Dear Sir/Madam, as of May 25, 2018, the GDPR (General Data Protection Regulation) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L 119, p. 1) has been in effect.

In connection with this, we have prepared the necessary information on how we process your personal data collected via our websites and services, as well as the rights that you have in this regard.

This policy is addressed to users of websites under the following domains, which are owned by Stowarzyszenie Centrum Rozwiazan Systemowych – CRS (Eng.​ Centre for Systems Solutions Association): games4sustainability.org, socialsimulations.org, crs.org.pl, systemssolutions.org, games4sustainability.com, hereinafter referred to as the “Service.”

What data are we talking about?

We are referring to the data gathered:

• directly from you (including your name and surname, email address, and IP address, which are collected when you contact us) or
• through cookies and similar technologies.

Data Administrator and contact information

The data collected via our Service is administered by the Stowarzyszenie Centrum Rozwiazan Systemowych – CRS (Eng. Centre for Systems Solutions Association), located at Jaracza 80b/10, 50-305 Wrocław – Poland, registered in the National Court Register under KRS number: 0000233060, NIP: 898 206 51 22, REGON: 02007278000000, phone: +48 71 718 85 36, email: office@crs.org.pl.
For more information related to the processing of your data by the Data Administrator, contact us using the contact information provided above.

The scope of data collected

The Service allows you to contact the Data Administrator and provide them with your personally identifiable information and contact information, as well as information related to the content of the message.

The Data Administrator collects data related to your activity, such as the time spent on the website, search queries, the number of subpages viewed, and the date and source of the visit.

Source of data

If you have contacted the Data Administrator, the data has been provided directly by you.

Purpose and legal basis for processing personal data

Your data may be processed for the following purposes:

1. analyzing network traffic, ensuring the security of the Service, and customizing content to meet user needs based on the Data Administrator’s legitimate interests (Article 6(1)(f) of the GDPR).
2. responding to inquiries, and conducting correspondence to resolve issues, based on the Data Administrator’s legitimate interests, which include fulfilling user requests (Article 6(1)(a) and (f) of the GDPR).
3. establishing, pursuing, or defending against potential claims – the legal basis for processing is the Data Administrator’s legitimate interest in protecting their rights (Article 6(1)(f) of the GDPR).

Obligation or voluntariness of providing data

Providing your data for purposes related to handling inquiries and conducting correspondence is voluntary but necessary. Failure to provide them may hinder or prevent the achievement of the above-mentioned purposes.

Providing data necessary for the statistical analysis of Service users is voluntary. You can use the so-called incognito mode to browse the site without disclosing information about your visit to the Data Administrator. Using incognito mode, and thus not providing data, does not affect your ability to use the Service.

Rights under the GDPR regarding processed data

You have the right to

1. request the Data Administrator to access and receive a copy of your data (Article 15 of the GDPR).
2. request the Data Administrator to correct or rectify your data (Article 16 of the GDPR) – when you notice that the data is incorrect or incomplete.
3. request the Data Administrator to delete data (Article 17 of the GDPR).
4. request the Data Administrator to restrict processing (Article 18 of the GDPR) – for example, when you notice that the data is incorrect, you can request the restriction of processing your data for a period that allows the Data Administrator to verify the accuracy of the data.
5. lodge a complaint with the President of the Personal Data Protection Office regarding the processing of your personal data by the Data Administrator.

Recipients of your data

The recipients of your personal data are the entities legally authorized to receive them. Additionally, your data may be disclosed to trusted entities cooperating with the Data Administrator with whom we have signed appropriate agreements, such as hosting providers and email server operators.

Data retention period

Your personal data will be stored until the inquiry is resolved or until the expiration of the statutory limitation period for claims.
Transfer of data to a third country or international organization

Your data may be transferred to the USA in connection with the Data Administrator’s use of tools offered by Google LLC, based in the USA. By decision of the European Commission, the USA provides an adequate level of protection for personal data in accordance with European standards.

Social plugins

In some of our Services, the Data Administrator uses social plugins for social media platforms such as Facebook, Twitter, LinkedIn, and YouTube. These plugins are used to share selected content on social media. Using these plugins may involve data being collected by these platforms.

By browsing those of our Services that use social plugins you allow related social media platforms to acquire data such as your IP address. Furthermore, using a social plugin (e.g., liking a post) will enable a given social media platform to associate this information with your user profile.

Detailed information on privacy policies can be found on the websites of the respective social media platforms.