Privacy Policy

PRIVACY POLICY of the Baltic Horizons Competition website, the Hestia Artistic Journey Foundation, co-organiser of the Competition
(the personal data processing rules and cookies)

Safety and confidentiality of your data is our priority.  Be assured that we have always taken all efforts, and shall continue to do so, to ensure protection of your data by employing appropriate technical and organisational security measures, which includes proper protection whilst designing new services and solutions.

These rules serve informing the users of the website dedicated to the Baltic Horizons Competition (hereinafter: the ‘Website’) of the scope and categories of their personal data processed and the purpose of their processing, as well as of their rights ensuing from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (called the GDPR).


The Controller of your Data is the Hestia Artistic Journey Foundation with its registered office in Sopot 81- 731, at: Sopot, ul. Hestii 1, entered in the National Court Register under number KRS0000518962, its tax ID [NIP] being 5851469283, and its REGON: 222134421, established by virtue of a notarised deed of 30/06/2014 drawn by the ERGO Hestia Insurance Society, joint stock company, with its registered office in Sopot at the Notarial Office of Anna Tarasiuk.

In our capacity of the Data Controller, we are responsible for making sure that your personal data are safe and used in compliance with the binding law.  For additional information, please go to:, or send us a letter to the Data Controller’s registered address as above.


We employ high-class and tested preventive measures and mechanisms monitoring the ways the information in our possession is processed, its flow, and access thereto so as to guarantee that data processing is not only law-compliant, but also follows the best practices of securing data and IT systems.  Your data are not transmitted outside the European Economic Area (EU).


The categories of personal data we process are limited exclusively to the data provided directly by the Website users in the necessary cookies (as further discussed in the ‘cookies’ chapter below) in connection with its safety an infallibility, the personal data of the artists participating in the Baltic Horizon Competition in accordance with the Competition Rules available at [link], and the personal data of those who publish on the Website in agreement with the Data Controller (the given name, surname, image if provided, eventually the artistic nickname).  The data of those publishing shall be processed until the consent to publication is withdrawn, and in substantiated cases for an additional period of 6 years following the withdrawal of the publication based on the legitimate interest of the Data Controller related to a potential litigation (Art. 6(1)(f) GDPR) or legal obligation (e.g. stemming from the tax law) (Art. 6(1)(c) GDPR).  Should the newsletter functionality be introduced, we can process the personal data for the newsletters and marketing.

Data are provided voluntarily. You will receive the newsletter information only, if you consent to receive it by putting your name on the list.  We shall process your personal data for marketing and information purposes until you withdraw your consent (Art. 6(1)(a) GDPR).

Should a form be provided to enable contact, the processing of personal data (given name, surname, e-mail address) shall be required to provide answers to the questions asked using the form.  The provision of personal data is voluntary (Art. 6(1)(a) GDPR).


The Data Controller’s Website makes use of the so-called cookie files (special files originating from the specific website, recorded and stored by the specific Internet browser) which are then stored on the user’s hard disc or in the memory of the device.  This type of files serves e.g. facilitating the navigation of the Website managed by the Data Controller and can further facilitate memorising the user’s specific preferences with respect to our Website.  Please, be informed that the files can be deleted from the hard disc or their recording can be blocked.  The method such changes are introduced depends on the employed Internet browser; changes can be implemented by configuring the used browser or device settings.  If no change of the said settings is introduced, this shall be interpreted as the user’s consent to the acceptance of the cookie files.  You should, however, bear it in mind that blocking the recording of the cookie files may hinder or fully prevent the use of selected Website functions.  On its Website, the Data Controller uses the cookie technology to record information on the user’s behaviour.  The collected data are profiled and used for such purposes as e.g. the creation of the so-called personalised advertisement or compilation of demographic reports by the Data Controller.  To that aim, the Data Controller uses e.g. the Google Analytics tool which monitors the traffic on the Website. 


The Data Controller informs that it does not use its Website for marketing profiling. 


Your personal data shall not be disclosed to any third parties, except for the entities providing technical or organisational support, or institutions entitled thereto under the letter of the law.

In any of the said cases, we take care that the data we are in possession of are current and accurate, and in respect for your privacy we minimise all personal data information to the extent which still makes it possible for us to process it correctly.


At each stage of our data processing you have the right to:

  • obtain access to your data, including information on the scope of the data we process, and receive a copy of the data;
  • modify and rectify your data, which includes restricting their processing, unless any legal contraindications of their processing exist;
  • erase your data fully (‘the right to be forgotten’), unless any legal contraindications exist;
  • be excluded from automatic decision-making based on profiling, should profiling be introduced (which would require amendments to the Website Privacy Policy);
  • object to improper processing of personal data (which includes withdrawal of the consent at any time without affecting lawfulness of the processing based on the consent before its withdrawal)
  • transfer the data to another Data Controller, if the data are processed in connection with the consent given or agreement signed;
  • lodge a complaint.  The complaint on the processing of personal data can be filed with the supervisory authority in charge of personal data protection.  The supervisory authority in the Republic of Poland is the President of the Personal Data Protection Office.

In order to ensure that your enquiries are dealt with properly and that due care is taken in considering them, you can file a request for exercising your rights by sending a letter of request it to the following address:  Each request you lodge shall be considered individually in the light of the binding legal regulations.

Please, be reminded that the exercisability of a specific right may depend on the legal base of processing your data for a strictly defined purpose; it may also depend on e.g. whether the processing of your data is not subject to the performance of a contract or service.  Your requests shall be considered with no undue delay, within one month of their receipt the latest, although if because of the nature of your request we are unable to keep the term, you will be notified of the delay and of its causes.

Similarly, should any such circumstances arise, we shall notify you of the reasons of dismissing your request and its fulfilment.  Please, be advised that the first ever request does not carry any charges, although should your requests prove unsubstantiated or too frequent, we reserve the right to charge a fee for repeated provision of information to you.  You will be advised without delay of the amount of the fee, or of any causes preventing our fulfilment of your request.  In addition, to ensure safety of the information transmitted, if we are unable to identify you correctly as the person entitled to receive the data, we reserve the right to change the method of delivering information to you, and you will be notified thereof.  Should you exercise your right to transfer your data, the Data Controller shall transmit the data directly to such other Data Controller, provided this is technically possible.  The person requesting exercise of the right shall be notified of the decision concerning the possibility to perform the transfer.


These Rules have been binding as of the date the Website was first created, i.e. 19.09.2022, and shall remain valid until recalled; they are compliant with the legal obligation stemming from Arts. 13 – 14 GDPR.  We reserve the right to change the binding rules, always in respect of your rights and privacy.

Thank you for familiarising yourself with our privacy policy.  The Hestia Artistic Journey Foundation