Privacy Policy – CESTC 2026

This page contains information relating to personal data processing in connection with CESTC 2026 and the Candela Foundation website.

Data Controller

The Candela Foundation, ul. Grochowska 357/513, 03-822 Warszawa, is the Controller of your processed personal data.

You can contact the Controller via mail at Candela Foundation, ul. Grochowska 357/513, 03-822 Warszawa, by email at cestc@candela.org.pl, or by phone at +48 531 968 850.

Purposes of and basis for processing

We will process your personal data to:

contact you by e-mail or phone, if you initiate such communication - Article 6(1)(c) of the GDPR [1]
(processing is necessary to comply with a legal obligation imposed on the Controller[2]);
improve the quality of services; the Controller processes website use statistics - Article 6(1)(f) of the GDPR;
send newsletter - Article 6(1)(a) of the GDPR, based on data subject's consent;

You may withdraw your consents for personal data processing at any time by sending an e-mail to the following address: cestc@candela.org.pl.

Please also be reminded that withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

We may also process your personal data to perform tasks in public interest (Article 6(1)(e) of the GDPR) and in justified cases we will process your personal data for the purposes resulting from legitimate interest pursued by the Data Controller (Article 6(1)(f) of the GDPR).

Personal data recipients

Access to your personal data shall also be granted to authorized employees, associates from the Candela Foundation who must process your data in connection with the executed task.

Entities that the Controller commissioned to perform certain activities entailing the necessity to process personal data may also be data recipients. In order to ensure appropriate protection of personal data, we signed data processing agreements with such recipients.

Personal data retention period

We will process your personal data until the purpose of its collection is achieved and then in justified cases for the period set forth in the National Archive Resource and Archives Act of 14 July 1983 and the provisions of the Telecommunications Law Act.

Rights connected with data processing

We guarantee you the ability to exercise all your rights according to the principles specified by the GDPR, i.e. the right to:

access the data and receive a copy;
rectify (correct) your personal data;
restrict personal data processing;
erase personal data (subject to Article 17(3) of the GDPR);
lodge a complaint with the President of the Personal Data Protection Office if you believe that the personal data processing violates the personal data protection laws.

Obligation to provide data and consequences of failure to provide data

Providing the data processed in connection with fulfilment of a legal obligation is compulsory; if the data are processed based on consent for processing personal data, providing them is voluntary. Failure to provide data may prevent the possibility to achieve the aforementioned objectives.

The Privacy Policy can be amended or updated in accordance to current needs of the Data Controller to ensure current and reliable information for users concerning their personal data and information about it. Any changes to the privacy policy shall be introduced on this page.

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 4 May 2016, p. 1 as amended).

[2] The legal obligation results in particular from the Higher Education and Science Act of 20 July 2018, the Telecommunications Law Act of 16 July 2016, and the Act on Informatization of Operations of Entities Performing Public Tasks of 17 February 2005.