3 COLLECTING AND PROCESSING PERSONAL DATA
3.1 The Controller collects and processes the following Users’ personal data for the following purposes:
3.1.1 to make available to the Users a newsletter Service, consisting in sending via email to registered Users (to the email address shared at the registration) current information pertaining to the Controller’s activities and upcoming events (1 a GDPR, art. 10 ust. 2 ARES – upon the consent) Processed personal data: name, surname, e-mail address;
3.1.2 for statistical, analytical and reporting purposes (art. 6.1 f GDPR – legitimate interests pursued by the Controller) Processed personal data: name, surname, e-mail address;
3.1.3 to make availabe registration and participation in the events organized by Fundacja im. Kazimierza Pułaskiego (art. 6.1 a GDPR – za zgodą). This means especially:
a) creating a list of participants
b) carrying out registration in order to make participation possible
c) performance of the programme.
Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image recorded on the photograph;
3.1.4 to archive the data (art. 6.1 f GDPR – legitimate interest pursued by the Controller) Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image recorded on the photograph.
3.2 Processing Users’ personal data means performing an operation or a set of operations on personal data or on sets of personal data in an automatic or non-automatic manner, such as collecting, saving, organising, ordering, storing, adapting or modifying, downloading, viewing, using, sharing by sending, making available or other type of sharing, adjusting or merging, limiting, deleting or destroying..
3.3 User’s personal data may be shared with the entities who cooperate with Foundation or perform particular services for Foundation (legal, marketing, advertising, IT, logistic services – in the scope necessary to perform these services).
3.4 Due to the cooperation of Foundation with other entities and service providers established outside of EEA, your personal data may be transferred to the following states outside of EEA: Canada, the United States of America
In order to ensure an adequate level of security of the personal data transferred to states in relation to which the European Commission has not issued an adequacy decision, Foundation uses standard data protection clauses adopted by the European Commission, referred to in art. 46.2 c) GDPR. The standard clauses are available on the Internet, at the European Commission website (ec.europa.eu).
3.5 In case of an infringement of the personal data protection Foundation shall promptly (if possible not later than within 72 hours from discovering the infringement) notify a relevant supervising authority about the infringement. In case when the infringement might cause high risk of infringement of rights and freedoms of a natural person, Foundation shall promptly inform the User, to whose personal data the infringement pertains, about the infringement.
3.6 Foundation is obliged to keep a record of all Users’ personal data protection infringements, including information of the circumstances of each infringement, its results and steps taken to remedy the infringement.
4 PERSONAL DATA SECURITY
4.1 In order to prevent unauthorised or illegal access to Users’ personal data, its accidental loss, corruption or deletion, Foundation uses appropriate technological solutions and means of security. Data protection is ensured by the use of SSL/TLS (Secure Socket Layer/Transport Layer Socket) technology used for Internet data transmission protection and firewalls.
4.2 Only the Controller and persons authorised by the Controller, who undertook to keep the Users’ personal data in confidentiality, have access to the Users’ personal data.
4.3 Foundation keeps a record of persons authorised to process the Users’ personal data.
4.4 Any personal data shared with Foundation is stored for a period required for the purposes for which it has been collected or for a period set forth by the applicable law.
5 USERS’ RIGHTS PERTAINING TO THE PERSONAL DATA
5.1 A User is entitled to request the Controller to give him access to the User’s personal data, to correct, delete or limit processing of the personal data, to object against processing his personal data and to move his personal data. In each case when a User wishes to use any of the above rights, he can file a request to the Controller via email to the following address: firstname.lastname@example.org
5.2 The Controller is obliged to take actions facilitating exercising the right to access his personal data by the User. The Controller is freed from that obligation only in a situation where it cannot identify the User who requests to be granted access to the personal data.
5.3 The Controller is obliged, within a month from receipt of a relevant request, to share with the User, to whom the personal data pertains, all information regarding actions taken in relation to his request regarding his right to be given access to his personal data, to correct and/or delete his personal data, the right to limit processing of his personal data, the right to move his personal data, the right to object and the right not to be subject to a decision based solely on automated processing (profiling). Taking into account the level of complexity of a given request or the number of requests, the above period may be extended by additional two months. In case of such extension, the Controller is obliged, within one month from receipt of a given request, to inform the interested User about such an extension, along with an outline of its causes.
6.2 Cookies allow to precisely identify individual needs of a given User and, consequently, offer him better and more personalised Services.
6.3 Cookies are also used for the following purposes:
b) marketing or promotional.
6.4 A User may refuse to grant his consent for installing Cookies on his device or resign from installing Cookies on his device. In order to achieve that effect a User needs to disable the setting enabling downloading and storing Cookies in the User’s Internet browser.
6.5 Disabling Cookies may lead to difficulty or inability to use certain Services.
7 FINAL PROVISIONS
7.2 Foundation is not liable for any links that may be found on Foundation’s websites, which lead and/or allow Users to directly enter any third party websites, nor for any potential personal data protection infringements that could occur in connection with browsing such websites. Because of that a User shall acknowledge any privacy provisions which may be found on such third party websites.
7.3 Foundation Services are not addressed to minors who are not at least 13 years old. In case of acquisition of personal data of such a person without his parent’s or legal guardian’s consent, Foundation undertakes to delete any such data promptly after receiving information about such situation.