Privacy Policy

Preliminary information

This Privacy Policy document describes what data we collect about you through the service operating at: and in the ACCRED MEDIA accreditation system, how we use and process this data, how we protect it and what decisions you can make with regard to this data. We encourage you to read this document.

We guarantee to our clients that we are fully compliant with the GDPR. We ensure that we have implemented appropriate technical and organisational measures to secure the data entrusted to us. We regularly test and measure the implemented data protection measures to secure personal data by performing security audits, testing the implemented safeguards and ongoing supervision of data processing by the Data Protection Officer. Our activities are guided by the guidelines of the Office for the Protection of Personal Data and the European Data Protection Board.

The website is available at is part of the ACCRED EVENTS accreditation system operated by Accred Sp. z o.o.. Depending on the agreement with the client, Accred Sp. z o.o. applies to the personal data processed in connection with the event in question:

  • as a controller of personal data of accredited persons or;
  • as a processor acting on behalf of the event organiser.

System administrator ACCRED EVENTS

The provider of the ACCRED EVENTS accreditation system is ACCRED Sp. z o.o., based in Lublin (20-027) at ul. Sądowa 2/11, TAX-ID: PL7123427751 .

Contact with Accred Sp. z o.o.

  • Via email:;
  • By mail: Accred Sp. z o.o, ul. Sądowa 2/11, 20-027 Lublin .

We have appointed a Data Protection Officer who can be contacted on matters relating to the processing of personal data by Accred Sp. z o.o., including the exercise of data subjects' rights concerning access to their data, rectification, restriction of processing or objection to their processing. Contact with the ACCRED EVENTS Data Protection Officer possible at the following email address: .

Purposes and grounds for processing personal data at ACCRED EVENTS

The purpose of the processing of personal data on the ACCRED EVENTS website available at is the organisation of accreditation and the production of badges for mass events.

Where Accred Sp. z o.o. acts as data controller of accredited persons, it will process the personal data of accredited persons for the following purposes:

  1. Processing of data of persons accredited for mass events provided by the organisers of the event, co-organisers of the event, or by the data subject in order to organise accreditation and produce badges. The basis for such processing is the legitimate interest of the controller to fulfil the contract for the supply of the accreditation system for the mass event. (GDPR Article 6(1)(F)).
  2. Processing to protect the interests of the Controller. Such processing is based on the legitimate interest of the Controller to establish, assert and defend claims ((GDPR Article 6(1)(F)).
  3. Data processing on the basis of consent when a person accredited for one of the events agrees to the processing of their data (name, image, email address, telephone number) in the ACCRED EVENTS accreditation system between mass events operated by the Administrator in order to facilitate the handling of subsequent events. The basis for such processing is the unambiguous person of the data subject (GDPR Art. 6(1)(A)).

Categories of data we collect through the accreditation system

  • Name and surname;
  • The organisation for which the person is accredited for the event;
  • Email address;
  • Image of an individual.
  • Wizerunek osoby fizycznej.

Origin of personal data

We obtain the data of accredited persons directly via a form on , which is completed in response to an invitation sent by the organiser or one of the co-organisers of the event.

Data of accredited persons may also be provided to us by the organiser or one of the co-organisers of the event.

Processing personal data as a processor

Where accredited persons' data are entrusted to ACCRED Sp. z o.o. by the organiser of an event, Accred Sp. z o.o. shall provide clients with sufficient guarantees to implement appropriate technical and organisational measures to ensure that the processing meets the requirements of this Regulation and protects the rights of data subjects.

Data processing period

As standard, data of those attending the events we cater for is stored for up to 90 days after the event.

We process personal data on the basis of consent given until such consent is withdrawn.

We will process personal data held in connection with the defence of claims until the expiry of the limitation period for any contractual claims.

In the case of the processing of event participants' data as a processor, the retention period for the data of accredited persons is determined in each case according to the instructions of their controller, and the data are then returned to their controller irretrievably deleted.

Recipients of personal data

Personal data may be communicated to trusted recipients to whom the Administrator entrusts the processing of such data, such as: providers of administrative services (e.g. accounting services, legal assistance); providers of technical services (to maintain and develop IT systems); providers of marketing services; debt collection companies.

Rights of data subjects:

Individuals whose data is processed by Accred Sp. z o.o. may exercise their right to:

  • Access to data - you can request information about the personal data we process about you, including a copy of the data.
  • Rectification of data - you have the right to request the rectification of your data if it is incorrect.

The above-mentioned rights can be exercised by registered users themselves in the User Panel after activation of their account.

  • Deletion of data (right to be forgotten) - you have the right to request that we delete your personal data if:
  • Personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • The data subject has withdrawn the consent on which the processing is based (pursuant to Article 6(1)(A) of the GDPR) and there is no other legal basis for the processing;
  • The person concerned objects to the processing and there are no other overriding legitimate legal grounds for the processing or the data subject objects to the processing;
  • Personal data are not processed lawfully
  • Personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • Personal data was collected for the purpose of offering information society services;
  • Object to processing - if we process your data on the basis of a legitimate interest of the controller, you have the right to object at any time to the processing;
  • Portability of personal data - if the processing is based on consent or contract and is carried out by automated means, you have the right to receive in a structured, commonly used, machine-readable format the personal data you have provided to the controller and you can request that it be sent to another controller (where technically possible). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Withdrawal of consent - if we process data on the basis of consent you have the right to withdraw your consent at any time (without stating a reason or invoking the law). The withdrawal of consent does not affect the lawfulness of the processing before the withdrawal. You can withdraw your consent by sending us a message at .
  • Lodge a complaint with a supervisory authority if you consider that we have violated your data protection rights.

Supervisory authority for personal data protection:
Office for Personal Data Protection
ul. Stawki 2
00-192 Warsaw

How do we take care of your personal data

Respecting your right to privacy and the protection of your personal data, we take special care to protect your interests and your rights and freedoms, in particular we ensure that:

  • The data we collect is collected for specific, specified, legitimate purposes and not subject to further processing incompatible with those purposes;
  • Processed in accordance with the law;
  • Our entrustment of personal data to processors is carried out on the basis of appropriate entrustment agreements for the processing of personal data;
  • We regularly test and measure the technical and organisational security measures implemented to protect personal data;
  • We have appointed a Data Protection Officer.

Notice on the necessity to provide data

The provision of personal data is voluntary, but failure to do so will result in your inability to make use of our services and consequently in your failure to obtain accreditation for the event.

Profiling and automated decision-making

The website administrator does not profile the personal data of website users and does not subject them to automated decision-making processes.

Publication of the last update of the Privacy Policy: January 2024.