1. Definitions 
    1. Administrator (also the " Foundation ") - Gazeta Wyborcza Foundation with its seat in Warsaw (00-732), ul. Czerska 8/10, entered into the register of associations, other social and professional organizations, foundations, and independent public health care facilities of the National Court Register kept by the District Court in Warsaw, 14th Commercial Division of the National Court Register, under the number KRS 0000760539, NIP PL 5213848739, REGON 381945231.
    2. Personal data - information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected via cookies and other similar technology.
    3. Policy - this Privacy Policy.
    4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46 / EC.
    5. Website - a website run by the Administrator at
    6. User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
  2. Data processing in connection with the use of the Website 
    1. In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered and information about the User's activity on the Website. The detailed rules and purposes of processing Personal Data collected during the use of the Website by the User are described below.
  3. Purposes and legal grounds for data processing on the Website


    1. Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:
      1. to provide services by electronic means in the scope of making the content collected on the Website available to Users - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
      2. for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users' activity, as well as their preferences to improve the functionalities used and the services provided;
      3. to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights;
    2. The User's activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and manage this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) GDPR).

  1. Cookies and similar technology
    1. Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website - e.g. by remembering the User's visits to the Website and the activities performed by the User.


    1. The administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies by storing information or accessing information already stored in the User's telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include:
      1. cookies with data entered by the User (session ID) for the duration of the session ( user input cookies );
      2. authentication cookies used for services that require authentication for the duration of the session ( authentication cookies );
      3. cookies used to ensure security, e.g. used to detect fraud in the field of authentication ( user-centric security cookies );
      4. (e.g. flash player cookies), for the duration of the session ( multimedia player session cookies );
      5. persistent cookies are used to personalize the User's interface for the duration of the session or a little longer ( user interface customization cookies ).
  1. Managing cookie settings
    1. The use of cookies to collect data through them, including access to data stored on the User's device, requires the User's consent. This consent may be withdrawn at any time.
    2. The permission is not required only in the case of cookies, the use of which is necessary to provide a telecommunications service (data transmission to display the content).
    3. Withdrawal of consent to the use of cookies is possible through the browser settings. Detailed information on this can be found at the following links:
      1. Internet Explorer:
      2. Mozilla Firefox:
      3. Google Chrome:
      4. Opera:
      5. Safari:
    4. The user may at any time verify the status of his current privacy settings for the browser used using the tools available at the following links:
  2. The period of personal data processing
    1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
    2. The data processing period may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  3. User permissions
    1. The User has the right to access the data and request rectification, deletion, processing restrictions, the right to transfer data, the right to object to data processing, and the right to complain to the supervisory body dealing with the protection of personal data.
    2. To the extent that the User's data is processed based on consent, this consent may be withdrawn at any time by contacting the Administrator.
    3. The User has the right to object to the processing of data for marketing purposes if the processing takes place in connection with the legitimate interest of the Administrator, and - for reasons related to the specific situation of the User - in other cases where the legal basis for data processing is the legitimate interest of the Administrator ( e.g. in connection with the implementation of analytical and statistical purposes).
  4. Data recipients
    1. The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and by the provisions of applicable law.
  5. Transferring data outside the EEA
    1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
      1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
      2. use of standard contractual clauses issued by the European Commission;
      3. application of binding corporate rules approved by the competent supervisory authority.
    2. The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of collecting them.
  6. Security of Personal Data
    1.     10.1.The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is safely processed by him - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. . The Administrator makes sure that all operations on Personal Data are recorded and performed only by authorized employees and associates.
    2.     10.2.The Administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Administrator.
  7. Contact details
    1. Contact with the Administrator is possible via the e-mail address [email protected] or the correspondence address Fundacja Gazeta Wyborcza ul. Czerska 8/10, 00-032 Warsaw.
    2. In matters relating to the processing of Personal Data, you can contact the Administrator at.
  8. Changes to the Privacy Policy
    1.     12.1.The policy is verified on an ongoing basis and updated if necessary.
    2.     12.2.The current version of the Policy has been adopted and has been in force since April 1, 2022.