Dear Visitors and Partners,
At the Museum, we place great importance on protecting your privacy. The personal data you entrust to us is essential for the Museum’s operations, including enabling you to visit the exhibitions prepared for you. Aware of this responsibility, we exercise the highest level of care to ensure full confidentiality and security of all processed personal data.
1. Who is the Controller of your personal data?
The Controller of your personal data is the State Museum of Ethnography in Warsaw, ul. Kredytowa 1, 00-056 Warsaw (hereinafter: the “Museum”). As the Controller, we bear full responsibility — in accordance with the applicable regulations — for the protection and secure processing of the data you provide.
2. Who can you contact regarding personal data protection – the Data Protection Officer?
If you have questions regarding the processing of personal data, you may contact our Data Protection Officer, Ms Bożena Porębska, by e-mail at iod@ethnomuseum.pl or by telephone on 696003157. You may also send a letter to the Museum’s registered address listed in point 1.
3. For what purpose and to what extent do we process your personal data?
The Museum processes your personal data to enable you to visit our museum collections as part of the exhibitions we organise.
The Museum primarily processes data on Visitors, allowing you to purchase admission tickets for exhibitions presented at the Museum, including virtual exhibitions available online. This includes data that allows us to identify you, such as:
• surname and forename(s),
• home address,
• ID document series and number,
• country of origin,
• authority issuing the ID document,
• telephone number,
• e-mail address.
We process data of Artists and other contributors whose involvement makes it possible for you to enjoy our collections or access publications issued by the Museum in a very similar scope. For Service Providers, we also process basic identification data as required by tax legislation and accounting regulations.
4. On what legal basis do we process personal data?
The Museum processes your personal data based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), as well as relevant national legislation.
All personal data is processed with your consent, which you provide when deciding to use the Museum’s cultural offer. This consent is entirely voluntary; however, without it, you will not be able to use online services.
You may withdraw your consent at any time. This does not apply to data whose storage is required by the Museum for the purpose of pursuing claims or fulfilling other legal obligations related to the Museum’s activities.
5. For how long do we process your personal data?
Visitors’ personal data is processed until the moment of using our services. Afterwards, it remains stored in the history of online activities. We process the data of our Partners for the duration of the contract and, after its expiry or termination, for an additional five years, counted from the beginning of the year following the financial year, in accordance with tax regulations and accounting law.
To ensure the ability to pursue claims related to the services provided, we process personal data for the limitation period specified by law, in particular the Civil Code.
6. What rights do you have in relation to the processing of your personal data?
For the entire period of data processing, you have the right to access your personal data. You may request its modification or correction at any time. You may also request the deletion or restriction of the processing of your data. However, such requests can only be fulfilled if and to the extent permitted by the purposes for which the data is processed.
7. Right to lodge a complaint with a supervisory authority
If, for justified reasons, you believe that the Museum’s processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office, ul. Stawki 2, 00-913 Warsaw.
8. What are the consequences of not providing personal data?
Failure to provide data will prevent Visitors from purchasing a ticket or using the Museum’s online services.
Artists, Service Providers, and other Partners are required to provide the data necessary for the performance of cooperation agreements. Failure to do so will prevent the conclusion of a contract and the performance of its subject matter.
9. Will personal data be transferred to other entities (recipients or processors)?
During the data-processing period, the Museum may transfer personal data to state institutions and authorities that are legally entitled to receive it under separate regulations.
The Museum will not transfer your personal data to other entities.
The Museum may transfer personal data to other parties only at your request and with your explicit consent.
The Museum will not transfer personal data outside the European Union or to individuals or organisations based outside this area.
