Privacy Notice

VS’24 Privacy Notice

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU.L.2016.119.1), hereinafter referred to as the "GDPR", in relation to the acquisition of your personal data in connection with your participation in the Verifiable Summit 2024 hosted by vLayer Ltd. and zkWarsaw community on September 4, 2024 (the “Event”) in the premises of the Main Building of Biblioteka Narodowa (National Library), at Aleje Niepodległości 213, 02-086 Warsaw, Poland the (the “Venue”), we inform you that:


  1. The controller of your personal data is vLayer Labs sp. z o.o. with its registered office in Warsaw at 29/2 Jana Czeczota Street, 02-607 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under the number 0001087119, whose records are kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, having NIP: 5214055107 and REGON 527509460, with the share capital of PLN 121,200.00 (the “Controller”).

  2. Contact e-mail address to the Controller: privacy@vlayer.xyz.

  3. The Controller has not appointed a Data Protection Officer.

  4. Your personal data collected in the ticketing process will be processed in accordance with the applicable legislation, including the GDPR and the Act of 10 May 2018 on the protection of personal data (i.e. Journal of Laws of 2019, item 1781) on the basis of one of the following grounds:
    1. on the basis of Article 6(1)(b) of the GDPR, in order to carry out the pre- contractual activities, as well as activities necessary for the conclusion and performance of a contract to which the data subject is a party (in the form of purchase of the ticket for the Event and enabling the participation in the Event);

    2. on the basis of Article 6(1)(c) of the GDPR, in order to comply with the controller's legal obligations, including archiving, accounting and bookkeeping obligations;

    3. on the basis of Article 6(1)(f) of the GDPR, within the framework of the controller's legitimate interests pursued by the Controller, consisting of (i) establishing, investigating or defending from possible claims against the data subject, (ii) regarding data subject’s image captured during the Event, in exercise of the authorization under Article 81(2)(2) of the Polish Copyright Act – for the purposes of promotional activity of the Controller, as well as (iii) for direct marketing purposes;

    4. where applicable, on the basis of Article 6(1)(a) of the GDPR (provided that the data subject has expressed voluntary consents for such processing), for the following purposes (as the case may be):
      1. for sending commercial information by the Controller, in particular regarding any upcoming events, to the e-mail address indicated in the ticketing process, including via automated calling systems;
      2. in order to comply with data subject’s willingness to share the access to its personal data with the Event’s sponsors;
      3. as may be applicable in accordance with point 5 below.

  5. Due to the fact, that the Controller, for the purposes of provision of the Event planning and ticketing services, appointed a processor of personal data controlled by it, the Controller intents to transfer your personal data to a recipient outside the European Economic Area, i.e. Luma, Inc. and Luma Labs, Inc., address: 3340 Hillview Ave. Palo Alto, CA 94304, United States of America (“Luma”), the Controller requires data subject’s consent for the lawfulness of said transfer under Article 49(1)(a) of the GDPR. Regarding the possible risks for the data subject, that may be associated with said transfer, the Controller informs, that despite the lack of a decision stating the appropriate degree of protection and the lack of adequate safeguards, Luma claims to be GDPR compliant, as might be read on its website (https://help.lu.ma/p/helpart-AxqMaWNnKrpjuHv/gdpr-security), as well as adopted certain safeguards in respect of maintaining security of data subject’s personal data, as might be read in Luma’s Privacy Policy (https://lu.ma/privacy-policy) and Data Processing Addendum (https://lu.ma/dpa). Moreover, the Controller indicated, that such transfer is necessary for the performance of a contract between the data subject and the Controller, as well as for the implementation of pre-contractual measures taken at the request of the data subject (as provided under Article 49(1)(b) of the GDPR). In addition to the above, the data subject’s personal data will be shared with a payment processor acting as Luma’s subprocessor, being relevant Stripe entity based on the applicable jurisdiction (“Stripe”) in accordance with Luma’s Privacy Policy and information provided in the Stripe’s Privacy Center (https://stripe.com/en- pl/legal/privacy-center).

  6. Other than under point 5 above, the Controller does not plan to transfer your personal data to recipients outside the European Economic Area, i.e. to third countries and international organisations. If such additional transfer were to take place, the controller will ensure that it will take place subject to the controller having a legal basis, in a manner consistent with the provisions of Chapter V of the GDPR, i.e. on the basis of lawful data transfer mechanisms that ensure an adequate level of protection, in particular on the basis of an adequacy decision issued by the European Commission, Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

  7. The Controller informs the data subject, that the course of the Event may be documented by video recordings and photographs, resulting in capturing of a data subject’s image in the process. The Controller shall be free to distribute an image of a data subject that is only a detail of a whole such as a gathering, a landscape, a public event, as provided under Article 81(2)(2) of the Polish Copyright Act.

  8. The provision of personal data within the scope indicated in point 4 above (except for points 4.4.1 and 4.4.2) and consent under article 4.4.3 above is necessary in order to successfully purchase ticket for the Event and to participate in the Event itself, and failure to do so will result in the inability to purchase a ticket for the Event or participation therein. The provision of other data and consents is voluntary and always at the initiative of the data subject.

  9. If any of the consents referred to in points 4.4.1 and 4.4.2 Is given, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal. Withdrawal of consent will result in the controller not being able to process the personal data covered by the scope of the consent, for the purposes indicated therein.

  10. Your personal data will be processed for the duration of the purpose of the processing i.e., depending on the basis for the processing:
    1. in the cases referred to in points 4.1 and 4.2 and 4.4.3 – for the duration of the Controller;s legal, accounting or archiving obligations;
    2. in the cases referred to in point 4.3(i) – until the expiry of the statutory limitation periods for claims, but for no longer than 6 years;
    3. in the cases referred to in point 4.3(ii) – indefinitely, until the Controller deems such personal data fit for the intended purpose;
    4. in the cases referred to in point 4.3(iii), 4.4.1 and 4.4.2 – indefinitely, until the Controller deems such personal data fit for the intended purpose or the data subject objects for processing of personal data for marketing purposes.

  11. The recipients of your personal data will be, among others: entities providing the Controller with, inter alia, legal, financial, accounting, consulting or other advisory, IT, hosting, postal or courier, event planning and ticketing, as well as payment services, public authorities to the extent that they are required or authorized to receive or request the transfer of such data, as well as entities with whom the Controller concludes personal data processing entrustment agreements to the extent covering the Event organization and other entities authorised to process personal data on the basis of applicable laws, including the Controller.

  12. You have the right to:
    1. to be informed whether your personal data is being processed by the Controller and, if so, the right to access it and to receive a copy of it (Article 15 GDPR);
    2. the right to rectification of personal data where the data is inaccurate and to completion of incomplete personal data (Article 16 GDPR);
    3. the right to erasure of personal data, the so-called "right to be forgotten" (Article 17 GDPR);
    4. the right to restrict the processing of personal data (Article 18 GDPR);
    5. the right to receive the processed personal data in a structured, commonly used machine-readable format and to have it freely portable, including the right to request that the Controller sends it to another controller (Article 20 GDPR);

    6. the right to object to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR (Article 21 GDPR);
    7. the right to lodge a complaint with the President of the Office for Personal Data Protection.

  13. Your personal data will not be subject to automated decision-making, including profiling.

Verifiable
Summit

by

We're here if you
have questions.

hello@verifiablesummit.com