EN
EN
PRIVACY POLICY
I. Definitions

  1. The Museum or Data Controller – Museum of Modern Art in Warsaw, address: 3 Pańska St., 00-124 Warsaw, entered in the register of cultural institutions of the Capital City of Warsaw under No. RIK/1/2023, REGON: 140187435, NIP: 525-234-18-32;
  2. Website – a website operated by the Museum via the Internet, accessible at: https://artmuseum.pl/; 
  3. BIP (Public Information Bulletin) – a separate website operated by the Museum via the Internet for the purpose of making public information available, accessible at: https://bip.artmuseum.pl/; 
  4. Store – a website operated by the Museum via the Internet, accessible at: https://sklep.artmuseum.pl/; 
  5. Personal data – personal data as defined by the General Data Protection Regulation (GDPR), i.e., any information relating to an identified or identifiable natural person; 
  6. User – any individual visiting the website https://artmuseum.pl/
  7. Policy or Privacy Policy – this Privacy Policy available on the website https://artmuseum.pl/polityka-prywatnosci
  8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L No. 119, p. 1).

 II. Purpose of the Privacy Policy 

  1. This Privacy Policy outlines the key information regarding the Museum’s processing of Personal Data, including the categories of individuals whose Personal Data is collected by the Museum, the purposes and legal bases for processing Personal Data, the retention period for Personal Data, and the rights of data subjects. 
  2. The Museum strives to ensure that all activities involving personal data comply with the law and are based on respect for the privacy and autonomy of the individuals whose data is being processed. 
  3. This Policy applies solely to the Website operated by the Museum and does not apply to online services offered by third parties.

III. Protection of Personal Data – General Provisions and Contact Information

  1. Any user of the https://artmuseum.pl/ website who views content in the publicly accessible area of the website may share information about themselves, including both personally identifiable information (including Personal Data) and anonymous data. 
  2. For matters related to the protection of personal data, please contact the Museum:
  3. in writing to the following address: Museum of Modern Art in Warsaw, 3 Pańska Street, 00-124 Warsaw,
  4. by email to: iod@artmuseum.pl.
  5. The museum announces that it has appointed Iga Gospodarczyk as its Data Protection Officer and Bartosz Świątek as Deputy Data Protection Officer. The Data Protection Officer and the Deputy Data Protection Officer can be contacted by email at: iod@artmuseum.pl

IV. Collection of Information by the Data Controller. The Museum’s Data Processing Policies

  1. The Museum will collect information about Users, including their Personal Data, for specific, clearly defined, and legitimate purposes, and will not process such information in a manner inconsistent with those purposes. 
  2. The museum undertakes to collect only data that is adequate, relevant, and not excessive in relation to the purposes for which it is collected. 
  3. Through the Website, the Museum may collect:
  4. automatically generated information,  
  5. data, including Personal Data, about Website Users.
  6. The following rules apply to the automatic collection of information: 
  7. For data security reasons and to optimize the Website’s user-friendliness, the Museum may collect certain information, including information about the web browser and operating system used, the domain name of the website visited prior to accessing the Website, the number of visits, the time spent on the Website, and the specific subpages visited;
  8. Information collected automatically is not linked to data from other sources; the Museum takes all necessary measures to ensure that such automatically collected information does not identify individuals, i.e., that it does not constitute personal data; The Museum reserves the right, however, to retrospectively verify automatically collected information and to take all necessary measures within the limits of the law to determine the source of the information in justified cases—in particular, in the event of signs of illegal use of information or other unlawful activities.
  9. In the case of Personal Data regarding Website Users, which is generally provided directly by the Users, the following Data may be processed:
  10. Data of individuals who contact the Museum using the contact information available on the Website (found both in the “Contact” tab and on individual subpages where contact details are provided):
Any User may contact the Museum (or a Museum employee or associate directly) via email, phone, text message, or mail. 
In this case, personal data is processed pursuant to Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes arising from the legitimate interests pursued by the Museum, as the Data Controller, or by a third party, which may include handling correspondence, the need to address an individual matter reported by the User, including responding to the inquiry submitted. 
The Personal Data processed in this context may include, in particular: first name, last name, contact information provided by the User (address, email address, phone number), and any other information contained in the message. 
  1. Personal data provided for recruitment purposes or to participate in volunteer work:
Users may submit their application materials to the Museum to apply for open positions or may express their interest in volunteering. Application materials and documents may be sent to the Museum’s designated contact information or—if available—through dedicated recruitment platforms. 
In this case, personal data is processed pursuant to Article 6(1)(b) of the GDPR, which means that the processing is necessary for taking steps at the request of the data subject prior to entering into a contract—namely, to conduct a recruitment process or to verify a volunteer’s application, including for the purpose of entering into a volunteer agreement (if one is concluded). 
The Personal Data processed in this context may include, in particular, the Data contained in the submitted resume and/or cover letter and/or other application documents, including, in particular: first name(s) and last name, date of birth, contact information, and—if required for the position—education, qualifications, and employment history. 
  1. Newsletter subscriber information:
The Museum provides a newsletter service to interested Users—which means that it periodically sends thematic information on a topic selected by the subscriber to the email address provided. 
The legal basis for the processing of Personal Data in this case is Article 6(1)(a) of the GDPR (in conjunction with Article 398 of the Electronic Communications Act), which means that the User has consented to the processing of their Personal Data by providing an email address that identifies them. 
For more information about the newsletter service, please refer to the Mailing List Terms and Conditions.
  1. Information about the survey respondents:
The Museum may periodically post surveys on the Website to solicit feedback (e.g., regarding the Museum’s activities). As a general rule, surveys are anonymous, and the Museum requests that you do not provide any Personal Information in them. In certain cases, the Museum may specify what information should be provided in a particular survey.  
In the case of surveys, personal data is processed pursuant to Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes of the legitimate interests pursued by the Museum, as the data controller, or by a third party, including the need to analyze the collected surveys. 
  1. Data on participants in events, workshops, and other activities, as well as data on individuals who have registered to participate in events, workshops, and other activities:
The Museum may organize or co-organize events, workshops, or other activities (hereinafter collectively referred to as “Events”), whether public (unregistered) or private, i.e., those for which registration is required or a ticket must be purchased. 
In such cases, the legal basis for the processing of Personal Data is:
  1. Article 6(1)(b) of the GDPR, which means that processing is necessary for the performance of a contract to which the data subject is a party—with respect to Personal Data processed for the purpose of purchasing an admission ticket to the Event (if applicable), 
  2. Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes of the legitimate interests pursued by the Museum as the Data Controller or by a third party, including the organization and conduct of a given Event and enabling participants to attend a given Event (even if no admission ticket is required). 
In this case, the legal basis for the processing of Personal Data may also be Article 6(1)(c) of the GDPR, which means that the processing of data is necessary for the Museum, as the data controller, to comply with a legal obligation related to the fulfillment of tax obligations (in particular, where settlements related to participation in the Event are required). 
The Museum also notes that some Events may be designed for individuals with special needs, at a specific stage of development, or in a particular physical or mental condition. In such cases, the Museum may process Sensitive Personal Data, in particular Health Data (only to the extent necessary to confirm the right to participate in a given Event), including information regarding disability (in connection with the need to ensure accessibility). The legal basis for the processing of the aforementioned Personal Data in this case is Article 9(2)(g) of the GDPR—which means that the processing is necessary for reasons of substantial public interest, based on Union or Member State law, which are proportionate to the purpose pursued, do not undermine the essence of the right to data protection, and provide for appropriate and specific safeguards for the fundamental rights and interests of the data subject; in this case, the vital public interest is the Museum’s organization, as a cultural institution, of events, including but not limited to cultural events, as well as within the framework of cultural and developmental education. 
In addition, some Events may be recorded (in the form of photographs, video, or audio-video footage). In such cases, the Museum may request consent to use, including the dissemination of, the image of an Event participant (e.g., on the Website or on the Museum’s social media accounts). The legal basis for the processing of Personal Data in this case is Article 6(1)(a) of the GDPR (in conjunction with Article 81 of the Act on Copyright and Related Rights), which means that consent has been given for the processing of Personal Data. 
  1. The data of individuals who use the Museum’s social media fan pages, which can be accessed via the integrated widgets posted on the Website, namely:
  2. the “Facebook” platform (provided to users in the European Union, the EEA, Switzerland, and the United Kingdom by Meta Platforms Ireland Limited); the plugin on the Website is marked with the word “Facebook”; the Museum’s fan page is available at: https://www.facebook.com,  
  3. the “Instagram” platform (provided to users in the European Union, the EEA, Switzerland, and the United Kingdom by Meta Platforms Ireland Limited); the plugin on the Website is marked with the word “Instagram”; the Museum’s fan page is available at: https://www.instagram.com
  4. the “X” platform (provided to users in the European Union, EFTA countries, or the United Kingdom by Twitter International Unlimited Company); the plugin on the Website is marked with the word “X”; the Museum’s fan page is available at: https://x.com/;
  5. the “LinkedIn” platform (provided to users in the European Union, the EEA, and Switzerland by LinkedIn Ireland Unlimited Company); the plugin on the Website is marked with the word “LinkedIn”; the Museum’s fan page is available at: https://www.linkedin.com/
  6. the “TikTok” platform (provided to users in EEA countries or Switzerland by TikTok Technology Limited); the plugin on the Website is marked with the word “TikTok”; the Museum’s fan page is available at: https://www.tiktok.com
  7. the “YouTube” platform (provided to users in the European Economic Area and Switzerland by Google Ireland Limited); the plugin on the Website is marked with the word “YouTube”; the Museum’s fan page is available at: https://www.youtube.com
(hereinafter collectively or individually referred to as “Social Media” or “SM”).
The entities operating specific social media platforms are the controllers of their users’ personal data and process it in accordance with their own terms of service or policies (more information on this subject can be found in Section VI of this Policy). However, if you interact with the Museum via a specific social media platform (including by following or liking a fan page, interacting with other social media users, posting, reacting to posts, commenting, sharing posts, or reading messages directed to the Museum in private messages or chats), the Museum also becomes the controller of personal data, in addition to the provider of the relevant social media platform. 
In such cases, personal data is processed pursuant to Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes arising from the legitimate interests pursued by the Museum, as the Data Controller, or by a third party, which may include the promotion of the Museum, culture, and educational activities—including cultural and developmental education—as well as the promotion of events, workshops, and other forms of activity organized or co-organized by the Museum, enabling Users to use fan pages, including viewing posts, sharing posts, writing comments, adding reactions, sending private messages to the Museum or using the chat feature and responding to submitted inquiries, maintaining relationships with individuals who interact with the Museum, as well as analyzing the effectiveness of communication. 
The Personal Data processed in this context may include, in particular: first name, last name, or username, and profile photo. In addition, the Museum may have access to information posted by the User on social media in their public profile, as well as to information posted in comments, messages, or other forms of communication. 
  1. In addition to the grounds for processing Personal Data set forth in section 5 above, the Museum may also process such Data on the following grounds: 
  2. Article 6(1)(f) of the GDPR – which means that processing is necessary for the purposes of the legitimate interests pursued by the Museum as the Data Controller or by a third party, which may include, among other things, establishing, pursuing, and defending against claims, and handling complaints regarding the services offered by the Museum in connection with the use of the Website. 
  3. The provision of personal data is generally voluntary, but necessary to achieve the purpose for which it was provided. Failure to provide such data may result in:
  4. For the data specified in section 5, subsection 1) – the Museum is unable to contact the User or identify the specific matter reported by the User using the contact information provided,
  5. For the data specified in section 5, subsection 2) – ineligibility to participate in the recruitment process or to volunteer,
  6. For the data specified in section 5, subsection 3) – you will not be able to receive the newsletter, 
  7. For the data specified in section 5, subsection 4) – it is not possible to complete the survey (only in the case of surveys that are not entirely anonymous), 
  8. for the Data specified in section 5, subsection 5) – inability to register for the Event or purchase a ticket (in the case of Events that require registration or ticketing), 
  9. For the Data specified in Section 5, Subsection 6) – the User is unable to access the Museum’s fan pages, obtain information available on those fan pages, or contact the Museum via private messages or chat.
In the case of Personal Data provided on an optional basis (with consent), with the exception of the data specified in subparagraph 3) above, there are no consequences associated with not providing such data.
  1. The recipients of personal data may include, in particular, entities that process personal data on behalf of the Museum, such as IT and email hosting service providers, telecommunications service providers, accounting service providers, and consulting service providers, including legal, tax, and other consultants, the Museum’s contractors, if necessary to perform a contract for the provision of electronic services or other services provided to Users. Furthermore, in the case of:
  2. the data specified in point 5, subpoint 2) – this data may also be shared with entities acting as intermediaries in the recruitment process or supporting the recruitment process, including recruitment firms and other training companies,
  3. the data specified in section 5, subsection 5) – such data may also be made available to entities through which the Museum sells tickets for a given Event (in the case of ticketed Events) (including entities managing the website and providing the ticketing system, entities providing payment gateways), courier and postal companies, banks, entities providing property security services, the Museum’s contractors to whom it has commissioned the performance of all or part of the services in connection with the organization of a given Event (including, for example, entities engaged in recording Events in the form of photographs or video or audio-video, and entities engaged in the processing of photographs or video recordings), external entities organizing or co-organizing a given Event, as well as its partners; in connection with the possibility of making Data public in the form of an image (provided consent is given), the recipients of such data may include visitors to websites on which the data is made public, including the Website and Social Media managed by the Museum, 
  4. the data specified in point 5, subpoint 6) – this data may also be shared with the operators of social media platforms on which the Museum maintains its fan pages (Facebook, Instagram, X, LinkedIn, TikTok, YouTube). 
  5. The retention period for personal data depends on the purpose for which the data is processed: 
  6. For the data specified in section 5, subsection 1) – The data is processed for the duration of the communication or the handling of the individual matter;
  7. For the data specified in section 5, subsection 2) – The data is processed for the duration of the recruitment process and for 6 months following its completion; however, with regard to future recruitment processes (provided consent has been given) – for a further 3 years following the completion of the relevant recruitment process;
  8. For the Data specified in Section 5, Subsection 3) – The Data is processed for the duration of the Museum’s newsletter distribution, but no longer than until the subscriber withdraws their consent;
  9. For the data specified in section 5, subsection 4) – The data is processed for the duration of the survey verification process; surveys may also be processed for a longer period for archival purposes in the public interest;
  10. for the Data specified in Section 5, Subsection 5) – The Data is processed for the duration of the Event and for a period of 3 months following its conclusion; in the case of processing Data in the form of an image (provided consent has been granted), the processing period for such Data generally covers 5 years, and in any case no longer than until consent to the processing of Personal Data is withdrawn; in addition, materials containing a recording of an image may also be processed for a longer period for archival purposes in the public interest, provided that such processing does not involve the dissemination of the image;
  11. For the Data specified in Section 5, Subsection 6) – The Data is processed for as long as the relevant fan page is maintained or the User’s account on the specified social media platform exists, or until the Personal Data is deleted by the User or by the entity administering the social media platform.
Personal data may also be processed at a later date, i.e., for the period required by applicable law, including for archiving purposes (in connection with the retention of documents for tax purposes) or until the statute of limitations on claims expires—whichever period is longer.
  1. No automated decisions will be made regarding the personal data provided, including decisions based on profiling. In the case of personal data processed for the purposes of the recruitment process, candidates may be asked to complete exercises or competency, personality, or recruitment tests (profiling); however, the results of these tests will not form the basis for a hiring decision.

V. Rights of Data Subjects 

  1. Users have the following rights regarding the processing of their Personal Data: 
  2. the right to access Personal Data,
  3. the right to correct Personal Data,
  4. the right to erasure of Personal Data (the right to be forgotten),
  5. the right to restrict the processing of Personal Data. 
  6. In the case of Personal Data processed for purposes necessary to pursue the legitimate interests of the Museum as the Data Controller or by a third party (Article 6(1)(f) of the GDPR), users have the right to object to the processing of their personal data if such processing relates to their particular situation.  
  7. In the case of Personal Data processed for the purpose of entering into a contract or prior to entering into a contract (Article 6(1)(b) of the GDPR), as well as on the basis of consent (Article 6(1)(a) of the GDPR), Users have the right to data portability if the processing is carried out by automated means.
  8. In the case of Personal Data processed on the basis of consent, Users also have the right to withdraw their consent at any time, without affecting the lawfulness of the processing carried out prior to such withdrawal. 
  9. Users also have the right to file a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office. 

VI. Information about service providers when using the Museum’s social media

  1. When Users use social media, the controllers of the personal data processed through these platforms—in particular in connection with the creation and maintenance of accounts on these platforms—are the respective providers, namely:
  2. In the case of Facebook (for users in the European Union, the EEA, Switzerland, and the United Kingdom): Meta Platforms Ireland Limited, mailing address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; more information on the processing of Personal Data by the Facebook provider can be found in the privacy policy at: https://www.facebook.com
  3. In the case of Instagram (for users in the European Union, the EEA, Switzerland, and the United Kingdom): Meta Platforms Ireland Limited, mailing address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; For more information on the processing of Personal Data by the Instagram platform provider, please refer to the privacy policy at: https://privacycenter.instagram.com,  
  4. for Portal X (for Users from the European Union, EFTA countries, or the United Kingdom): Twitter International Unlimited Company, mailing address: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland; more information regarding the processing of Personal Data by the provider of Portal X can be found in the privacy policy at: https://x.com/pl/privacy,
  5. In the case of LinkedIn (for users in the European Union, the EEA, and Switzerland): LinkedIn Ireland Unlimited Company, mailing address: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland; more information on the processing of Personal Data by the LinkedIn provider can be found in the “Privacy Policy” available at: https://pl.linkedin.com?,
  6. In the case of the TikTok platform (for Users from EEA countries or Switzerland): TikTok Technology Limited, mailing address: The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland; more information on the processing of Personal Data by the TikTok platform provider can be found in the “Privacy Policy” available at: https://www.tiktok.com
  7. For YouTube (for Users located in the European Economic Area and Switzerland): Google Ireland Limited, address: Gordon House, Barrow Street, Dublin 4, Ireland; more information on the processing of Personal Data by the YouTube provider can be found in the “Privacy Policy” available at: https://policies.google.com

VII. Cookies 

  1. The website https://artmuseum.pl/ uses cookies. Cookies are small text files sent by a website to your browser and stored by your browser’s software. When the browser reconnects to the Website, the site recognizes the type of device the User is connecting from. The parameters allow the information contained in them to be read only by the server that created them. Browser security settings allow cookies to be read only from the domain on which they were created, or from subdomains. Cookies therefore make it easier to use websites you have visited before.
  2. Cookies identify the user, allowing the content of the website they are visiting to be tailored to their needs. By remembering the user’s preferences, they enable the creation of personalized websites, the generation of website usage statistics, the analysis of user preferences, and the targeting of relevant advertisements.
  3. The following cookies are used when you visit the website https://artmuseum.pl/:
  4. so-called essential cookies, which are critical to the basic functionality of the website and enable the use of the services available on the website:
  5. __cf_bm – stored for 1 hour, used by Cloudflare to support the Cloudflare Bot Management service,
  6. _cfuvid – stored for the duration of the session; used by Calendly to optimize the user experience by maintaining session consistency and providing personalized services, 
  7. PHPSESSID-IKSORIS – stored for the duration of the session, 
  8. artmuseumpl_cookieaccept – stored for a period of 1 year, 
  9. artmuseum_pl_lang – stored for a period of 1 month, 
  10. cookieyes-consent – stored for a period of 1 year; used by CookieYes to remember users’ consent preferences so that their preferences are respected during subsequent visits to this website, 
  11. JSESSIONID – stored for the duration of the session; used by the New Relic service to track session counters for the application, 
  12. PHPSESSID – stored for the duration of the session; used by the PHP application to manage user sessions on the website, 
  13. qtrans_front_language – stored for 1 year, used by the WordPress qTranslate plugin to manage the visitor’s preferred language, 
  14. optional cookies:
  15. functional – helping to perform certain functions, such as sharing website content on social media platforms, collecting feedback, and other third-party features:
  16. ytidb::LAST_RESULT_ENTRY_KEY – a persistent cookie used by YouTube to store the last search result entry clicked by the user; this information is used to improve the user experience by providing more relevant search results in the future, 
  17. language – stored for 1 year, used to remember the user's language preferences, 
  18. analytical – used to understand how users interact with the website, helping to provide information on metrics such as visitor count, bounce rate, traffic source, etc.:
  19. _ga – stored for 1 year, 1 month, and 4 days; used by Google Analytics to collect data on visitors, sessions, and campaigns, and to track how users interact with the website for the purpose of generating analytical reports, 
  20. _ga_* - stored for 1 year, 1 month, and 4 days; used by Google Analytics to store and count page views, 
  21. _gid – stored for 1 day; used by Google Analytics to store information about how visitors use the website and to generate an analytical report on the website’s performance; some of the data collected includes the number of visitors, their origin, and the pages they visit anonymously, 
  22. _gat_main – stored for 1 minute, used by Google Analytics to limit the number of requests, 
  23. _gcl_au – stored for 3 months, used by Google Tag Manager to measure the advertising effectiveness of websites that use their services, 
  24. _fbp – stored for 3 months; used by Facebook to display ads when you use Facebook or another digital platform powered by Facebook ads after visiting the website, 
  25. _hjSessionUser_* - stored for a period of 1 year; used by Hotjar to ensure that data from subsequent visits to the same page is assigned to the same user ID, which is stored in the Hotjar user ID, unique to that page, 
  26. _hjSession_* - stored for the duration of the session; used by Hotjar to ensure that data from subsequent visits to the same page is assigned to the same user ID, which is stored in the Hotjar user ID, unique to that page, 
  27. _hjTLDTest - session-id, used by Hotjar to store various alternative URL substrings until an error occurs, 
  28. vuid – stored for 1 year, 1 month, and 4 days; used by Vimeo to collect tracking information by assigning a unique identifier for embedding videos on the website, 
  29. _gat_gtag_UA_* - stored for 1 minute, used by Google Analytics to store a unique user ID, 
  30. Performance metrics – used to understand and analyze key website performance indicators, which helps ensure a better user experience for visitors:
  31. _gat – stored for 1 minute; used by Google Universal Analytics to limit the number of requests, thereby reducing data collection on high-traffic pages, 
  32. SERVERID – stored for the duration of the session, used to assign a visitor to a specific server, 
  33. advertising cookies – used to deliver personalized ads to users based on the websites they have previously visited, and to analyze the effectiveness of advertising campaigns:
  34. yt.innertube::nextId – a persistent cookie used by YouTube to store a unique identifier so it can keep track of which YouTube videos a user has watched, 
  35. yt.innertube::requests – a persistent cookie used by YouTube to store a unique identifier so it can keep track of which YouTube videos a user has watched, 
  36. test_cookie – stored for 15 minutes, used by doubleclick.net to determine whether the user's browser supports cookies, 
  37. IDE – stored for 1 year and 24 days; used by Google DoubleClick to display ads to the user based on their profile, 
  38. iutk – stored for a period of 6 months; used by Issuu to identify the user’s device and determine which Issuu documents have been viewed. 
  39. Instructions for managing cookies are also available at http://www.allaboutcookies.org
  40. When a user visits the site for the first time, a notification about the use of cookies is displayed, along with the option to manage privacy settings. 
  41. You can change your cookie settings at any time, with the exception of cookies that are necessary for the website to function properly, which are installed automatically and cannot be disabled. All other cookies can be disabled permanently or for the duration of your current session. 
  42. Information on how to delete stored cookies, as well as how to change your web browser settings regarding the storage of cookies, is available at the following links: 
  43. Chrome: https://support.google.com 
  44. Firefox: https://support.mozilla.org/ 
  45. Internet Explorer: https://support.microsoft.com 
  46. Opera: https://help.opera.com 
  47. Safari: https://support.apple.com.
  48. Cookies may also be collected and used when you use social media. In such cases, the provider of the respective platform has access to the cookies. For more information on the collection and use of cookies in connection with the use of these platforms, please refer to the cookie policy available on the respective platform. 
  49. When tracking user information using Google Analytics, which records user behavior on the website:
  50. The owner of the "Google Analytics" tool is Google Analytics, a division of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
  51. As a general rule, user behavior data collected by cookies is transmitted to a Google server in the United States and stored there; if IP anonymization is enabled for online services, Google will truncate the IP address within the member states of the European Union and the European Economic Area; Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and truncated there; 
  52. On behalf of the online service provider, Google uses this information to evaluate the use of the online services, to compile reports on such activities, and to provide other services to the website operator in connection with the use of the online services and online activities;
  53. The IP address transmitted by the User’s browser as part of Google Analytics will not be associated with any other data held by Google; You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, this may limit your ability to use the Website or certain features thereof; furthermore, you can prevent the data generated by cookies and their use by Google by downloading and installing the browser plugin available at: (https://tools.google.com); 
  54. For detailed information on the terms of use and privacy policy, please visit:www.google.com/analytics/.

VIII. Final Provisions 

  1. This Privacy Policy applies exclusively to the website https://artmuseum.pl/. The Museum notes that the website contains links to other websites administered by the Museum:
  2. the Museum Shop website (https://sklep.artmuseum.pl/), 
  3. the Museum’s Public Information Bulletin website (https://bip.artmuseum.pl/
- Note that the rules governing data processing and privacy are set forth separately for the websites listed.
  1. The Museum reserves the right to amend this Policy. Any amendments to the Policy will take effect on the date specified by the Museum, no sooner than 7 days after they are posted on the website https://artmuseum.pl/
  2. By using the https://artmuseum.pl/ website, you agree to the terms of this Policy.