I. General Provisions

1. This Privacy Policy defines how the personal data of Users necessary to provide electronic services through the website www.muzeum-stargard.pl (hereinafter referred to as the "Service") are collected, processed, and stored.

2. The Service collects only the personal data necessary to provide and develop the services offered within it.

3. Personal data collected through the Service is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR"), and the Polish Data Protection Act of 10 May 2018.

II. Data Controller

The data controller of personal data collected through the Service is the Archaeological and Historical Museum located at Rynek Staromiejski 2-4, Stargard (postal code: 73-110), phone: +48 91 577 25 56, email: info@muzeum-stargard.pl (hereinafter referred to as the "Controller").

III. Purpose of Collecting Personal Data

Personal data collected through the contact form on our website is processed for the following purposes:
- To enable communication with website users and respond to their inquiries, requests for information, or applications.
- To ensure an appropriate level of customer service and technical support.
- The scope of personal data collected through the contact form includes: name, surname, email address, phone number, and any other data voluntarily provided by the user in the message content.
- The legal basis for processing personal data is the user's consent given while completing the contact form (Article 6(1)(a) of the GDPR) or the legitimate interest of the data controller in responding to user inquiries (Article 6(1)(f) of the GDPR).
- Personal data will be stored for the period necessary to respond to the inquiry and for the period required by law.
- Personal data may be shared with third parties, such as IT service providers, solely for the purpose of fulfilling the above objectives and in compliance with applicable law.
- Users have the right to access their personal data, correct it, delete it, restrict processing, transfer data, and object to data processing.

We make every effort to protect users' personal data from unauthorized access, disclosure, alteration, or destruction by implementing appropriate technical and organizational measures.

IV. Types of Personal Data Processed

The Controller may process the following personal data of Users: name, surname, email address, phone number.

V. Period of Personal Data Processing

Users' personal data will be processed for the following periods:
- When the legal basis for processing data is contract performance – until the claims arising from the contract become time-barred.
- When the legal basis for processing data is consent – until its withdrawal, and after withdrawal, until the claims become time-barred.

In both cases, the limitation period is 6 years, and for periodic claims and claims related to conducting business activities – 3 years (unless a specific provision states otherwise).

VI. Sharing Personal Data

1. Users' personal data may be transferred to entities associated with the Controller, its subcontractors, and entities cooperating with the Controller, e.g., companies handling e-payments, courier/postal service providers, and law firms.

2. Users' personal data will not/will be transferred outside the European Economic Area (EEA).

VII. Users' Rights

1. The User of the Service has the right to access their personal data, rectify it, delete it, restrict processing, transfer data, object to data processing, and withdraw consent at any time (which does not affect the lawfulness of processing based on consent before its withdrawal).

2. Requests regarding the exercise of rights should be sent to the following email address: info@muzeum-stargard.pl

3. The Controller shall comply with or refuse the request without undue delay, within a maximum of one month from its receipt.

4. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that their rights and freedoms are violated (GDPR).

VIII. Cookies

1. Our website uses cookies to improve service quality and analyze website traffic. Below is a detailed list of cookies used by Google Analytics:

_ga: - used to distinguish users. Default expiration time is 2 years.

_gid: - used to distinguish users. Default expiration time is 24 hours.

_gat: - used to limit the number of requests. Default expiration time is 1 minute.

2. The User can manage cookies through their browser settings. The User can also consent to or refuse the use of cookies via browser settings.

3. How to manage cookies:

Most web browsers allow control of cookies via browser settings. You can set your browser to block cookies or notify you when cookies are being sent. However, disabling cookies may affect the functionality of our website.

To learn more about managing cookies, visit the help section of your web browser.

IX. Automated Decision-Making and Profiling

1. Users' data cannot be processed in an automated manner that would result in decisions affecting them.

2. Users' data may be profiled for content personalization and offer customization after they have provided their consent.

X. Final Provisions

1. The Controller reserves the right to amend this Privacy Policy, but users' rights will not be restricted.

2. Information about changes will appear as a notification available on the Service.

3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and Polish law shall apply.

Data Protection Officer: Damian Szmit: iod@data.pl