Museum of the History of Polish Jews attaches great importance to respecting privacy and security of Users of the Virtual Shtetl Portal (“Portal”); for this reason we have formulated these principles of privacy protection (“Privacy Policy”), which are to clearly present the way of functioning of the Portal, methods of handling personal data and collecting other data on the Portal Users. This Privacy Policy indicates also threats that may be connected to the use of the Portal.


Similarly to operators of most web portals, we collect information concerning the use of services by users and their IP addresses based on an analysis of access logs. The portal may collect the data for the purposes of a collective analysis of information on the number of visits to the Web Portal and on the way of use of the Portal. Although the data are not related to personal data of a User, still we reserve the right to use the data and, in particular, IP addresses, in accordance with the relevant provisions of law, in particular, to transfer them upon a request of relevant authorities.


Cookies are short files with information which may be sent by the Portal to the User’s browser and which identify him/her in a way that is necessary to enable some operations. Cookies are used, among others, to save User’s logging details. Cookie files are also used to collect general, statistical information on the use of the Portal by Users and in order to adjust the content and services to individual needs and interests of the Portal Users. The User may, at any time, refuse to accept cookies, however, disabling the cookies may hinder or even prevent you from using some functions offered by the Portal.


Using some of the Portal functions (services provided electronically) shall require the User to register. Registration is voluntary. During the registration, the User is asked for providing his/her personal data. Portal Users remain anonymous and it depends only on a decision of the User whether and when he/she registers in the Portal and whether during the registration he/she provides data other than those necessary for registration.
It is required to provide registration form the following data:

  • e-mail address
  • name (option)
  • surname (option)
  • login name (name displayed)
  • city (option).

The User may use its login name for registration. Using a login name does not mean, however, that it is permissible to impersonate other persons.

After registering, the User gets additional benefits. In particular, registration will enable the User to use special functions offered by the Portal, such as adding information, creating texts, adding photographs, films, audio, using options of sending messages between the Portal Users, receiving bulletins (newsletters).

The controller of personal data processed as part of registration and operation of the Portal is the Museum of the History of Polish Jews POLIN with its registered office in Warsaw (00-157) ul. Anielewicza 6. The Museum appointed a Data Protection Officer who can be contacted via e-mail iod@polin.pl, or via telephone: 22 471 03 41.

Personal data will be processed for the purpose related to the use of the Portal by the Users, pursuant to Article 6 (a) of the regulation, that is, a data subject.

The recipients of the personal data processed as part of functioning of the Portal may be: suppliers of IT systems and IT services, entities providing for the Museum accounting services, conducting studies on the quality of services, recovery of claims, legal services, analytic services, marketing services, operators of electronic payment systems and banks in the scope of execution of payments, authorities authorised to receive the personal data pursuant to the provisions of law.

Personal data will not be transferred to a third party. Personal data will be processed throughout the time necessary to perform all obligations resulting from the functioning of the Portal. In the case of personal data processed in order to provide services electronically – for the time of providing services electronically. In the case of personal data processed in order for the Museum to send marketing content – until raising an objection against the processing of the personal data in this scope. After this time, personal data will be processed only in the scope and for the time required by the provisions of laws, including accounting provisions.

Each of the consents granted for the processing of personal data may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on the consent before its withdrawal. For the purposes of proof, withdrawal of a consent should be made in writing and sent to the address (Warsaw, (00-157) ul. Anielewicza 6) or electronically (e-mail message to the address: iod@polin.pl).

There is a right to access one’s personal data provided, the right to request their rectification, erasure or restriction of their processing, the right to data portability, the right to object, the right to withdraw consent at any time, which does not affect the lawfulness of processing based on the consent before its withdrawal.

There is a right to file a claim to a supervisory authority if a person who provided data recognised that the processing personal data concerning him/her infringes the provisions of a General Data Protection Regulations of27 April 2016 and the provisions of the act of 10 May 2018 on personal data protection (Dziennik Ustaw 2018, item 1000).

Personal data will be processed in an automated way, including data profiling; Providing personal data is voluntary, however, necessary for the purposes of the service provision concerning the use of the Portal. Failure in provision of personal data required by the Museum shall result in lack of possibility to provide services.


For the purpose of the Portal Users, we place on the Portal links to other websites. We try to scrupulously select the websites with regard to which we are convinced that are useful and meet high standards. However, we do not guarantee the standards of each website to which a Portal link leads, and we are not liable for materials contained on other websites.

Bear in mind that third party websites whose links are presented on the Portal may collect Users’ information enabling identification of persons. The manner of handling the information on such websites linked to the Portal through a link shall not be subject to this Privacy Policy. We recommend that a User, after connecting to a different website, always read the privacy policy applicable on that website before voluntarily transferring information enabling identification.


Using the Portal involves general risks occurring when using the Internet. We undertake any and all measures in order to provide the Users with full security of use of the Portal, however, we cannot eliminate a possibility of occurrence of incidents threatening the Users as a result of a third-party action such as e.g. hacking into the Portal. Considering the welfare of the Users, below we present basic risks and actions intended for their mitigation:

  1. Trojan horses. A Trojan horse is a term for a software which posing as useful or interesting for a user applications additionally implement an undesired functionality hidden from the user. The best protection against Trojan horses is to carefully treat a software received from uncertain sources – unknown senders or websites. There is also a software enabling the elimination of the threat.
  2. Viruses. A computer virus is a short computer program, often harming the operational system or making it difficult for a computer user to work. A special software ensures protection against viruses.
  3. Spam. Spam is an unsolicited commercial information sent at the same time to many recipients. There are many ways to protect oneself against spam. The first is to refuse accepting messages from servers of popular spammers and reporting to administrators if one of their users is a spammer. One of actions preventing from the occurrence is also a proper security for each computer connected to the network – servers and home and office computers.


Current version of the Privacy Policy is always published on the Web Portal. A new version shall enter into force within 30 days of its publishing.


Any questions concerning this Privacy Policy or principles of use of the Portal should be directed to the address: sztetl@polin.pl.