1. This Privacy Policy informs about the manner of protection of personal data of persons registering (“Users”) in, hereinafter referred to as the “Service” and persons participating in the Contests organized via the Service (“Participants”), according to the Regulation of the European Parliament and of the Council (UE) 2016/679 dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and revoking Directive 95/46/CE (General Data Protection Regulation); (hereinafter referred to as “GDPR”).
  1. The Controller of personal data of Users and Participants is ESENSEI sp. z o.o. with registered office in Warsaw, address: ul. Mazowiecka 11/49, 00-052 Warsaw entered into the register of entrepreneurs of the National Court Register no. KRS 0000682694 (hereinafter referred to as the “Controller”).
  2. The content of the Service pages shall constitute the ownership of the Controller and is subject to legal protection.
  3. The Controller represents that the Service pages are free of any content infringing the rights of third parties or applicable provisions of law, and in particular it does not include any information causing or constituting threat to privacy or security of any persons, any information promoting illegal acts or behaviour, any information that is inappropriate, offensive, vulgar, or which infringes in any other way good morals, any information which is threatening, obscene, defamatory or libellous, inducing racism, persecution for ethnic, cultural or religious reasons, promoting or encouraging criminal activities, infringing third party rights, including intellectual property or constituting any form of infringement of legally protected rights.


Personal data of Service Users shall be processed:

- pursuant to Article 6.1.a) of GDPR, the processing shall be subject to consent, in order to provide access to the Service and send newsletters, namely information about future events (contests) of the Controller (provided the consent has been given).

Personal data of Contest Participants shall be processed:

- pursuant to Article 6.1.a) of GDPR, the processing shall subject to consent, in order to perform the contest process;

- pursuant to Article 6.1.f) of GDPR – legitimate interest of the Controller, in order to determine, investigate or protect against any claims, as the case may be;

- pursuant to Article 6.1.c) of GDPR for compliance with a legal obligation to which the Controller is subject.


Storage period of personal data:

Period for which the Controller will be storing the personal data of Users and/or Participants depends upon the purpose of processing:

  1. based on the User or Participant’s consent for the processing of personal data – until the moment of completion of the purpose of the consent or its cancellation, whichever is first;
  2. as regards determining and pursuing own claims of the Controller or protection against claims submitted – until the expiration of the period of limitation of potential claims;
  3. as regards fulfilment of legal obligations of the Controller – for the period stipulated under the provisions of law in terms of storage of documentation and fulfilment of obligations towards the Participant resulting from the same.

Following said periods, personal data provided by the User or Participant shall be deleted or subject to anonymization.


Receivers of data

  1. Personal data of Users and/or Participants shall be transferred to authorised institutions specified under the provisions of law and to processors providing services in favour of the Controller who shall receive such data, including, among others, sponsors of the Contest.
  2. As the Controller shall use such tools as Google Analytics, data may be transferred to third countries on the basis of Decision of European Commission dated 12 July 2016.
  3. Direct access to personal data collected by the Controller shall be made available exclusively to authorised employees and/or partners of the Controller.

Safeguards and personal data protection

The Controller represents that he shall process personal data of Users and Participants according to GDPR and that he shall apply technical and organizational measures ensuring protection of data subject to processing, considering the hazards and category of data being protected, and in particular he shall protect the data of Users and Participants against unauthorised access, loss or damage.

Automated decision making

You understand that within the processing of data, referred to above, there will be no automated decision making process and the Users and Participants’ data will not be subject to profiling in the meaning of GDPR, subject however to point Receivers of data.


  1. Cookies shall be used in order to ensure appropriate functioning of the Service; they are saved while using the Service on the User’s computer. Cookies shall be used exclusively for internal purposes with the view of optimising the service for performance and statistical analysis. The Controller shall not collect cookies in order to identify the User.
  2. Enabling and disabling of Cookies shall depend on the browser configuration and may be individually modified by the User or Participant.
  3. The User or Participant may, based on the applicable laws, decide whether to allow cookies on his computer, based on his choice in his browser.


  1. Data Controller shall not be liable for any actions or omissions of Users or Participants, as a result of which the Controller shall process their personal data in the manner specified in this Privacy Policy.
  2. Data Controller reserves the right to amend, cancel or modify the functionalities or properties of the Service web pages, and to cease its activities, assign rights to the Service and perform any and all legal actions permitted under applicable laws. Any and all actions performed by the Controller must not infringe the rights of the User or the Participant.


In matters concerning personal data you may contact the Controller by e-mail at:, or by mail to the address of the Controller specified herein above.

Rights of personal data subjects

The User and Participant may access the content of their data, receive their copies, as well as rectify, erase, restrict processing, transfer the data, object and withdraw the consent [where the Controller processes data on the basis of the consent] at any time without any impact upon the compliance with any rights to processing based on the consent before its withdrawal.

The User and Participant may file a complaint to the President of the Office of Personal Data Protection in respect of infringement of the right of protection of personal data or other rights under GDPR.

Provision of personal data is voluntary

Provision of personal data is voluntary, however it is necessary in order to register in the Service and participate in the Contests organized by the Controller via the Service.


  1. Data Controller reserves the right to modify this Privacy Policy, whenever required by the provisions of law or changes in the Service. Data Controller shall notify the Users and Participants about any appropriate changes and the date of their entry, in particular by way of a communication on the Service page.
  2. The date of entry of this Privacy Policy – its last version - shall be: 8.04.2019