Privacy and cookie policy

This Policy contains information on the processing of personal data of users of the website (hereinafter: “website”).

All personal data collected in connection with the use of the website are properly secured and protected in accordance with the provisions of generally applicable law. The administrator uses organizational and technical measures to protect the processed personal data, for this purpose, e.g. secure communication encryption protocol (SSL).

Personal data administrator

  1. The administrator of the website (hereinafter: “Website”) and personal data of its users (hereinafter: “User”) provided in connection with the use of the Website is Youth Projects Managements LTD. with its registered office in Gdańsk (80-420), al. Grunwaldzka 523, registered in the Register of Entrepreneurs kept by the District Court in Gdańsk, 7th Commercial Division of the National Court Register, under KRS number 0000403176, NIP: 5833147801, REGON: 221576401 (hereinafter referred to as: “Administrator”).
  2. In matters related to the protection of personal data, please contact the Data Protection Officer, Ms. Marzena Chrostowska, appointed by the Administrator via e-mail: or in writing to the address of the Administrator’s registered office.
  3. The data is processed in accordance with the current legal regulations, i.e.
  4. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”),
  5. Act of May 10, 2018. about personal data protection,
  6. Act of July 18, 2002. on the provision of electronic services,
  7. Act of July 16, 2024. – telecommunications law.

Ways of obtaining personal data

The User’s personal data is collected directly from the data subjects, i.e. through:

  1. Filling out the form with contact details when submitting an inquiry via the form on the Administrator’s website,
  2. Filling out the newsletter subscription form,
  3. Filling out the order form in the online store,
  4. Data provided for the purpose of preparing and concluding the contract,
  5. Direct contact with the Administrator using the contact details available on the Administrator’s website.

Purposes, grounds and period of processing the User’s personal data

The administrator processes personal data only for the following purposes:

Taking action at the request of the data subject, including answering questions asked via electronic means of communication via the Contact Form or in order to handle traditional correspondence.

In the event of contacting the Administrator via a contact form (e.g. in order to make contact, start a conversation, ask a question, express an opinion), the User provides his name, telephone number and e-mail address. Providing the above data is voluntary, however, failure to provide an e-mail address makes it impossible to use it from the contact form. By using the form, the Administrator also obtains access to the IP address of the User sending the message. The provided personal data and the content of the message will be processed in order to respond to the User’s message. The administrator reserves the right to reply at any time you choose. The Administrator has the right to leave the User’s message unanswered if he considers it inappropriate or falls under the category of spam.

Legal basis for data processing: art. 6 sec. 1 lit. a) GDPR – i.e. the User’s consent.

The User’s data may be stored in the Administrator’s database until the expiry of the limitation period for claims under the law.

Sending the ordered marketing information by e-mail (newsletter) to the e-mail address provided by the User.

In the case of using the newsletter, the User provides his e-mail address and name. Providing the above data is voluntary, however, failure to provide an e-mail address will prevent the use of the newsletter service. By subscribing to the newsletter, the User agrees to this Privacy and Cookies Policy and to receive commercial information, including information about new products and services, as well as about the current and planned activities of the Administrator. The newsletter may contain links to external materials of an affiliate nature of the Administrator’s partners. The Newsletter may include marketing of own and recommended products related to the subject of the Website. By subscribing to the newsletter, the User agrees to the use of his telecommunications devices (computer, telephone, tablet, etc.) in order to receive marketing and commercial information from the Administrator.

Legal basis for data processing: art. 6 sec. 1 lit. f) GDPR – i.e. the legitimate interest of the Administrator, consisting in the processing of data for marketing purposes, after granting consent to receive marketing and commercial information sent electronically.

The data provided will be processed until an effective objection is raised, the purpose of processing is achieved or the Website’s activity ends. After withdrawing the consent to receive the newsletter or after the end of the Website’s operation, the User’s data may be stored in the Administrator’s database until the expiry of the limitation period for claims for the provision of the service. After unsubscribing from the newsletter, the User will not receive e-mails of this nature from the Administrator.

Using the newsletter means consenting to the monitoring by the Administrator (with the help of the service provider servicing the newsletter) of subscribers’ activity, including the date of subscription, date and time of opening the message, clicking on the links sent, date of unsubscribing. The Administrator reserves the right to send the newsletter to the User at any time and at any frequency. The Administrator has the right to completely stop sending the newsletter to the User, as well as to remove the User from its subscriber base without giving a reason.

Marketing of the Administrator’s own services and products in the traditional way.

Legal basis for data processing: art. 6 sec. 1 lit. f) GDPR – i.e. the legitimate interest of the Administrator.

Preparation and implementation of the concluded sales contract, including the conclusion of a distance contract via an online store run by the Administrator, as well as the implementation of the rights arising from it.

Legal basis for data processing: art. 6 sec. 1 lit. b) GDPR.

Documenting the performance of contracts, including issuing a bill or invoice for a natural person, keeping accounting and tax documentation.

Legal basis for data processing: art. 6 sec. 1 lit. c) GDPR 

– i.e. the Administrator’s performance of his legal obligations.

Pursuing the rights and claims of the Administrator or the data subject.

Legal basis for data processing: art. 6 sec. 1 lit. f) GDPR 

– i.e. the legitimate interest of the Administrator.

Data storage period

The period of data processing depends on the purpose for which the data was collected and amounts to:

  1. in order to conclude and perform a sales contract, including distance sales – for the period necessary to document the contract, including issuing a bill or invoice – 5 years from the end of the calendar year in which the tax payment deadline expired pursuant to art. 112 of the Act of March 11, 2004. on tax on goods and services, in connection with joke. 70 of the Act of August 29, 1997. tax code,
  2. in order to send commercial information by electronic means (newsletter) and/or set up an account in the store – until the consent is revoked, without affecting the compliance of the processing that was carried out before its revocation,
  3. for the period necessary to provide the answer requested via the contact form or by phone, but not longer than for a period of 3 months,
  4. in order to pursue claims, in accordance with art. 118 of the Act of April 23, 1964. – the Civil Code, i.e. unless a special provision provides otherwise, the limitation period is 6 years, and for claims for periodic benefits and claims related to running a business – 3 years.

The Website Administrator reserves the right to process the User’s personal data after withdrawing consent only for the purpose of pursuing possible claims before the court or if national, EU or international law regulations oblige the Administrator to retain data.

Scope of processed data

The scope of processed personal data has been limited to the minimum necessary to provide services in the field of:

  1. Submitting an inquiry via the Contact Form or using the contact details available on the website: e-mail address, name, telephone number, or other data provided voluntarily by the data subject,
  2. Subscribing to the newsletter: name, e-mail address,
  3. Placing an order in the online store: name and surname, e-mail address, telephone number, buyer’s address,
  4. Issuing a bill or invoice: name and surname or name of the entity, address, tax identification number
  5. Preparation and conclusion of the contract: name and surname, address, NIP/REGON of the ordering party.

Sharing User Data

The Administrator uses the services of external entities, therefore the User’s personal data may be made available:

  1. suppliers providing IT and network infrastructure, including e.g. hosting providers, domain providers.
  2. suppliers of technologies used by the Website, in particular in terms of service
  3. e-mail, e-mail marketing and analysis of the User’s activity on the Website.
  4. Foundation for Youth Projects – the entity implementing the European Youth Card program,
  5. European Youth Card Association – a patron organization of the Youth Projects Foundation,
  6. Voyager Sp. z o. o. – an entity providing online sales and payment services,
  7. The insurer – UNIQA Towarzystwo Ubezpieczeń na Życie S.A.
  8. entities providing accounting, legal and administrative services to the Administrator as well as other entities and service providers, if it is necessary to achieve the purposes of data processing.
  9. The entities to which the data are transferred ensure their protection in accordance with the standards set out in the law.

       User data may also be made available to other public and private entities in the following circumstances:

  1. the law or public authority determines that the Administrator must provide personal data,
  2. personal data is made available in order to establish, exercise or defend the rights of the Administrator.

Each time, the narrowest possible scope of the User’s data will be made available, which will allow the implementation of the purpose of data processing and the fulfillment of the Administrator’s obligations.

User Rights

The user has the right to:

  1. access to the content of your personal data,
  2. rectification/change of your personal data,
  3. delete your personal data (if there are no other grounds for their further processing, including protection against claims, the requirement to meet legal obligations),
  4. limit the processing of your personal data (if there are no grounds for further processing in the limited scope),
  5. transfer your personal data, provided that the basis for processing is the contract or consent of the data subject, and the data processing is carried out automatically,
  6. withdraw consent to the processing of your personal data (if the processing is based on it) at any time without affecting the lawfulness of the processing that was made on the basis of consent before its withdrawal,
  7. object to the processing of your personal data,
  8. lodge a complaint with the President of the Personal Data Protection Office if he believes that the processing of his personal data violates the law,
  9. the right to control data processing and information on who is the data controller, as well as to obtain information about the purpose, scope and method of data processing, the content of this data, the data source, as well as the method of sharing, including the recipients or categories of data recipients.

Data transfer to third countries

The Administrator does not transfer the User’s data to third countries, i.e. to countries outside the European Economic Area (EEA). However, bearing in mind that the Administrator uses the services of entities such as Google, Facebook, the User’s personal data in some cases may be transferred to countries outside the EEA. Such transfer is possible only if the requirements specified by the European Commission of the European Union are met. This means that the transfer is possible only to entities that ensure appropriate standards of personal data protection.

Data profiling

As part of the implementation of its legitimate interest, the Administrator may perform automated processing of Users’ personal data, including profiling, in order to provide content tailored to a given User and conduct marketing activities. These actions will not significantly affect the User’s situation, incl. in particular, they will not have any legal effects on the User. In the event that, in the opinion of the User, the above-mentioned profiling has a negative impact on his rights, the User may object to this type of processing.


The administrator uses cookies. The User’s first visit to the website requires consent to cookies or modification of their settings according to their own preferences. Using the website constitutes consent to cookies – these are small text information in the form of text files, sent by the server and saved on the User’s side (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on what device is used by the User. When the browser reconnects to the website, the website recognizes the type of device from which the User connects. The parameters allow reading the information contained therein only to the server that created them. Cookies therefore facilitate the use of previously visited websites. IP address, type of browser used, language, type of operating system, Internet service provider, information about time and date, location, page from which the user was redirected and information sent to the website via the contact form, comment form.

The collected data is used to monitor and check how the User uses it

from the website to improve its functioning, ensuring more efficient and trouble-free navigation. The Administrator monitors information about users using the Google Analytics tool, which records the User’s behavior on the website. Cookies identify the User, which allows the content of the website he uses to be adjusted to his needs. By remembering his preferences, it enables the appropriate adjustment of the content and advertisements addressed to him. The collected data is used only inside the website to optimize activities. There are two types of cookies – session and persistent. Session files are deleted when the browser is closed, permanent files are stored for a period depending on the purpose for which they were collected. The administrator uses cookies for the purposes of:

  • identification of Users as logged in to the website or online store and showing that they are logged in and enabling them to use the website and online store,
  • increasing the comfort of using the website,
  • remembering data from forms, surveys or online store login details filled out by Users,
  • statistical and marketing,
  • adjusting the content of the online store website to the individual preferences of the User and optimizing the use of the online store pages.

By default, web browsers have the option of using cookies enabled, however you can change these settings at any time. Detailed information is available on the websites of software providers. Check out sample instructions for browsers: Firefox, Google Chrome, Internet Explorer, Opera.

E-mail addresses will be used only for the purposes indicated in the privacy policy. The addresses will not be used or sold for other purposes to third parties.

If the User does not agree to the collection and processing of his data, he should immediately leave the Administrator’s website.

Final Provisions

The Website Administrator reserves the right to change this Privacy and Cookies Policy. Changes will be introduced in the event of modifications to the functionality of the Website, the application of new legal provisions, or changes in the scope of access, storage or protection of collected data.

By performing any activity related to the use of the Website, the User, including i.a. before submitting his personal data, he should first read the current version of this Policy, which is published on the Website.

In matters not regulated, generally applicable provisions of law shall apply.

This policy enters into force on July 1, 2023.