APP PRIVACY POLICY

 ENERGY EXPO

 Last Updated: February 1st, 2025

1. KEY DEFINITIONS

In our Privacy Policy, as well as in other documents that we use in regard of data processing, below-mentioned definitions shall have following meaning:

  • Personal data – means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. For example, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction shall be considered as Processing;
  • Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

The Administrator of your personal data is MTR MEDIA GROUP SRL, with its registered office in Romania and address: Calea Republicii 85, Oradea, TAX ID RO 31573008. 

The Processor of your Personal data is Meeting Application sp. z o.o. (Ltd.) with a place of residence at Wrocław, address: ul. św. Antoniego 15 (50 – 073 Wrocław), share capital:

47.200,00 PLN, fully paid, Tax No. (NIP): 8992738060, Statistical No. (REGON): 021940356, entered into the register of entrepreneurs of the National Court Register, maintained by the District Court in Wroclaw, VI Commercial Division of the National Court Register under the KRS No.: 0000433314.

  • Data Protection Officer (DPO) – means a specially designated person by Controller or Processor to support one of the above-mentioned entities in compliance with duties regarding personal data protection, arising from the legally binding regulations. Data Protection Officer performing their duties in regard to processing your Personal data is (Nicoleta Maxinoaei, info@energyexpo.ro)
  • Grounds of Personal Data Processing – legally defined grounds of lawful Personal Data Processing. The following grounds derive from particular articles of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafterreferred to as: „GDPR”):
  1. 6 sec. 1 letter a) of GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;;
  2. 6 sec. 1 letter b) of GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. 6 sec. 1 letter c) of GDPR – processing is necessary for compliance with a legal obligation to which the Controller is subject;
  4. 6 sec. 1 letter d) of GDPR – processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. 6 sec. 1 letter e) of GDPR – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6.  6 sec. 1 letter f) of GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  • Recipient of Personal Data – means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;
  • Consent for Personal Data Processing – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them;
  • Supervisory Authority – means an independent public authority which is established to supervise compliance with personal data protection regulations. Currently in Poland such authority is the President of the Office for Personal Data Protection.

2. LAW

The key principles of personal data processing are defined in GDPR. Due to the fact that GDPR is a Regulation in the sense of EU law, it is directly applicable in all EU member states. You can read the full content of GDPR at the website of Official Journal of the European Union, EUR-Lex.

Apart from GDPR, there are applicable personal data processing regulations deriving from Polish legal acts, particularly from Personal Data Protection Act.

3. TYPE AND PURPOSE OF PROCESSED DATA

For the provision of the services relating to the app, Processor will process a variety of your Personal data. Each time, with the beginning of processing your Personal data, you will receive detailed information about the type of data that is processed and the purpose of processing.

Usually, we process following personal data:

  • Name,
  • Surname,
  • E-mail address,
  • Company name,
  • Company position.

Typically, to process your personal data you need to give consent to do so. In such case, before we begin processing your data, we will inform you each time about the type of your personal data that is being processed, the purpose of processing and your rights. Giving consent to process your personal data is voluntary and your consent can be revoked by you in any time, without necessity to give a reason for it. However, revoking the above-mentioned consent will unable us to provide you the services.

We are processing your personal data in purpose of providing you services offered through the app that you’ve downloaded.

4. FUNDAMENTAL PRINCIPLES OF PERSONAL DATA PROTECTION

Each and every processing of your Personal data will be different, particularly in scope of type of data that is being processed, purpose of the processing, and applied measures of processing.

Nonetheless, each time your personal data will be processed, the Processor applies following scope of fundamental principles of personal data processing:

  • Processing shall always be made in accordance with applicable regulations,
  • Your Personal data shall be processed in due, organised and well-thought manner,
  • Processing of your Personal data is and shall always be transparent,
  • Personal data Processing shall always be made in accordance with the purpose, for which such Personal data was obtained,
  • Only correct and up-to-date Personal data shall be processed,
  • Collected Personal data shall be stored only for the period of time necessary to fulfil the purpose for which they were gathered,
  • Personal data shall be processed only in the manner that will guarantee adequate safety of this data, including protection of this data from unauthorised or illegal processing, losing, destroying or damaging it,
  • Processor shall be responsible for compliance with above-mentioned principles and for that purpose they keep the documentation on how they process your Personal data.

5. YOUR RIGHTS

GDPR grants you a scope of rights, that you can execute in relation of processing your Personal data. These rights consists of:

  • right to access your Personal data and receive a copy of it;
  • right to rectify your Personal data;
  • right to delete your Personal data;
  • right to limit the scope of processing your Personal data;
  • right to object the processing of your Personal data;
  • right to transfer your Personal data;
  • right to withdraw a consent for processing in any time, without giving any cause;
  • right to lodge a complaint to a Supervisory Authority for the actions of Processor.

To exercise your rights, promptly contact the Processor, via Processor’s contact details disclosed in this Privacy Policy. Additionally, please take note of following caution, describing the rules of consideration of your enquiry:

Information shall be provided in writing or otherwise, including, where appropriate, by electronic means. If the data subject so requests, the information may be provided orally, provided the identity of the data subject is confirmed by other means. The Processor may refuse to handle the person’s request if it is unable to identify the data subject. The Processor shall, without undue delay – and in any case within one month of receiving the request – provide the data subject with information about the actions taken in relation to his request.

If necessary, this period may be extended by another two months due to the complexity of the request or the number of requests. Within one month of receiving the request, the Processor informs the data subject about such an extension, stating the reasons for the delay. If the data subject has submitted his request electronically, the information is also transmitted electronically, if possible, unless the data subject requests a different form. If the Processor fails to act in relation to the data subject’s request, he shall immediately – no later than one month after receiving the request – inform the data subject about the reasons for not taking action and about the possibility of lodging a complaint to the supervisory authority and taking advantage of measures. legal protection before the court.

The information provided by the Processor as well as communication and actions taken pursuant to and in connection with the processing of requests are free of charge. If the data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the processor may charge a reasonable fee, taking into account the administrative costs of providing information, communication or taking the requested action, or refuse to act in relation to your request. If the Processor has reasonable doubts as to the identity of the natural  person submitting the request, he may request additional information necessary to confirm the identity of the data subject.

6. PROCESSING OF PERSONAL DATA OF MINORS

In the event that a person under the age of eighteen provides their Personal Data in order to use the services, special rules of conduct will apply. In accordance with the GDPR and national provisions on the protection of personal data, a person aged 16 may independently consent to the processing of their Personal Data. If you are under the age of 16, only your legal guardian may consent to the processing of your personal data.

7. MAINTENANCE OF OUR PERSONAL DATA PROTECTION SYSTEM. NEW PRODUCTS, SERVICES AND ACTIVITIES

During the processing of your personal data, there may be a situation in which it will be necessary to change the functioning of the services related to the processing of your Personal Data or the applicable regulations governing the processing of Personal Data will change. For this reason, we monitor the processing of your Personal Data on an ongoing basis and how the changes may affect their processing. As part of our activities, we always strive to ensure that the changes made do not affect the need to process your Personal Data in a different way or to a different extent than you have consented to. In addition, we constantly conduct regular audits that verify the correctness of the Personal Data Processing by us.

8. PERSONS OBLIGED TO COMPLY WITH THE DATA PROTECTION POLICY

All personnel of the Processor and all persons cooperating with the Processor are obliged to comply with this Privacy Policy, who under the aforementioned cooperation will take part in the Processing of Personal Data.

9. TRANSFER OF DATA TO A THIRD COUNTRY AND INTERNATIONAL ORGANIZATIONS

In a situation where, as part of the Processing of your Personal Data, it is necessary to transfer your Personal Data to a country other than the Republic of Poland, your Personal Data will be subject to the same protection as in the Republic of Poland. If your Personal Data will be transferred to another country of the European Union or the European Economic Area, the provisions of the GDPR will apply directly. If it is necessary to transfer your Personal Data to a country other than the above-mentioned, we will each time make sure that the entity to whom we transfer the data is obliged to comply with the same rules as resulting from the GDPR. In addition, before providing your Personal Data, we will inform you about this circumstance with a separate information clause.

10. REGISTER OF DATA PROCESSING

As part of the Processing of your Personal Data, a Data Processing Activity Register is kept. This register allows you to control the method, scope and correctness of the Processing of your Personal Data.

11. PERSON’S DATA PROTECTION MEASURES

In order to protect your Personal Data, we use appropriate technological, organizational and physical solutions. The security measures used are based primarily on the introduction of appropriate encryption mechanisms, security measures enabling pseudonymisation, or limiting the personnel of the Processor participating in the processing to the necessary minimum. The purpose of our protective measures is to protect against accidental loss, unjustified alteration or unjustified disclosure of your Personal Data.

12. BREACH OF PERSONAL DATA PROTECTION

In the event of a breach of the protection of your Personal Data, you will be immediately informed of this circumstance, and we will indicate what impact the breach had on your privacy and your rights. Apart from you, the Supervisory Authority will also be informed about the breach. At the same time, immediately after disclosing a breach of your Personal Data protection, we will implement the necessary measures to prevent unauthorized use of your Personal Data. If your rights and privacy are not compromised as a result of the breach, it is not necessary to inform you about the breach.

If the notification of a data breach would require a disproportionate effort, a public message or a similar measure is issued whereby data subjects are informed in an equally effective manner about the breach.

In the event of a breach of personal data protection, we will inform the Supervisory Authority about it promptly, unless the breach is unlikely to result in a risk of violating the rights or freedoms of natural persons.