0
  • No products in the cart.
0

Data protection and cookies policy

Home page / Data protection and cookies policy

This Data Protection and Cookies Policy, hereinafter referred to as the Policy, has been drawn up to demonstrate that personal data is processed and secured in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

1. Personal Data Controller

The data controller of your personal data is Eliza Szachowicz conducting business under the name BRAINBOX Eliza Szachowicz with the registered office in Warsaw 00-214, ul. Franciszkańska 10/2, mob.: +48 600822088, NIP: 5252314433, REGON: 381474642, e-mail address: office@brainbox-school.eu, hereinafter referred to as the School.

2. Purpose and Basis of Personal Data Processing

Personal data is collected, stored and processed by the School with the consent of the data subjects, respecting the law, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, with due process and in a manner that guarantees its security.

The School may only use personal data in order to provide a proper service to the School's clients, for the purposes of providing the School's services. Data may also be processed on the basis of:

- Article 6(1)(a) GDPR - where consent has been given to process the data;

- Art. 6(1)(b) GDPR - where it is necessary for the conclusion of a contract or the performance of a contract already concluded;

- Article 6(1)(c) GDPR - when it is a legal obligation;

Article 6(1)(f) GDPR - when the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party.

3. Period of Storage of Personal Data

Personal data shall be processed for a period depending on the purpose of its processing, as well as for the period required by law due to an existing legal obligation. Data is processed until consent to its processing is withdrawn, unless there are legitimate grounds for further processing.

4. Recipients of Personal Data

The School only transfers personal data in cases provided for by law to entities entitled to receive such data and to suppliers and subcontractors:

- entities supporting the School's business activities, i.e., providing accounting, IT, legal services to the School, teachers, other language schools cooperating with the School, among others;

- entities carrying out payment operations;

- banks where it is necessary to conduct settlements;

- courier and postal services providers;

- state authorities or other entities entitled to access personal data on the basis of the law.

5. Rights of Data Subjects in Relation to the Processing of Their Personal Data

Every data subject whose data is processed by the School has the following rights:

- the right of access to personal data - the right to obtain confirmation of the processing and to receive a copy of the data;

- The right to request the rectification of personal data;

- The right to restrict the processing of personal data;

- The right to object to the processing of personal data;

- The right to request erasure of personal data;

- The right to withdraw consent to data processing. Consent can be withdrawn at any time;

- The right to data portability - where the processing is based on Art. 6(1) (b) GDPR, there is the right to transfer the data to another Personal Data Controller;

- The right to lodge a complaint to the supervisory authority competent in matters of personal data protection: President of the Office for the Protection of Personal Data, ul. Stawki 2, 00-193 Warsaw, e-mail: kancelaria@uodo.gov.pl; helpline: 606-950-000.

6. Personal Data Breaches

In the event of a personal data breach, the School shall assess whether the breach was likely to result in a risk of violation of the rights of data subjects. In a situation where the breach was likely to result in a risk of infringement of the rights of data subjects, the School shall report the personal data breach to the supervisory authority without undue delay, no later than 72 hours after the breach is identified. The School shall also notify the data subject of the incident.

7. Cookie Policy

Cookies” are IT data, in particular text files, created automatically by the web browser when using websites, which are stored on the final device (computer, tablet, smartphone) and allow the information contained in them to be read. Cookies allow the type of device of the person using the website to be identified. The school uses cookies on its website www.brainbox-school.eu for:

- compiling website visit statistics;

- optimising the use of websites. These cookies allow us to recognise the type of device on which the website is displayed and to adapt the design of the website according to the type of device.

A visitor to the www.brainbox-school.eu website may consent to the storage of cookies originating from the www.brainbox-school.eu website on his or her terminal device by means of the software settings of the device he or she has installed. Web browsers allow cookies to be stored on the device used by the user by default. You can change your cookie settings and disable cookies at any time. The addresses of the pages describing how to disable cookies for browsers are indicated below:

8. Data Protection Contact

For questions related to the Policy, including data protection, the School can be contacted by e-mail at office@brainbox-school.eu.