Privacy Policy

 

Data Protection at a Glance

Scope

This privacy policy applies exclusively to the distribution site (landing page) operated by ION Research & Education Sp. z o.o. at https://om-noizzes.com. Through this page you can access various areas of the network of cooperating entities of OM Noizzes, such as the Foundation (https://fdn.om-noizzes.com), the Practice (https://care.om-noizzes.com), or the Institute (https://edu.om-noizzes.com). Each of these areas has its own content, distinct areas of responsibility, and its own privacy policy. Please review the applicable privacy policy as well as the rules regarding the processing of personal data on the respective websites.

General Information

The following information provides a basic explanation of what happens to your personal data when you visit this website. Personal data includes all information that can be used to identify you. Detailed information on data protection can be found in our privacy policy below.

This privacy policy contains information about the processing of your personal data collected through the use of the website and its functionalities, through electronic and traditional correspondence, as well as in connection with the provision of services and the implementation of all activities related to the statutory objectives of the Fundacja Instytut OM Noizzes based in Kraków, ul. Wadowicka 6, 30-415 Kraków, KRS No.: 0001119157.

In compliance with the obligation under Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and repealing Directive 95/46/EC, we provide you with the following information:

Under the General Data Protection Regulation (GDPR) and the Polish Personal Data Protection Act (Personal Data Protection Act, UODO, of 10 May 2018), you as a user have certain rights regarding your personal data. The competent supervisory authority for data protection in Poland, to which complaints and inquiries can be addressed, is the President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych - UODO).

 

1. Data Collection on This Website

Who is responsible for data processing on this website?

The data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section "Information about the Data Controller" of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This may include information entered into a contact form, for example.

Other data is collected automatically or after obtaining your consent when you visit the website. This primarily includes technical data (e.g., browser information, operating system, time of page access). These data are collected automatically when you visit our website.

What do we use your data for?

The collection of these data serves to ensure the proper functioning of the website. If contracts are concluded or transactions are initiated via the website, the provided data may also be processed for the purpose of presenting offers, fulfilling orders, or handling other contract-related inquiries.
Data processing also occurs if there are legal obligations or if a legitimate interest exists in accordance with Article 6(1)(f) of the GDPR.

Are tracking or analytical tools used?

No cookies are used on our website. During your visit, we only collect data stored in the server log files (e.g., IP address, access time) to ensure the secure and error-free operation of the site. No other tracking, analysis, or profiling tools are used; no profiling is carried out.

What rights do you have regarding the processing of your data?

You have the right to receive free information about the origin, recipients, and purpose of the personal data stored by us. You also have the right to have your data corrected or deleted. If you have given consent to data processing, you can revoke this consent at any time with effect for the future.

Additionally, under Article 173 of the Polish Telecommunications Law (Prawo Telekomunikacyjne, PT), you have the right to object to the use of certain technologies, such as cookies.

For users accessing the Foundation’s website from the Federal Republic of Germany, the Telecommunications-Telemedia Data Protection Act (TTDSG) also applies, which governs the use of cookies.

In this case, cookies may be used (unless they are technically necessary) only with your consent in accordance with §25 TTDSG.

You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the Polish data protection supervisory authority:

Urząd Ochrony Danych Osobowych (UODO)
Stawki 2, 00-193 Warszawa, Polska
Strona internetowa: https://uodo.gov.pl

Additionally, you may contact the data protection authority responsible for your place of residence and country if you believe that your personal data is being processed unlawfully.

If you have any further questions regarding data protection, you can contact us at any time.

 

2. Hosting

Our website is hosted by the following provider:

Hetzner

The service provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Details can be found in Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/.

The use of Hetzner’s services is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in ensuring the greatest possible reliability of our website. If consent has been obtained, data processing is carried out solely on the basis of Art. 6(1)(a) GDPR and Article 173 of the Polish Telecommunications Act (Prawo Telekomunikacyjne, PT), provided that the consent covers the storage of cookies or access to information on the user’s device. Consent can be revoked at any time with effect for the future.

Data Processing by Third Parties

We have concluded a Data Processing Agreement (DPA) with Hetzner in accordance with the requirements of the GDPR. This agreement ensures that Hetzner processes the personal data of visitors to our website solely according to our instructions and in compliance with the GDPR.

 

3. Email Communication

Our email infrastructure is hosted by the following provider:

Seohost

The service provider is Seohost sp. z o.o., ul. Wróblewskiego 18, 93-578 Łódź, Poland.

Detailed information can be found in Seohost’s privacy policy: https://seohost.pl/polityka-prywatnosci/.

Legal Basis for Data Processing

Email processing is carried out based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in maintaining efficient and secure communication.

If there is a legal obligation to store or process emails, this is done based on Article 6(1)(c) of the GDPR and Article 10 of the Polish Act on the Provision of Electronic Services (UŚUDE).

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with Seohost to ensure that email data processing is carried out in compliance with the GDPR and Polish data protection regulations. Seohost processes personal data exclusively according to our instructions and in accordance with applicable regulations.

Security of Email Communication

Our emails are by default encrypted via SSL/TLS. Please note that email communication may not be fully secure. For instance, unencrypted emails may be intercepted by third parties during transmission. If you wish to send confidential information, we generally recommend using encrypted communication channels.

Disclosure to Third Parties

We disclose emails or data contained therein only to third parties if permitted or required by law (e.g., official requests) or if you have expressly consented to such disclosure.

 

4. General Information and Mandatory Notices

Protection of Personal Data

The administrators of this website take the protection of your personal data very seriously. We process your data confidentially and in accordance with applicable data protection regulations as well as this privacy policy.

Various personal data are collected when using this website. Personal data includes all information that allows you to be identified. This privacy policy explains what data we collect, for what purpose, and how they are used.

Please note that data transmission over the Internet (e.g., communication via email) may not be completely secure. Despite our efforts, full protection of data against third-party access cannot be guaranteed.

Information About the Data Controller

The controller responsible for the processing of personal data on this website is:

ION Research & Education Sp. z o.o.
ul. Wadowicka 6
30-415 Kraków, Polen
Telefon: +48 884 782 333
E-Mail: instytut@om-noizzes.com

The data controller is a natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., name, email address, etc.).

We are currently not legally required to appoint a Data Protection Officer. If you have any questions regarding data protection, particularly about your rights concerning the processing of personal data by ION Research & Education Sp. z o.o., please contact us directly.

Retention Period for Personal Data

Unless a specific retention period is stated in this privacy policy, your personal data will remain with us until they are no longer needed for their original purpose. If you submit a legitimate request for deletion or revoke your consent for processing, your data will be deleted unless there are other legally permissible reasons for retaining them (e.g., tax or accounting obligations). In such cases, deletion will occur after the mandatory retention period expires.

Legal Basis for Data Processing on This Website

• If you have given consent for data processing, we process it based on Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of personal data (e.g., health data) are involved.
• If you have consented to the transfer of personal data to third countries, processing is based on Article 49(1)(a) GDPR.
• If you have consented to the storage of cookies or access to information stored on your device (e.g., device fingerprinting), the legal basis is Article 173 of the Polish Telecommunications Law (Prawo Telekomunikacyjne, PT). Consent can be revoked at any time.
• If processing is necessary for the performance of a contract or pre-contractual measures, it is based on Article 6(1)(b) GDPR.
• If processing is required to fulfill a legal obligation, it is based on Article 6(1)(c) GDPR and Article 10 of the Polish Act on the Provision of Electronic Services (UŚUDE).
• Processing may also be based on our legitimate interest pursuant to Article 6(1)(f) GDPR. The respective legal bases are detailed in the following sections of this privacy policy.

Recipients of Personal Data

In our operations, we collaborate with external entities, which may involve the transfer of personal data. Data is shared only in the following cases:

• when necessary to fulfill a contract,
• when we are legally required to do so (e.g., transfer to tax authorities),
• when we have a legitimate interest in the transfer pursuant to Article 6(1)(f) GDPR,
• when another legal basis exists for data transfer.

If we share data with data processors, this is done based on a valid Data Processing Agreement (DPA). If data processing is jointly carried out, we conclude an agreement regulating the responsibilities of each party.

Revocation of Consent for Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing performed before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

If your data is processed on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.

This also applies to profiling based on these provisions. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for direct marketing, including any related profiling.

If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

In the event of a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, workplace, or the location of the alleged infringement.

The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data that we process automatically based on your consent or as part of a contract, in a commonly used, machine-readable format.

If you request direct transfer of the data to another controller, this will be done if technically feasible.

Right to Information, Correction, and Deletion of Data

You have the right to free information about the origin, recipients, and purpose of the personal data stored by us. You also have the right to correct or delete this data.

If you have any questions regarding the processing of your personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time. This right applies in the following cases:

    • If you dispute the accuracy of the personal data we store, we need time to verify it. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
    • If your personal data has been unlawfully processed, you can request the restriction of processing instead of deletion.
    • If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of processing instead of deletion.
    • If you have lodged an objection under Article 21(1) GDPR, an assessment of your and our interests must be conducted. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

To exercise this or any other rights mentioned in this Privacy Policy, please contact us via post or email at:

ION Research & Education Sp. z o.o.
ul. Wadowicka 6
30-415 Kraków, Polen
Telefon: +48 884 782 333
E-Mail: instytut@om-noizzes.com

If you restrict the processing of your personal data, these data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for important public interest reasons of the European Union or a member state.

The data controller also informs you that no automated decisions will be made about you, and you will not be subject to profiling.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (e.g., inquiries or orders), this site uses SSL or TLS encryption.

You can recognize an encrypted connection by checking whether the address in your browser’s address bar changes from "http://" to "https://" and whether a lock icon appears in the address bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

Currently, no payment transactions are processed on this website, therefore we do not collect any payment data.

Objection to Unsolicited Advertising

The contact details published in compliance with legal notice requirements must not be used for sending unsolicited advertising or informational materials.

The administrators of this website reserve the right to take legal action in the event of the unsolicited transmission of advertising information, such as spam emails.

 

5. Data Collection on This Website

Server Log Files

The hosting provider of this website is Hetzner Online GmbH (see Section 2 - Hosting). Hetzner automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These files contain:

• Browser type and version
• Operating system used
• Referrer URL (previously visited page)
• Hostname of the accessing computer
• Time of the server request
• IP address

At Hetzner, IP addresses are stored in anonymized form, making it no longer possible to identify an individual. These data are not merged with other data sources and are automatically deleted after no more than one month.

The collection of this data is based on Art. 6(1)(f) GDPR and Article 18 of the Polish Act on the Provision of Electronic Services (UŚUDE). The website operator has a legitimate interest in the technically error-free display and optimization of their website – for this purpose, the server log files must be recorded.

Inquiries by Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all resulting personal data (e.g., name, content of the inquiry), will be stored and processed by us for the purpose of handling your request. These data will not be shared with third parties without your consent.

The processing of these data is based on Article 6(1)(b) GDPR, provided that the request is related to the fulfillment of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient handling of inquiries (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR). You can revoke your consent at any time.

The data transmitted to us via inquiries will remain in our systems until you request deletion, withdraw your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Legal retention obligations, especially those resulting from Polish tax law (Ordynacja podatkowa), remain unaffected.

 

Here is the translation to English in HTML format: ```html

6. OM Noizzes in Social Media

This privacy policy applies to the following social networks:

• https://www.facebook.com/de.om.noizzes
• https://www.facebook.com/pl.om.noizzes
• https://www.youtube.com/@de_om_noizzes
• https://www.youtube.com/@pl_om_noizzes
• https://t.me/de_om_noizzes
• https://t.me/pl_om_noizzes

Responsibility

On this page, we link to the OM Noizzes social media profiles. These profiles are not operated by ION Research & Education Sp. z o.o., but by our partner foundation, the

Fundacja Instytut OM Noizzes
ul. Wadowicka 6
30-415 Kraków, Poland
Phone: +48 536 021 712
E-Mail: fundacja@om-noizzes.com

The foundation is legally and administratively responsible. When you follow one of these links, you leave our website and are redirected to the respective social media platform of the foundation.

Please note that we have no control over the data processing of these platforms. Specifically, there is no joint data use or joint responsibility between ION Research & Education Sp. z o.o., the Fundacja Instytut OM Noizzes, and the respective social media providers in accordance with Article 26 of the GDPR. ION Research & Education Sp. z o.o. also has no administrative access to the social media profiles.

The processing of personal data on these platforms is solely governed by the privacy policies of the respective providers and the provisions of the foundation. For further information on the purpose and scope of data collection and its further processing and use, we refer you to the respective privacy notices of these third-party providers.

Data Processing by Social Networks

Our website only contains links to profiles on social networks (hyperlinks). When visiting our website, no personal data is automatically transmitted to these networks. Only by actively clicking on a link will you be redirected to the respective platform, where the respective privacy policies apply.

Social networks like Facebook, YouTube, etc., can comprehensively analyze your user behavior when you visit their website or a website with integrated social network content (e.g., "Like" buttons or advertising banners). Visiting social media presences triggers various privacy-relevant processing operations.

In Detail:

If you are logged into your social media account and visit the OM Noizzes foundation social media presence, the operator of the social network may assign this action to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social network. In this case, data collection occurs, for example, through cookies stored on your device or by collecting your IP address.

The information collected from this data can be used by social network operators to create user profiles that store your preferences and interests. This may result in interest-based advertisements being shown to you both within and outside the respective social networks. If you have an account with a social network, interest-based advertisements may be shown on all devices where you are or have been logged in.

Please note that we cannot track all processing operations on social media platforms. Depending on the provider, additional processing operations may be carried out by the social network operators. For detailed information, please refer to the respective terms of use and privacy policies of the social networks.

Responsible for Data Processing and Exercise of Rights

If you visit social media sites (e.g., Facebook), the respective responsible profile operator is jointly responsible with the operator of the respective social media platform for the data processing operations triggered during this visit. You can exercise your rights (access, correction, deletion, restriction of processing, data portability, and complaint) with both the profile operator and the operator of the respective social media platform (e.g., Facebook).

Data Retention

Cookies stored by social media platforms generally remain on your device until you delete them.

We have no control over the retention period of your data, which is stored by social network operators for their own purposes. For detailed information, please contact the social network operators directly (see their privacy policies below).

Your Rights

You have the right to obtain, free of charge, information about the origin, recipients, and the purpose of your stored personal data. You also have the right to object, request data portability, and file a complaint with the relevant supervisory authority.

Furthermore, you can request the correction, blocking, deletion, and – in certain circumstances – the restriction of processing of your personal data.

Social Networks in Detail

Facebook

The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as "Meta"). According to Meta, the collected data is also transmitted to the USA and other third countries.

You can adjust your ad settings in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads

Data transmission to the USA occurs based on the standard contractual clauses of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381

Further information about data processing can be found in Facebook's privacy policy:
https://www.facebook.com/about/privacy/

Meta is certified under the "EU-U.S. Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards when processing data in the USA.

Any company certified under the DPF agrees to comply with these data protection standards. More information can be found at:
https://www.dataprivacyframework.gov/participant/4452

YouTube

The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Detailed information on the handling of your personal data can be found in YouTube's privacy policy:
https://policies.google.com/privacy

The company is certified under the "EU-U.S. Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards when processing data in the USA.

Any company certified under the DPF agrees to comply with these data protection standards. More information can be found at:
https://www.dataprivacyframework.gov/participant/5780

Telegram

The provider of this service is Telegram Messenger LLP, Dubai, United Arab Emirates.

Please note that Telegram processes your personal data when using the service. This may include IP addresses, device information, user behavior, and communication content. If you interact with profiles on Telegram, Telegram's privacy policy applies.

Please note that Telegram may transfer personal data to third countries outside the European Union and store it there. Profile operators have no control over this data processing.

Further information about data processing by Telegram can be found in their privacy policy:
https://telegram.org/privacy

Note on User Comments on Social Media Platforms

Social media profiles allow you to comment on content. Please note that the respective platform operators (Facebook, YouTube, Telegram) are responsible for complying with the Digital Services Act (DSA, Regulation (EU) 2022/2065). These platforms provide mechanisms to report illegal content.

To report content, please use the respective functions of the social media platform or contact the relevant provider:

• Facebook: https://www.facebook.com/help/www/263149623790594
• YouTube: https://support.google.com/youtube/answer/2802027?
• Telegram: https://telegram.org/faq

Additional Information for Polish Users

According to the Polish Data Protection Act ("Ustawa o ochronie danych osobowych") and the GDPR, the same data protection rights apply to social media platforms.
If you wish to file a complaint, you can contact the Polish data protection authority Urząd Ochrony Danych Osobowych (UODO):
https://uodo.gov.pl/