Privacy Policy

Privacy Policy Shipyard portal
(version: 30 August 2025)
This document explains the rules for the processing of personal data in websites belonging to the Shipyard Portal conducted under the domain [portalstoczowy.pl and subdomeny] and in services available through them. The document takes into account the requirements of the GDPR (Regulation 2016/679).

User rights
You deserve:
• access to data, copy of data (Article 15),
• correction (Article 16),
• removal ("right to be forgotten") (Article 17),
• limitation of processing (Article 18),
• data portability (Article 20),
• objection to processing based on Article 6(1)(f), including direct marketing and profiling (Article 21),
• withdrawal of consent at any time (Article 7(3)) – without prejudice to the legality of pre-revocation actions,
• Complaint to the President of UODO: ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.

Administrator and contact
• Data Administrator (ADO): [full name of the operator of the Shipyard Portal, legal form], [site address], NIP: [NIP], KRS/CEIDG: [No].
• Contact in matters of GDPR: [rodo@portalstoczniowy.pl] (recommended), by correspondence: [address of the premises].
• Data Protection Officer (if established): [name/e-mail IOD].

Scope
The policy shall include:
• Visiting and browsing services,
• establishing and having a user account (if available),
• registration and participation in events (if we organize/co-organise),
• newsletters and alerts,
• paid/payable services, rankings, pre-orders (if available),
• job notice/market (if available),
• implementation of B2B contracts with counterparties and partners,
• user rights and instructions for data deletion,
• cookies and similar technologies,
• transmission of data outside the EEA (if applicable).
Note: some sections only apply when the service is actually available on our website.

Visiting and browsing services
Data: IP address, http headers, online identifiers (cookies/SDK/local storage), device/viewer data, service activity (logs, events), approximate location at city/country level.
Objectives and legal basis (GDPR):
• ensuring the operation of the service, security, prevention of abuse (Article 6(1)(f) – legitimate interest of ADO),
• measurements, statistics, analytics (e.g. movement, content/advertisement efficiency) (Article 6(1)(f),
• personalisation of content and advertising, online direct marketing – only in terms of granted consents (Article 6(1)(a),
• handling complaints and redress (Article 6(1)(f).
Data recipients: hosting and IT providers, analytical and advertising tools, CMP providers (approval management), advertising partners and media houses, security and anti-fraud support entities, law firms – to the extent necessary for processing purposes.
Storage period: safety logs up to [e.g. 12 months]; cookies – according to the life date of the file or pending withdrawal of consent; statistical data – aggregated/anyonymized as long as we need for analysis.

User account (if available)
Data: first name, surname, email (login), password (hash), optional: company/institution name, position, phone, address, photo (avatar), preferences. Possible login by external providers (Facebook/Google/LinkedIn) – then we receive IDs and basic profile data according to the user's authorization.
Objectives and grounds:
• creation and maintenance of an account, authorisation, recovery (Article 6(1)(b),
• safety and prevention of abuse (Article 6(1)(f),
• information on functions, content and services (Article 6(1)(f),
• marketing and content matching – only on the basis of consent (Article 6(1)(a).
Period: during the period of holding the account; after its removal, for a period of limitation of claims [e.g. up to 6 years] and for the required accounting period if payments have taken place.

Registration and participation in events (if applicable)
Data: as with account + event data (type of ticket/package), image (if we inform about fixation), accommodation data (if we mediate), zone information (VIP/Press).
Objectives and grounds:
• registration, entry verification, participation and benefit handling (Article 6(1)(b),
• transmission/retransmission, identifiers, security (Article 6(1)(f),
• Marketing communication and sharing of data to partners/sponsors – only on the basis of prior consent (Article 6(1)(a).
Recipients: co-organizers, registration operators, facilities, protection, partners/sponsors (if agreed), payment/booking providers.

Newsletters and alerts
Data: e-mail; optional name, thematic preferences, consent identifiers.
Objectives and grounds:
• the dispatch of the requested information (Article 6(1)(b) and/or 6(1)(a),
• statistics (opening, clicking) and improving content quality (Article 6(1)(f).
Period: to be released/withdrawn; statistical metadata may be anonymized and stored longer.

Paid services, reports, pre-orders (if applicable)
Data: account details + invoice data (company, address, NIP), payment status (from payment operator).
Objectives and grounds: performance of the contract and settlement (Article 6(1)(b), tax and accounting obligations (Article 6(1)(c), handling of claims (Article 6(1)(f).
Period: the accounting documentation – 5 years (in accordance with the regulations), the claim – for their limitation.

Advertisements / labour market (if available)
Details of the advertiser: e-mail, name, phone, address, account details.
Data in the content of the notice: information provided by the user on his own initiative (including contact details).
Objectives and grounds: publication of notices and the possibility of contact (Article 6(1)(b), content moderation and anti-fraud (Article 6(1)(f), marketing – with agreement (Article 6(1)(a).

Data of counterparties and B2B partners
Data: first name, last name, email, phone, position, company, business address, correspondence.
Objectives and grounds: negotiation and enforcement of contracts (Article 6(1)(b/f), settlement (Article 6(1)(c), redress (Article 6(1)(f).

Cookies and similar technologies
• We use our own cookies and partners for the purposes of: technical, analytical, measuring effectiveness and personalization of content and advertisements after consent.
• Consents are managed by [our banner/center of preferences – CMP name] and browser settings.
• Detailed Cookie Policy (types of files, times of life, tool list) is available here: [link to cookie policy].
Example of recipient/tool (complement or delete):
• Analysts: [Google Analytics 4], [Matomo]
• Advertisement: [Google AdSense/Ad Manager], [programme partners: ...]
• Multimedia and social: [YouTube, X/Twitter, Facebook/Meta, LinkedIn, Instagram] (content planting can set their cookies as separate administrators).

Transmission outside the EEA (if applicable)
Using some suppliers (e.g. Google, Meta) may result in data transfer outside the EEA. In this case we use the legal mechanisms provided by the GDPR, in particular the Standard Contractual Clauses (SCC) and additional protection measures. Details from the Administrator.

Popular

Will Swedish A26 prove to be another Gawron? Stocznia Portal
Will Swedish A26 prove to be another Gawron?
Selection of the tenderer in the ORKA programme. Real state gravity test / Shipyard Portal
Selection of the tenderer in the ORKA programme. Real State gravity test — Part 2
Why did Sweden's proposal win on Orka's show? Stocznia Portal
Why did Sweden's proposal win on Orka's show?
Will Swedish A26 prove to be another Gawron? Stocznia Portal
Will the Swedish A26 prove another Gawron? – Part 2