vLayer Privacy Notice

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU.L.2016.119.1), hereinafter referred to as the "GDPR", in relation to the acquisition of your personal data in connection with your subscription to the newsletter/mailing list, we inform you that:

1. The controller of your personal data is vLayer Labs sp. z o.o. with its registered office in Warsaw at 29/2 Jana Czeczota Street, 02-607 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under the number 0001087119, whose records are kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, having NIP: 5214055107 and REGON 527509460, with the share capital of PLN 121,200.00 (the “Controller”).
2. Contact e-mail address to the Controller: [email protected].
3. The Controller has not appointed a Data Protection Officer.
4. Your personal data collected in the ticketing process will be processed in accordance with the applicable legislation, including the GDPR and the Act of 10 May 2018 on the protection of personal data (i.e. Journal of Laws of 2019, item 1781) on the basis of one of the following grounds:
   4.1. on the basis of Article 6(1)(a) of the GDPR (provided that the data subject has expressed voluntary consent for such processing), for sending commercial information by the Controller, in particular regarding any upcoming events, news about the Controller etc. to the e-mail address indicated in the form;
   4.2. on the basis of Article 6(1)(f) of the GDPR, within the framework of the controller's legitimate interests pursued by the Controller, being its direct marketing purposes.
5. The Controller does not plan to transfer your personal data to recipients outside the European Economic Area, i.e. to third countries and international organisations. If such additional transfer were to take place, the controller will ensure that it will take place subject to the controller having a legal basis, in a manner consistent with the provisions of Chapter V of the GDPR, i.e. on the basis of lawful data transfer mechanisms that ensure an adequate level of protection, in particular on the basis of the EU-US Data Privacy Framework, an adequacy decision issued by the European Commission, Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
6. The provision of personal data within the scope indicated in point 4 above is voluntary, and always at the initiative of the data subject, but necessary in order to successfully subscribe to the newsletter/mailing list if requested by the data subject. Failure to do so will result in the inability to be added to such subscription.
7. If any of the consents is given, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal. Withdrawal of consent will result in the controller not being able to process the personal data covered by the scope of the consent, for the purposes indicated therein.
8. Your personal data will be processed for the duration of the purpose of the processing i.e. indefinitely, until the Controller deems such personal data fit for the intended purpose or the data subject objects for processing of personal data for marketing purposes.
9. The recipients of your personal data will be, among others: entities providing the Controller with, inter alia, consulting or other advisory services, event planning, IT, hosting, mailing, postal or courier services, as well as public authorities to the extent that they are required or authorized to receive or request the transfer of such data, and other entities authorised to process personal data on the basis of applicable laws, including the Controller.
10. You have the right to:
    10.1. to be informed whether your personal data is being processed by the Controller and, if so, the right to access it and to receive a copy of it (Article 15 GDPR);
    10.2. the right to rectification of personal data where the data is inaccurate and to completion of incomplete personal data (Article 16 GDPR);
    10.3. the right to erasure of personal data, the so-called "right to be forgotten" (Article 17 GDPR);
    10.4. the right to restrict the processing of personal data (Article 18 GDPR);
    10.5. the right to receive the processed personal data in a structured, commonly used machine-readable format and to have it freely portable, including the right to request that the Controller sends it to another controller (Article 20 GDPR);
    10.6. the right to object to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR (Article 21 GDPR);
    10.7. the right to lodge a complaint with the President of the Office for Personal Data Protection.
11. Your personal data will not be subject to automated decision-making, including profiling.