THE PRIVACY POLICY OF THE VARIA POSNANIA FOUNDATION

Your personal data that you gave to the Varia Posnania Foundation will be processed according to the Regulation issued by the European Parliament and the Council of the European Union 2016/679 on the 27 of April 2016 in the matter of protection of individuals regarding the processing of the personal data, in the matter of free movement of data, and in the matter of avoidance of the deed 95/46/WE (the general regulation concerning data security).

The present privacy policy is consistent with the rules of the Regulation issued by the European Parliament and the Council of the European Union 2016/679 on the 27 of April 2016 in the matter of protection of individuals about the processing of the personal data in the matter of free movement of data, and in the matter of avoidance of the deed 95/46/WE (hereinafter RODO)

1. The Administrator of the personal data.

The administrator of your personal data is the Varia Posnania Foundation located at Święty Marcin 29/8 street, 61-806, inscribed in the National Court Registry under the number:0000965697, hereinafter “the Foundation” or “the Administrator.”

2. The contact form and the Data Protection Officer (DPO).

The Foundation can constitute a Data Protection Officer (DPO) and, in the cases regulated by the law, is obligated to do so.

In the cases regarding the security of your personal data and exercising the laws regarding the processing of your personal data, the suggested form of contact is the electronic mail with the address: fundacja@variaposnania.pl.

3. The categories, aims and reasons for processing your personal data.

Your personal data will be processed by the Foundation to fulfill the charter goals with the mission and goals of the Foundation, and the law in mind.

Your personal data will be processed in the following aims and according to the consecutive law:

– In order to inform the Foundation – name, surname, gender, email address, telephone number; The legal basis for such processing is art. 6 ust. 1 lit. a RODO, which allows the Administrator to process personal data on the grounds of a granted permission.

– In order to present and enlarge the Team of the Foundation, including the Management and the Board of the Foundation – name, surname, PESEL, gender, address, email address, telephone number, date of birth, educational background, work experience; The legal basis of such processing is art. 6 ust. 1 lit. a RODO, which allows the Administrator to process personal data on the grounds of a granted permission.

– In order to apply for the positions offered by the Foundation – name, surname, PESEL, gender, address, email address, telephone number, date of birth, educational background, work experience; The legal basis of such processing is art. 6 ust. 1 lit. a RODO, which allows the Administrator to process personal data on the grounds of a granted permission.

– In order to conduct recruitment and to be accepted into the voluntary service for the Foundation -name, surname, PESEL, gender, address, email address, telephone number, date of birth, educational background, work experience; The legal basis of such processing is art. 6 ust. 1 lit. a RODO, which allows the Administrator to process personal data on the grounds of a granted permission.

– In order to garner signatures, petitions, and initiatives that agree with fulfilling the charter goals of the Foundation – name, surname, PESEL, address, and email address; The legal basis of such processing is art. 6 ust. 1 lit. a RODO, which allows the Administrator to process personal data on the grounds of a granted permission.

– In order to prepare an invoice and other accounting documents connected with the functioning of the Foundation – name, surname, company, PESEL, NIP, REGON, address, email address, telephone number, banking account; The legal basis of such data processing is art. 6 ust. 1 lit. c RODO, which allows the Administrator to process personal data if said processing is essential for the Administrator to be able to meet their obligations resulting from the law and the agreement between the sides.

– For accounting, archival, and evidential purposes and in regards to determining, claiming and protecting legal claims – name, surname, company, PESEL, NIP, REGON, address, email address, telephone number, banking account, the amount of the donated money; The legal basis of such processing of data is art. 6 ust. 1 lit. f RODO which allows processing the personal data if by that the Administrator realises their legally justified aim.

– In order to answer the questions asked via email or postally – name, surname, address, email address, telephone number; The legal basis of such processing is art. 6 ust. 1 lit. f RODO which allows the Administrator to process personal data on the grounds of a granted permission.

4. Withdrawing the agreement to the processing of your personal data.

The Administrator exercises the utmost care so that the individuals who share their personal data, who take part in the functioning of the Foundation, who sign the documents connected with the functioning of the Foundation, or who accept the crucial rules are aware and comprehensively informed about their rights and duties.

In the cases of agreeing voluntarily to the processing of one’s personal data, one can withdraw the granted permission at any moment and in any form, however it has to be a form previously announced to the Administrator.

In the case of withdrawal of the previously granted permission for the processing of one’s personal data, the Administrator will stop processing them immediately after having received such a withdrawal unless they have the right to process the data on the ground other than the permission.

5. Requirement to provide one’s personal data.

Providing one’s personal data is, in the majority of the cases, of one’s own volition, however, lack of permission for the processing of the whole of one’s personal data can prevent or inhibit the process of supporting the Foundation, coming into contact or establish cooperation with the Foundation as one was going to. 5. Requirement to provide one’s personal data.

Due to the above, in order to realise the goals set in point number 3 one should provide the necessary data as stated. Not always will all of them be determined in point number 3, and their extent will be limited by the rule of minimalism and the necessity of holding the respective data by the Foundation.

6. The period of data storage and warrant.

The personal data will be stored for the period determined by the mandatory legal provisions.

7. The individual providing the personal data is always entitled to demand from the Administrator:

– access to the personal data,

– the rectifying of them,

– their removal,

– restricting of the processing,

– objecting to the processing of the personal data or

– their relocation.

The above demands can be sent in any form to the addresses of the Administrator provided in points number 1 and 2.

The Administrator points out, however, that the above warrants are not absolute, and thus by extension in some cases the Foundation may by law refuse to execute them.

In case of the right to object to the processing of one’s personal data, the Administrator informs that one can do so at any moment on the basis of a legaly justified venture of the Administrator (enumerated in the point number 3) in relation to a special situation of the person who provides the data. The Administrator can, however, according to the regulations, refuse to count the objection if they can prove that there are jegally justified reasons to process, which are superior to the ventures, laws and freedom of the individuals providing the data or if there are bases to determine, claim or defence of the pretence.

8. Automated data processing and profiling.

One’s personal data can be used for automated data processing in order to profile, id est creating analyses and predictions regarding the individual that the data is concerning based on the collected personal data.

Profiling is related to the actions of the individuals providing the data within the charter goals of the Foundation and can be used in any aspect of said actions. This allows undertaking effective and deliberate steps steered directly towards the extent of activities of the individuals providing the data minimalising the interaction with the areas they are not interested in.

Automated data processing can depend on the personalisation of the provided content and, in some cases, assigning a category of an individual to the user’s profile.

9. Conveying the personal data to the third party.

One’s personal data can be confided to process to the subjects chosen by the Administrator based on a written contract about confiding of the personal data to the third party according to the aims and goals enumerated in the above privacy policy and in the field that does not go beyond indicated in the above privacy policy and in a way described by the law.

The data can also be transferred to foundations, associations and organisations which function in a similar way that the Foundation.

The data can be confided in order to be processed to the subjects the services of which the Foundation makes use, especially those who provide the IT services, the accounting services and the legal services – with the extent that is essential in order to properly provide the services. Personal data can also be given to the licensed state authorities in the cases described by law.

Besides the cases enumerated above, all the data will be confident and in no case, nor any form will it be revealed or given to other subjects.

10. Giving personal data to a third party.

One’s personal data will not, as a general rule, be transferred beyond the borders of the European Economic Area.

If, however, there is a necessity to transfer the personal data to the countries that according to the European Commission do not comply with the minimal requirements of conditions for the safety of the personal data, we inform, you that the personal data can be transferred only after having received a separate agreement of free volition of the individual providing the data for such an action.

Taking into consideration the risk regarding the transfer of the personal data according to ust. 2 above, one should consider that the Foundation is not able to guarantee proper security of the personal data in case of their transfer to the said countries.

11. A right to file a complaint.

If the individuals providing the data decide that the data was endangered, violated or is being processed against the law, the individuals file a complaint to the President of the Data Protection Office.

12. Cookies.

On its site, the Foundation uses “cookies,” which are short textual information saved on the user’s computer, phone, tablet or other devices.

Using the site of the Foundation equals agreeing to placing Cookies on the user’s device.

Every user can switch off the Cookies by properly configuring their search engine. However, in the case of using this option, using the site of the Foundation will be possible in a way restricted only to the elements that do not require Cookies.

Cookies contain, among other, consecutive data:

– public IP address of the computer from which the question was issued,

– information about the type of the operating system of the user,

– information about the search engine of the user,

– the sites the user has previously visited, and for how long have they stayed there,

Cookies as a rule do not contain any data that identifies the person visiting the site. One’s identity cannot be confirmed based on Cookies, as their mechanism does not allow to downloading of any personal data or any confidential information from the user’s device.

The Foundation uses, among others, the following Cookies:

– Session files – they are stored on the user’s device and they stay there until the session is over, the saved information is then enduringly deleted from the device’s storage place

– Permanent files – they are stored on the user’s device and stay there until deleted. Ending the session or closing the device does not cause their erasure to form the user’s device.

Cookies are used, among others, for the following:

– Adjusting the contents of the sites according to the user’s individual preferences and optimisation of the exploiting of the site,

– creating the statistics the aim of which is how the users exploit the site

13. The final decisions

In the area not regulated by this privacy policy, the rules in force are to be applied.

Present privacy policy has been in force since the 11 of April 2022.