Privacy Policy
This document explains what personal data may be processed when you use the Harbor of Events website and contact us, why it is needed, and what rights you have.
Last updated: 12 July 2026
1. Data controller
The controller of your personal data is Harbor of Events.
- Name: Harbor of Events
- Address: ul. Pytlasińskiego 16/13, 00-777 Warszawa
- NIP: 5214048231
- REGON: 527141250
- Email: contact@harbor-event.com
For any matter concerning the processing of personal data, you can contact us by email at contact@harbor-event.com.
2. When we may obtain data
We obtain personal data primarily when you contact us yourself.
- when you email us;
- when you call the numbers provided;
- when you contact us via WhatsApp or Telegram;
- when you submit the enquiry form on the website;
- during business correspondence and when agreeing event details;
- at the stage of concluding and performing a contract;
- automatically: technical data while you use the website (see the sections on cookies and security).
When you submit the enquiry form on the website, your enquiry is stored in our database (Google Firestore / Firebase) so that we can respond and prepare a proposal. We process: your name, contact details and preferred contact method, information about the event (type, company name, city, date, number of guests, approximate budget) and your comment. Legal basis: steps taken at your request before entering into a contract (Art. 6(1)(b) GDPR). Firebase / Google Cloud acts as an IT service provider (hosting and technical processing of the enquiry by our back-end system) on our behalf. So that we can handle your enquiry efficiently, the data from the enquiry may be forwarded to a closed Harbor working group on Telegram and copied to a closed internal Harbor working sheet on a Google service (Google Sheets / Google Workspace). Only authorised Harbor personnel have access to that group and sheet; the sheet is not publicly available. Some of these services may process data outside the European Economic Area, which requires appropriate legal transfer mechanisms (see the section on transfers outside the EEA). We may contact you via the preferred method indicated in your enquiry in order to respond. You can also contact us directly: by email, by phone or via messengers.
3. What data may be processed
The scope of data depends on how you contact us and on the content of your enquiry.
- first and last name;
- email address;
- phone number;
- company name and job title, if you provide them;
- information about the planned event: format, date, city, number of guests, approximate budget, expectations;
- data needed to conclude a contract and for settlements;
- the content of our correspondence with you;
- technical data (for example, an IP address and server log entries), if stored by the hosting provider.
We do not intentionally collect passport or bank details, health data or other special categories of data. Unless they are essential for a specific event, please do not send them.
4. Purposes and legal bases
We process data only for specific purposes and on an appropriate legal basis.
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Responding to an enquiry and agreeing details before a contract | Contact details, enquiry content, event information | Art. 6(1)(b) GDPR |
| Concluding and performing an event-organisation contract | Contact and contract details, event details, settlements | Art. 6(1)(b) GDPR |
| Meeting legal and accounting obligations | Contract and settlement data, accounting documents | Art. 6(1)(c) GDPR |
| Business correspondence, website security and protection against possible claims | Contact details, correspondence content, technical data | Art. 6(1)(f) GDPR |
| Optional activities based on consent, where you give it | Data you voluntarily provide for a specific purpose | Art. 6(1)(a) GDPR |
We do not send marketing mailings and do not carry out marketing profiling. We rely on the “consent” basis only where such processing genuinely takes place with your consent.
5. Is providing data mandatory
Providing data is voluntary.
At the same time, without basic contact details we will not be able to respond to your enquiry or prepare a proposal.
Some data may be necessary to conclude or perform a contract; without it, delivering on what was agreed is not possible.
You may choose not to give optional consent, which does not affect basic contact with us.
6. Retention period
We keep enquiry and correspondence data no longer than needed to handle your enquiry, continue related communication, perform a contract and meet legal obligations. The specific period depends on the situation:
- until the correspondence ends or your enquiry is handled;
- for the duration of contract performance;
- for the periods set by tax and accounting rules;
- until the limitation periods for any mutual claims expire;
- until consent is withdrawn, where processing is based on consent;
- technical data: according to the actual settings of the services used.
We do not set a single fixed period for all enquiries: it depends on the nature of the enquiry and applicable legal requirements, and is clarified in line with current regulations and terms of cooperation.
7. Data recipients
We do not sell your data. Access may be given only to categories of recipients that support our operations:
- hosting and IT service providers, including Google Firebase / Google Cloud, where the enquiry is stored and technically processed;
- Google Workspace services, including Google Sheets, where we keep a closed working sheet of enquiries;
- an internal Harbor working group on Telegram, to which enquiry data may be forwarded so the enquiry can be handled efficiently;
- an email service provider;
- accounting and legal advisers;
- event subcontractors, only to the extent necessary to deliver the event;
- the communication services you use to contact us;
- public authorities, where required by law.
Only authorised Harbor personnel have access to the working sheet and working group. We engage subcontractors only to the necessary extent and do not disclose your data unnecessarily.
8. Transfers outside the EEA
We aim to carry out the core processing within the European Economic Area (EEA). Technical interface resources, including the icon library and fonts, are served locally from our domain. At the same time, some of the services we use to handle enquiries and communication may process certain data (for example, enquiry content or technical data such as an IP address) outside the EEA:
- services that handle and store enquiries (Google Firebase / Google Cloud, Google Workspace) and the closed Harbor working group on Telegram, to which enquiry data may be forwarded;
- a privacy-enhanced video player on selected project pages, which loads only after you click the play button;
- services reached via external links (Instagram, WhatsApp, Telegram): after following them, you interact with those services directly.
The exact transfer model of these services and the appropriate safeguards need to be verified against each provider's documentation. We do not claim that any specific legal transfer mechanism is applied without such confirmation.
9. Your rights
Under the GDPR you have the right to:
- access your data;
- rectify inaccurate data;
- erase data;
- restrict processing;
- data portability;
- object to processing;
- withdraw consent, where processing is based on consent.
Withdrawing consent does not affect the lawfulness of processing carried out before it was withdrawn. To exercise your rights, please email contact@harbor-event.com.
10. Complaint to a supervisory authority
You also have the right to lodge a complaint with the supervisory authority responsible for personal data protection. In Poland this is:
- President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych)
- UrzÄ…d Ochrony Danych Osobowych
- ul. Stanisława Moniuszki 1A
- 00-014 Warszawa
11. Cookies and similar technologies
The website does not set its own marketing or advertising cookies and does not use analytics systems or advertising pixels.
To run the interface we use technically necessary mechanisms and your browser's local storage (localStorage) to remember the colour theme you chose: light or dark. This technical setting is saved only after you switch the theme yourself.
Technical interface resources (fonts and icons) are served locally from our domain. An embedded video player on project pages may set its own cookies in line with that service's policy, and only after you click the play button.
There is currently no separate cookie-consent banner on the website. Browser settings do not replace consent to optional tracking; at the same time, the website runs no advertising or analytics tracking for which such consent would be required.
12. External services and links
The website contains links to external services you can use to get in touch or view materials:
- the WhatsApp and Telegram messengers and the Instagram profile: for contact and viewing posts;
- an embedded, privacy-enhanced video player on selected project pages, which loads only after you click.
After following an external link or interacting with embedded content, you are also subject to the privacy policy of the relevant service provider.
13. Automated decisions and profiling
Harbor does not make decisions about users based solely on automated processing that would produce legal or similarly significant effects.
We also do not carry out marketing profiling of website users.
14. Data security
- We apply organisational and technical measures appropriate to the nature of the processing.
- Access to data is granted only to the extent necessary to perform tasks.
- No measures can guarantee absolute security, so we review our practices regularly.
15. Changes to the policy
This policy may be updated, for example if the website's services or legal requirements change.
The current version is always published at the same address.
The date of the last update is shown at the top of the document.
16. Contact
For matters relating to personal data, please contact the controller by email: contact@harbor-event.com.
