Controller
The controller of personal data processed in connection with the submitted inquiry is the Royal Castle in Warsaw – Museum (pl. Zamkowy 4, 00-277 Warsaw), hereinafter referred to as the Controller.
Data Protection Officer
The Controller has appointed a Data Protection Officer who can be contacted in matters related to the processing of personal data at the following email address: iod@zamek-krolewski.pl.
Legal basis and purpose of personal data processing
Personal data will be processed pursuant to Article 6 paragraph 1 letter a of the GDPR. c) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR – the controller’s obligation in connection with the provisions of the Act of 19 July 2019 on ensuring accessibility for persons with special needs.
Personal data will be processed for the purpose of considering accessibility requests.
Recipients of personal data
The personal data will be made available only to entities authorized under legal provisions. If the Controller uses the services of other entities, personal data may be disclosed to them based on personal data processing agreements, and these entities will be obligated to maintain the confidentiality of the processed data. Recipients will also include entities providing services to the Controller related to securing its ongoing operations, with which personal data processing agreements have been concluded. The Controller uses services provided by Google LLL, therefore your personal data will be disclosed to this entity (and entities cooperating with it, i.e., providing services to it). Google LLL operates outside the EEA (European Economic Area), i.e., in the United States of America. Recipients of personal data may include entities processing data on behalf of the Controller, in particular IT and cloud service providers, including Google Ireland Limited / Google LLC (e.g., Google Workspace / Google Cloud), operating under a data processing agreement (Article 28 of the GDPR).
Personal data retention period
Personal data will be stored for the time necessary to respond to the inquiry, and then for the time necessary to resolve the matter related to the inquiry, pursue any claims, and for necessary archiving.
Information on the voluntary or obligatory provision of data
Providing data is voluntary; failure to provide personal data will not result in a response being provided.
Rights related to personal data processing
You have the right to access your personal data, to rectify it, to erase it in cases provided for by law, and to limit its processing.
Information on the absence of profiling
Your personal data will not be subject to profiling, nor will automated decision-making be made based on it.
Information on data transfer to third countries
In connection with the use of IT service providers, in particular Google LLC, personal data may be transferred to third countries (including the USA). This transfer is carried out in accordance with appropriate legal safeguards, in particular Standard Contractual Clauses approved by the European Commission (Art. 42.2 of the GDPR) and/or based on the European Commission’s adequacy decision (EU-US Data Privacy Framework).
Right to complain
If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.