Privacy Policy and Cookies Policy of the B-Challenged Website

Privacy Policy

Effective date: 14.01.2026
Website:http://bchallenged.eu/ (hereinafter: the “Website”)

§ 1. General Provisions

  1. This Privacy Policy sets out the rules for processing personal data of persons visiting the Website (hereinafter: “Users”).
  2. The Controller exercises due diligence to protect the privacy of Users and to ensure that personal data are processed in accordance with generally applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), the Act of 12 July 2024 – Electronic Communications Law (“PKE”) and the Act of 18 July 2002 on the provision of services by electronic means.
  3. The Website may contain links to external websites. The Controller shall not be liable for the personal data processing rules applied by third parties.

§ 2. Data Controller and Contact

  1. The Controller of Users’ personal data is the Institute of Mother and Child with its registered office in Warsaw, ul. Kasprzaka 17a, 01-211 Warsaw, entered into the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register under number: 0000050095, NIP (Tax Identification Number): 5250008471, REGON (National Business Registry Number): 000288395 (hereinafter: the “Controller”).
  2. Contact regarding personal data protection matters: by traditional means, i.e. by sending a letter to the registered office address indicated in section 1, or electronically via email correspondence at: dyr@imid.med.pl, via the ePUAP platform at: /IMiDWarszawa/SkrytkaESP, or using e-Deliveries at the address AE:PL-72400-93150-DHGIC-31.
  3. The Controller has appointed a Data Protection Officer (DPO); contact to the DPO: tel. 22 32 77 495, iod@imid.med.pl.

§ 3. Scope of Data and Sources of Collection

  1. The Controller processes personal data:
    a) collected automatically in connection with the use of the Website – in particular: IP address, online identifiers (e.g. cookie identifiers), device and browser identifiers, technical parameters, date and time of visit, information about activity on the Website, as well as event and security logs;
    b) provided directly by the User – if the User contacts the Controller (via the contact form): first name and surname (if provided), email address, telephone number, content of correspondence and other data provided in the message.
  2. For the purpose of browsing the Website and contacting via the provided form, the Controller does not require the provision of special categories of data within the meaning of Article 9 of the GDPR. If the User provides such data in the content of the message, the Controller will limit the scope of processing to the necessary minimum.

§ 4. Purposes and Legal Bases of Processing

  1. Users’ personal data are processed for the following purposes and on the following legal bases:
    a) ensuring the proper functioning of the Website, maintaining sessions, diagnostics, administering the Website and ensuring security (including prevention of abuse and attacks) – Article 6(1)(e) of the GDPR;
    b) concluding a contract for the provision of services by electronic means (using the contact form available on the page at:https://bchallenged.eu/contact/) – Article 6(1)(b) of the GDPR;
    c) handling enquiries and correspondence addressed to the Controller – Article 6(1)(e) of the GDPR;
    d) conducting statistics and analytics of Website usage using Google Analytics 4 (GA4) – only after prior consent to statistical cookies in accordance with PKE – Article 6(1)(e) of the GDPR;
    e) establishing, pursuing or defending claims – Article 6(1)(e) of the GDPR;
    f) archiving personal data – Article 6(1)(c) of the GDPR in conjunction with the Act on the National Archival Resources and Archives.
  2. Details of the use of cookies and similar technologies (storing/reading information on the end device) are set out in the Cookies Policy.

§ 5. Data Recipients and Processing Entrustment

  1. Personal data may be disclosed only to entities authorised under legal provisions and to entities providing services to the Controller necessary for the functioning of the Website, in particular hosting services, IT maintenance and support, entities providing services: legal advice, audit, courier or postal, accounting and settlement services – including as processors on the basis of entrustment agreements.
  2. The Controller uses the services of an entity providing IT/Website infrastructure services: LH.pl Sp. z o.o., ul. ks. Jakuba Wujka 7/26, 61-581 Poznań, NIP: PL7831711517.
  3. The Controller also uses Google services for GA4 – in accordance with § 6 below.
  4. Data may be disclosed to public authorities if such an obligation arises from legal provisions.

§ 6. Transfer of Data to Third Countries

  1. Data processed within the Website infrastructure (hosting/maintenance) are, as a rule, not transferred to third countries outside the European Economic Area (“EEA”) – unless circumstances arise requiring a different configuration of services.
  2. In connection with the use of GA4, data may be transferred to Google LLC in the United States or other entities within the Google group – only with the application of mechanisms provided for in Chapter V of the GDPR. Data will be transferred on the basis of an adequacy decision – Google LLC is an active member of the Data Privacy Framework.

§ 7. Data Retention Period

  1. Technical data and logs – for the period necessary to ensure the security and proper functioning of the Website, in accordance with the Uniform Material Classification of Records applicable to the Controller (JRWA).
  2. Correspondence – for the time necessary to handle the matter, in accordance with JRWA.
  3. GA4 analytical data – in accordance with retention settings configured in GA4 and until data deletion or withdrawal of consent (to the extent that withdrawal of consent prevents further data collection in the User’s browser).

§ 8. User Rights

The User is entitled to rights arising from the GDPR, in particular:
a) the right of access to data (Article 15 of the GDPR), including obtaining a copy thereof,
b) the right to rectification of data (Article 16 of the GDPR),
c) the right to erasure of data (Article 17 of the GDPR),
d) the right to restriction of processing (Article 18 of the GDPR),
e) the right to data portability (Article 20 of the GDPR),
f) the right to object (Article 21 of the GDPR – against processing based on Article 6(1)(e) of the GDPR).

§ 9. Automated Decision-Making

The Controller does not make decisions in respect of Users that produce legal effects or similarly significantly affect them, based solely on automated processing of data, including profiling within the meaning of Article 22 of the GDPR.

§ 10. Right to Lodge a Complaint

The User has the right to lodge a complaint with the competent supervisory authority if the User considers that the processing of personal data violates legal provisions.

§ 11. Provision of Data

The provision of personal data is voluntary but necessary to use the Website, including the contact form. Failure to provide personal data will result in the inability to use the Website.

§ 12. Changes to the Policy

The Controller reserves the right to amend this Policy, in particular in the event of changes to the functionality of the Website, implementation of new tools or changes to legal provisions. The current version is published on the Website.

Cookies Policy

Effective date: 14.01.2026
Website:http://bchallenged.eu/ (hereinafter: the “Website”)

§ 1. General Provisions

  1. This Cookies Policy describes the rules for the use of cookies and similar technologies on the Website.
  2. Cookies are small text information stored and read on the User’s end device (e.g. computer, smartphone) when using the Website.

§ 2. Legal Basis

  1. The use of necessary cookies is permitted to the extent necessary to provide the service requested by the User and to ensure the security of the Website.
  2. The use of cookies other than necessary (in particular analytical) requires the prior consent of the User expressed via the cookie banner (CMP), in accordance with PKE provisions.

§ 3. Types of Cookies Used on the Website

  1. The Website may use the following categories of cookies:
    a) necessary cookies – ensure the proper functioning of the Website (e.g. session maintenance, security). They cannot be disabled in the consent panel.
    b) statistical cookies – are used to measure traffic and analyse the manner of using the Website (Google Analytics 4). Activated only after obtaining consent.
  2. The Website does not activate statistical cookies before the User gives consent.

§ 4. Google Analytics 4 – Statistical Cookies

  1. Provider: Google Ireland Limited (Ireland).
  2. GA4 cookies used on the Website (typical examples; the scope may vary depending on configuration and Google updates):
    – _ga – used to distinguish Users; default storage period: 2 years
    – _ga_<id> – used to maintain session state; default storage period: 2 years
  3. Data collected by GA4 are statistical in nature and are used to measure traffic and the manner of using the Website, as well as to create aggregate statistics and reports.
  4. GA4 is activated only after the User has given consent to analytical cookies in the banner (consent management platform – CMP).
  5. The User may also use a browser add-on blocking Google Analytics (information provided by Google): https://tools.google.com/dlpage/gaoptout

§ 5. Consent Management (CMP) and Changing Settings

  1. During the first visit to the Website, the User is given the option to select cookie settings via the banner (CMP), including:
    – accepting all cookies,
    – rejecting cookies other than necessary,
    – configuring preferences (by category).
  2. The User may change or withdraw consent at any time by clicking “Cookie settings” in the bottom left corner of the website.
  3. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

§ 6. Third-Party Cookies

  1. In the event of consent to statistical cookies, cookies may originate from a third party (Google) and may be read by it in accordance with its documentation and terms.
  2. The Controller recommends reviewing the Google information regarding cookies and privacy: https://policies.google.com/technologies/cookies

§ 7. Browser Settings

  1. The User may independently manage cookies in browser settings (blocking/deleting cookies).
  2. Restricting the use of necessary cookies may cause the Website to malfunction.

§ 8. Changes to the Cookies Policy

The Controller may update this Policy, in particular in the event of changes to the Website configuration, implementation of new tools or changes to legal provisions. The current version is published on the Website.