art. 7(3) GDPR

To exercise the rights referred to in point 2, a relevant email may be sent to: elevate.danceworkshops@gmail.com.

When a user exercises a right arising from the above rights, the Controller shall fulfill the request or refuse to fulfill it without delay, but no later than within one month of receipt. If, however, due to the complex nature of the request or the number of requests, the Controller is unable to fulfill the request within one month, it shall fulfill it within the next two months, informing the user within one month of receipt of the request of the intended extension of the deadline and its reasons.

If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

COOKIES

The Controller's website uses cookies.

The installation of cookies is necessary for the proper provision of services on the website. Cookies contain information necessary for the proper functioning of the website and also enable the compilation of general statistics on website visits.

Types of cookies used on the website:

The Controller uses its own cookies to better understand how users interact with the website content. The files collect information about how a user uses the website, the type of page from which the user was redirected, and the number of visits and duration of the user's visit to the website. This information does not record specific personal data of the user but is used to compile statistics on website usage.

The user has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibilities and methods of handling cookies is available in the settings of the software (web browser).

FINAL PROVISIONS

The Controller applies technical and organizational measures ensuring protection of processed personal data appropriate to the threats and categories of data under protection, and in particular secures data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable regulations, and alteration, loss, damage or destruction.

The Controller provides appropriate technical measures to prevent the acquisition and modification of personal data transmitted electronically by unauthorized persons.

In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.