Privacy Policy

§ 1. DATA CONTROLLER

1.1. The controller of your personal data is Comerito Patryk Lewczuk, with registered address at ul. Falista 22 lok. 14, 81-331 Gdynia, Poland, conducting sole proprietorship registered in the Central Register and Information on Economic Activity (CEIDG), NIP (Tax ID): 7272765097, REGON: 541171949 (hereinafter: “Controller”).

1.2. For matters related to personal data protection, you may contact the Controller at: patryk@openmercato.com.

§ 2. PURPOSES AND LEGAL BASES OF PROCESSING

2.1. The Controller processes personal data for the following purposes and on the following legal bases:

a) Contract performance (Art. 6(1)(b) GDPR)

Processing is necessary for the performance of the Event participation agreement, including: handling the Ticket purchase process, Participant registration, Event-related communication, providing technical access (WiFi, infrastructure).

b) Legal obligation (Art. 6(1)(c) GDPR)

Processing is necessary to fulfill the Controller’s legal obligations, in particular tax and accounting obligations (issuing invoices, maintaining accounting records).

c) Legitimate interest of the Controller (Art. 6(1)(f) GDPR)

Processing is necessary for purposes arising from the Controller’s legitimate interests, such as: Event organization and documentation (photos, recordings), pursuit or defense of claims, statistical analysis and service improvement, ensuring Event security.

d) Consent (Art. 6(1)(a) GDPR)

Where voluntary consent is given, data may be processed for marketing purposes, including sending commercial information electronically. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

§ 3. SCOPE OF PROCESSED DATA

3.1. The Controller processes the following categories of personal data:

Identification and contact data: first name, last name, email address, phone number (optional).
Company data (for business purchases): company name, tax ID (NIP), registered address.
Order data: order number, ticket type, purchase date, payment amount, payment method.
Technical data: IP address, browser type, operating system, cookie data (details in § 7).
Participation data: team name, selected track, GitHub account (optional).
Image data: photographs and video recordings from the Event (documentation and promotion).

3.2. Providing data marked as required is necessary for contract performance. Providing other data is voluntary.

§ 4. DATA RECIPIENTS

4.1. Personal data may be disclosed to the following categories of recipients:

payment operators (to the extent necessary for payment processing),
hosting and IT service providers,
event management tool providers (registration platform, mailing system),
the accounting office serving the Controller,
state authorities under applicable law (e.g., tax offices).

4.2. The Controller does not sell personal data to third parties.

4.3. Where the Controller uses service providers based outside the European Economic Area (e.g., Stripe, Google), the Controller ensures an adequate level of data protection based on Standard Contractual Clauses approved by the European Commission or an adequacy decision.

§ 5. DATA RETENTION PERIOD

5.1. Personal data is retained for:

the period necessary for contract performance (until the Event concludes and mutual obligations are settled),
the period required by tax and accounting regulations (5 years from the end of the tax year in which the transaction occurred),
until the limitation period for potential claims expires (3 years for consumer claims, 6 years for business claims),
until consent is withdrawn (for consent-based processing),
until a successful objection is raised (for legitimate interest-based processing).

5.2. After the retention periods expire, data is deleted or anonymized.

§ 6. DATA SUBJECT RIGHTS

6.1. Every person whose data is processed has the right to:

access their personal data (Art. 15 GDPR),
rectification of inaccurate or incomplete data (Art. 16 GDPR),
erasure of data (“right to be forgotten”, Art. 17 GDPR),
restriction of processing (Art. 18 GDPR),
data portability (Art. 20 GDPR),
object to processing based on legitimate interest (Art. 21 GDPR),
withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3) GDPR).

6.2. To exercise the above rights, please contact the Controller at: patryk@openmercato.com.

6.3. If you believe that data processing violates GDPR provisions, you have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl).

§ 7. COOKIES

7.1. The Website uses cookies — small text files stored on the User’s device.

7.2. Types of cookies used:

Essential (technical) — required for the proper functioning of the Website. No consent required.
Analytical — used to analyze Website traffic and optimize performance (e.g., Google Analytics). Consent required.
Marketing — used to personalize ads and measure campaign effectiveness. Consent required.

7.3. Upon first visit to the Website, the User is informed about cookies via a banner and may grant or refuse consent for essential and analytical/marketing cookies.

7.4. The User may change cookie settings at any time in their browser settings or through the consent management mechanism available on the Website.

7.5. Disabling cookies may limit the Website’s functionality.

§ 8. DATA SECURITY

8.1. The Controller implements appropriate technical and organizational measures to ensure the security of processed personal data, including:

data transmission encryption (SSL/TLS),
access control to IT systems,
regular data backups,
staff training in personal data protection.

§ 9. CHANGES TO THE PRIVACY POLICY

9.1. The Controller reserves the right to make changes to the Privacy Policy. The Controller will inform about any significant changes via the Website or by email.

9.2. The current version of the Privacy Policy is always available on the Website.

9.3. This Privacy Policy is effective as of: March 9, 2026.