§1
General Provisions
1. The privacy policy applies to the processing and protection of personal data processed by the To się uda Foundation, based in Wrocław at Karkonoska 59, 53-015 Wrocław, hereinafter referred to as “To się uda Foundation,” including personal data collected in connection with the use of the www.tosieuda.org website and its subpages.
2. The paramount goal of the To się uda Foundation is to ensure the security of personal data at a level resulting from the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).
3. The To się uda Foundation undertakes actions to ensure that personal data are:
a. processed in accordance with the law, fairly, and in a transparent manner for the data subject (“lawfulness, fairness, and transparency”),
b. collected for specific, explicit, and legitimate purposes and not further processed in a manner inconsistent with those purposes (“purpose limitation”),
c. adequate, relevant, and limited to what is necessary for the purposes for which they are processed (“data minimization”),
d. accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”),
e. kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”),
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
§2
Information on the Processing of Personal Data
1. The Administrator of your personal data is the To się uda Foundation, based in Wrocław at Karkonoska 59, 53-015 Wrocław.
2. In connection with the processing of personal data, you can contact the Data Protection Officer appointed by the Administrator at the email address: iod@tosieuda.org or in writing at the Administrator’s address.
3. Your personal data will be processed for the following purposes:
a. concluding and performing a contract, including ensuring the proper quality of services – the basis for processing your personal data is the contract concluded with you (Article 6(1)(b) GDPR) – providing personal data is voluntary but necessary to conclude a contract, without providing personal data, it will not be possible to conclude a contract,
b. fulfilling the legal obligations incumbent on the Administrator, including issuing and storing invoices – the basis is the legal obligation of the Administrator (Article 6(1)(c) GDPR) – providing personal data results from legal regulations and is necessary,
c. establishing and pursuing claims – based on the legitimate interest of the Administrator (Article 6(1)(f) GDPR),
d. sending newsletters – based on expressed consent (Article 6(1)(a) GDPR) – providing personal data is voluntary but necessary to use the services,
e. booking tickets for events organized by the Administrator – based on actions taken to perform a contract (Article 6(1)(b) GDPR),
– providing personal data is voluntary but necessary to conclude a contract, without providing personal data, it will not be possible to conclude a contract,
f. sending invitations to events organized by the To się uda Foundation – based on the legitimate interest, which is to inform about cultural events organized by the Administrator (i.e., Article 6(1)(f) GDPR) – providing personal data is voluntary but necessary to use the service.
4. In the case of processing personal data by the Administrator in email correspondence or by traditional means, unrelated to services provided to the sender or another contract concluded with them, personal data contained in this correspondence are processed exclusively for communication and handling the matter to which this correspondence relates – the legal basis for processing personal data is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists of conducting correspondence in connection with the economic activity conducted by the Administrator. The correspondence is stored in a way that ensures the security of the personal data contained therein.
5. Your personal data will be disclosed to entities processing data on behalf of the Administrator, participating in the performance of the Administrator’s activities, i.e., entities servicing IT systems, entities providing hosting services, providing IT systems enabling the sending of newsletters (in the case of the newsletter service). In addition, your data will be disclosed to other administrators, i.e., entities conducting postal or courier activities.
6. Your personal data will not be transferred to a third country.
7. Your personal data will be processed for the period of the contract with you and after its termination for the purposes of pursuing claims related to the performance of the contract for the period after which claims arising from the contract are time-barred, performance of obligations arising from legal regulations (in particular tax and accounting), prevention of abuse and fraud, for statistical and archival purposes.
8. Your personal data will be stored for the purposes of direct marketing (to the extent that does not require your consent) for the duration of the contract or until objection is raised, whichever occurs first.
9. Personal data processed on the basis of consent will be processed until the consent is withdrawn.
10. You have the right to:
a. access your data – Article 15 GDPR,
b. rectification – Article 16 GDPR,
c. erasure – Article 17 GDPR,
d. restriction of processing – Article 18 GDPR,
e. data portability – Article 20 GDPR,
f. object – Article 21 GDPR.
11. You have the right to lodge a complaint regarding the processing of personal data by the Administrator to the supervisory authority, which is the President of the Office for Personal Data Protection.
12. In the case of processing data based on the consent you have given, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
13. Your personal data will not be used for automated decision-making, including profiling.
II.
If we process your data as employees of our contractor provided to us for the purposes of current contract management, binding legal relationship, or in connection with the execution of the concluded contract, we inform you that:
1. The administrator of your personal data is the To się uda Foundation located in Wrocław at Karkonoska Street 59, 53-015 Wrocław.
2. In connection with the processing of personal data, you may contact the Personal Data Protection Inspector appointed by the Administrator at the email address: iod@tosieuda.org or in writing to the Administrator’s address.
3. Processing of your personal data is necessary for the following purposes:
a. Execution of the contract concluded with your employer/client – i.e., under Article 6(1)(b) of the GDPR,
b. Fulfillment of statutory requirements, i.e., the Administrator fulfilling legal obligations arising from legal provisions – i.e., under Article 6(1)(c) of the GDPR.
4. Your personal data will be transferred to entities processing data on behalf of the Administrator, involved in performing the Administrator’s activities, i.e., entities providing IT systems, hosting services. Additionally, your data will be made available to other administrators, i.e., entities conducting postal or courier activities.
5. Your personal data will not be transferred to a third country.
6. Your personal data will be processed until the expiration of claims related to the concluded contract.
7. The Administrator collects your personal data from your employer/client or directly from you.
8. The Administrator may process in particular the following categories of personal data including name and surname, correspondence address, telephone number, information about the place of work.
9. You have the right to access your data, rectify, delete, limit processing.
10. You have the right to lodge a complaint regarding the processing of personal data by the Administrator to the supervisory authority, which is the President of the Personal Data Protection Office.
11. Providing your personal data is necessary for the execution of the contract between your employer/client and the Administrator.
12. Your personal data will not be used for automated decision-making or profiling.
§3
Events organized by the To się uda Foundation
The To się uda Foundation located in Wrocław also processes personal data of participants in events, competitions, tenders, which are organized by the To się uda Foundation. Information about the processing of personal data is included in regulations, forms, and information provided in connection with individual events, competitions, tenders. The To się uda Foundation processes the provided data with respect for principles arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
§4
Data Security
The Administrator has implemented technical and organizational measures that allow the protection of collected personal data in accordance with the principles arising from the GDPR. The Administrator uses, among others, the following data protection solutions: SSL certificate on the site where data for the newsletter is collected, protection of the data set against unauthorized access by third parties.
§5
Cookie Files
1. The service uses cookies.
2. A cookie file is a small text information sent by a server and stored on the User’s side (usually on the hard drive). Cookie parameters allow reading the information they contain only to the server that created them.
3. Cookies contain various information about the User of a website and the history of their connection with the site. The information collected includes the user’s IP address, information about other pages the User has visited before entering the site, information about the browser used by the User, information about any errors during page display.
4. The cookies used are primarily intended to make it easier for the User to use the Service, by ‘remembering’ the information provided once, so that the User does not have to provide it each time. They also serve to tailor the content displayed in the Service, including advertisements, to the User’s preferences.
5. Usually, the data is used for automatic recognition of a specific user by the server, which can then generate a page intended for him. Actions that can be taken within the scope of the information about the user include:
a. customizing the appearance and functionality of the Service,
b. handling logins,
c. collecting automatic information about the user for statistics,
d. collecting information about any errors during page display, which allows for quicker fixing.
6. The provider may place or allow an external entity to place cookies on the user’s device to ensure the proper functioning of the website. This helps monitor and verify its operation. Such an entity may include, for example, Google.
7. Obtaining and storing information using cookies is possible based on the User’s consent.
8. The User can set their browser in such a way that cookies are not saved on their disk or are automatically deleted at a specified time. These settings can therefore be changed in such a way as to block the automatic handling of cookies in the internet browser settings or to inform about their every transfer to the User’s device.
9. Withdrawing consent does not affect the legality of processing carried out based on consent before its withdrawal.
10. Withdrawing consent to the operation of cookies may lead to problems with displaying some websites, unavailability of some services.
§6
Google Analytics
1. The Service uses Google Analytics, an analytical service provided by Google. Google Analytics is a system of statistics that allows the Administrator to obtain information about the User visiting the Administrator’s website. Example data collected about the User and processed by Google Analytics includes:
a. information about how the User found the Store,
b. the region in which the User is located,
c. what system and software the User uses,
d. how and for how long the User uses the website.
2. The legal basis for using Google Analytics is Article 6(1)(f) of the GDPR, which is the legally justified interest of the Administrator, which is creating statistics, striving for continuous improvement of the Service, and raising the comfort of its use.
3. Information generated by cookies about the User’s activity in the Service may be transferred to a Google server in the USA, where it is stored. From the perspective of the European Union, there is no ‘adequate level of protection’ in the USA regarding the processing of personal data that would correspond to EU standards. However, the required level of protection can be confirmed by individual companies through certification according to the so-called Privacy Shield (“EU-U.S. Privacy Shield”). Google has an appropriate certificate of compliance with the Privacy Shield.
4. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other Google data.
5. The User can prevent the collection of data generated by cookies and related to the use of the website, as well as the processing of this data by Google, using the solution described on the page https://tools.google.com/dlpage/gaoptout
6. To make changes in the amount of shared data, the User should check the settings of their browser. Some information is shared automatically, but the User can change the scope of transmitted data at any time.
§ 7
Final Provisions
1. The Administrator reserves the right to make changes and updates to the above Privacy Policy. We will inform Users about any changes through the website www.tosieuda.org in the Privacy Policy tab.
2. This Privacy Policy is effective as of December 12, 2023.