Privacy Policy

§1 General Information

  1. Data Controller
    The Data Controller is New European Strategies, with its registered office in Warsaw, at ul. Przykładowa 10, 00-001 Warsaw, entered into the Register of Entrepreneurs (KRS) under number 0000000000, Tax ID (NIP): 000-000-00-00, REGON: 000000000, e-mail: kontakt@neweuropeanstrategies.com (hereinafter referred to as the “Controller”).
    The Controller processes personal data in accordance with the applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data.
  2. Protection Measures
    The Controller undertakes all necessary efforts to ensure respect for privacy and the protection of information provided by the users of the website. For this purpose, the Controller applies appropriate technical and organizational measures such as:
    • data encryption (SSL/TLS),
    • regular security audits,
    • employee training on data protection,
    • firewalls and antivirus systems,
    • maintaining a register of persons authorized to process data.
  3. Data Protection Officer (where applicable)
    • Where the Controller is legally required to appoint a Data Protection Officer (DPO), the DPO’s contact details will be made available on the website neweuropeanstrategies.com under the “Contact” section.
    • If there is no such obligation, please direct any inquiries regarding personal data protection to the Controller’s e-mail address: kontakt@neweuropeanstrategies.com.

§2 Scope of Data Collected

  1. The Controller collects only the personal data necessary to provide the services offered through the website, in particular:
    • first name and last name,
    • e-mail address,
    • telephone number,
    • job title,
    • company name (employer).
  2. This data is collected directly from users when they:
    • register an account,
    • subscribe to the newsletter,
    • fill in contact forms,
    • sign up for events organized by New European Strategies.

§3 Purposes and Legal Bases for Processing Personal Data

  1. Purposes of Processing
    Personal data is processed for the following purposes:
    1. provision of services offered via the website,
    2. direct marketing of the Controller’s own products and services,
    3. organizing and conducting events,
    4. performing statistical analyses,
    5. responding to users’ inquiries,
    6. handling complaints, grievances, and requests,
    7. market and opinion research,
    8. establishing, pursuing, or enforcing claims.
  2. Legal Bases for Processing
    • Art. 6(1)(a) GDPR – data subject’s consent (e.g., consent for receiving a newsletter or commercial information);
    • Art. 6(1)(b) GDPR – processing necessary for the performance of a contract (e.g., provision of electronic services);
    • Art. 6(1)(c) GDPR – compliance with a legal obligation to which the Controller is subject (e.g., retention of accounting documents);
    • Art. 6(1)(f) GDPR – legitimate interests pursued by the Controller (e.g., maintaining statistics, enforcing claims, conducting direct marketing within permissible limits).
  3. Marketing Consents (Commercial Information)
    • For electronic communication aimed at presenting the Controller’s offers and services (e.g., newsletters, marketing e-mails), the Controller may require a separate consent in accordance with the provisions of the Polish Act on Rendering Electronic Services and the Polish Telecommunications Act.
    • The absence of such consent will prevent the Controller from sending commercial information, but does not exclude the possibility of using other functionalities of the website.

§4 Categories of Processed Personal Data

The Controller processes, in particular, the following categories of personal data:

  1. Contact details (e.g., name, e-mail, phone number),
  2. Data concerning ordered services,
  3. Data about activity within the website (e.g., logs, IP address, device information),
  4. Data related to complaints, grievances, and requests,
  5. Data related to marketing services (e.g., content preferences).

§5 Voluntary Nature of Providing Personal Data

  1. Providing the required personal data is voluntary but necessary to use certain services offered through the website (e.g., completing a registration or subscribing to a newsletter).
  2. Failure to provide data marked as mandatory may prevent the use of a given service or functionality.

§6 Retention Period for Personal Data

  1. Personal data is processed for the period necessary to provide the services, conduct marketing activities, or carry out other services for the user.
  2. Data will be deleted in the following circumstances:
    1. when the data subject requests erasure or withdraws the granted consent,
    2. when the data subject remains inactive for more than 10 years (no contact),
    3. upon receiving information that the stored data is outdated or inaccurate.
  3. Some data (e.g., e-mail address, first and last name) may be retained for a further 3 years for evidentiary purposes and for handling complaints, grievances, and claims relating to the services provided by the website. Such data will not be used for marketing purposes.
  4. Data regarding paid service orders, contests, and loyalty programs will be retained for 6 years from the date of the order (in compliance with accounting or tax requirements).
  5. Data of non-logged-in users (e.g., in the form of cookies) is retained for the life cycle of those cookies or until deleted by the user from their device.
  6. Personal data related to preferences, behavior, and marketing choices may be used as the basis for automated decisions, including profiling, to determine website sales opportunities.

§7 Recipients of Personal Data

  1. The Controller may disclose personal data to the following categories of recipients:
    • Public authorities (e.g., prosecutor’s office, police, the President of the Office of Competition and Consumer Protection, the President of the Personal Data Protection Office), if they request such data on an appropriate legal basis,
    • Service providers that the Controller uses in the operation of the website (e.g., hosting providers, CRM, newsletter distribution systems, courier services, payment operators).
  2. Depending on contractual arrangements and circumstances, these entities act on behalf of the Controller or independently define the purposes and methods of data processing.

§8 Rights of Data Subjects

  1. Users have the right to:
    1. request access to their personal data,
    2. request rectification of their personal data,
    3. request erasure of their personal data,
    4. request restriction of the processing of their personal data,
    5. object to the processing of their personal data,
    6. request data portability.
  2. The Controller shall, without undue delay—within one month of receiving a request—provide information on actions taken regarding the request. In justified cases, this period may be extended by two further months.
  3. To exercise the above rights, the user should contact the Controller at kontakt@neweuropeanstrategies.com.

§9 Right to Withdraw Consent

  1. If the processing of personal data is based on consent (Art. 6(1)(a) GDPR), the user may withdraw this consent at any time, without affecting the lawfulness of processing carried out based on consent before its withdrawal.
  2. To withdraw consent, the user may submit a request to the Controller at kontakt@neweuropeanstrategies.com or use the relevant functionality on the website (e.g., the unsubscribe link in the newsletter).

§10 Right to Lodge a Complaint with a Supervisory Authority

  1. If a user believes that the processing of their personal data infringes the GDPR, they have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, workplace, or the place of the alleged infringement.
  2. In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO).

§11 Personal Data Security

  1. The Controller implements necessary technical and organizational measures aimed at ensuring the security of personal data, including protection against unauthorized access, loss, destruction, or unauthorized modification.
  2. Such measures include:
    • encryption of data (SSL/TLS protocols),
    • regular security audits,
    • employee training,
    • firewalls and antivirus systems,
    • a register of persons authorized to process data.

§12 Aggregation of Newsletter Data into CRM

  1. Personal data collected as part of the newsletter subscription is automatically transferred and stored in the Controller’s CRM system.
  2. The CRM system enables the Controller to manage subscriber data (e.g., first name, last name, e-mail address, content preferences, history of interactions with newsletters).
  3. Data aggregation in the CRM system aims at improving communication with users, personalizing content, and analyzing the effectiveness of marketing activities.

§13 Cookies

  1. While browsing the pages of the website, cookies—small text files—may be stored on the user’s end device in connection with the user’s utilization of the website.
  2. Cookies allow the website to:
    • function correctly,
    • adjust content to the user’s preferences,
    • create anonymous statistics and analyses,
    • enable advertising and social media tools.
  3. Cookies typically contain the domain name from which they originate, the time they are stored on the device, and a unique value.

§14 Types of Cookies

  1. Session cookies – stored on the user’s device until the browser session ends; once the session is ended, they are permanently removed from the device’s memory.
  2. Persistent cookies – stored on the user’s device until manually deleted; ending the session or turning off the device does not remove them.

§15 Purposes of Using Cookies

Cookies are used in particular for:

  1. Generating statistics – analyzing how users use the website (e.g., via Google Analytics).
  2. Advertising profiling – displaying materials tailored to the user’s preferences (e.g., Google Ads, Facebook Ads).
  3. Analyzing traffic and user navigation paths – e.g., using tools that record visits (Hotjar).
  4. Promoting the website – e.g., via social media (Facebook, Instagram, LinkedIn, Twitter, YouTube, Soundcloud, Apple Music, Spotify, Google Play Music).

§16 Changing Cookie Settings and Cookie Banner

  1. Users may change their cookie settings in their web browser at any time (e.g., block cookies, receive notifications).
  2. Upon the user’s first visit to the website, a cookie banner is displayed, allowing the user to consent to the installation of cookies (including marketing/analytical cookies) or to refuse such consent. Please note that some cookies essential for the website’s functionality may be installed without prior consent.
  3. More information on how to manage cookies can be found in the help section of your web browser.

§17 Automated Decision-Making (Profiling)

  1. The Controller may use personal data, including information on marketing preferences and website activity, to create user profiles.
  2. Profiling may be used to:
    1. customize offers or marketing messages displayed,
    2. determine the user’s likely interests,
    3. analyze the effectiveness of marketing activities.
  3. As a result of profiling, users may receive communications or advertisements tailored to their preferences.
  4. Users have the right to object to profiling at any time (Art. 21(1) GDPR).

§18 Transfer of Data to Third Countries

  1. If, in the course of using third-party service providers (e.g., analytics tools, CRM, cloud services), personal data is transferred outside the European Economic Area (EEA), the Controller ensures appropriate safeguards as required by the GDPR, such as:
    • Standard Contractual Clauses (SCCs),
    • cooperation with entities certified under programs ensuring an adequate level of data protection (e.g., the EU-U.S. Data Privacy Framework, where applicable).
  2. For more information on possible data transfers outside the EEA, please contact the Controller at: kontakt@neweuropeanstrategies.com.

§19 Changes to the Privacy Policy

  1. The Controller reserves the right to amend this Privacy Policy.
  2. Any changes to the Privacy Policy will be communicated to users via the website and (where possible) by e-mail at least 3 days before the changes take effect, provided that the user has consented to receive such communications.

§20 Final Provisions

  1. Any questions or concerns regarding this Privacy Policy may be directed to the Controller at: kontakt@neweuropeanstrategies.com.
  2. The Controller shall not be liable for links placed on the website that lead to third-party websites, nor for any potential data protection violations resulting from browsing such third-party pages. Users are encouraged to review the privacy policies of those third-party websites.
  3. The services offered by the Controller are not intended for persons under 16 years of age. If the Controller becomes aware that personal data of a person under 16 has been processed without the consent of the parent or legal guardian, such data will be deleted immediately upon obtaining the relevant information.
  4. By registering or providing data on the website, the user represents that they are at least 16 years old or that they have obtained the valid consent of a parent or legal guardian.

Privacy Policy Version: 1.1
Last Updated: [20.01.2025]