1.1. The Controller – (also the Association or Organisation) – Krajowy Fundusz na rzecz Dzieci, with its seat at 02-093 Warszawa, ul. Pasteura 5A, KRS: 0000044710.
1.2. Personal data – information about a natural person, identified or identifiable through one or several special characteristics which express their physical, physiological, genetic, mental, commercial, cultural or social identity, including device IPs, location data, online identifiers and information gathered via cookies and other similar technologies.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC.
1.5. Service – online service provided by the Controller at https://fundusz.org/.
1.6. User – every natural person who visits the Service or uses one or several services or functions described in the Policy.
- DATA PROCESSING RELATED TO USE OF THE SERVICE
2.1. In connection with the User’s use of the Service, the Controller collects data in the scope necessary to provide the individual services offered, as well as information about the User’s activity within the Service. The detailed rules and purposes of processing the Personal data collected during use of the Service by the User are described below.
- PURPOSES AND LEGAL BASIS OF DATA PROCESSING WITHIN THE SERVICE
USE OF THE SERVICE
3.1. Personal data of all persons who use the Service (including IP addresses and other identifiers as well as information collected via cookies and similar technologies) and who are not registered Users (i.e. of persons who do not have a profile in the Service) are processed by the Controller:
3.1.1. for the purposes of providing services electronically as regards making content collected within the Service available to Users: in such instances the legal basis for the processing is the necessity of processing for performance of a contract (Article 6(1)(b) of the GDPR);
3.1.2. for analytical and statistical purposes: in such instances the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), involving the performance of analyses of User activity and their preferences in order to improve the functions used and the services provided;
3.1.3. for purposes of establishing or pursuing claims or defending against claims: the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), involving the protection of its rights;
3.1.4. for marketing purposes of the Controller or other entities, and in particular those connected to presentation of a behavioural advertisement – principles of Personal data processing for marketing purposes have been described in the MARKETING section.
3.2. The User’s activity in the Service, including their Personal data, are registered in system logs (a special computer programme for storing a chronological record containing information about events and actions that concern the IT system used by the Controller to provide services). The information collected in the logs is processed primarily for purposes related to provision of services. The Controller processes data also for technical and administrative purposes, in order to ensure security of the IT system and to manage it, and also for analytical and statistical purposes: in this respect the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
REGISTRATION IN THE SERVICE
3.3. Persons who have registered in the Service are requested to provide the data that are necessary to create and manage their account. In order to facilitate service provision, the User may give additional data, thus consenting to their processing. Such data may be deleted at any time. Providing the data specified as mandatory is required for opening and managing an account, and failure to provide them results in the lack of possibility to open an account. Provision of the remaining data is voluntary.
3.4. Personal data are processed:
3.4.1. for the purpose of providing services related to maintaining and managing the account in the Service the legal basis for the processing is the necessity of processing for performance of a contract (Article 6(1)(b) of the GDPR), and with respect to the data provided voluntarily the legal basis of the processing is consent (Article 6(1)(a) of the GDPR)
3.4.2. for analytical and statistical purposes: in such instances the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), involving the performance of analyses of User activity in the Service and of how they use the account, as well as User preferences in order to improve the functions used;
3.4.3. for purposes of establishing or pursuing claims or defending against claims: the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), involving the protection of its rights;
3.4.4. for marketing purposes of the Controller or other entities: the principles of processing Personal data for marketing purposes have been described in the MARKETING section.
3.5. If the User places any Personal data of other persons (including their name and surname, address, telephone number or email address) in the Service, they may do so only on condition that this is done without infringing legal regulations and the personal interests of these persons.
- SOCIAL NETWORKING SITES
4.1. The Controller processes the Personal data of Users who visit the Controller’s profiles run in social media (Facebook, YouTube, Instagram, LinkedIn). These data are processed solely in connection with the management of the profile, including for the purpose of informing Users about the Controller’s activities and promoting various events, services and products. The legal basis for the processing of the Personal data by the Controller is its legitimate interest (Article 6(1)(f) of the GDPR), involving the promotion of its brand.
- COOKIES AND SIMILAR TECHNOLOGIES
5.1. Cookies are small text files installed on the devices of Users who browse the Service. Cookies collect information that facilitates use of the website, e.g. by remembering the User’s visits to the Service and other actions performed by them.
5.2.1. cookies with data input by the User (session identifiers) for the duration of a session (userinputcookies);
5.2.2. authentication cookies used for services requiring authentication for the duration of a session (authentication cookies);
5.2.3. multimedia player session cookies (e.g. flash player cookies for the duration of a session (multimedia playersessioncookies);
- ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS
6.2. Google Analytics cookies are files used by Google in order to analyse how Users use the Service to compile statistics and reports concerning the Service’s functioning. Google does not use the data collected to identify the User and does not combine this information in order to allow identification. Detailed information concerning the scope and principles of data collection in connection with this service may be found at: https://www.google.com/intl/pl/policies/privacy/partners.
6.3. Facebook pixels is a tool that allows the effectiveness of advertising campaigns carried out through Facebook to be measured. This tool allows advanced data analysis in order to optimise the Controller’s activity, also with the use of other tools offered by Facebook. Detailed information about data processing by Facebook may be found at: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.
SOCIAL MEDIA PLUGINS
6.4. The Service uses social media (Facebook, LinkedIn, Instagram, YouTube) plugins. Plugins allow the User to make available content published in the Service via the selected social networking service. The use of plugins in the Service causes the given social networking service to receive information about the Service’s use by the User and to be able to link it to the User’s profile maintained in that social networking service. The controller has no knowledge about the scope and purpose of data collection performed by social networking services. Detailed information on this subject may be found at:
6.4.3. Instagram: https://www.facebook.com/policy.php
6.4.4. YouTube: https://policies.google.com/privacy.
- MANAGING COOKIE SETTINGS
7.2. Consent is not required only in the case of cookies whose use is necessary for the provision of telecommunication services (data transmission in order to show content).
7.3. Revoking consent to cookie use is possible through browser settings. Detailed information on this subject may be found at:
7.3.1. Internet Explorer:https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
7.3.3. Google Chrome:http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
7.4. The user may at any time verify the status of their current privacy settings in the browser used with the tools available at:
- PERSONAL DATA PROCESSING PERIOD
8.1. The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. In principle, data are processed for the period of provision of a service or performance of an order, until the evocation of granted consent or until an effective objection to processing of data in cases where the legal basis for the processing is the Controller’s legitimate interest.
8.2. The data processing period may be extended where processing is necessary for purposes of establishing or pursuing claims or defending against claims, and after such time only in the event and scope required by legal provisions. After the end of the data processing period data are irretrievably deleted or anonymised.
- USER RIGHTS
9.1. The User has the right to access personal data and demand them to be rectified, deleted and that their processing be limited, the right to transfer data and to object to their processing, and also the right to lodge a complaint with a supervisory authority responsible for Personal data protection.
9.2. In the scope that User data are processed pursuant to consent, this consent may be revoked at any time by contacting the Controller or using the functions available within the Service, including firstname.lastname@example.org
9.3. The user has the right to object to processing of data for marketing purposes if data processing is performed in connection with the legitimate interest of the Controller and also, for reasons related to the User’s special situation, in other cases where the legal basis of the data processing is the Controller’s legitimate interest (e.g. in connection with the performance of analytical and statistical purposes).
- DATA RECIPIENTS
10.1. In connection with provision of services, Personal data will be made available to third party entities, including in particular to providers responsible for administration of IT systems, entities such as banks and payment operators, entities providing bookkeeping services, delivery companies and entities related to the Controller.
10.2. The Controller reserves the right to reveal selected information concerning the User to the proper authorities or third parties that demand the information in question to be made available pursuant to the relevant legal basis and in accordance with the regulations in force.
- TRANSFER OF DATA OUTSIDE THE EEA
11.1. The level of Personal data protection outside the European Economic Area (EEA) differs from the level guaranteed by European law. For this reason, the Controller transmits Personal data outside the EEA only where necessary, and only where the required level of protection is ensured, primarily through:
11.1.1. cooperation with entities processing Personal data in countries with respect to which a relevant decision of the European Commission has been issued establishing a sufficient level of Personal data protection;
11.1.2. using standard contractual clauses issued by the European Commission;
11.1.3. using binding corporate regulations approved by the relevant supervisory body.
11.2. The Controller always informs of intentions to transfer Personal data outside the EEA when they are collected.
- PERSONAL DATA SECURITY
12.1. The Controller performs risk analysis on an ongoing basis in order to ensure that Personal data are processed by it in a secure fashion, which in the first place ensures that only authorised persons have access to data and only in the scope that this is necessary for the performance of their tasks. The Controller ensures that all operations using Personal data are registered and performed only by authorised employees and partners.
12.2. The Controller undertakes all necessary measures to ensure that its subcontractors and other collaborating entities guarantee the use of the necessary security measures in all cases where they process Personal data as mandated by the Controller.
- CONTACT DATA
13.1. Contact with the Controller is possible through the email address email@example.com or postal address Warszawa, 01-092, ul. Pasteura 7.
13.2. The Controller has appointed a Data Protection Officer who may be contacted at firstname.lastname@example.org in connection with all issues pertaining to Personal data processing.
14.1. The policy is verified on an ongoing basis and updated where necessary.