Privacy policy

DEFINITIONS

Cotroller / PEJ – Polskie Elektrownie Jądrowe sp. z o.o., with its registered office in Warsaw, Al. Jerozolimskie 132/136, 02-305 Warsaw, entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000347416, Tax Identification Number (NIP): 701-021-82-99. Personal data – information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including a device IP, location data, Internet identifier and information collected through cookies and other similar technology. Policy – Privacy Policy. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Website – Website operated by the Controller at […]. User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

DATA PROCESSING IN RELATION TO THE USE OF THE WEBSITE

In connection with the use of the Website by the User, PEJ collects data to the extent necessary to provide the particular services offered, as well as information about the User’s activity on the Website. The detailed rules and purposes of processing Personal Data collected during the use of the Website are described below.

PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE

Personal data of all persons using the Website (including the IP address or other identifiers and information collected through cookies or similar technologies) who are not registered Users (i.e. persons who do not have a profile on the Website), are processed by the Controller:

to provide services electronically within the scope of giving the Users access to the Website contents – then the legal basis is the necessity of processing for the performance of the contract (Article (6) (1)(b) of the GDPR);
for statistical purposes – then the legal basis for processing is the Controller’s legitimate interest (Article (6)(1)(f) of the GDPR) consisting of determining the User’s preferences in order to improve the functionalities used and services provided;
to possibly establish, pursue or defend against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), which is the protection of its rights;
for the Controller’s marketing purposes – by presenting content showcasing the Controller’s activities – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR); the legitimate interest consists in promoting its own brand.

The User’s activities on the Website, as well as his or her personal data, are registered in system logs (specific computer program used for storing chronological records with information on events and actions regarding the IT system used to provide services by the Controller). Information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes the information for technical and administrative purposes, for ensuring security of the IT system and for its management, as well as for analytical and statistical purposes – in this scope, the legal basis is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR). CONTACT FORM The Controller provides the possibility to contact him/her using an electronic contact form. The use of the form requires the User to provide Personal data necessary to contact the User and respond to the enquiry. The User may also provide other data in order to facilitate the contact or handling of the enquiry. The provision of data marked as mandatory is required in order to receive and handle the enquiry, and failure to provide such data will result in the impossibility of service. The provision of other data is voluntary. Personal data is processed:

for the identification of the sender and the handling of his/her enquiry sent via the form provided – the legal basis of the processing is the necessity of the processing for the performance of the service contract (Article 6 (1) (b) GDPR); as regards the data provided optionally, the legal basis of the processing is consent (Article 6 (1) (a) GDPR);
for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) (f) GDPR), consisting of keeping statistics on enquiries submitted by Users via the Website in order to improve its functionality.

SOCIAL MEDIA

The Controller processes personal data of Users visiting the Controller’s profiles on social media (LinkedIn, Twitter, Youtube). The data is processed exclusively in connection with running the profile, as well as to inform Users about the Controller’s activities and promoting various events, services and products. The legal basis of data processing by the Controller for this purpose is its legitimate interest (Article 6 (1) (f) of the GDPR), which consists in promoting its own brand.

COOKIES AND SIMILAR TECHNOLOGY

Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information which facilitate the use of the webpage – e.g. by remembering the User’s visits to the Website, and the actions performed. ESSENTIAL (STRICTLY NECESSARY) The Controller uses the so-called web cookies primarily to provide the User with services carried out electronically and to improve the quality of these services. Accordingly, the Controller uses cookie files, storing information or accessing information already stored in the User’s telecommunications terminal device (computer, phone, tablet, etc.). “STATISTICAL” COOKIES

The Controller also uses cookies for statistical purposes. Statistical cookies help to collect data to gain knowledge of how a user uses the website. This data helps to improve the content of the services and to create better features to enhance the user experience on the Website.

SOCIAL MEDIA NETWORK PLUG-INS The Website uses social media plug-ins (LinkedIn, X, YouTube i Bluesky). Plug-ins allow the User to share content published on the Website with the social network of choice. The use of plug-ins on the Website causes the respective social network to receive information about the User’s use of the Website and may assign it to the User’s profile created on the given social network. The Controller has no knowledge of the purpose and scope of data collection by social media. For detailed information, visit:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
X: https://x.com/en/privacy
YouTube: https://policies.google.com/privacy
Bluesky: https://bsky.social/about/support/privacy-policy

COOKIE SETTINGS MANAGEMENT The use of cookies for collecting data, including gaining access to the data stored on the User’s device, requires the User’s consent. This consent can be withdrawn at any time. Permission is not required only for cookies the use of which is necessary for the provision of telecommunications services (data transmission to display content). Withdrawal of consent for the use of cookies is possible through browser settings. For detailed information, visit:

Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95647
Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
Safari: https://support.apple.com/kb/PH5042?locale=en-GB

The User can verify the status of own current privacy settings for the browser used at any time with the tools available at the links below:

LIST OF COOKIES USED ON THE WEBSITE

Category	Name	Life time	Description
Essential (strictly necessary)	wpEmojiSettingsSupports	Session	Ensures correct display of page elements.
	PHPSESSID	Session	Maintains the User’s session status.
	CookieConsent	1 year	Stores the status of the Uconsent to cookies.
Preference cookies	pll_language	1 year	Specifies the User’s preferred language.
Marketing cookies	iU5q-!O9@$	Session	Assigns a unique identifier to track YouTube videos watched.
	LAST_RESULT_ENTRY_KEY		Tracks the User’s interaction with content on the Service.
	#-#		Tracks the User’s interaction with content on the Service.
	YSC		Unclassified.
	yt-remote-cast-available		Stores the video player’s preferences.
	yt-remote-cast-installed
	yt-remote-fast-check-period
	yt-remote-session-app
	yt-remote-session-name
	remote_sid		Necessary for the implementation and functionality of YouTube content on the website
	TESTCOOKIESENABLED	1 day	Tracks the User’s interaction with content on the Service.
	__Secure-ROLLOUT_TOKEN	180 days	Connected with Google and YouTube services. Used to test new features or authentication mechanisms on Google and YouTube sites.
	VISITOR_INFO1_LIVE	180 days	Set by YouTube. Tracks a user’s preferences for YouTube videos seated on sites; can also determine whether a site visitor is using a new or old version of the YouTube interface.
	NID	6 months	It contains an identifier that Google uses to remember your preferences and other information.
	LogsDatabaseV2:V#\|\|LogsRequestsStore	Permanent	Tracks the User’s interaction with content on the Service.
	ytidb::LAST_RESULT_ENTRY_KEY
	YtIdbMeta#databases
	yt-remote-connected-devices		Stores the video player’s preferences.
	yt-remote-device-id		Stores the video player’s preferences.

PERIOD OF PERSONAL DATA PROCESSING

The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data is processed for the time of providing the service or fulfilling the order, until the withdrawal of the consent given, or until an effective objection is made to the processing of data in cases where the legal basis for data processing is the legitimate interest of the Controller. The period of data processing may be extended if the processing is necessary for the establishment and assertion of possible claims or defense against claims, and thereafter only in the case and to the extent required by law. At the end of the processing period, the data is irreversibly deleted or anonymized.

USER RIGHTS

The User has the right to access the data, request its rectification, erase it, restrict its processing and transfer the data, and the right to object to data processing, as well as the right to file a complaint with the supervising authority in charge of personal data protection. To the extent the User’s data is processed on the basis of consent, it is possible to withdraw that consent at any time by contacting the Data Protection Officer as indicated in Section. 13. Contact Data. The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the legitimate interest of the Controller, as well as – for reasons related to the User’s particular situation – in other cases where the legal basis for data processing is the Controller’s legitimate interest (e.g. in connection with the implementation of analytical and statistical objectives). For more information about rights under the General Data Protection Regulation, see the GDPR Policy.

DATA RECIPIENTS

In connection with the implementation of services, Personal Data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems, entities providing consulting services including legal services, marketing agencies (within the scope of marketing services and actions promoting the activities of PEJ). The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties that request such information, relying on the relevant legal basis and in accordance with the provisions of the applicable law.

TRANSFER OF DATA OUTSIDE THE EEA

The level of protection of Personal Data outside the European Economic Area (EEA) differs from the level provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary, and with an adequate degree of protection, primarily by:

cooperation with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of ensuring an adequate level of Personal Data protection;
use of standard contractual clauses issued by the European Commission;
application of binding corporate rules approved by the relevant supervising authority;

The Controller always informs about the intention to transfer personal data outside the EEA at the stage of data collection.

SECURITY OF PERSONAL DATA

The Controller conducts a risk analysis on an ongoing basis to ensure that the Personal Data is processed in a secure manner – ensuring, first and foremost, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on Personal Data are recorded and performed only by authorized employees and associates. The Controller takes all necessary measures to ensure that subcontractors and other cooperating entities provide guarantees to apply appropriate security measures whenever they process Personal Data on behalf of the Controller.

CONTACT DATA

Contact with the Controller is possible through the e-mail address sekretariat@pej.pl or PEJ’s mailing address: Polskie Elektrownie Jądrowe Sp. z o. o. with its registered office at the following address: Al. Jerozolimskie 132/136, 02-305 Warsaw (marked “IOD”) or by other means, to the contact details indicated in the Contact tab. The Controller has appointed Natalia Domagała as the Data Protection Officer who can be contacted via e-mail at iod@pej.pl on any matter concerning Personal Data processing.

CHANGES TO PRIVACY POLICY

The policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy has been adopted and is effective as of […]