info@pol-az.com +48 575 892 314 Warsaw, Poland
HomePrivacy Policy
Legal

Privacy Policy

How Izba Gospodarcza Polska-Azerbejdżan (IGPA) collects, processes, stores, and protects your personal data — in compliance with GDPR (Regulation EU 2016/679) and Polish data protection law.

Effective from10 October 2025
Last updatedMay 2026
Data controllerIGPA · Warsaw, Poland
Governing lawPolish law & EU GDPR

1. Data Controller

The controller of your personal data is Izba Gospodarcza Polska-Azerbejdżan (IGPA), headquartered in Warsaw, Poland. IGPA is a registered economic chamber operating under Polish law (Ustawa o izbach gospodarczych z dnia 30 maja 1989 r.).

For any questions related to the processing of your personal data, you may contact us at info@pol-az.com or by post at our registered Warsaw office.

2. Data We Collect

Depending on your interaction with IGPA, we may collect the following categories of personal data:

  • Contact data: name, surname, email address, phone number, postal address
  • Professional data: company name, job title, business sector, NIP/tax identification, country of operation
  • Communication data: content of correspondence, messages submitted through forms on our website
  • Membership data: application materials, references, compliance documents, payment records
  • Event data: registration information, attendance records, dietary preferences (for catered events)
  • Technical data: IP address, browser type, device information, cookies, usage patterns on our website

3. Purposes of Processing

We process your personal data for the following purposes:

  • To process membership applications and manage member relationships
  • To organize and administer events, trade missions, and working groups
  • To respond to inquiries and communications
  • To send newsletters, announcements, and chamber updates (with your consent)
  • To fulfill our legal and statutory obligations as a registered chamber
  • To analyze and improve our website and services
  • To facilitate bilateral commercial connections among members

We process your personal data on the following legal bases under Article 6 GDPR:

  • Consent (Art. 6(1)(a)): for newsletters, marketing communications, and optional services
  • Contract (Art. 6(1)(b)): for membership administration and service delivery
  • Legal obligation (Art. 6(1)(c)): for tax, accounting, and statutory chamber compliance
  • Legitimate interest (Art. 6(1)(f)): for security, fraud prevention, and chamber operations

5. Sharing of Personal Data

We do not sell your personal data. We may share data with:

  • Other IGPA members — only with your explicit consent, for facilitating B2B introductions
  • Service providers — IT, accounting, legal, communications providers under data processing agreements
  • Public authorities — when required by Polish or EU law (tax authorities, statistical office, courts)
  • Event partners — with your consent, for event coordination purposes

6. Data Retention

We retain personal data only for as long as necessary:

  • Membership data: for the duration of membership + 6 years after termination (Polish accounting law)
  • Newsletter subscribers: until withdrawal of consent
  • Contact form submissions: up to 3 years
  • Event records: up to 5 years after the event
  • Accounting records: 6 years (Polish tax law)

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — obtain confirmation and a copy of the data we process about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your data
  • Right to restriction of processing — limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — withdraw consent at any time, without affecting prior lawful processing
  • Right to lodge a complaint — file a complaint with the Polish data protection authority (UODO — Urząd Ochrony Danych Osobowych)

To exercise any of these rights, contact us at info@pol-az.com. We will respond within one month.

8. Cookies and Tracking

Our website uses cookies and similar technologies to function and improve user experience. For full details, see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Access controls and authentication for staff and systems
  • Regular security reviews and updates
  • Confidentiality agreements with service providers
  • Backup and disaster recovery procedures

10. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) — for example, to chamber members or partners in Azerbaijan — we ensure appropriate safeguards under GDPR Chapter V, including standard contractual clauses approved by the European Commission, and only with your awareness and where necessary for our chamber's bilateral mission.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to members and announced on our website. The "Last updated" date at the top of this policy indicates when changes were last made.

12. Contact

For any privacy-related questions, requests, or complaints, please contact:

Izba Gospodarcza Polska-Azerbejdżan
Warsaw, Poland
Email: info@pol-az.com
Phone: +48 575 892 314

You also have the right to lodge a complaint with the Polish Data Protection Authority:
Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warszawa
www.uodo.gov.pl