Privacy Policy (under GDPR)


Dear Sir / Madam
           The Regulation (EU) 2016/679 of the European Parliament and  of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) commonly known as general regulation on data protection / the GDPR entered into force  on 25 May 2018. The new legal provisions’ objective is to ensure uniformity and coherence of the existing rules and regulations on personal data processing and protection.  The GDPR provides for new rights and gives natural persons more control over their personal data. This circumstance generates new obligations for personal data controllers (data administrators) as well as all other entities which process personal data.  Thus, in the following document we wish to provide you with information on how your personal data is handled.   


The Personal Data Controller
The personal data is controlled and administered by TARGI KIELCE S.A  with its registered seat in 1 Zakładowa Street, 25-672 Kielce  The Personal Data Controller can be contacted:

  • by post, to the address given above,
  • via the contact form available on the following website:, or via e-mail at:
  • by phone: +48 41 365 12 22 or +48 41 345 62 61.

The Data Protection Officer.
The Personal Data Officer - Grzegorz Kamiński. The Targi Kielce SA Data Protection Officer can be contacted by e-mail at:


Personal data processing purposes
The personal data is processed in connection with the Controller’s statutory activities and with regards the following categories of persons:

  • exhibitors,
  • conference participants, 
  • visitors, 
  • contractors and other cooperating persons,
  • accredited media representatives,
  • CCTV monitoring.

Exhibitors’, conference and contest participants’ as well as visitors’ data are processed for the following purposes: expos and trade fairs, conferences and accompanying events registration, organisation and settlement; competitions organisation and in particular - competition verification procedures and competition awards distribution, competition results announcement; complaint handling and procedures; provision of information on the events described herein, pursuant to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, 
    - Article 6 point 1 letter (a) and on the basis of the consent a nautral person has expressed
    - Article 6 point 1 letter (b) on the basis of the orders and concluded
  • The Civil Code
  • The Act on the Provision of Electronic Services
  • The Telecommunications Act.
  • The Expo Centres’ Rules and Regulations

The data is either directly obtained from the data owners or may originate from other sources such as National Court Register KRS, Central Registration and Information on Business CEIDG, advertising folders, catalogues issued by other exhibition business companies and other publicly available data sources.  The personal data category, subject to processing: name, surname, e-mail address, telephone number, the represented company’s name and address.
Contractors’ and cooperating persons’ data is processed for the purpose of contracts conclusion and implementation, pursuant to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, 
    - Article 6 point 1 letter b - necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • the Civil Code

Accredited media representatives’ data is processed for the media service purpose at trade fairs and expos, conferences and other accompanying events organised by the Data Controller, pursuant to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, 
    - Article 6 1 letter c - processing is necessary for compliance with a legal obligation to which the controller is subject in connection with the Act of 26 January 1984. the Press Law Act.
    - Article 6 point 1 letter f - the Data Controller’s promotion and media image. 

The CCTV obtained data is processed for the purpose of legitimate interests of the Data Controller consisting in the protection of their property, pursuant to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, 
    - Article 6 point 1 letter (f) - the use of video surveillance and access control systems in order to ensure the Data Controller’s facilities and property protection

This data processing is applicable to all persons when the Data Controller’s premises.


Recipient of the Data.  Exhibitors’, conference and contest participants’ as well as visitors’ data is transferred only to those companies which cooperate with the Data Controller for the purpose of appropriate expos and trade fairs, conferences and accompanying events organisation as well as for the purpose of competitions.  The Data Controller does not transfer the data in any other category.  The Data Controller does not disclose or make the data available to any third country or any international organizations


Data processing duration.
Personal data is processed for the duration necessary to conduct the Data Controller's statutory activity.

Exhibitors’, conference and contest participants’ as well as visitors’ data  is stored for the sole purpose of providing information about exhibitions, conferences, other events organized at Targi Kielce as well as for the purpose  of other statutory obligations.  The data will be stored until further notice however for the period no longer than 10 years 
Contractors’ and cooperating persons’ data is kept for the period of 5 years after the contract duration ended and financial settlement were made.
Accredited media representatives’ data is kept until the end of the event the media representatives are accredited for.
The CCTV obtained data is stored for up to 30 days.


The data subjects’ rights.
Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we hereby inform you that you are entitled to: 

  • access your data: exercise the right to obtain confirmation from the Data Controller whether the personal data is processed, exercise the right to access this data, as well as to exercise the right to obtain the following information:
    - obtain information on the personal data processing purposes,
    - obtain  information on personal data categories processed by the Data Controller,
    - obtain information on data recipients or recipients categories to whom the Administrator has disclosed the personal data or intends to disclose such data,
    - information on the possibility to exercise the data owner's rights regarding the data protection as well as the manner in which the rights may be exercised,
    - obtain information on the right to lodge a complaint to the supervisory authority,
  • request the personal data rectification whenever the data is incorrect or request to complete the incomplete data,
  • request to the personal data to be deleted. The Data Controller is obliged to delete personal data without undue delay, provided that one of the following conditions is met:
    - the personal data is no longer necessary for the purposes the data was collected or processed,
    - the data owner withdrew the consent for the data processing and the Data Controller has no other legal basis to continue processing this personal data set,
    - the personal data was processed unlawfully,
    - the personal data must be deleted in order to comply with the legal obligation. It is not possible to exercise the right to delete the personal data whenever the legal regulations oblige the Data Controller  to continue personal data processing in the extent specified by the applicable laws or whenever the data processing is necessary in order to establish, assert or defend the Data Controller’s claims,
  • restrict the personal data processing in the following instances:
    - when the data owner questions the personal data correctness processed by the Data Controller; the restriction continues for the period necessary for the Data Controller to verify the data correctness,
    - when the personal data processing is unlawful and the data owner has objected to the personal data deletion and demanded to impose the data use restriction instead,
    - when the Data Controller no longer needs the personal data for processing, but the data is needed by its owner in order to establish, assert or defend claims. Whenever the right to restrict the personal data processing is exercised, the Data Controller may process personal the data only when the data owner’s consent has been provided or in order to establish, assert or defend claims or to protect the rights of another natural or legal person or due to important reasons of public interest of the Union European or EU Member State(s),
  • to lodge an objection to data processing. An objection may be lodged at any moment  for reasons related to the data owner’s extraordinary situation, the complaint is lodged against the data processing based on the legitimate interest of the Data Controller.  The Data Controller cannot continue to process this data after the objection has been lodged, unless there are valid legitimate grounds for further data processing that override the interests, rights and freedoms of the data owner or for the reason of claims establishment, assertion or defence.  At any time, the owner has also the right to object to personal data processing in relation to data processed for marketing purposes.  The right to object against data processing cannot be exercised if:
    - personal data processing is based on the consent,
    - data processing is necessary to perform the contract the owner of the data is a party of, or when the data is required to take actions before entering into a contract with the Data Controller,
    - data processing is necessary the legal obligation fulfil incumbent on the Data Controller,
  • withdraw the personal data processing consent, if the personal data processing is based on consent.  The consent may be withdrawn at any time, the withdrawal of consent shall not affect the lawfulness of processing based on consent before the consent withdrawal.
  • transfer the data, that is to obtain the data in a structured, commonly used, machine-readable format of the personal data set provided to the Data Controller and request that the personal data is transmitted to another Data Controller, if technically viable.  The Data Controller is obliged to make the data provided by the owner available, if the following conditions are jointly met:
    - data processing of personal data is carried out by automated means, i.e. this does not refer to data collected in a physical, paper format, 
    - the data is processed on the basis of the consent or in relation with a contract.
    - exercising the right to transfer the data may not adversely affect other person’s rights and freedom
  • to file complaints to the supervisory authority, in particular in the Member State of their habitual residence, place of work or place of where the alleged infringement was committed, if the data owner deems that the personal data processing violates the provisions of General Data Protection Regulation of 27 April 2016. The supervisory authority for the Republic of Poland’s territory is the Personal Data Protection Office with its seat in 2 Stawki Street, 00-193 Warsaw.

Claims regarding the exercise of your rights should be made in writing, by phone or via electronic communications means as provided in the information section of the Data Controller or Data Protection Officer.  



We use cookies on our website.  Cookies are pieces of ICT data (e.g. text files) saved on the user's device, i.e. a tablet, a mobile phone or a computer.  Cookies may include our website domain name, storage time and other information.  Cookies do not contain any personally identifiable information. 
A web browser automatically transmits some data to our website, such as the device's IP address, the browser version and similar; this data is anonymous.  Anonymous data collected this way facilitates the way  you use our website and provide us the information regarding the service users’ activity.
Cookies are designed to:

  • collect information on how our website is used (Google Analytics cookies) - we collect information about the number of visits, visits’ average length or the number subpages visited. This process allows us to tailor the page to users’  expectations
    and the needs.
  • save user-selected settings and personalise the interface e.g.
    the selected font size, website appearance, etc.
  • recognise of the user's device - in order to make the displayed content legible
  • improve our website use experience.

The administrator also uses cookies for advertising purposes.  Information on users’ behaviour while using the website makes it possible to tailor the products advertisement to be in line with  your interests (Google AdWords cookies).  By browsing our site, you give your consent for Administrator’s use of cookies.  If cookies are not supposed to be saved, please change your browser settings on your devices. The necessary information can be found in the browser's help menu.
The website contains links to social network sites, e.g. Facebook.  If you use our website while logged in to a given social media portal / service, this portal may obtain the information on how you use our website.


Other information
The personal data provision is mandatory to the extent required to achieve the purposes set out above. Failure to provide the personal data shall prevent the implementation of the objectives set by the processing purpose.  Outside the scope specified above, the personal data provision  is voluntary.  Your data will not be subject to automated decision making (profiling)  Should the data processing purpose change, the Data Controller shall duly inform you about the change.