Go to content

Policy and Standards - Retail4Earth

Skip menu
Skip menu

Retail is navigating fast-evolving EU and national frameworks that shape sustainability, data, and innovation. The following instruments are most relevant for retailers and their value chains:

  • CSRD & ESRS: Corporate disclosure and value-chain data needs for climate, circularity, and social impacts.
  • ESPR & Digital Product Passport (DPP): Product durability, repairability, material footprints, and data interoperability across the lifecycle.
  • Packaging & Waste: Prevention, reuse, recyclability, and Extended Producer Responsibility (EPR) obligations.
  • Data Governance Act & Data Act: Access/sharing, business-to-business data rights, and interoperability enablers.
  • GDPR: Personal data protection for loyalty programs, analytics, and personalization.
  • AI Act: Risk-based obligations for AI in retail operations, logistics, and customer engagement.

Standards bodies and communities we align with include CEN/CENELEC, ISO, GS1, and W3C. For methodological details, see Data & Methodology; for evidence and deliverables, browse Publications & Reports.

Policy Briefs
Fulfilling the obligation to provide information pursuant to Article  13(1) and (2) of the Regulation (EU)2016/679 of the European Parliament  and of the Council of 27 April 2016 on the protection of natural persons  with regard to the processing of personal data and on the free movement  of such data and repealing Directive 95/46/EC (General Data Protection  Regulation) [Official Journal of the EU L.2016.119.1 of 4 May 2016],  hereinafter referred to as: GDPR, we inform you that:

  1. The Controller of your personal data is the AGH  University of Krakow, al. A. Mickiewicza 30, 30-059 Krakow, hereinafter  referred to as AGH University.
  2. The contact details of the Data Protection Officer are as follows: email: iodo(at)agh.edu.pl, phone: 12 617 53 25.
  3. Your personal data will be processed by the Controller  in order to facilitate the process of education at the university,  provide material aid benefits, receive information by electronic means,  including administrative, organisational, scientific and educational,  and social activities according to Article 6(1)(c) of the GDPR, on the  basis of applicable laws, in particular:
    a) Act of 20 July 2018. Law on Higher Education and Science (Journal of Laws of 2018, item 1668, as amended);
     b) Regulation of the Minister of Science and Higher Education of 27  September 2018 on studies (Journal of Laws of 2018, item 1861);
    c)  Regulation of the Minister of Science and Higher Education of 10  February 2017 on the professional titles conferred upon graduates, the  conditions for issuing diplomas and the necessary elements thereof, and  certificates of completion of non-degree postgraduate programmes, and  the template for a diploma supplement (Journal of Laws, item 279) in  conjunction with the Act of 3 July 2018 on Provisions introducing the  Act – Law on Higher Education and Science (Journal of Laws of 2018, item  1669);
    d) Regulation of the Minister of Science and Higher  Education of 25 September 2014 on the nationwide list of students and  the nationwide list of doctoral students (Journal of Laws, item 1301, as  amended) in conjunction with the Act of 3 July 2018 on Regulations  introducing the Act – Law on Higher Education and Science (Journal of  Laws of 2018, item 1669).
  4. If you provide information about your health, including  information about your disability, your personal data shall be  processed based on your consent – Article 9(2)(a) of the GDPR – in order  to create conditions for full participation in the recruitment and  education process.
  5. The recipients of your personal data will be entities  entitled to obtain them on the basis of the law; the recipients of your  data will also be those partner universities where you wish to take  classes (universities in Poland or abroad, e.g. within the frameworks of  the Erasmus+, Most, or Mostech programmes).
  6. Your image shall be stored in the computer system for  the purpose of preparing, personalising, and issuing an electronic  student ID card, as well as in the system designed to support the  teaching process at the university.
  7. Your personal data shall be processed only for the time  necessary to achieve the purposes of personal data processing, i.e. for  the period resulting from the internal law of AGH University – Uniform  Tangible File Inventory (JRWA).
  8. You have the right to request from the Controller  access to your data, as well as the right to rectify your data, the  right to erase your data, the right to restrict the processing of your  data, the right to object to the processing thereof in the cases and  under the conditions specified in the GDPR.
  9. You have the right to submit a complaint with a  supervisory authority – the President of the Office for Personal Data  Protection pursuant to Article 77 of the GDPR (...every data subject  shall have the right to lodge a complaint with a supervisory authority,  (…) if the data subject considers that the processing of personal data  relating to them infringes this Regulation).
  10. Your personal data shall not be subject to automated decision-making processes, including profiling.
  11. Your personal data shall not be transferred to third  countries; however, they may be transferred to partner universities  referred to in section 5.
  12. The provision of your personal data to the extent  resulting from the law referred to in section 3 is a requirement  necessary for the processing of the educational process and does not  require separate consent, while the provision of personal data for the  purposes referred to in section 4 is voluntary and requires your  consent.
  13. To withdraw your consent for the processing of personal  data for the purposes referred to in section 4, send an e-mail with an  electronic copy of a signed document containing a statement to this  effect to the address of the appropriate dean's office. The withdrawal  of consent shall not affect the lawfulness of processing based on  consent before its withdrawal.
Guidance for SMEs

Practical steps for retailers and SMEs to get compliance-ready while creating business value:

  • CSRD readiness for partners: Identify data you provide to customers and larger partners; map ESRS datapoints.
  • ESPR & DPP: Prepare product master data, materials, repairability, and traceability attributes.
  • Packaging & waste: Track packaging formats, recycled content, and local EPR requirements.
  • Data governance: Establish roles, consent, data-sharing agreements, and interoperability patterns.
  • AI Act: Classify use cases, document risks, and design human oversight.
  • Supplier engagement: Share templates and timelines; align on identifiers (e.g., GTIN, GLN) and events.

Download checklists and templates to accelerate implementation and audits.

Get in Touch

We collaborate with public bodies, standardization organizations, and industry associations. Whether you seek evidence for a consultation, need input on interoperability, or want to co-design guidance for SMEs—let’s talk.

Created by Retail4Earth team (2026)
About Retail4Earth

An information hub of the Retail4Earth project accelerating sustainable retail through AI, AR/VR and circular economy models—empowering SMEs, inspiring consumers and fostering collaboration between academia, industry and public bodies.
More contact details

Wydział Zarządzania, Akademia Górniczo-Hutnicza im. Stanisława Staszica, ul. Gramatyka 10, 30-067 Kraków
Back to content