Privacy Policy

The privacy policy outlines the principles for processing user information, including personal data and cookies.

1. General Information

  1. This policy applies to the website operating under the URL: www.arenaadvisory.com (hereinafter referred to as the “Service“).
  2. The operator of the Service and the Administrator or Co-Administrator of personal data is one or more companies from Arena Advisory, namely Arena Tax Ltd., Arena Accounting Ltd., Arena Legal Fintex Ltd. sp.k., Arena Digital S.A., Puławska 180, 02-670 Warsaw (“Operator“, “Administrator“, “Co-Administrator“, “we“).
  3. The contact email address for the Operator: rodo@arenaadvisory.com.
  4. The specific entity from the Arena Advisory Group acting as the Administrator or Co-Administrator of your personal data depends on the purpose for which the data is collected. The purposes for processing personal data by each of the Operators as Co-Administrators or separate Administrators and how they process this data are indicated in this Privacy Policy.
  5. The Operator, as Administrator or Co-Administrator, collects data from individuals who:
  • have registered on the Service through a dedicated contact form,
  • have ordered the subscription service for the newsletter run by companies from the Arena Advisory group (“Newsletter“),
  • have registered for a training or informational webinar conducted by companies from the Arena Advisory group in real-time using webcast technology (“Webinar“),
  • have visited the Service (in terms of cookies, which constitute personal data, subject to sections 9.1-9.9).

6. In connection with operating the Service, the Operator processes personal data for the following purposes:

  • presentation of offers or information;
  • provision of services by the Operator via the Service and for the purposes specified in the relevant and dedicated forms on the website;
  • monitoring and enforcing compliance with the terms of use of the Service;
  • administration and management of the Service;
  • data aggregation for the purposes of analysis and improving the Service’s performance;
  • communication with users, including marketing activities, and for other purposes consistent with applicable law, if required to perform a contract, as well as for direct marketing of the Operator’s own services.

7. The Service collects information about users and their behavior in the following ways:

  • Through voluntarily entered data in the forms, which are then entered into the Operator’s systems.
  • By storing cookies on end devices (so-called “cookies”).

8. Personal data of Service users will be processed following applicable law, especially the Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU L 2016, No. 119, p. 1; hereinafter “GDPR“) and the Act of July 12, 2024 – the Law on Electronic Communications (Journal of Laws 2024, item 1221).

    2. Selected Data Protection Methods Used by the Operator

    1. The Operator employs appropriate technical and organizational measures to protect the user’s personal data against accidental or unlawful destruction, accidental loss or modification, unauthorized disclosure or access, and other forms of unlawful processing. The Operator strives to ensure that the level of security and the measures applied to protect the user’s personal data are proportionate to the risk factors associated with the nature and use of such personal data.
    2. Login and data input areas are secured at the transmission layer (SSL certificate). This ensures that personal data and login information entered on the website are encrypted on the user’s computer and can only be read on the target server.
    3. Users’ passwords are stored in a hashed form. The hashing function operates in a one-way manner, making it impossible to reverse the process, which is the current standard for storing user passwords.
    4. To protect data, the Operator regularly performs data backups.
    5. An essential element of data protection is the regular updating of all software used by the Operator to process personal data, including regular updates of software components.

    3. Hosting

    The Service is hosted (technically maintained) on the operator servers: H88 S.A.

     

    4. User Rights and Additional Information on Data Usage

    1. In certain situations, the Administrator has the right to transfer your personal data to other recipients if necessary for the performance of a contract concluded with you or to fulfill the Administrator’s obligations. This applies to groups of recipients such as:
    • Individuals authorized by us, employees, and collaborators who need access to personal data to perform their duties,
    • Hosting companies,
    • Companies handling email campaigns,
    • Companies handling SMS communications,
    • Companies cooperating with the Administrator in the area of internal marketing,
    • Couriers,
    • Insurers,
    • Law firms and debt collectors,
    • Banks,
    • Payment operators,
    • Public authorities.

    2. The legal basis for processing personal data by the Administrator is:
    a) Article 6(1)(a) GDPR: Consent for personal data processing, granted for purposes such as enabling subscription to the Newsletter or participation in a Webinar, or

    b) Article 6(1)(b) GDPR: The necessity of processing data to perform a contract to which you are a party or to take action at your request before entering into a contract. In this respect, providing personal data is essential to carry out these activities, or

    c) Article 6(1)(c) GDPR: The necessity of fulfilling legal obligations incumbent upon the Administrator, or

    d) Article 6(1)(f) GDPR: For analytical and statistical purposes within the Administrator’s legitimate interest, or

    e) Article 6(1)(f) GDPR: The legitimate interest of the Administrator in establishing, pursuing, or defending claims until their expiration or until the conclusion of relevant proceedings if initiated within that period, or

    f) Article 6(1)(f) GDPR: The legitimate interest of the Administrator related to monitoring and enforcing compliance with the terms of use of the Service and administering and managing the Service, or

    g) Article 6(1)(f) GDPR: The legitimate interest of the Administrator in conducting business activities, including direct marketing of products and services offered by the Administrator, sending commercial information, or other communication with the user, particularly paper or electronic correspondence aimed at establishing a business relationship.

    3. Your personal data will be processed by the Administrator no longer than is necessary to perform activities related to it, as specified by separate regulations (e.g., accounting laws). Concerning data processed for marketing purposes, the data will not be processed for more than three years unless specified otherwise in statements issued by the Administrator in connection with individual correspondence or specific services (this particularly applies to the information obligation referred to in Article 14 GDPR).

    4. Personal data processed based on your consent, where other legal bases do not apply—e.g., in providing the Newsletter service or participation in a Webinar—will not be processed for more than three years or until your consent is withdrawn, unless specified otherwise in statements issued by the Administrator in connection with individual correspondence or specific services (this particularly applies to the information obligation referred to in Article 13 GDPR).

    5. You have the right to request the Administrator:

    • Access to your personal data,
    • Rectification of your data,
    • Deletion of your data,
    • Restriction of processing,
    • And data portability.

    6. You have the right to object to the processing described in points 2.2(d)-(g) and 3.3 (second sentence) regarding the processing of personal data for legitimate interests pursued by the Administrator or a third party, including profiling, unless there are overriding legitimate grounds for the processing that outweigh your interests, rights, or freedoms. Such an overriding interest, as recognized by the Administrator, may include the establishment, pursuit, or defense of claims.

    7. You also have the right to complain with the supervisory authority responsible for data protection in your country of habitual residence, place of work, or place of the alleged infringement. In Poland, this authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

    8. Providing personal data is voluntary but necessary for operating the Service and providing electronic services.

    9. Automated decision-making, including profiling, may be applied to you to deliver services under the concluded agreement and for the Administrator’s direct marketing purposes.

    10. Personal data is not transferred to third countries within the meaning of data protection regulations. This means it is not sent outside the European Union.

    5. Information in Forms

    1. The service collects information provided voluntarily by the user, including personal data, if such data is supplied.
    2. The service may record information about connection parameters (e.g., timestamp, IP address).
    3. In certain cases, the service may save information that facilitates linking the data in the form to the email address of the user filling out the form. In such cases, the user’s email address may appear within the URL of the page containing the form.
    4. The data provided in the form is processed for the purpose determined by the specific form’s functionality, such as handling service requests, commercial inquiries, service registration, etc. Each time, the context and description of the form inform the user of its purpose.

     

    6. Operator Logs

    Information about user behavior on the Service may be logged. This data is used for the administration of the Service.

     

    7. Key Marketing Techniques

    The operator uses statistical analysis of website traffic through Google Analytics (Google Inc., based in the USA). The operator does not transfer personal data to the service provider, only anonymized information. This service relies on the use of cookies stored on the user’s device.

    Regarding user preference data collected by Google’s advertising network, users can view and modify information derived from cookies using the tool available at: https://www.google.com/ads/preferences/.

     

    8. Newsletter, Webinars, and Marketing Information

    1. The service offers users the opportunity to subscribe to the Newsletter, participate in Webinars, receive marketing information about products and services offered via electronic communication, and engage in marketing activities using telecommunications terminal devices and automated calling systems.
    2. Subscription to the Newsletter is voluntary, and users can unsubscribe at any time.
    3. To subscribe to the Newsletter or register for a Webinar, users must provide the following categories of personal data: email address, job title, company name, first and last name, phone number, and consent to their processing by the Administrator. Providing this data is necessary for the subscription to the Newsletter or registration for a Webinar.
    4. The above data is collected and processed exclusively for: Sending the Newsletter to the provided email address; Enabling participation in Webinars; Sending marketing information about products and services offered via electronic communication; Conducting marketing activities using telecommunications terminal devices and automated calling systems.
    5. Processing of personal data provided for the purpose of sending the Newsletter, Webinar participation, and marketing information is carried out solely based on the user’s voluntary consent. This consent can be withdrawn at any time.
    6. The Administrator may segment databases containing your personal data. This means the information collected (e.g., postal code and declared interests) may be used to tailor communication to your needs. However, your data will not be used for automated decision-making, including profiling, that could affect your legal situation (i.e., no algorithms are used to make decisions impacting your individual rights).
    7. Personal data indicated in Section 3 is processed based on Article 6(1)(a) of the GDPR, i.e., consent to the processing of personal data for specified purposes, such as the implementation of actions necessary for sending the Newsletter by the Administrator (more in the Newsletter Terms and Conditions), or for participation in the Webinar, sending marketing information about products and services offered through electronic communication means, as well as conducting marketing activities using telecommunication terminal devices and automated calling systems. The Newsletter is sent solely based on your voluntary consent. You can withdraw your consent at any time.

    9. Information About Cookies

    1. The Service uses cookies. 
    2. Cookies (“cookies”) are IT data, specifically text files, stored on the user’s end device and intended for use on the Service’s websites. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.
    3. The entity placing cookies on the user’s device and accessing them is the Service operator.
    4. Cookies are used for the following purposes:
    • Maintaining the session of a Service user (after logging in), so the user does not need to re-enter their login and password on each subpage.
    • Carrying out the purposes specified in the section titled “Key Marketing Techniques”.

    5. The Service uses two main types of cookies: “session cookies” and “persistent cookies”: Session cookies are temporary files stored on the user’s end device until they log out, leave the website, or close the browser. Persistent cookies are stored on the user’s end device for a duration specified in the cookie parameters or until the user deletes them.

    6. Web browsing software (a web browser) typically allows cookies to be stored on the user’s end device by default. Service users can modify these settings. The web browser also enables the deletion of cookies or automatic blocking of cookies. Detailed information on this can be found in the help section or documentation of the browser.

    7. Restrictions on the use of cookies may affect certain functionalities available on the Service’s websites.

    8. Cookies placed on the user’s end device may also be used by entities cooperating with the Service operator, particularly companies such as: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), Twitter (Twitter Inc., based in the USA).

    9. Detailed information about cookies used by the operator is provided in a dialog box managed by the CookieYes application, displayed during each visit to the Service. This application allows users to change cookie settings independently of the browser functionalities mentioned in point 6.

     

    10. Managing Cookies – How to Express and Withdraw Consent in Practice

    If a user does not wish to receive cookies, they can change their browser settings. Please note that disabling cookies essential for authentication, security, or maintaining user preferences may hinder or, in extreme cases, prevent the use of the Service.

    To manage cookie settings, select the web browser you are using from the list below and follow the instructions:

    Desktop Browsers:

    • Edge
    • Internet Explorer
    • Chrome
    • Safari
    • Firefox
    • Opera

    Mobile Devices:

    • Android
    • Safari (iOS)
    • Windows Phone

    Additionally, cookie settings can be changed at any time using the CookieYes application, as mentioned in section 9.9. By clicking the icon located in the lower-left corner of the screen, the Service user can access a dialog box providing information about cookie usage and change their settings.

       

      11. Privacy Policy Changes

      Any changes to the Privacy Policy will be published on the website and will take effect from the date of publication, without retroactive application.

      Version effective as of November 18, 2024.

      The original version of the document: https://arenaadvisory.com/polityka-prywatnosci/