logo
PLEN

Privacy Policy – ​​Startup Community Poznań

Effective Date: January 19, 2026

1. Data Controller

The controller of your personal data is Startup Community Poznań.

For all matters concerning personal data protection and the exercise of your rights, you can contact us:

  • - at the e-mail address provided: aleks.lemanska@gmail.com.
  • - by mail: ul. Mostowa 11, 60-854 Poznań, with the note "Personal Data."

2. Scope of data processed and its source.

In connection with the purposes indicated in this Policy, we process, in particular, the following categories of personal data:

  • - identification data: first name, last name,
  • - contact data: email address, telephone number, and possibly company name and position,
  • - data regarding participation in events (e.g., meetups, webinars): registration information, attendance, date and form of participation, and any responses to post-event surveys,
  • - correspondence data: content of messages sent, date and time of contact, notes related to conversations and meetings,
  • - billing data: data required to issue accounting documents (e.g., company name, Tax Identification Number, address).

We generally collect data directly from you, in particular through:

  • - registration forms for events (e.g., meetups),
  • - contact form on the website,
  • - newsletter subscriptions,
  • - email or telephone correspondence.

If, in a specific case, we collect your data from a source other than you, we will inform you in accordance with Art. 66 § 1 of the GDPR. 14 GDPR, indicating in particular the source of the data and the categories of data being processed.

3. Purposes, legal basis, and periods of data processing

The Controller processes personal data for the following purposes:

a) Registration for events/webinars

  • - Purpose: Organization and management of the event, sending confirmation of participation, reminders, meeting link (e.g., Zoom), and organizational contact.
  • - Legal basis: Art. 6 paragraph 1 letter b GDPR – processing necessary for the conclusion and performance of a contract (participation in the event, including its organizational management).
  • - Retention period: Data is stored until the end of the event and for up to 3 years after its end – for the purpose of pursuing or defending against claims, as well as for tax and accounting purposes, if applicable.

b) Newsletter subscription

  • - Purpose: Sending information about new training courses, events, educational materials, and offers from Startup Community Poznań
  • - Legal basis: Art. 6 paragraph 1 letter b GDPR a GDPR – voluntary consent of the person who signed up for the newsletter. Furthermore, the sending of commercial information electronically is carried out in compliance with specific regulations (in particular the Act on the Provision of Electronic Services and regulations governing electronic communications).
  • - Retention period: Data will be stored until consent is withdrawn (e.g., by clicking the "unsubscribe" link in the email) or for a maximum of 24 months from the last newsletter activity, whichever comes first.

c) Contact form/appointment scheduling

  • - Purpose: Responding to an inquiry, contacting a person interested in the offer, and organizing a meeting.
  • - Legal basis: Art. 6, paragraph 1, letter f GDPR – the Controller's legitimate interest in communicating with people interested in Startup Community Poznań’s activities.
  • - Retention period: Data will be stored until the correspondence or matter to which the contact relates is concluded, and then for a maximum of 1 year for archival and evidentiary purposes.

d) Fulfillment of legal obligations

  • - Purpose: Conducting tax and accounting settlements, and storing accounting records.
  • - Legal basis: Article 6(1)(c) of the GDPR – a legal obligation incumbent on the Controller, resulting in particular from tax and accounting regulations.
  • - Retention period: Data will be retained for the period required by law (usually 5 years, counted from the end of the calendar year in which the tax obligation arose or the document was issued).

e) Direct marketing of own services

  • - Purpose: Promoting Startup Community Poznań services (e.g., sending information about new events).
  • - Legal basis: Article 6(1)(f) of the GDPR – the Controller's legitimate interest in promoting its own services and maintaining relationships with customers and those interested in our offerings, unless the data subject objects to such processing. To the extent that specific provisions require consent to use certain communication channels (e.g., telephone, email, SMS), marketing activities will only be undertaken after obtaining such consent.
  • - Retention period: Data will be processed until an objection to data processing is raised. for marketing purposes.

f) Pursuing or defending against claims

  • - Establishing, pursuing, or defending against potential claims arising from business activities, including those related to the organization of events, provision of services, and billing.
  • - Legal basis: Article 6(1)(f) of the GDPR – the Controller's legitimate interest in defending its rights and pursuing claims.
  • - Retention period: Until the expiry of the limitation period for potential claims in accordance with civil law.

After the periods indicated above, the data will be deleted or anonymized in a way that prevents the identification of the data subject.

4. Data Recipients

Your data may only be transferred to entities that help us achieve the purposes described above, such as:

  • - hosting and IT service providers,
  • - mailing system providers (e.g., MailerLite, Mailchimp, etc.),
  • - webinar platform providers (e.g., Zoom),
  • - accounting firms,
  • - legal or tax advisors,
  • - entities authorized by law (e.g., administrative authorities, courts).

Entities processing data on our behalf guarantee the application of appropriate data security measures and process data only on our documented instructions, based on personal data processing agreements concluded with us.

The Controller does not transfer data outside the European Economic Area (EEA), unless the service provider (e.g., certain mailing or webinar tool providers) is based outside the EEA or uses infrastructure located outside the EEA. In such a case:

  • - the data is transferred using appropriate safeguards referred to in Art. 46 GDPR, in particular standard contractual clauses adopted by the European Commission, possibly with additional security measures, or
  • - is transferred to a third country for which the European Commission has issued a decision establishing an adequate level of data protection.

You have the right to obtain information about the safeguards applied to data transfers to third countries.

5. Rights of the data subject

You have the right to:

  • - access your data and receive a copy of it,
  • - rectify (amend) your data,
  • - erase your data ("right to be forgotten"),
  • - restrict data processing,
  • - transfer your data to another controller,
  • - object to data processing based on Article 6(1)(f) GDPR,
  • - withdraw consent (if it was the basis for processing) at any time – withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal,
  • - lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe that the processing violates the provisions of the GDPR. You can submit requests to exercise your rights:
  • ● by email: to the email address indicated in point 1;
  • ● in writing: to our registered office address indicated in point 1, with the note "Personal Data."

We will respond to your request without undue delay, no later than one month from its receipt. If necessary, this period may be extended by another two months due to the complex nature of the request or the number of requests. In such a case, we will inform you of the extension and the reasons for it.

To exercise your rights, we may ask you to provide additional information necessary to confirm your identity if we have reasonable doubts as to your identity.

As a rule, the exercise of your rights is free of charge. If your requests are manifestly unfounded or excessive – in particular due to their repetitive nature – we may charge a reasonable fee or refuse to act on the request, of which you will be informed.

6. Voluntary provision of data

Providing data is voluntary, but necessary to achieve the indicated purposes – such as participating in an event, receiving a newsletter, or receiving a response to an inquiry.

6. Automated decisions and profiling

Your data is not processed in an automated manner and is not profiled.

7. Changes to the privacy policy

The Controller may update this Privacy Policy as needed (e.g., changes in regulations or tools). The current version of the document will always be available at www.scpoznan.com.