In connection with its statutory activities and the operation of the website: www.next100.pl (the Service), the Collegium Nobilium Opoliense Foundation (the Foundation) collects and processes personal data in accordance with the applicable provisions, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and the data processing principles provided for therein.

1. The controller of personal data is the Collegium Nobilium Opoliense Foundation, which processes personal data in accordance with generally applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as the Act of 10 May 2018 on the Protection of Personal Data.

2. In all matters related to the processing of personal data, please contact us electronically at: kancelaria@collegium.opole.pl or by traditional post at: Collegium Nobilium Opoliense Foundation; ul. Powstańców Śląskich 22; 45-069 Opole (with the note: GDPR).

3. The Foundation processes the personal data of website visitors to the extent necessary to carry out the Foundation’s statutory activities, of persons submitting membership applications to the Foundation, persons registering as event participants, contractors, and candidates applying to participate in educational programs conducted by the Foundation.

4. Through the Service and other forms of communication, the Controller collects and processes the following personal data of Users provided during registration processes in the Service: first name and surname, residential address, e-mail address, telephone number, PESEL number, etc. In the recruitment process for educational programs, the scope of processed data also includes: date of birth, information on education and previous educational or professional achievements, as well as other information voluntarily provided by the candidate in application documents (e.g., in a cover letter or application form).

5. The Foundation maintains public profiles on the social networking platforms X, Facebook and Instagram, as well as YouTube. In this connection, it processes data left by persons visiting those profiles (including comments, likes and online identifiers). The personal data of such persons is processed: – to enable them to be active on the profiles, – to manage the profiles effectively by presenting portal users with information about the Foundation’s initiatives and other activities and in connection with the promotion of various events organized by the Foundation, – for statistical and analytical purposes, and – potentially for the purpose of pursuing claims and defending against claims.

The above information does not apply to the processing of personal data by the controllers of the services (Facebook).

5a. The Foundation processes the personal data of candidates applying to participate in educational programs for the following purposes and on the following legal bases:

a) Conducting the recruitment process — data necessary to assess the application and make a decision on qualifying the candidate for the programme is processed on the basis of Article 6(1)(b) GDPR, i.e. as necessary to take steps at the request of the data subject prior to entering into a program participation agreement. According to the interpretation of the Personal Data Protection Office, candidate data provided to enable a decision on qualification for the program (e.g., contact details, education, experience) may be processed on the basis of Article 6(1)(b) GDPR as necessary for pre-contractual steps.

b) Processing of voluntary data — data provided by the candidate on their own initiative, going beyond the scope necessary to conduct the recruitment process (e.g. additional biographical information, portfolio materials, image), is processed on the basis of Article 6(1)(a) GDPR, i.e. on the basis of the consent of the data subject. All data provided voluntarily by the candidate, beyond the scope required to conduct the process, may be processed only on condition that the candidate’s consent is obtained, i.e. on the basis of Article 6(1)(a) GDPR. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal.

c) Safeguarding against potential claims — after the end of the recruitment process, the Foundation may process candidate data for a limited period on the basis of Article 6(1)(f) GDPR, i.e. within the legitimate interest of the Controller. As indicated by the Supreme Administrative Court in its judgment of 20 February 2024, case file no. III OSK 2700/22, “the processing of personal data obtained in the recruitment process for the purpose of safeguarding the legitimate legal interests of the controller and the Applicant in the event of possible court proceedings […] may be based on Article 6(1)(f) GDPR”.

d) Future recruitment processes — if the candidate gives separate, voluntary and informed consent, their data may be stored and used in recruitment processes for subsequent editions of the Foundation’s educational programs for the period specified in the consent. Consent is necessary in the case of data processing for future recruitment purposes — the candidate may consent to the processing of their data for a specified period.

Providing data as part of the recruitment process for educational programs is voluntary; however, failure to provide the data necessary to assess the application prevents participation in the recruitment process. Data of candidates not qualified for the program is deleted or anonymized immediately after the end of the recruitment process, unless its further storage is justified by the Foundation’s legitimate interest or by the candidate’s separate consent.

6. Personal data is processed for the purpose of performing contracts with contractors and implementing the Foundation’s statutory initiatives, as well as, after separate consent has been given, conducting recruitment processes — including recruitment for educational programs — and distributing newsletters on the basis of Article 6(1)(a), (b) and (f) GDPR.

7. The Foundation may transfer personal data to entities whose assistance it uses to pursue the above purposes, including entities maintaining ICT infrastructure.

8. Providing personal data is voluntary; however, in certain cases, failure to provide it may make it impossible to conclude an agreement with the Foundation, perform the provisions of an existing agreement, or maintain contact.

9. Persons whose data is processed have the right: – to information, – to access data, – to rectify and supplement data, – to erase data, – to restrict processing, – to object to processing based on legitimate interest, – to data portability, and – to lodge a complaint with the President of the Personal Data Protection Office, with its registered office at ul. Stawki 2; 00-193 Warsaw.

10. Unless required for the performance of an agreement in connection with which the Foundation obtained personal data, the Foundation does not transfer personal data to countries outside the European Economic Area.

11. The Foundation stores personal data for a period justified by the performance of a legal mandate or resulting from legal provisions. Personal data of candidates for educational programs is stored for the period necessary to conduct the recruitment process and, after its completion, only to the extent and for the time resulting from the Foundation’s legitimate interest or from consent granted.

12. The Foundation does not carry out automated decision-making, including profiling, based on the personal data provided.

13. In the event of a change to the applicable Privacy Policy, appropriate changes will be introduced to this text.

14. Date of last modification: 20 April 2026.