Policy

• This Privacy Policy explains how Refactore sp. z o.o. (“we”, “us”, “our”) collects and processes your personal data.
  ‍
• Data Controller:
  ‍
  ‍Refactore sp. z o.o.
  ul. Zygmunta Vogla 28/02.70, 02-963 Warsaw, Poland
  KRS: 0001019694 | NIP: 9512561769 | REGON: 524470071
  ‍
• We act as a data controller within the meaning of the General Data Protection Regulation (GDPR) and applicable Polish data protection laws, supervised by the Urząd Ochrony Danych Osobowych (UODO).
  ‍
• Contact (data protection matters): info@exist.pl or info@refactore.co
  ‍

1. Scope

• This policy applies to:
  ‍
  users of our websites (including exist.pl and related domains)
  event attendees and ticket buyers
  business partners and contractors
  marketing recipients
  ‍
  This policy does not apply to employees.

2. WHAT DATA WE COLLECT

• Data you provide
  Name, surname
  Email address
  Phone number
  Billing / transaction
  details
  Any data submitted via forms, ticketing, or communication
  ‍
• Data collected automatically
  IP address
  Device and browser type
  Operating system
  Website behavior (clicks, scrolls, time spent)
  Referral source
  ‍
• Data from third parties
  We may receive data from:ticketing providers (e.g., Eventix, Weeztix)
  CRM systems (e.g., Innercrowd, Mailchimp)
  advertising platforms (e.g., Meta, Google)analytics providers
  ‍

3. LEGAL BASIS FOR PROCESSING (ARTICLE 6 GDPR)

• We process your data based on:
  ‍
  Contract performance (Art. 6(1)(b))
  ‍
  ticket purchases
  event participation
  customer support
  ‍
• Legitimate interest (Art. 6(1)(f))
  ‍
  website analytics and improvement
  fraud prevention and security
  communication with partners and clients
  internal administration
  
  We conduct balancing tests to ensure your rights are not overridden.
  ‍
• Consent (Art. 6(1)(a))
  
  email marketing
  SMS marketingcookies (non-essential)
  sharing data with partners for marketing
  
  You can withdraw consent at any time.

• Legal obligation (Art. 6(1)(c))
  
  accounting and tax compliance
  regulatory requirements

4. HOW WE USE YOUR DATA

• We use your data to:
  
  provide and manage events and services
  process ticket purchases
  communicate with you
  send marketing (if consent given)
  improve website performance
  ensure security and prevent fraud
  comply with legal obligations
  ‍

5. COOKIES & TRACKING

• We use cookies and similar technologies.
  
  Types of cookies:
  ‍Necessary – required for website operation
  ‍Analytics – to understand user behavior
  ‍Marketing – to deliver ads and retargeting
  ‍
• Tools we use:
  Google Analytics
  Meta (Facebook/Instagram)
  PixelCRM tracking tools (e.g., Innercrowd, Mailchimp)
  ‍
• Cookies are only activated after your consent where required. You can manage preferences via our cookie banner.

6. DATA SHARING

• We may share data with:
  
  Service providers (processors)
  ticketing providers (Eventix, Weeztix)
  hosting (Webflow or equivalent)
  CRM and email tools
  payment providers
  analytics and advertising platforms
  All processors act under data processing agreements.
  ‍
• Business Partners:
  
  In case of co-organized events, we may act as joint controllers.
  Responsibilities are allocated contractually depending on the project.
  We do not share identifiable personal data with sponsors for marketing without your explicit consent.
  ‍
• Authorities and legal requirements
  
  We may disclose data if required by law or to protect rights and safety.

7. International Transfers

• Your data may be transferred outside the EEA.
  ‍
  We ensure protection via:
  adequacy decisions of the European Commission
  Standard Contractual Clauses (SCCs)
  ‍

8. DATA RENTENTION

• We retain data only as long as necessary:
  
  Contracts & transactions → up to 6 years (legal requirement)
  Marketing data → until consent withdrawal
  Analytics data → up to 26 months
  Customer service → up to 3 years
  
  After this period, data is deleted or anonymized.
  ‍

9. YOUR RIGHTS

• You have the right to:
  
  Access your data
  Rectify incorrect data
  Delete your data (“right to be forgotten”)
  Restrict processing
  Object to processing
  Data portability
  Withdraw consent at any time
  ‍
  To exercise your rights: info@refactore.co
  
  ‍You may also lodge a complaint with:
  Urząd Ochrony Danych Osobowych
  ‍

9. YOUR RIGHTS

• You have the right to:
  
  Access your data
  Rectify incorrect data
  Delete your data (“right to be forgotten”)
  Restrict processing
  Object to processing
  Data portability
  Withdraw consent at any time
  ‍
  To exercise your rights: info@refactore.co
  
  ‍You may also lodge a complaint with:
  Urząd Ochrony Danych Osobowych

10. SECURITY

• We implement appropriate technical and organizational measures to protect your data, including secure servers and restricted access.
  
  However, no system is completely secure.

10. Third-Party Links

• Our website may contain links to external websites.
  
  We are not responsible for their privacy practices.
  ‍

11. Changes to this Policy

• We may update this policy from time to time. Updates will be posted on this page.
  
  For all privacy-related inquiries:
  Refactore sp. z o.o.
  info@refactore.cO‍

• We do not knowingly process data of minors without consent.
  ‍
• We do not engage in automated decision-making or profiling that produces legal effects.