Privacy Policy of s70.pl

Version: 1.0
Effective date: 2026-05-15

---

1. Controller of personal data

The Controller of your personal data is:

Centrum Chrześcijańskie w Legnicy, Zbór Kościoła Bożego w Chrystusie
(Christian Centre in Legnica, Church of God in Christ congregation)
ul. Najświętszej Marii Panny 2, 59-220 Legnica, Poland
Tax ID (NIP): 6912229942, Statistical number (REGON): 391036437
An organisational unit of the Church of God in Christ, entered in the Register of Churches and Other Religious Associations maintained by the Minister of Internal Affairs and Administration of the Republic of Poland under number 28.

Represented by: Reinhard Stadlbauer.

Hereinafter referred to as the “Controller”.

2. Data Protection Officer

The Controller has appointed a Data Protection Officer (DPO), whom you may contact in all matters concerning the processing of personal data and the exercise of rights related to data processing.

Data Protection Officer: Olivia Stadlbauer
E-mail: iod@s70.pl

3. Scope of this Policy

This Privacy Policy (hereinafter: “Policy”) describes the rules of processing personal data of:

1. persons visiting the website https://s70.pl (hereinafter: “Website”);
2. candidates submitting an application for participation in the School of the Seventy event (hereinafter: “School of the 70”);
3. participants of the School of the 70;
4. third parties whose data is transferred to the Controller as part of the application (inviting person, close person).

4. Purposes, legal bases and processing periods

4.1. Candidates and participants of the School of the 70

Purpose of processing	Legal basis	Retention period
Review of the application, qualification of the Candidate, contact regarding the application	Article 6(1)(b) GDPR (contract) — in the case of qualification; Article 6(1)(a) GDPR (consent) — otherwise	Until the end of the qualification process, and for Participants — for the duration of the Event
Processing of health data (food intolerances, addictions) and data concerning religious and worldview beliefs contained in the application form	Article 9(2)(a) GDPR (explicit consent)	Until the end of the qualification process, and for Participants — until the end of the Event and related settlements
Performance of the participation contract, organisation of the Event, contact with the Participant	Article 6(1)(b) GDPR	For the duration of the Event and settlements
Fulfilment of accounting and tax obligations (including retention of accounting documents)	Article 6(1)(c) GDPR (legal obligation — Polish Accounting Act, Tax Ordinance)	5 years from the end of the accounting year
Establishment, pursuit or defence of claims	Article 6(1)(f) GDPR (legitimate interest of the Controller)	Until expiry of the limitation period for claims (generally 6 years)
Use of the Participant’s image for documentation of the Event and on social media and the Inna Droga TV channel	Article 81 of the Polish Copyright Act — consent to dissemination of image; in scope of personal data: Article 6(1)(a) GDPR (consent)	Until withdrawal of consent; for already published materials — for the duration of the channel or publication, with the possibility of removal to the extent technically feasible
Information about future editions of the School of the 70 and other events of the Organiser (if consent has been given)	Article 6(1)(a) GDPR (consent)	Until withdrawal of consent

4.2. Third parties (inviting person, close person)

The Candidate submitting an Application provides data of third parties (full name, e-mail address, phone number, description of relationship) — the inviting person and the close person, who is a credible witness to the Candidate’s spiritual life.

Purpose of processing	Legal basis	Retention period
Contact with the close person to verify the information provided by the Candidate for the purposes of the qualification process	Article 6(1)(f) GDPR (legitimate interest of the Controller consisting in reliable qualification of Candidates for the formative event)	Until the end of the qualification process
Fulfilment of the information obligation (Article 14 GDPR)	Article 6(1)(c) GDPR	As above

Third parties whose data has been transferred by the Candidate have the right to information about the processing of their data and to exercise all rights arising from the GDPR (item 7). The Controller shall make every effort to fulfil the information obligation towards these persons — primarily during the first contact (by phone or e-mail) from the Qualification Committee.

By submitting an Application, the Candidate declares that they are entitled to transfer the data of these persons to the Controller and that they have informed them of this fact.

4.3. Persons visiting the Website

Purpose of processing	Legal basis	Retention period
Operation of the Website, including cookie management	Article 6(1)(f) GDPR (legitimate interest — proper functioning of the Website) and, in respect of non-essential cookies — user consent (Article 173 of the Polish Telecommunications Law and Article 6(1)(a) GDPR)	According to the lifetime of individual cookie files (section 8)
Handling of e-mail correspondence (info@s70.pl, iod@s70.pl)	Article 6(1)(f) GDPR (legitimate interest — handling of inquiries)	For the time necessary to provide a response and conclude the matter, no longer than 12 months from the last correspondence

5. Voluntary nature and consequences of not providing data

1. Providing personal data in the application form is voluntary, but necessary to review the Application. Failure to provide data prevents participation in the School of the 70.
2. Consent to processing of data concerning health and religious beliefs (special categories of data, Article 9 GDPR) is necessary for reviewing the Application due to the nature of the Event. Lack of consent prevents participation.
3. Consent to the use of image is voluntary, but necessary for participation in the Event due to the public nature of part of the sessions and the presence of operators documenting the Event. A Participant not consenting should contact the Organiser before payment of the deposit to determine the possibility of individual arrangements.

6. Recipients of data

Your data may be transferred to the following categories of recipients:

1. Google Ireland Limited — in connection with the Controller’s use of Google Forms and Google Workspace (e-mail, drive). Data is stored on servers belonging to the Google group. Data transfer to third countries (including the USA) takes place on the basis of standard contractual clauses adopted by the European Commission and the Data Privacy Framework, in which Google participates.

2. Christian Centre Elim — to the extent necessary for the provision of accommodation and catering services (full name, contact details, information about food intolerances).

3. Hostinger — Website hosting provider, providing services in infrastructure located in Austria (European Union / European Economic Area).

4. Google Ireland Limited (embedded services on the Website — section 8) — recipient of technical data in connection with the display of YouTube materials and Google Maps, after the user’s consent has been given via the cookie consent banner.

5. Entities providing legal, accounting or advisory services — to the extent necessary to provide their services to the Controller.

6. Authorised state authorities — exclusively in cases provided for by law (e.g. law enforcement, courts, tax authorities).

The Controller does not sell, rent or otherwise make available your personal data to other entities for commercial purposes.

7. Rights of data subjects

In connection with the processing of your data, you have the following rights:

1. Right of access to data (Article 15 GDPR) — obtaining information about whether and what data concerning you the Controller processes, and obtaining a copy thereof.
2. Right to rectification (Article 16 GDPR) — requesting correction of incorrect data or completion of incomplete data.
3. Right to erasure of data (“right to be forgotten”, Article 17 GDPR) — requesting deletion of data in cases provided for by law.
4. Right to restriction of processing (Article 18 GDPR).
5. Right to data portability (Article 20 GDPR) — in respect of data processed on the basis of consent or contract.
6. Right to object to processing (Article 21 GDPR) — in respect of data processed on the basis of the Controller’s legitimate interest.
7. Right to withdraw consent at any time (Article 7(3) GDPR) — without affecting the lawfulness of processing carried out before its withdrawal; applies to data processed on the basis of consent.
8. Right to lodge a complaint with the supervisory authority — President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.

To exercise your rights, please contact the Data Protection Officer at iod@s70.pl.

8. Cookies and embedded external services

8.1. What are cookies

Cookies are small text files saved on the user’s terminal device when using the Website. Cookies may be used by the Website itself (first-party cookies) or by third parties (third-party cookies).

8.2. Types of cookies used on the Website

Necessary cookies — files essential for the proper functioning of the Website, including remembering the user’s decisions regarding cookie consent. These files do not require user consent.

Cookies related to embedded external services (YouTube, Google Maps) — files set by Google when embedded content is displayed. These files are set only after the user has given consent via the cookie consent banner.

8.3. Embedded external services

The Website uses the following embedded external services:

1. YouTube (Google Ireland Limited) — a film about the School of the 70 embedded on the Website’s homepage. Displaying the film requires loading resources from Google’s servers and may involve transferring data to third countries, including the United States. Details: https://policies.google.com/privacy.

2. Google Maps (Google Ireland Limited) — interactive map of the Event location embedded on the Location subpage. Displaying the map requires loading resources from Google’s servers and may involve transferring data to third countries, including the United States. Details: https://policies.google.com/privacy.

Until the user gives consent to marketing/functional cookies, the embedded YouTube and Google Maps content is blocked (replaced with an information placeholder). After consent is given, the content is loaded normally.

8.4. Cookie management

The user may change their cookie preferences at any time using the consent banner available on the Website. They may also manage cookies through their web browser settings.

The Controller does not conduct any analytics on the Website (e.g. Google Analytics, Facebook Pixel) and does not use cookies for marketing or profiling purposes other than as described in section 8.3 (embedded Google content).

9. Transfer of data to third countries

In connection with the use of Google services (Google Forms, Google Workspace, embedded YouTube and Google Maps), some data may be transferred to countries outside the European Economic Area, including the United States.

Data transfer takes place on the basis of:
a) standard contractual clauses approved by the European Commission;
b) Google LLC’s participation in the Data Privacy Framework (European Commission implementing decision of 10 July 2023).

10. Data security

The Controller applies technical and organisational measures appropriate to the risk associated with the processing of personal data, in particular:

1. limiting access to data exclusively to authorised persons;
2. securing access accounts with passwords and two-factor authentication wherever possible;
3. using services of providers ensuring an appropriate level of security (Google, Hostinger);
4. regular review of authorisations and data processing procedures.

11. Automated decision-making

The Controller does not make decisions concerning you in an automated manner, including profiling within the meaning of Article 22 GDPR. The qualification decisions of the Qualification Committee are made individually by members of the Committee.

12. Changes to the Policy

The Controller reserves the right to make changes to this Policy in the event of changes in legal regulations, in the functioning of the Website or in data processing procedures. The current version of the Policy is always available on the Website.

In the case of significant changes, the Controller will inform data subjects by electronic means.

13. Contact

In all matters concerning the protection of personal data, please contact:

Data Protection Officer — Olivia Stadlbauer
E-mail: iod@s70.pl

Postal address of the Controller:
Centrum Chrześcijańskie w Legnicy, Zbór Kościoła Bożego w Chrystusie
ul. Najświętszej Marii Panny 2, 59-220 Legnica, Poland

---

This Privacy Policy has been drawn up in Polish. In case of any discrepancies between the Polish version and translations into other languages, the Polish version shall prevail.