Foundation aims to ensure its Users’ safety by processing their data in a manner guaranteeing its safety and confidentiality, including protection from unauthorised and/or illegal processing, as well as its accidental loss, deletion or corruption, as well as protection from unauthorised access to any User’s data and/or devices used for the processing of that data and from unauthorised use of this data and/or devices. In order to achieve that goal Foundation uses appropriate technical and organisational means.
Foundation uses any and all available means to ensure that the personal data collected and processed by Foundation is:
- processed in accordance with any applicable laws, in a diligent manner, understandable for its Users;
- collected for specific, clear and legally justified purposes and processed in a manner compliant with those purposes;
- adequate, relevant and limited to an extent necessary for the purposes, for which it is processed;
- correct and updated when necessary.
1 GENERAL PROVISIONS
1.3 The Users’ personal data controller is Fundacja im. Kazimierza Pułaskiego w Warszawie, ul. Oleandrów 6, 00-629 Warszawa, KRS: 0000233247, telephone number: 22 378 11 95, e-mail address: firstname.lastname@example.org.
1.6 A User whose personal data is processed has the right to cancel his consent, referred to in Clause 1.5 by sending a statement via email to the address: email@example.com. Such a cancellation does not have impact on the legality of personal data processing that been happening based on that consent before its cancellation by the User.
means an entity which decides on purposes and manners of personal data processing, individually or in agreement with other entities (here: Foundation).
means text files saved on the hard drive of the User’s device, used in particular to enable using various Foundation Services and to identify and recognise the User’s device at a reconnection to the Services.
means this document comprising all information related to collecting, using, reviewing and/or processing User’s personal data by Foundation.
means Fundacja im. Kazimierza Pułaskiego in Warszawa, ul. Oleandrów 6, 00-629 Warszawa, NIP: 9512164270, registered in the register maintained by the District Court for the capital city of Warszawa in Warszawa XIIth Commercial Division of the National Court Register under KRS number: 0000233247.
means all Foundation products made available to the Users, including the website www.pulaski.pl and other websites belonging to Foundation, applications and services offered by Foundation, including in particular the service of informing about the details of Foundation’s offer, newsletter service.
means a natural person acting on its own behalf or on behalf of an entity in which it is employed (regardless of the legal basis of such employment) who uses the Services.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
means Polish Act on Rendering Electronic Services dated 18 July 2002.
3 COLLECTING AND PROCESSING PERSONAL DATA
3.1 The Controller collects and processes the following Users’ personal data for the following purposes:
3.1.1 to make available to the Users a newsletter Service, consisting in sending via email to registered Users (to the email address shared at the registration) current information pertaining to the Controller’s activities and upcoming events (art. 6.1 a) GDPR, art. 10 ust. 2 ARES – upon the consent). Processed personal data: name, surname, e-mail address;
3.1.2 for statistical, analytical and reporting purposes (art. 6.1 f) GDPR – legitimate interests pursued by the Controller). Processed personal data: name, surname, e-mail address;
3.1.3 to make available registration and participation in the events organized by the Controller (art. 6.1 a) GDPR – upon the consent). This means especially:
- a) creating a list of participants,
- b) carrying out registration in order to make participation possible,
- c) performance of the programme,
- d) ensuring the safety of the events.
Processed personal data: name (names), surname, affiliation, position, email address, profile photo, gender, date of birth, PESEL number/passport number, date of issue of the passport number, citizenship, professional activity, billing data, telephone number;
3.1.4 to archive the data (art. 6.1 f) GDPR – legitimate interest pursued by the Controller) Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image recorded on the photograph.
3.2 Processing Users’ personal data means performing an operation or a set of operations on personal data or on sets of personal data in an automatic or non-automatic manner, such as collecting, saving, organising, ordering, storing, adapting or modifying, downloading, viewing, using, sharing by sending, making available or other type of sharing, adjusting or merging, limiting, deleting or destroying.
3.3 User’s personal data may be shared with the entities who cooperate with Foundation or perform particular services for Foundation (legal, marketing, advertising, IT, logistic services – in the scope necessary to perform these services) as well as with the governing bodies and organizations (in the scope of ensuring the safety of the events organized by the Controller).
3.4 Due to the cooperation of Foundation with other entities and service providers established outside of EEA, your personal data may be transferred to the following states outside of EEA: Canada, the United States of America.
In order to ensure an adequate level of security of the personal data transferred to states in relation to which the European Commission has not issued an adequacy decision, Foundation uses standard data protection clauses adopted by the European Commission, referred to in art. 46.2 c) GDPR. The standard clauses are available on the Internet, at the European Commission website (ec.europa.eu).
3.5 In case of an infringement of the personal data protection Foundation shall promptly (if possible not later than within 72 hours from discovering the infringement) notify a relevant supervising authority about the infringement. In case when the infringement might cause high risk of infringement of rights and freedoms of a natural person, Foundation shall promptly inform the User, to whose personal data the infringement pertains, about the infringement.
3.6 Foundation is obliged to keep a record of all Users’ personal data protection infringements, including information of the circumstances of each infringement, its results and steps taken to remedy the infringement.
4 PERSONAL DATA SECURITY
4.1 In order to prevent unauthorised or illegal access to Users’ personal data, its accidental loss, corruption or deletion, Foundation uses appropriate technological solutions and means of security. Data protection is ensured by the use of SSL/TLS (Secure Socket Layer/Transport Layer Socket) technology used for Internet data transmission protection and firewalls.
4.2 Only the Controller and persons authorised by the Controller, who undertook to keep the Users’ personal data in confidentiality, have access to the Users’ personal data.
4.3 Foundation keeps a record of persons authorised to process the Users’ personal data.
4.4 Any personal data shared with Foundation is stored for a period required for the purposes for which it has been collected or for a period set forth by the applicable law.
5 USERS’ RIGHTS PERTAINING TO THE PERSONAL DATA
5.1 A User is entitled to request the Controller to give him access to the User’s personal data, to correct, delete or limit processing of the personal data, to object against processing his personal data and to move his personal data. In each case when a User wishes to use any of the above rights, he can file a request to the Controller via email to the following address: firstname.lastname@example.org
5.2 The Controller is obliged to take actions facilitating exercising the right to access his personal data by the User. The Controller is freed from that obligation only in a situation where it cannot identify the User who requests to be granted access to the personal data.
5.3 The Controller is obliged, within a month from receipt of a relevant request, to share with the User, to whom the personal data pertains, all information regarding actions taken in relation to his request regarding his right to be given access to his personal data, to correct and/or delete his personal data, the right to limit processing of his personal data, the right to move his personal data, the right to object and the right not to be subject to a decision based solely on automated processing (profiling). Taking into account the level of complexity of a given request or the number of requests, the above period may be extended by additional two months. In case of such extension, the Controller is obliged, within one month from receipt of a given request, to inform the interested User about such an extension, along with an outline of its causes.
6.2 Cookies allow to precisely identify individual needs of a given User and, consequently, offer him better and more personalised Services.
6.3 Cookies are also used for the following purposes:
- a) statistical
- b) marketing or promotional.
6.4 A User may refuse to grant his consent for installing Cookies on his device or resign from installing Cookies on his device. In order to achieve that effect a User needs to disable the setting enabling downloading and storing Cookies in the User’s Internet browser.
6.5 Disabling Cookies may lead to difficulty or inability to use certain Services.
7 FINAL PROVISIONS
7.2 Foundation is not liable for any links that may be found on Foundation’s websites, which lead and/or allow Users to directly enter any third party websites, nor for any potential personal data protection infringements that could occur in connection with browsing such websites. Because of that a User shall acknowledge any privacy provisions which may be found on such third party websites.
7.3 Foundation Services are not addressed to minors who are not at least 13 years old. In case of acquisition of personal data of such a person without his parent’s or legal guardian’s consent, Foundation undertakes to delete any such data promptly after receiving information about such situation.