Menu top
Login
Koszyk
EN
Search
Turn on contract mode
Enable print version
RSS
Menu top
Login
Koszyk
EN
Menu EN
  1. Homepage
  2. Privacy Policy

Privacy Policy

Dear guests and visitors

The purpose of this Privacy Policy is to provide information on how Targi Kielce SA processes personal data. In particular, this document describes who we are, how to contact us, what personal data is collected, why it is processed, what principles are applied in the process of its processing, what the storage period of the collected data is, to whom it can be shared, and what rights data owners have in connection with their protection. In line with good practices, we also provide information about the cookies used on our website and their purposes. We are confident that the information provided in this document will give you a strong sense of security regarding all personal data we collect and process, and will help build mutual trust, which we consider particularly important in our cooperation. In compliance with the obligation imposed on all entities by Regulation Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, GDPR), in particular Articles 13 and 14 thereof, we hereby provide the following information.

The personal data controller

The personal data is controlled and administered by TARGI KIELCE S.A with its registered seat in 1 Zakładowa Str., 25-672 Kielce, entered into the National Court Register maintained by the District Court in Kielce.
10th Commercial Division of the National Court Register under KRS number 0000352242, NIP 6570309803, with the share capital of PLN 68,519,900.00, fully paid up.

The Personal Data Controller can be contacted:

The Data Protection Officer (DPO)

The personal data inspector - Grzegorz Kamiński. Within the scope of this Policy, the tasks of the DPO include monitoring compliance of personal data processing with applicable data protection regulations, handling requests and applications submitted by data subjects in relation to the exercise of their rights, sending responses concerning the exercise of such rights and to other enquiries submitted by data subjects, as well as initiating and undertaking measures to improve the protection of personal data.

The Targi Kielce SA Data Protection Officer can be contacted by e-mail at: iod@targikielce.pl

Categories of persons whose data are processed by the Data Controller

The personal data is processed in connection with the Targów Kielce’s statutory activities and with regard to the categories of persons:

  1. Exhibitors
  2. Visitors
  3. Participants of conferences and other events organised by the Data Controller
  4. Special Guests (VIP).
  5. Accredited media representatives,
  6. Contractors and other persons providing services to the Data Controller.
  7. CCTV monitoring.
  8. Job applicants

Information pursuant to Articles 13 and 14 of the GDPR regarding the processing of the above-mentioned categories of persons.

Exhibitors’, conference and contest participants’ as well as visitors’ data are processed for the following purposes: expos and trade fairs, conferences and accompanying events registration, organisation and settlement; competitions organisation and in particular - competition verification procedures and competition awards distribution, competition results announcement; complaint handling and procedures and, where necessary, for debt collection purposes, as well as for providing information on current and future events organised by the Controller, based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
    • Article 6(1)(b) – in connection with the preparation and conclusion of contracts or the performance of orders placed by this category of persons.
    • Article 6(1)(c) – the fulfilment of legal obligations incumbent on the Controller, in particular tax obligations.
    • Article 6(1)(f) – the legitimate interests pursued by the Controller, in particular the establishment, exercise and defence of legal claims.
    • Article 6(1)(a) – based on consent given to receive commercial information, including direct marketing relating to the organisation of future trade fair events, the conduct of competitions, in particular the verification procedure, the award of prizes and the announcement of results by Targi Kielce S.A.
  • Civil Code.
  • Electronic Communications Law.
  • Act on the Provision of Electronic Services
  • The Expo Centres’ Rules and Regulations

The data is either directly obtained from the data owners or may originate from other sources such as the National Court Register KRS, the Central Registration and Information on Business CEIDG, advertising folders, catalogues issued by other exhibition business companies and other publicly available data sources.  Where personal data is obtained from other sources, the Controller is obliged to inform the data subjects from whom their data has been obtained, as required under Article 14 of the GDPR.

The Controller applies the principle of data minimisation and ensures that all personal data collected is adequate in relation to the purpose for which it is processed. Name, surname, e-mail address, telephone number and address details are collected from natural persons.  From legal entities or companies other than these entities, the following data are collected: name of the entity or company, registration data, e.g.  REGON National Business Registry, NIP Tax Identification Number, registered office address, e-mail address, telephone number, and name and surname of persons participating in the event representing the entity or company.

Personal data is processed for the duration necessary to carry out the Data Controller's statutory activities.  The personal data of the above categories of data subjects are stored for the proper organisation of the event and its settlement, but no longer than 6 years after its conclusion. In the event of disputes or initiation of debt collection proceedings, the Administrator applies the principle of limited processing and the data is stored for the period necessary to resolve the dispute or pursue claims.  Once this process is complete, they are deleted or anonymised. Personal data collected with the data subjects’ consent is stored solely to provide information on exhibitions, conferences and other events organised by Targi Kielce S.A., as well as to fulfil other statutory obligations. The data will be stored until this consent is withdrawn, but no longer than for the period necessary to achieve the purposes for which they were collected.

Data is transferred only to companies that cooperate with the Data Controller for the purposes of appropriate expos, trade fairs, conferences, and the organisation of accompanying events, as well as for competitions, solely based on concluded data processing agreements. When preparing commercial information, including direct marketing related to the organisation of future trade fairs or conferences, the Administrator uses profiling, consisting of the preparation of lists of e-mail addresses by specialised IT systems based on participation in previously organised events.  This process is carried out without the use of artificial intelligence (AI)‑- based tools and serves only to support activities in this area; designated and authorised employees always make the final decisions. Your rights arising from the processing of your personal data are described in the section entitled “Rights of data subjects”.

Special guest (VIP) details are processed to raise the profile and prestige of organised trade fairs or conferences, and to send invitations and ensure efficient contact with key contacts for the event. The basis for processing this type of data is:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
    • Article 6(1)(f) – the legitimate interests of the Controller, in particular, enhancing the prestige of the events organised and promoting them through the media.
    • Article 6(1)(a) – by accepting the invitation to participate in the event, persons in this category consent to the use of their personal data, image and the content of speeches delivered during the event.

This category includes public figures holding managerial positions in central or local government bodies, as well as in institutions and companies that are key to organising the event. These people are selected in line with the trade fair industry and organisational needs. The data are obtained from publicly available sources, such as the websites of government and local government bodies, institutions, and companies, or from business cards provided. Additionally, information is obtained by telephone by contacting the VIP secretariats.  The Controller collects and processes data such as: name and surname, name of the institution, company or organisation, function or rank (e.g., military), work telephone number, and e-mail address. The invitation to participate in the events is sent to special guests in either paper or electronic form.

The data are stored for the duration of the term of office to enable the annual issuance of invitations and VIP passes to the most important guests. After the person ceases to perform the function that was the basis for inclusion in the special guest category, the data is deleted. Data is stored in separate registers to which only authorised employees have access. The Controller does not make it available to other entities without the owners’ consent. Your rights arising from the processing of your personal data are described in the section entitled “Rights of data subjects”.

Accredited media representatives’ data  are processed in order to enable them to participate in events and to access information on trade fairs, conferences and other accompanying events organised by the Controller, to provide media services for these events and to promote them, based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
    • Article 6(1)(c) – where processing is necessary for compliance with a legal obligation to which the Controller is subject, in connection with the Act of 26 January 1984. the Press Law Act.
    • Article 6(1)(f) – promoting the Controller in the media and building its positive image.

Accreditation is issued based on media representatives’ registrations to participate in the event. Data is obtained directly from their owners.  In accordance with the principle of data minimisation and ensuring that the data are adequate for the purpose pursued, the Controller collects the following data: first name and surname, email address, telephone number, press card number and identity document number, which are stored until you effectively object to the processing of your personal data.  After this period, the principle of restricted processing shall apply, meaning that the data will be processed only for archiving purposes for the period required under generally applicable law. Your data may be disclosed only to public authorities under legal provisions, for example, courts, the police, or public administration bodies. Without the data subjects’ consent, the data are not disclosed to any other recipients. Your rights arising from the processing of your personal data are described in the section entitled “Rights of data subjects”.

The personal data of contractors and other persons providing services to the Controller are processed for the purpose of concluding and performing contracts based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
  • Article 6(1)(b) – in connection with the preparation and conclusion of contracts or the performance of orders placed by the Controller.
  • Article 6(1)(c) – the fulfilment of legal obligations incumbent on the Controller, in particular tax obligations.
  • Article 6(1)(f) of GDPR – the legitimate interests pursued by the Controller, in particular the establishment, exercise and defence of legal claims.
  • Civil Code.

The Controller applies the principle of data minimisation and ensures that all personal data collected is adequate in relation to the purpose for which it is processed. The following data are collected and processed: first name and surname, name of the entity or company, and the first names, surnames, and positions of the contractor’s representatives; registered office address, email address, telephone number, and registration data such as REGON (National Business Registry) and NIP (Tax Identification Number). Data may be disclosed only to public authorities under legal provisions, for example, courts, the police, or public administration bodies. Without the data subjects’ consent, the data are not disclosed to any other recipients. Personal data are stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed, i.e. for 6 years after the termination and settlement of the contract.  In the event of disputes or initiation of debt collection proceedings, the Administrator applies the principle of limited processing and the data is stored for the period necessary to resolve the dispute or pursue claims.  Once this process is complete, they are deleted or anonymised.

Your rights arising from the processing of your personal data are described in the section entitled “Rights of data subjects”.

Image data obtained from CCTV monitoring is processed solely for the purpose of protecting the Controller’s facilities and property and ensuring the safety of persons present on the premises of Targi Kielce S.A., based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
    • Article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, namely the use of CCTV monitoring to ensure the protection of persons, facilities and the Controller’s property.

Only the area and facilities belonging to the Controller are subject to monitoring. Cameras have been installed in the exhibition halls, office buildings, and the Congress Centre; at the entrance terminals to the Expo grounds; and in outdoor areas, including car parks. Being present in areas belonging to the Controller and covered by monitoring implies that the system may record your image data, and such processing does not require your consent.

Only members of the Security Team and other employees authorised by the Controller have access to the recordings made by the monitoring system. CCTV recordings are stored for at least 14 days, but for no longer than 30 days. The period for which such information is stored depends on the capacity of the recording medium. Once the storage capacity is reached, the data are automatically overwritten. Only video (without sound) is recorded and stored.

The Controller may disclose CCTV recordings to authorised entities upon written request to clarify ongoing proceedings. For evidentiary purposes, recordings of incidents captured by the CCTV system that threaten safety or public order or involve damage to or theft of property are preserved 

  • at the request of third parties, in particular witnesses to the incident or persons affected. 
  • at the request of authorities conducting proceedings. 
  • at the request of Security Team staff.

The decision to secure a recording and determine its storage period is made by the Head of the Security Team.

A recording captured by the CCTV system may be made available upon request by a person whose image has been recorded, provided that this does not infringe the rights and freedoms of other persons who may appear in the material. Any request for access to recorded images is analysed, case by case, by designated employees with regard to the rights and freedoms of third parties, and, on this basis, a decision is taken to grant or refuse the request.

Your request to delete recorded data may be justified when your image is not part of a crowd, landscape, or event, and will be examined in each case by the GDPR team appointed by the Management Board of Targi Kielce S.A. 

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the provisions of the General Data Protection Regulation of 27 April 2016; in the Republic of Poland, the supervisory authority is the President of the Personal Data Protection Office, 2 Stawki Street, 00 193 Warsaw.

The personal data of job applicants is processed for current and future recruitment for employment at Targi Kielce S.A. based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
    • Article 6(1)(a) – based on consent to the processing of data for recruitment purposes.
    • Article 6(1)(c) – based on applicable legal provisions for the purposes of processing.
    • Article 6(1)(f) – based on the Controller’s legitimate interest, for example, to verify a candidate’s qualifications during an interview or tests, assessing their skills and abilities. 
  • Labour Code

In the recruitment process, the Controller collects and processes the following data: first name(s) and surname, date of birth, contact details provided by the applicant, education, professional qualifications and employment history. These data are stored until the recruitment process for the given position has been completed, and, where the data subject has consented to processing for current and future recruitment, they may be stored for no longer than 3 years. Your rights arising from the processing of your personal data are described in the section entitled “Rights of data subjects”.

The data subjects’ rights.

The rights described below do not apply to CCTV monitoring. Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we hereby inform you that you are entitled to: 

  • access to data: the right to obtain from the Controller confirmation as to whether or not your personal data are being processed and, where that is the case, access to that data and to the following information:
    • information on the personal data processing purposes,
    • information on personal data categories processed by the Data Controller,
    • information on the legal basis for the processing, in particular as provided for in the GDPR,
    • information on data recipients or recipient categories to whom the Administrator has disclosed the personal data or intends to disclose such data,
    • information on the possibility to exercise the data owner's rights regarding the data protection, as well as the manner in which the rights may be exercised,
    • information on the right to lodge a complaint to the supervisory authority,
  • request the personal data rectification  whenever the data is incorrect or request to complete the incomplete data,
  • request to the personal data to be deleted.  The Data Controller is obliged to delete personal data without undue delay, provided that one of the following conditions is met:
    • the  personal data is no longer necessary for the purposes for which the data was collected or processed,
    • the data owner withdrew the consent for the data processing, and the Data Controller has no other legal basis to continue processing this personal data set,
    • the personal data was processed unlawfully,
    • the personal data must be deleted to comply with a legal obligation.

The right to erasure cannot be exercised where the Controller is required by law to continue processing the personal data to the extent specified in those provisions or where the data are necessary for the establishment, exercise or defence of legal claims by the Controller.

  • restrict the personal data processing in the following instances: 
    • when the data owner questions the personal data correctness processed by the Data Controller, the restriction continues for the period necessary for the Data Controller to verify the data correctness,
    • when the personal data processing is unlawful, and the data owner has objected to the personal data deletion and demanded that the data use restriction instead,
    • where the Controller no longer needs the personal data for the processing, but they are required by you for the establishment, exercise or defence of legal claims.

Whenever the right to restrict the personal data processing is exercised, the Data Controller may process personal the data only when the data owner’s consent has been provided or in order to establish, assert or defend claims or to protect the rights of another natural person or due to important reasons of public interest of the Union European or EU Member State,

  • to lodge an objection to data processing.  An objection may be lodged at any moment for reasons related to the data owner’s extraordinary situation against the data processing based on the legitimate interest of the Data Controller.  The Data Controller cannot continue to process this data after the objection has been lodged, unless there are valid legitimate grounds for further data processing that override the interests, rights and freedoms of the data owner, or for the establishment, assertion or defence of claims.  At any time, the owner also has the right to object to
     personal data processing in relation to data processed for marketing purposes.

The right to object against data processing cannot be exercised if:

  • personal data processing is based on consent,
  • data processing is necessary to perform the contract, the owner of the data is a party to, or when the data is required to take actions before entering into a contract with the Data Controller,
  • the processing is necessary for compliance with a legal obligation to which the Controller is subject,
  • withdraw your consent to the processing of your personal data where the processing is based on a freely given, specific, informed, unambiguous and documented consent. Such consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Exercise your right to data portability, i.e. to receive the personal data concerning you which you have provided to the Controller in a structured, commonly used and machine-readable format and to have those data transmitted to another controller, where technically feasible. The Data Controller is obliged to make the data provided by the owner available if the following conditions are jointly met:
    • data processing of personal data is carried out by automated means, i.e. this does not refer to data collected in a physical, paper format,
    • the data is processed based on consent or in relation to a contract.
    • exercising the right to transfer the data may not adversely affect another person’s rights and freedom
  • to file complaints to the supervisory authority, in particular in the Member State of their habitual residence, place of work or place where the alleged infringement was committed, if the data owner deems that the personal data processing violates the provisions of the General Data Protection Regulation of 27 April 2016. In the Republic of Poland, the supervisory authority is the President of the Personal Data Protection Office, 2 Stawki Str., 00 193 Warsaw.

  Claims regarding the exercise of your rights should be made in writing, by phone or via electronic communications means as provided in the information section of the Data Controller or Data Protection Officer. 

Information on the use of cookies

Any website you visit may store and retrieve information about your browser, mainly in the form of cookies. These files are, in particular, small data sets stored on the device used to access online services. To make visiting our website more convenient and to enable certain functions, we also use these cookies. When you first visit our website, you are informed about the use of cookies and can choose to accept them in part or in full, or to reject them.  You are given the right to choose the categories of cookies to be stored. You may accept all types of cookies, select specific categories or choose only those that are technically necessary for the proper functioning of the website and the provision of services.  Where the cookies we store involve the processing of personal data, such processing is carried out based on Article 6(1)(a) GDPR, i.e. your consent to the storage of data in cookies, in particular by selecting all or specific categories. When only necessary cookies are selected, processing takes place under Article 6(1)(f) GDPR, relying on our legitimate interests in ensuring the best possible operation of the website and a convenient and efficient user experience. Please note that refusing cookies may limit the functionality of our website.

Data automatically collected through cookies includes:

  •  IP address
  •  Browser type
  •  Screen resolution
  •  Approximate location
  •  Pages visited within the website
  •  Time spent on the relevant subpage of the website
  •  Type of operating system
  •  Address of the previous subpage
  •  Referring page address
  •  Browser language
  •  Internet connection speed
  •  Internet service provider

 Types of cookies

  • first-party cookies – files placed on and read from the user’s device by the Service’s IT system
  • third-party cookies – files placed on and read from the user’s device by IT systems of external services. Scripts of external services that may place cookies on user devices have been deliberately embedded in the Service through scripts and functionalities made available and installed there.
  • session cookies – files placed on and read from the user’s device by the Service during a single session of that device. After the session ends, these files are deleted from the user’s device.
  • persistent cookies – files placed on and read from the user’s device by the Service until they are manually deleted. Depending on the browser, they may be stored for several days, months or even 1–2 years. These files are not automatically deleted at the end of the session unless the user’s device is configured to delete cookies when the session ends.

Data storage security

  • Mechanisms for storing and reading cookies -  The mechanisms for storing, reading and exchanging data between cookies stored on the user’s device and the Service operate through built-in browser functions and do not allow other data to be retrieved from the user’s device or from other websites visited, including personal or confidential data. It is also practically impossible to transmit viruses, Trojan horses or other malware to the user’s device via cookies.
  • First-party cookies used by the Controller are safe for users’ devices and do not contain scripts, content or information that could compromise personal data security or the security of the device.
  • third-party cookies - the Controller takes all reasonable steps to verify and select partners of the Service with user security in mind. The Controller cooperates with well-known, reputable partners enjoying global public trust. However, the Controller does not have full control over the content of cookies originating from external partners. A list of such partners is provided below in the section “Cookies of external services”. These entities maintain their own data security and privacy policies. Links to the privacy policies of some of these entities are provided below:
  • Control of cookies
  • User side risks – the Controller uses appropriate technical measures to ensure the security of data stored in cookies. However, the security of this data also depends on user behaviour. The Controller is not responsible for the interception, impersonation or deletion of such data resulting from the user’s conscious or unconscious actions, or from viruses, Trojans or other spyware with which the user’s device is or has been infected. To protect themselves, users should follow best practices for safe internet use.
  • Storage of personal data – the Controller ensures that personal data voluntarily provided by users is processed securely, with access restricted and used only in accordance with their intended purposes.

Purposes for which cookies are used

  • improving and facilitating access to the Service,
  • personalising the Service for users,
  • enabling login to the Service,
  • marketing and remarketing on external services,
  • affiliate services,
  • compiling statistics (users, number of visits, device types, connection parameters, etc.),
  •  Providing multimedia services
  •  Providing community services

Cookies of external services

The website administrator uses JavaScript and web components from partners, which may place their own cookies on the User's device. Please remember that you can control which cookies are allowed in your browser settings for each website. Services provided by third parties are outside the Controller’s direct control.

Services provided by third parties are outside the Controller’s direct control. These entities may change their terms of service, privacy policies, purposes of data processing and ways of using cookies at any time.

Other Information

The Controller does not transfer any processed personal data to third countries, i.e. outside the European Economic Area. Your data will not be subject to automated decision-making. The Controller does not process the collected data automatically. Profiling is used only to prepare commercial information, including direct marketing relating to the organisation of future trade fairs or conferences, and only where the data subject has consented to receiving such information. This process is applied only to exhibitors, conference participants and visitors and serves merely to support activities in this area; designated and authorised employees always take final decisions.

Providing personal data to the extent required for the purposes specified above is mandatory, and failure to do so will prevent the achievement of those purposes. In all other respects, providing personal data is voluntary.

If the purpose of processing changes, the Controller will provide you with appropriate information.