CART

No products in the cart.

§ 1 GENERAL PROVISIONS

1. This Privacy Policy, hereinafter referred to as the "Policy", sets out the rules for the processing of personal data of Users of the website www.trump2025.pl , hereinafter referred to as the "Website", operated by Telewizja Republika SA, based in Warsaw, ul. Pawia 55, 01-030 Warszawa, entered into the KRS register under the number 0000446368, REGON: 146432210, NIP: 1080014156, hereinafter referred to as the "Administrator".

2. The administrator processes personal data in accordance with applicable law, including:
a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
b) Act of 10 May 2018 on protection of personal data,
c) Act of July 18, 2002 on the provision of electronic services,
d) Act of July 16 2004. Telecommunications Law.

3. Using the Website constitutes acceptance of the principles set out in this Policy.

4. The Administrator makes every effort to ensure that the processing of personal data is carried out in accordance with the principles of legality, reliability, transparency and security.

§ 2 RULES FOR THE PROCESSING OF PERSONAL DATA

1. Purposes of personal data processing
The Administrator processes Users' personal data in a manner consistent with the provisions of law and in accordance with the highest data protection standards, for the following purposes:

a) Performance of contracts and provision of services

o The data is processed in order to perform contracts concluded with Users, in particular to enable registration for events, process payments, fulfill orders and ensure efficient participation of Users in events organized by the Administrator.

b) Fulfillment of legal obligations

o The administrator processes data to the extent required by law, including tax, accounting and business regulations, e.g. for the purpose of:

▪ keeping accounting and tax documentation,

▪ preparing tax returns and other required reports,

▪ fulfilling reporting obligations towards public authorities.

c) Ensuring safety

o Data is processed to protect the Website, its technical infrastructure and Users against unauthorized activities, including:

▪ detecting and preventing abuse,

▪ monitoring the security of IT infrastructure,

▪ preventing threats related to cyberattacks and unauthorized access.

d) Marketing and promotion

o Data processing for marketing purposes takes place only with the consent of Users, in particular in the scope of:

▪ sending promotional materials, including newsletters,

▪ sending information about products, services and organized events,

▪ implementing advertising campaigns using marketing tools.

e) Analyzes and optimization

o The data is used to analyze the functioning of the Website and its optimization, including:

▪ statistical analysis of User behavior patterns,

▪ using analytical tools (e.g. Cloudflare) to improve the quality of services,

▪ monitoring and improving business processes based on analytical data.

2. Scope of processed personal data
The Administrator processes Users' personal data in accordance with the principle of minimization, processing only data necessary to achieve the purposes specified above:

a) Identification data

o Name, surname, or other data enabling unambiguous identification of the User, if required for the purposes of processing.

b) Contact details

o E-mail address, telephone number and, in justified cases, correspondence or residential address, depending on the type of services provided.

c) Financial data

o Information necessary to process payments, including bank account number, transaction details and possible details of payment methods.

d) Technical data

o Data regarding the use of the Website, such as:

▪ IP address,

▪ data about the device and the web browser used,

▪ information about the User's activity on the Website, including system logs and data obtained using cookies or other similar technologies.

e) Image

o Data related to the User's image, if you consent to its recording, e.g. during events organized by the Administrator, for archival, promotional or documentation purposes.

3. Legal basis for the processing of personal data
The Administrator processes Users' personal data on the basis of applicable legal provisions, in particular in accordance with:

about art. 6 section 1 letter a GDPR - to the extent that the User has consented to the processing of his data, e.g. for marketing purposes,

about art. 6 section 1 letter b GDPR - if data processing is necessary to perform a contract or take pre-contractual steps,

about art. 6 section 1 letter c GDPR - to the extent that data processing is required by law,

about art. 6 section 1 letter f GDPR - if processing is necessary to implement the legitimate interests of the Administrator, such as ensuring the security of the Website, data analysis or defense against claims.

4. Duration of data storage
Personal data is stored for the period necessary to achieve the purposes of processing, in particular:

o in the case of data processing based on a contract - for the duration of the contract and the limitation period for claims arising from this contract,

o in the case of data processing based on a legal obligation - for the period required by law,

o in the case of data processing based on consent - until the User withdraws consent,

o in the case of data processing based on the legitimate interest of the Administrator - until an effective objection is raised or this interest ceases.

5. Principles of personal data protection
The Administrator ensures appropriate technical and organizational measures to ensure that the processing of personal data is consistent with the GDPR and ensures their confidentiality, integrity and availability. In particular, the Administrator takes action in the following areas:

about encryption of sensitive data,

o regular review of security policies,

about staff training,

on minimizing the scope of processed data and limiting access to data only to authorized persons.

§ 3 SHARING PERSONAL DATA

1. Scope and principles of sharing personal data
The Administrator may disclose Users' personal data only to the extent necessary to achieve specific processing purposes, in accordance with legal provisions, including the GDPR. All data transfer takes place in a way that protects the rights and freedoms of Users and in accordance with the principle of minimization. Data may be shared with the following categories of recipients:

a) Payment service providers

o Users' personal data are made available to payment service providers, such as Stripe, Inc., in order to process payments for services provided by the Administrator or for participation in events. The data transferred only includes information necessary to complete financial transactions, such as contact details, transaction amounts and bank account details.

b) Technical entities operating the Website

o The Administrator cooperates with technical service providers, including Cloudflare, Inc., to ensure the security of the Website, improve its performance and protect against cyber threats. The data transferred to these entities includes technical information, such as IP addresses, server logs, browser data and other information necessary to provide services.

c) Organizational partners

o In the case of organizing events, personal data may be transferred to entities supporting the implementation of these events, such as technical partners, facility operators, logistics companies or marketing agencies. Data is transferred only to the extent necessary to organize and service the event, including registration of participants, participation and implementation of promotional activities, if the User has consented to their processing for marketing purposes.

d) Public bodies

o Personal data may be disclosed to public authorities, such as courts, law enforcement agencies, state administration bodies, only to the extent resulting from applicable law. The data is transferred in particular to fulfill the Administrator's legal obligations, such as maintaining accounting records, reporting suspected crimes or implementing court orders.

2. Transfer of data outside the European Economic Area (EEA)
a) Rules for transferring data to third countries

o Personal data may be transferred outside the European Economic Area (EEA) only to entities providing appropriate security in accordance with the provisions of the GDPR, in particular on the basis of:

The European Commission's decision to recognize a given country as ensuring an adequate level of personal data protection,

Standard Contractual Clauses (SCC) that ensure an adequate level of data protection in accordance with Art. 46 GDPR,

Binding Corporate Rules (BCR) , approved in accordance with Art. 47 GDPR,

▪ Exceptions specified in Art. 49 GDPR, such as the User's express consent to such data transfer.

b) Examples of data transfers outside the EEA

o Collaboration with entities such as Stripe, Inc. or Cloudflare, Inc. may involve the transfer of personal data to the United States (USA). In such cases, the Administrator uses standard contractual clauses approved by the European Commission or other data protection measures required by the GDPR to ensure an appropriate level of personal data security.

3. Obligations of data recipients
The Administrator requires all data recipients, both within and outside the EEA, to apply appropriate technical and organizational measures to protect the personal data transferred and to comply with the provisions of the GDPR. The Administrator ensures that data is transferred only on the basis of concluded data processing agreements (in accordance with Article 28 of the GDPR), which regulate in detail the scope, purposes and principles of data processing.

4. Sharing data based on consent
If the disclosure of personal data is not required under the law, contract or legitimate interests of the Administrator, it takes place only on the basis of the User's explicit consent. The User has the right to withdraw such consent at any time, without affecting the lawfulness of processing that took place before the withdrawal of consent.

5. Prohibition on further sharing of data
All entities to which Users' personal data are made available are obliged to use them only for the purposes for which they were provided. The Administrator ensures that no personal data is made available to third parties for marketing purposes without the User's express consent.

6. Monitoring and reporting of data transfers
The Administrator maintains documentation regarding all cases of transfer of personal data, including transfers to third countries, in accordance with the requirements of Art. 30 GDPR. This documentation includes information about the purpose of transfer, recipients of data and the security measures used, which ensures transparency of data processing processes and enables verification of compliance of activities with legal provisions.

§ 4 USE OF CLOUDFLARE

1. Scope of cooperation with Cloudflare, Inc.
The Website uses services provided by Cloudflare, Inc., based at 101 Townsend St., San Francisco, CA 94107, USA (hereinafter: "Cloudflare"), in order to ensure optimal functioning and security of the Website. Cloudflare acts as a data processor on behalf of the Administrator, in accordance with the requirements of the GDPR, on the basis of appropriate data processing agreements.

2. Purposes of data processing by Cloudflare
Cloudflare processes Users' personal data for the following purposes:
a) Protection of the Website against cyber threats

o Identifying and blocking potentially malicious network traffic, such as DDoS attacks, hacking attempts or other activities that may disrupt the functioning of the Website.
b) Ensuring fast and safe loading of websites

o Using a global content delivery network (CDN) to improve page load times, reduce latency and ensure uninterrupted access to the Website, even in the event of increased traffic.
c) Collection of analytical and diagnostic data

o Processing technical data, such as IP addresses, browser and device information, server logs and website traffic patterns, in order to monitor and optimize the operation of the Website and detect anomalies.

3. Scope of data processed by Cloudflare
As part of the provision of services, Cloudflare may process the following categories of data:
a) IP addresses of users visiting the Website;
b) Technical details regarding the browsers and operating systems used;
c) Data about activity on the Website, including access logs, visit times and browsing patterns;
d) Network traffic data such as HTTP headers, URLs, server response statuses.

4. Legal basis for data processing by Cloudflare
The use of Cloudflare services and the processing of personal data takes place on the following legal basis:
a) Art. 6 para. 1 letter f GDPR - the Administrator's legitimate interest in ensuring the security, reliability and optimization of the functioning of the Website;
b) Article 6(1) 1 letter a GDPR - the User's consent, if required, e.g. in the context of analyzing and reporting website traffic using advanced Cloudflare functions.

5. Transferring data outside the European Economic Area (EEA)
As part of cooperation with Cloudflare, Users' data may be transferred outside the European Economic Area, in particular to the United States, where Cloudflare servers are located. In order to ensure an adequate level of data protection, the Administrator has concluded agreements with Cloudflare based on standard contractual clauses (SCC) , approved by the European Commission, in accordance with Art. 46 GDPR.

6. Data protection measures used by Cloudflare
Cloudflare implements advanced technical and organizational measures to protect Users' data, including:
a) Data encryption during transmission (SSL/TLS);
b) Data segmentation to limit access only to authorized entities;
c) Traffic monitoring and automatic detection of anomalies in real time;
d) Certification of compliance with international data protection standards such as ISO 27001.

7. Access to detailed information
Users can obtain detailed information about Cloudflare's data protection principles and methods of processing personal data in the Cloudflare Privacy Policy, available at: https://www.cloudflare.com/privacypolicy/ .

8. User Rights
Users have the right to:
a) Information about the processing of their data by Cloudflare;
b) Objection to data processing based on legitimate interest;
c) Withdrawal of consent to data processing, if it was the legal basis for processing;
d) Requests to delete, limit processing or transfer data in accordance with the provisions of the GDPR.

9. Contact regarding data protection
In case of questions regarding data processing by Cloudflare, Users may contact the Administrator directly via the contact details provided in this Privacy Policy or with Cloudflare using the information available on their website.

§ 5 COOKIES POLICY

1. Use of cookies
The website uses cookies, which are small text files saved on the User's end device in order to:
a) Ensure the proper operation of the website

o Guaranteeing the correct functioning of the technical functions and basic services of the Website, such as navigation and optimal display of content.
b) Personalization of content and User experience

o Adjusting the content of the Website to the User's individual preferences (e.g. language selection, page appearance settings).
c) Analysis of traffic and behavior of Users on the Website

o Collecting anonymous statistical data regarding the use of the Website, such as the number of visits, traffic sources or navigation method, in order to improve functionality.

2. Types of cookies used
a) Necessary

o Cookies enabling the use of basic functions of the Website, such as navigation and operational security. They are required for the proper functioning of the Website and cannot be disabled.
b) Functional

o Cookies that remember the User's preferences (e.g. language settings, selected regions), which allows for improving the comfort of using the Website.
c) Analytical

o Cookies used to collect data on how the Website is used, such as pages visited, time spent on the website and traffic sources. This data is used only for statistical purposes and is used to improve the functionality and content of the Website.

3. Cookie storage period
a) Session cookies

o Stored on the User's device until the end of the browser session and deleted after closing it.
b) Persistent cookies

o They remain saved on the User's device for a specified period of time or until they are manually deleted by the User.

4. Management of cookies by the User
The User has the right to manage cookies in accordance with his/her own preferences, including deleting or blocking them. This can be done via your web browser settings. Detailed instructions for the most popular browsers are below:

about Google Chrome:  https://support.google.com/chrome/answer/95647?hl=pl

about Mozilla Firefox:  https://support.mozilla.org/pl/kb/ciasteczka

about Safari:  https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
The user should remember that limiting the use of cookies may affect the functionality of the Website, including access to some of its parts and services.

5. Third-party cookies
The Website may use cookies provided by third parties, such as:
a) Google Analytics - to analyze the traffic and behavior of Users on the Website, in accordance with the Google Privacy Policy: https://policies.google.com/ privacy
b) Cloudflare - to protect the Website against cyber threats and accelerate its operation, in accordance with the Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

6. Legal basis for processing data from cookies
a) In the case of necessary cookies - processing is based on the legitimate interest of the Administrator, in accordance with Art. 6 section 1 letter f GDPR.
b) In the case of other cookies (functional, analytical) - processing takes place only with the User's consent, in accordance with Art. 6 section 1 letter a GDPR.

7. Contact regarding cookies
In case of questions regarding the cookies policy, Users may contact the Administrator via the contact details provided in the Privacy Policy.

§ 6 DATA STORAGE PERIOD

1. General principles regarding the storage of personal data.
The Administrator undertakes to store Users' personal data only for the period necessary to achieve the purposes of processing, in accordance with applicable law, contracts concluded with Users and data protection guidelines. Storage periods are determined in a way that allows for minimization of data processing and compliance with the principles of personal data protection resulting from the GDPR.

2. Storage periods depending on the purpose of data processing
a) Data processed for the purpose of performing a contract or providing services

o They are stored for the duration of the contract or provision of services and for the period necessary to fulfill the obligations arising from this contract, including possible claims related to its performance (in accordance with Article 6(1)(b) of the GDPR).
b) Data processed to fulfill legal obligations

o The data is stored for the period required by law, in particular in the scope of accounting, tax or archiving documentation. For example, accounting documentation is kept for a period of 5 years, counted from the end of the tax year in which the tax obligation arose (in accordance with Article 6(1)(c) of the GDPR).
c) Data processed based on the User's consent

o They are stored until the User withdraws consent, unless the purpose for which the consent was granted ceases earlier (in accordance with Article 6(1)(a) of the GDPR). Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
d) Data processed on the basis of the legitimate interest of the Administrator

o They are stored for the period necessary to pursue this interest, in particular until the limitation period for any claims arising from the provisions of civil law (in accordance with Article 6(1)(f) of the GDPR).

3. Storage periods resulting from specific regulations
a) Accounting, tax and commercial documents - are stored for periods resulting from applicable regulations, such as the Accounting Act and tax regulations (e.g. 5-year period for storing tax documentation).
b) Documents related to legal claims - kept for the limitation period for claims, which may range from 3 to 10 years, depending on the nature of the claim.

4. Deleting data after the expiry of the storage period
After the periods indicated above, personal data are permanently deleted, unless their further storage is required to fulfill legal obligations, protect the Administrator's interests or based on the User's separate consent. Data is deleted in a way that prevents their reconstruction and unauthorized access.

5. Monitoring compliance with retention periods
The Administrator implements appropriate procedures and control mechanisms to monitor and ensure compliance with data retention periods. Regular data reviews allow you to eliminate unnecessary information and minimize the risk of non-compliance with personal data protection regulations.

6. User's rights regarding data storage
The User has the right to obtain information about the storage period of his personal data or the criteria used to determine it. In case of questions regarding data storage, Users may contact the Administrator in the manner indicated in § 1 of the Privacy Policy.

§ 7 USER RIGHTS

1. Scope of rights
Users whose personal data are processed by the Administrator have the following rights in accordance with the provisions of the GDPR:
a) The right to access personal data

o The User has the right to obtain confirmation whether his or her personal data is being processed and, if so, access to this data and detailed information regarding, among others: purposes of processing, categories of data processed, data recipients and storage period.
b) The right to rectify personal data

o The User has the right to request the immediate rectification of incorrect personal data, as well as the completion of incomplete data, including by submitting an additional statement.
c) The right to delete personal data (“right to be forgotten”)

o The User has the right to request the deletion of his or her personal data if:

▪ the data is no longer necessary to achieve the purposes for which it was collected,

▪ The user has withdrawn the consent on the basis of which the data was processed and there is no other legal basis for processing,

▪ The user has objected to the processing,

▪ the data was processed illegally,

▪ the obligation to remove results from legal provisions.
d) The right to limit the processing of personal data

o The User may request the restriction of the processing of their data in situations where:

▪ questions the accuracy of personal data - for a period enabling the Administrator to verify their correctness,

▪ the processing is unlawful, but the User objects to the deletion of the data and instead requests the restriction of their use,

▪ The Administrator no longer needs personal data to achieve its purposes, but the User needs them to establish, pursue or defend claims,

▪ The User has objected to the processing - until it is determined whether the Administrator's legitimate interests take precedence over the User's interests.
e) The right to transfer personal data

o The User has the right to receive his or her personal data provided to the Administrator in a structured, commonly used, machine-readable format. The User also has the right to send this data to another administrator without any hindrance from the current Administrator, if technically possible.
f) The right to withdraw consent to the processing of personal data

o The User may withdraw consent to the processing of his or her personal data at any time if the processing was based on such consent. Withdrawal of consent does not affect the legality of processing carried out before its withdrawal.
g) The right to lodge a complaint with the supervisory authority

o The User has the right to submit a complaint to the President of the Personal Data Protection Office (PUODO) if he/she believes that the processing of his/her personal data violates the provisions on the protection of personal data.

2. Procedure for exercising Users' rights
a) In order to exercise their rights, the User may contact the Administrator via a dedicated e-mail address: [email protected] or send a written notification to the address of the Administrator's registered office.
b) The Administrator reserves the right to verify the User's identity before implementing the submitted request, in order to ensure the security of personal data.
c) The Administrator undertakes to consider the application and respond within no more than 30 days from the date of receipt of the application, in accordance with Art. 12 section 3 GDPR. In justified cases, this deadline may be extended by another 60 days, about which the User will be informed along with the reasons for the delay.
d) If the User's request is rejected, the Administrator will inform him or her about the reasons for such a decision and about the possibility of filing a complaint with the Personal Data Protection Office or taking legal action.

3. Limitations on the exercise of Users' rights
Some Users' rights may be subject to limitations resulting from legal provisions. For example, the right to delete data will not apply if processing is necessary:
​​a) to fulfill a legal obligation requiring processing under EU or national law,
b) to establish, pursue or defend claims.

4. Security and confidentiality in the exercise of rights
The Administrator implements appropriate technical and organizational measures to ensure the safe exercise of Users' rights, in particular protection against unauthorized access, loss of data or unlawful processing.

§ 8 DATA SECURITY

1. Technical and organizational measures used by the Administrator
The Administrator takes all necessary steps to ensure the highest level of security of Users' personal data, in particular:
a) Data encryption - Data sent via the Website is protected by the use of encryption technology (SSL/TLS), which ensures confidentiality and integrity of transmitted information.
b) Access limitation - Access to personal data is limited only to authorized persons who have been properly trained in data protection and have the necessary authorizations.
c) Regular audits and security tests - The Administrator conducts regular audits and security tests, including penetration tests, to identify and eliminate potential vulnerabilities in the system.
d) Infrastructure security - The website and personal data are stored on servers that meet high security standards, including system redundancy, protection against physical access and cyber attacks.
e) Backups – Data is regularly archived and stored in backup copies, which allows for quick recovery in the event of system failures or security incidents.
f) Monitoring and responding to incidents – the Administrator uses real-time monitoring tools to detect and counteract potential threats, such as DDoS attacks, unauthorized access attempts or malware.

2. Principles of responding to data protection breaches
In the event of an incident related to a personal data protection breach, the Administrator acts in accordance with legal requirements and internal security procedures:
a) Incident assessment - the Administrator immediately analyzes the breach in order to determine its nature, scope and potential impact on the rights and freedoms of Users.
b) Notification to supervisory authorities - In a situation where a data protection breach may result in a high risk to the rights and freedoms of natural persons, the Administrator reports the incident to the competent supervisory authority (President of the Personal Data Protection Office) within 72 hours from its detection, in accordance with Art. . 33 GDPR.
c) Notification to Users - If the breach may have a negative impact on Users (e.g. breach of data confidentiality, data theft), the Administrator shall immediately inform the data subjects about the incident, indicating:

about the type of violation,

about the potential consequences of a violation,

about the remedial measures taken,

o recommendations for Users aimed at limiting the potential effects of the incident (e.g. changing passwords, being careful about phishing attempts).
d) Corrective actions - the Administrator takes all possible steps to limit the effects of the incident and implement additional security measures to prevent similar events in the future.

3. Confidentiality rules
All personal data processed by the Administrator are treated as confidential and subject to special security. Access to the data is available only to persons whose professional duties require the processing of this data and who are obliged to keep it confidential under appropriate contracts and internal regulations.

4. Cooperation with external service providers
The Administrator cooperates only with entities that ensure compliance with the requirements of the GDPR and apply appropriate technical and organizational measures to protect data. All such entities operate on the basis of contracts concluded with the Administrator to entrust the processing of personal data.

5. Education and training of staff
The Administrator provides regular training in the field of personal data protection and information security for persons having access to data, in order to increase their awareness and competences in the area of ​​counteracting threats related to data protection.

6. Increasing security standards
The Administrator regularly verifies and updates the procedures and security measures used in response to changing threats and technology development, in order to ensure the highest level of protection of Users' data.

§ 9 FINAL PROVISIONS

1. The right to modify the Policy
The Administrator reserves the right to make changes to the content of this Privacy Policy in the event of:
a) entry into force of new legal provisions or changes in applicable regulations that affect the scope of personal data processing,
b) development of technology, including introduction of new tools or technical solutions used on the Website, which may affect the method of data processing,
c) changes in the scope of the Website's operations, including the addition of new functionalities or modifications to existing ones, which require adapting the principles of data processing.

2. Publication and validity of changes
a) The amended Privacy Policy will be published in a way that ensures its availability to all Users on the Website.
b) The changes come into force on the day of their publication on the Website, unless a different date is clearly indicated in the content of the amended Policy.
c) Users are encouraged to review the Privacy Policy regularly to become aware of any changes.

3. Inquiries and contact with the Administrator
Any questions, doubts or comments regarding the content of this Privacy Policy, the principles of personal data processing or the exercise of Users' rights can be directed to the Administrator:
a) E-mail address : [email protected] ,
b) Inquiry handling hours : from Monday to Friday, from 9:00 a.m. to 5:00 p.m.,
c) Response time : The Administrator undertakes to respond to inquiries as quickly as possible, no longer than 14 days from the date of receipt.

4. Final provisions
a) If any provision of this Policy is deemed invalid or ineffective by a decision of a competent authority, the remaining provisions shall remain in force.
b) This Privacy Policy is subject to the law applicable in the territory of the Republic of Poland.