Controller – Fundacja Podaruj Dane with its registered office in Warsaw, at: Zelazna 59 No. 1405 (00-848) Warsaw, entered in the register of associations, other social and professional organizations, foundations and independent public health care institutions of the National Court Register under KRS No. 0000927690, having tax identification number NIP 5272974782 and statistical number REGON 520240121.
Account – an account registered on the Website by the User, the use of available services in accordance with the Terms of Service.
Policy – this document defining the rules of personal data processing.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Regulations – rules and regulations defining the principles of providing electronic services by the Controller, available at: [ ]
Service – making available to the User the functionalities of the Service by the Controller on the terms specified in the Regulations.
Website – the website operated by the Controller, available at https://www.donateyourdata.io
CONTACT WITH THE CONTROLLER.
In matters relating to the processing of personal data, including the exercise of rights, you can contact the Controller via e-mail address: firstname.lastname@example.org or by sending correspondence to: Fundacja Podaruj Dane, Zelazna 59 No. 1405 (00-848) Warsaw, with the annotation: “personal data”.
The Controller has appointed a Data Protection Inspector. It is Ms. Katarzyna Gorzkowska, e-mail: email@example.com.
PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE SERVICES
The Controller may obtain the User’s Personal Data from various sources, inc. from social networks (in case of logging into the application via a social network), contact forms embedded in the website, and other mediums. The User’s personal data is processed to the extent necessary to provide individual Services.
PURPOSES AND BASIS AND PERIODS OF PERSONAL DATA PROCESSING
Personal data is processed by the Controller: for the purpose of providing the Services – for the purpose of concluding and performing the agreement, including enabling the registration of the Account, notification of changes to the regulations and Policies (Article 6(1)(b) GDPR), for the period necessary to perform the agreement; for the purposes arising from applicable laws (Article 6(1)(c) GDPR), including the Act of July 18, 2002. on the provision of services by electronic means – for the period indicated in the regulations or necessary for the performance of obligations arising from the regulations; for analytical and statistical purposes, i.e. for the purpose of conducting analysis of Users’ activity, as well as their preferences, improving applied functionalities and provided services – which constitutes the Controller’s legitimate interest (art. 6(1) lit. f GDPR), for a period of no more than 3 months; to ensure the security of the use of Services, which constitutes the Controller’s legitimate interest (art. 6(1) lit. f GDPR), for a period of no more than 3 months; to notify the User of service failures and interruptions – which constitutes the Controller’s legitimate interest (art. 6 (1) lit. f GDPR), for the duration of the contract; to handle inquiries and complaints – which constitutes the Controller’s legitimate interest (art. 6(1)(f) GDPR), for the period necessary to complete the process of handling the inquiry or complaint received; for marketing the Controller’s own products and services – which constitutes the Controller’s legitimate interest (art. 6(1)(f) GDPR) – until the termination of the contract or objection.
The Controller may process Personal Data on the basis of the User’s consent (art. 6(1)(a) GDPR). On the basis of consent, Personal Data may be processed, among other things, in order to:
– enable the User to participate in contests; enable the User to participate in promotions;
– facilitate the operation of the Account; provide information about the activities, products and services of entities cooperating with the Controller. Based on the User’s consent, personal data concerning the User’s health, course of treatment, genetic data will be processed (Article 9(2)(a) GDPR). In each case, the User will be asked to consent to the processing of his Personal Data and informed about the purpose of the processing. Personal Data obtained on the basis of consent will be processed until the consent is withdrawn, or until the purpose for which it was collected ceases.
The information collected in the logs is processed for purposes related to the provision of services (Art. 6(1)(b) GDPR).The information collected in the logs is also processed for technical, administrative purposes, for the purpose of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes – which is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), for a period of no more than 3 months. If claims arise, Personal Data held by the Controller, the storage period of which has not expired, will be processed for the purpose of asserting claims or defending against claims (Art. 6(1)(f) GDPR) which constitutes the Controller’s legitimate interest. In this case, Personal Data will be processed until the statute of limitations for claims or the end of the proceedings. Providing the Personal Data required to create and operate an Account is necessary to register an Account and use the Services. Failure to provide the required Personal Data will prevent registration and use of the Services or certain functionalities of the Website. In order to facilitate the operation of the Account, the User may provide additional Personal Data, thereby consenting to their processing. Provision of this data is voluntary.
Controller processes Personal Data of Users visiting profiles maintained by the Controller on social media (Facebook, Twitter, Instagram). This data is processed solely for the purpose of informing Users about the Controller’s activities and promoting various events, services and products, which constitutes a legitimate interest (Article 6(1)(f) GDPR).
RECIPIENTS OF PERSONAL DATA
In connection with the performance of the Services, including enabling the use of the Website and its functionalities, the User’s Personal Data will be disclosed to external entities, including IT service providers, companies providing services to the Controller in the field of, for example, legal, accounting and tax services, marketing services. The User’s Personal Data may be transferred to competent institutions (e.g. police authorities, courts) – in case of proceedings, based on the provisions of the law.
In connection with the processing of Personal Data, the User has the following rights: to access Personal Data, to receive a copy thereof; to request rectification of his Personal Data; to request deletion of Personal Data processed on the basis of consent, unnecessary for the Controller, processed in an unlawful manner, processed for direct marketing purposes, in case of objection – in the absence of an overriding interest of the Controller; to request restriction of processing; the right to data portability. The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the legitimate interest of the Controller, as well as – for reasons related to the particular situation of the User – in other cases, when the legal basis for data processing is the legitimate interest of the Controller. In the case of processing the User’s data on the basis of consent, the User has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal. The User has the right to lodge a complaint to the supervisory authority dealing with personal data protection – the President of the Office for Personal Data Protection.
SECURITY OF PERSONAL DATA.
Controller analyzes risks to ensure that the processed Personal Data is adequately secured. Personal Data shall be shared only with authorized persons and only to the extent necessary. The Controller shall take the necessary measures to ensure that subcontractors and cooperating entities provide a guarantee of the application of appropriate security measures when they process Personal Data on behalf of the Controller. In this case, the Controller shall only cooperate with processors of personal data in countries for which the European Commission has issued a relevant decision; in addition, the Controller shall apply standard contractual clauses.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
The Controller does not transfer Personal Data to international organizations. The Controller may transfer Personal Data to third countries, i.e. countries that are not part of the European Economic Area. In this case, the transfer shall be carried out insofar as necessary and with an adequate degree of protection: cooperation with processors of Personal Data in countries for which the relevant decision of the European Commission has been issued; application of standard contractual clauses issued by the European Commission; application of binding corporate rules approved by the relevant supervisory authority. The Controller shall inform of its intention to transfer Personal Data outside the EEA at the stage of collection.
The Policy is reviewed on an ongoing basis and updated as necessary. If the Policy is updated, the User will be notified by displaying the information on the Service or by sending the User an email. The fact that the User is using the Services will signify acceptance of the updated version of the Policy. The current version of the Policy is effective as of 05.04.2022.