Privacy Policy

Entry

Using the service may require disclosing personal data, in particular when using contact forms, creating a user account, or placing an order for access to specific content.

Therefore, we would like you to have the fullest possible knowledge about how and why we process your personal data and what rights you have in connection with this. All activities of the company concerning personal data are adapted to the highest standards resulting from both legal regulations (in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter referred to as the 'GDPR') and good market practices.

1. Who is the administrator?

The administrator of the user's personal data is De Gruyter Brill Sp. z o. o., with its registered office in Warsaw (ul. Nowogrodzka 4/3, 00-513 Warsaw, Poland), entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number 0000055478, NIP: 9521878738, REGON: 017359274, share capital of PLN 1,905,000.00.

Please also bear in mind that in certain cases, the personal data controller within the meaning of the GDPR will be the client, and the provider will act as the processor. This will occur in cases where the client enters into an agreement with the provider and makes the service available to other users, and then the processing of data by the provider takes place within the framework of the relevant personal data processing agreement.

2. What personal data do we process?

1. In connection with the use of the website and in the event of contact with the company, we only process such personal data that you yourself disclose or that will be disclosed to us by another administrator of your data (e.g., a client who has concluded an agreement with us) and partially data collected in cookies. In particular, these may be data such as:

   1. name and surname;
   2. email address;
   3. contact telephone number;
   4. job position; and
   5. image.

   Detailed information about cookies, which in some cases will constitute personal data, should be sought in the part of the website or functionality enabling the expression of consent or modification of cookie storage settings. This is because we want to enable you to make an informed decision regarding the use of this type of file. By default, these files are not used to store data that enables the identification of a person, and their primary purpose is to adjust the functionality of the website and monitor traffic on the website.

2. Please do not send any special category data (within the meaning of Article 9(1) of the GDPR), i.e., data such as information on health, political opinions, religious beliefs, trade union membership, biometric data, or genetic data, unless otherwise agreed individually with you by an authorized employee or associate of the company.

3. For what purposes do we process your data?

To the extent related to the use of the website or in connection with an attempt to contact the company, we process personal data for the purposes of:

1. ensuring the proper functioning of the website;
2. providing information and responding to inquiries addressed to the company by you (e.g., regarding the company's services);
3. performing services provided within the functionality of the service (e.g., granting access to the ordered content);
4. carrying out the actions you request in the field of personal data protection or complaints regarding the company's services;
5. realizing legally justified interests or performance of obligations arising from generally applicable provisions of law; and
6. carrying out marketing activities toward you, such as sending a newsletter, provided you have consented to this.

4. What is the legal basis for data processing by the company?

The legal basis for data processed in connection with the use of the website or in connection with an attempt to contact the company is, respectively:

1. Article 6(1)(b) of the GDPR, when processing is necessary for the performance of a contract concluded with you (provision of a selected service; general contract for access to the website or a specific contract regarding the ordering of specific content) or to take action at your request before its conclusion, e.g., entering data into customer service systems, accepting an order, and preparing sales documents.
2. Article 6(1)(c) of the GDPR, when processing is necessary to fulfill a legal obligation to which the company is subject, e.g., to fulfill a request resulting from the content of a submitted complaint.
3. Article 6(1)(f) of the GDPR, when processing is necessary to pursue legitimate interests.
4. Article 6(1)(a) of the GDPR, when the processing of your data takes place on the basis of your consent (this may be applied, for example, if you express a package of consents enabling the performance of so-called marketing activities or newsletter-type services for you).

5. Is providing data mandatory?

Disclosure of personal data to the company is never mandatory, and you have full freedom in this regard. However, please note that disclosure of personal data may be necessary in order to perform activities such as:

1. providing you with services provided through the website, e.g., setting up an account or granting access to specific content, materials, and publications;
2. returning contact with information about the company's services or products in the event of an inquiry;
3. providing other types of answers or information (both by telephone and email);
4. consideration of complaints; or
5. sending marketing materials or newsletters, if you consent to this.

6. How long will we process personal data?

We will process the personal data you disclose only for the period necessary and legally justified, i.e., we will stop processing the data when:

1. the processing of data disclosed by you via the website will no longer be necessary for the proper performance of contracts or provision of services;
2. the possibility of establishing, pursuing, or defending claims related to the contract concluded with you will cease. In this case, the basis for determining the processing periods are the legal limitation periods for claims resulting from the Polish Civil Code and amount to, unless a special provision provides otherwise, six years, and for claims for periodic benefits and claims related to running a business, three years;
3. we will no longer be subject to any legal obligation requiring us to process and collect personal data (e.g., tax or accounting obligations);
4. an objection to the processing of personal data is accepted, if the basis for the processing of data was our legitimate interest; or
5. you withdraw your consent to data processing, provided that the data is processed on the basis of that consent.

7. What rights do you have in connection with data processing by the company?

1. In connection with the processing of personal data by the company, you have the right to:

   1. request access to your data, including receiving a copy thereof;
   2. request the rectification of data;
   3. request the deletion of data (this right is also known as the 'right to be forgotten');
   4. lodge a complaint with the personal data protection supervisory authority. This authority is the Chairman of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw);
   5. request to limit data processing;
   6. object to the processing when the legal basis for data processing is the legitimate interest of the company (Article 6(1)(f) of the GDPR);
   7. transfer personal data, to the extent that the processing is automated and is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the GDPR; or
   8. withdraw consent, provided that the data is processed on its basis. However, please remember that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2. In order to exercise the above rights, please contact us at the email address, telephone number, or correspondence address indicated in section 1 above.
3. We would like to inform you that, in the event of a request to perform one of the above-mentioned actions, as the administrator, we will make every effort to promptly and positively recognize the submitted request. In accordance with the applicable regulations, we have the right to fulfill the request or refuse to fulfill it immediately, but no later than within one month of its receipt. However, if due to the complex nature of the request or the number of requests, we are unable to fulfill the request within a month, we will fulfill it within the next two months, informing you in advance within one month of receiving the request about the intended extension of the deadline and the reasons for it.

8. Will personal data be disclosed to other recipients?

1. All personal data may be disclosed to other entities providing services or other activities to the company (directly or indirectly), but only when it is necessary to achieve the purposes referred to in section 3 above.
2. In particular, the recipients may be employees, contractors, or associates of the company related to the company by other legal relations or external service providers of such services as legal, accounting, financial, IT, programming, hosting, and server space services, provided that the processing of personal data by the aforementioned entities is necessary to achieve the purposes indicated above.
3. Your personal data may also be made available to entities authorized to obtain it under applicable law, e.g., law enforcement authorities.

9. Is the disclosed data used for profiling?

The personal data you provide will not be used for profiling or any other automated decision-making.

10. Is personal data transferred outside the European Economic Area?

Data may be transferred outside the European Economic Area, but always in compliance with the GDPR requirements, including through the use of solutions such as transferring data to countries covered by a positive decision of the European Commission or using so-called standard contractual clauses.

11. How do we protect your data?

Taking into account the state of technical knowledge, the cost of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons with varying likelihood and severity, the company, as the personal data controller, implements appropriate technical and organizational measures to ensure a level of security appropriate to this risk, including, among others, ensuring where appropriate:

1. pseudonymization and encryption of personal data;
2. the ability to continually ensure the confidentiality, integrity, availability, and resilience of processing systems and services;
3. the ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident; and
4. regularly testing, measuring, and evaluating the effectiveness of technical and organizational measures designed to ensure the security of processing.

12. Questions?

In the case of any ambiguities or doubts regarding this document or the principles of personal data processing by the company, please email us at contact@pps.pub.

13. Final provisions

1. The information contained in this policy is subject to change, and the document itself will be updated periodically; the date of the last update is provided below.
2. In matters not regulated by this policy, the relevant provisions of Polish law shall apply.
3. Last update: September 10, 2025.