INFORMATION ON PERSONAL DATA PROCESSING REGARDING NEWSLETTER

Data controller:

The controller of your personal data is Fundacja im. Kazimierza Pułaskiego with its registered seat in Warsaw (00-629) at Oleandrów 6, KRS number: 0000233247, tel.: 22 378 11 95, email: office@pulaski.pl (“Foundation”)

Purpose and legal bases for processing:

 

Used abbreviations:

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

ARES – Polish Act on Rendering Electronic Services dated 18 July 2002

TL – Polish Telecommunications Law dated 16 July 2004

  • sending to the given email address a newsletter regarding the current activity and events of Foundation, | 6.1 f) GDPR, art. 10.2 ARES and art. 172.1 TL (upon your consent)

Personal data: first name, last name, position, institution, phone number, address email address

  • use of data for statistical, analytical and reporting purposes | 6. 1 f) GDPR (based on legitimate interests pursued by the controller, i.e. analysis the way of use the services and adjusted the clients and user)

Personal data: first name, last name, position, institution, phone number, address, email address

Withdrawal of consent:

You may withdraw your consent to process your personal data at any time.

Withdrawal of the consent is possible solely in the scope of processing made based on the consent. Foundation is authorised to process your personal data after withdrawal your consent if it has another legal basis for the processing, for the purposes covered by that legal basis.

Categories of recipients:

Your personal data may be shared with:

  • persons or entities providing particular services to Foundation (accounting, legal, IT, marketing and advertising, logistics services) – in the scope required to provide those services

Transferring data outside of EEA:

Used abbreviations:

EEA – European Economic Area

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Due to the cooperation of Foundation with other entities and service providers established outside of EEA, your personal data may be transferred to the following states outside of EEA: United States, Canada

In order to ensure an adequate level of security of the personal data transferred to states in relation to which the European Commission has not issued an adequacy decision, Foundation uses standard data protection clauses adopted by the European Commission, referred to in art. 46.2 c) GDPR.

The standard clauses are available on the Internet, at the European Commission website (ec.europa.eu)

Retention period:

  • For the purpose of sending newsletter to the given email address – for as long as the relevant consent is not withdrawn
  • For statistical, analytical and reporting purposes – for as long as the relevant consent is not withdrawn

Your rights:

Used abbreviation:

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

    • According to GDPR, you have the following rights relating to the processing of your personal data, exercised by contacting Foundation via any means of communication:
      • to access to your personal data (art. 15 GDPR) by requesting sharing and/or sending a copy of all your personal data processed by Foundation
      • to request rectification of inaccurate personal data
        (art. 16 GDPR) by indicating the data requiring rectification
      • to request erasure of your persona data (art. 17 GDPR); Foundation has the rights to refuse erasing the personal data in specific circumstances provided by law
      • to request restriction of processing of your personal data (art. 18 GDPR) by indicating the data which should be restricted
      • to move your personal data (art. 20 GDPR) by requesting preparation and transfer by Foundation of the personal data that you provided to Foundation to you or another controller in a structured, commonly used machine-readable format
      • to object to processing your personal data conducted based on art. 6.1 e) or f) GDPR, on grounds relating to your particular situation (art. 21 GDPR)

      to lodge a complaint with a supervisory authority,
      in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing
      of personal data relating to you infringes the GDPR
      (art. 77.1 GDPR)

No obligation to provide data:

Providing your personal data is not obligatory.

Providing your personal data is necessary in order to newsletter services of Foundation

Refusal to provide the above data will result in inability to receive the newsletter including information on Foundation and its partners.

PRIVACY POLICY

This Privacy Policy comprises all information related to collecting, using, reviewing and/or processing personal data by Fundacja im. Kazimierza Pułaskiego (Foundation), including particular terms, security provisions and a description of Users’ rights pertaining to such processing of personal data.

Foundation aims to ensure its Users’ safety by processing their data in a manner guaranteeing its safety and confidentiality, including protection from unauthorised and/or illegal processing, as well as its accidental loss, deletion or corruption, as well as protection from unauthorised access to any User’s data and/or devices used for the processing of that data and from unauthorised use of this data and/or devices. In order to achieve that goal Foundation uses appropriate technical and organisational means.

Foundation uses any and all available means to ensure that the personal data collected and processed by Foundation is:

a) processed in accordance with any applicable laws, in a dilligent manner, understandable for its Users;

b) collected for specific, clear and legally justified purposes and processed in a manner compliant with those purposes;

c) adequate, relevant and limited to an extent necessary for the purposes, for which it is processed;

d) correct and updated when necessary.

1 GENERAL PROVISIONS

1.1 The Privacy Policy applies to collecting and/or processing personal data of the Users in relation to activities performed by Foundation.

1.2 Personal data means information about an identified or identifiable natural person (User). A detailed list of Users’ personal data collected and processed by Foundation is provided in Clause 3.1 of the Privacy Policy.

1.3 The Users’ personal data controller is Fundacja im. Kazimierza Pułaskiego w Warszawie, ul. Oleandrów 6, 00-629 Warszawa, KRS: 0000233247, telephone number: 22 378 11 95, e-mail address: office@pulaski.pl.

1.4 Users’ personal data, the scope of which is described in Clause 3.1 of the Privacy Policy, is collected and processed by Foundation exclusively for purposes set forth in Clause 3.1.

1.5 When a User obtains access to the Services or starts using the Services, the User grants a voluntary and aware consent for processing of his personal data in the manner described in the Privacy Policy and for purposes set forth in Clause 3.1.

1.6 A User whose personal data is processed has the right to cancel his consent, referred to in Clause 1.5 by sending a statement via email to the address: office@pulaski.pl. Such a cancellation does not have impact on the legality of personal data processing that been happening based on that consent before its cancellation by the User.

2 DEFINITIONS

Controller

means an entity which decides on purposes and manners of personal data processing, individually or in agreement with other entities (here: Foundation).

Cookies

means text files saved on the hard drive of the User’s device, used in particular to enable using various Foundation Services and to identify and recognise the User’s device at a reconnection to the Services.

Privacy Policy

means this document comprising all information related to collecting, using, reviewing and/or processing User’s personal data by Foundation.

Foundation

means Fundacja im. Kazimierza Pułaskiego in Warszawa, ul. Oleandrów 6, 00-629 Warszawa, NIP: 9512164270, registered in the register maintained by the District Court for the capital city of Warszawa in Warszawa XIIth Commercial Division of the National Court Register under KRS number: 0000233247,

Service

means all Foundation products made available to the Users, including the website www.pulaski.pl  and other websites belonging to Foundation, applications and services offered by Foundation, including in particular the service of informing about the details of Foundation’s offer, newsletter service.

User

means a natural person acting on its own behalf or on behalf of an entity in which it is employed (regardless of the legal basis of such employment) who uses the Services.

GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

ARES

means Polish Act on Rendering Electronic Services dated 18 July 2002

3 COLLECTING AND PROCESSING PERSONAL DATA

 

3.1 The Controller collects and processes the following Users’ personal data for the following purposes:

3.1.1 to make available to the Users a newsletter Service, consisting in sending via email to registered Users (to the email address shared at the registration) current information pertaining to the Controller’s activities and upcoming events (1 a GDPR, art. 10 ust. 2 ARES – upon the consent) Processed personal data: name, surname, e-mail address;

3.1.2 for statistical, analytical and reporting purposes (art. 6.1 f GDPR – legitimate interests pursued by the Controller) Processed personal data: name, surname, e-mail address;

3.1.3 to make availabe registration and participation in the events organized by Fundacja im. Kazimierza Pułaskiego (art. 6.1 a GDPR – za zgodą). This means especially:

a) creating a list of participants

b) carrying out registration in order to make participation possible

c) performance of the programme.

Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image recorded on the photograph;

3.1.4 to archive the data (art. 6.1 f GDPR – legitimate interest pursued by the Controller) Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image recorded on the photograph.

 

3.2 Processing Users’ personal data means performing an operation or a set of operations on personal data or on sets of personal data in an automatic or non-automatic manner, such as collecting, saving, organising, ordering, storing, adapting or modifying, downloading, viewing, using, sharing by sending, making available or other type of sharing, adjusting or merging, limiting, deleting or destroying..

 

3.3 User’s personal data may be shared with the entities who cooperate with Foundation or perform particular services for Foundation (legal, marketing, advertising, IT, logistic services – in the scope necessary to perform these services).

3.4 Due to the cooperation of Foundation with its related entities and service providers established outside of EEA, your personal data may be transferred to the following states outside of EEA: Canada, the United States of America

In order to ensure an adequate level of security of the personal data transferred to states in relation to which the European Commission has not issued an adequacy decision, Foundation uses standard data protection clauses adopted by the European Commission, referred to in art. 46.2 c) GDPR. The standard clauses are available on the Internet, at the European Commission website (ec.europa.eu).

 

3.5 In case of an infringement of the personal data protection Foundation shall promptly (if possible not later than within 72 hours from discovering the infringement) notify a relevant supervising authority about the infringement. In case when the infringement might cause high risk of infringement of rights and freedoms of a natural person, Foundation shall promptly inform the User, to whose personal data the infringement pertains, about the infringement.

3.6 Foundation is obliged to keep a record of all Users’ personal data protection infringements, including information of the circumstances of each infringement, its results and steps taken to remedy the infringement.

4 PERSONAL DATA SECURITY

4.1 In order to prevent unauthorised or illegal access to Users’ personal data, its accidental loss, corruption or deletion, Foundation uses appropriate technological solutions and means of security. Data protection is ensured by the use of SSL/TLS (Secure Socket Layer/Transport Layer Socket) technology used for Internet data transmission protection and firewalls.

4.2 Only the Controller and persons authorised by the Controller, who undertook to keep the Users’ personal data in confidentiality, have access to the Users’ personal data.

4.3 Foundation keeps a record of persons authorised to process the Users’ personal data.

4.4 Any personal data shared with Foundation is stored for a period required for the purposes for which it has been collected or for a period set forth by the applicable law.

5 USERS’ RIGHTS PERTAINING TO THE PERSONAL DATA

5.1 A User is entitled to request the Controller to give him access to the User’s personal data, to correct, delete or limit processing of the personal data, to object against processing his personal data and to move his personal data. In each case when a User wishes to use any of the above rights, he can file a request to the Controller via email to the following address: office@pulaski.pl

 

5.2 The Controller is obliged to take actions facilitating exercising the right to access his personal data by the User. The Controller is freed from that obligation only in a situation where it cannot identify the User who requests to be granted access to the personal data.

5.3 The Controller is obliged, within a month from receipt of a relevant request, to share with the User, to whom the personal data pertains, all information regarding actions taken in relation to his request regarding his right to be given access to his personal data, to correct and/or delete his personal data, the right to limit processing of his personal data, the right to move his personal data, the right to object and the right not to be subject to a decision based solely on automated processing (profiling). Taking into account the level of complexity of a given request or the number of requests, the above period may be extended by additional two months. In case of such extension, the Controller is obliged, within one month from receipt of a given request, to inform the interested User about such an extension, along with an outline of its causes.

 

6 COOKIES

 

6.1 Using Foundation’s Services may relate to the necessity to use Cookies installed on the User’s device.

6.2 Cookies allow to precisely identify individual needs of a given User and, consequently, offer him better and more personalised Services.

6.3 Cookies are also used for the following purposes:

a) statistical

b) marketing or promotional.

6.4 A User may refuse to grant his consent for installing Cookies on his device or resign from installing Cookies on his device. In order to achieve that effect a User needs to disable the setting enabling downloading and storing Cookies in the User’s Internet browser.

6.5 Disabling Cookies may lead to difficulty or inability to use certain Services.

 

7 FINAL PROVISIONS

 

7.1 Foundation reserves the right to change the Privacy Policy, of which the Users will be informed by way of an information shared on the website www.pulaski.pl at least 3 days before the change enters into force.

7.2 Foundation is not liable for any links that may be found on Foundation’s websites, which lead and/or allow Users to directly enter any third party websites, nor for any potential personal data protection infringements that could occur in connection with browsing such websites. Because of that a User shall acknowledge any privacy provisions which may be found on such third party websites.

7.3 Foundation Services are not addressed to minors who are not at least 13 years old. In case of acquisition of personal data of such a person without his parent’s or legal guardian’s consent, Foundation undertakes to delete any such data promptly after receiving information about such situation.

7.4 Any questions or doubts regarding the Privacy Policy can be address by the Users to the Controller via email to the following address: office@pulaski.pl

7.5 This Privacy Policy enters into force on 24May 2018.