Introduction

The protection of privacy and the lawful processing of personal data is a top priority for the Help4people Foundation (“Foundation”, “We”). The Foundation takes appropriate measures to ensure the protection of the personal data of individuals with whom we work or whose data we otherwise use. In this Policy, we specify how we collect, use, store and otherwise process personal information. The policy also defines the rights of the individuals whose data the Foundation processes and the rules under which these rights can be exercised. The personal data processing policy applies to all cases in which the Foundation processes personal data. Please read this document carefully. The Foundation may amend this Policy in response to changes in its operations, as well as due to the need to adapt its operations to the latest technological requirements in the field of security and due to changes in the law. The Foundation will provide advance notice of changes to the Policy.

The Foundation has developed the Policy by applying the principles under the General Data Protection Regulation No. 679/2016 (“GDPR”).

Who is responsible for processing personal data?

The Help4people Foundation, based in Bydgoszcz, ul. Rozlogi 77, 85-179, entered in the register of associations, other social and professional organizations, foundations and independent public health care facilities, under the KRS number 0001051029, whose registration files are kept by the District Court in Bydgoszcz, NIP 9532797920, REGON 526019469;. The Foundation is the controller of personal data within the meaning of Art. 4 (7) RODO.

For matters related to the processing of personal data, the Foundation’s Data Protection Officer can be contacted at office@help4people.org.

How does the Foundation protect personal information?

We provide appropriate technical, physical, electronic and administrative safeguards to protect personal data from unauthorized access. We follow generally accepted standards to protect the personal information you provide to us, both during transmission and after we receive it. Unfortunately, the transmission of information over the Internet (including email) is not completely secure. While we will do our best to protect personal information, we cannot guarantee the security of data sent to us – any transmission is at the sender’s own risk. Once we receive information that constitutes personal data, we will apply appropriate security procedures and policies to prevent unauthorized access to such data.

What rights do individuals have in connection with the Foundation’s processing of their personal data?

Individuals whose personal data is processed by the Foundation have the following rights under the provisions of the RODO:

1. Every person has the right to receive information regarding the processing of personal data (in particular, information for what purpose, what data is processed and by whom, and to whom it is shared, etc.).
2. Any data subject has the right to lodge a complaint with the Foundation regarding the processing of data and may file a complaint with the Office for Personal Data Protection, ul. Stawki 2, Warsaw,(https://uodo.gov.pl/).
3. Every data subject has the right to receive a copy of the data we process.
4. Any data subject has the right to request erasure of personal data (if he or she believes that the Foundation has no right to process it) or to object to its processing.
5. Any data subject has the right to request a restriction of the processing of personal data.
6. Any data subject has the right to request rectification or correction of personal data.
7. You have the right to portability of personal data.

In order to exercise your rights, you can contact the Foundation directly. Any request for access to data should be made in writing or by e-mail. If there are doubts about the identity of the person making the request, the Foundation will ask for additions to the request, in particular the necessary identification data.

The Foundation will endeavor to respond to each request within 1 month. However, in more complicated cases or in the case of multiple inquiries made at the same time, the Foundation may extend the deadline for response, which we will inform you of.

We strive to ensure that the information we process is correct and up-to-date. Therefore, if your data changes, please inform the Foundation so that the processed data can be updated. We will update data that is incorrect or outdated.

Information for those who participate in events organized by the Foundation: debates, conferences, seminars, meetings, workshops and trainings

In case you participate in conferences, debates, workshops, trainings or other meetings organized by the Foundation, the Foundation processes your personal data for the purpose of such event. The personal information we collect includes:

1. name,
2. mailing address,
3. email address,
4. phone number,
5. The name of the represented institution.

The legal basis for processing personal data is Art. 6 paragraph. 1(b) and (f) of the RODO, i.e. performance of the contract and our legitimate interest.

Information for those who are interested in the activities of the Foundation, including agreeing to receive current information from the Foundation or other communications from the Foundation or make a donation or 1% of income tax to the Foundation

If you are interested in the Foundation’s activities or want to support the Foundation’s activities, the Foundation will process your personal data:

1) If you agree to receive current information from the Foundation, in which we will inform you about the activities of the Foundation, opportunities to support the Foundation, planned events and new initiatives

We process your personal data on the basis of Art. 6 paragraph. 1(a) of the RODO, i.e.. Based on your consent to the processing of personal data. Your Consent may be withdrawn at any time, which does not affect the validity of personal data processing performed prior to the withdrawal of consent; the scope of personal data processed by the Foundation includes email address and telephone number.

2) When making a donation to the Foundation or supporting the Foundation in other ways, including by donating 1% of income tax

We process personal data to the extent necessary to handle such a donation and a 1% contribution, including its proper accounting and reporting, and to thank you for your support. The legal basis for processing personal data is Art. 6 paragraph. 1(f) RODO, i.e. our legitimate interest.

Additional information

Can the Foundation transfer personal data to other entities?

As a rule, the Foundation does not share personal data with other entities. However, in some situations, the transfer of personal data may be necessary or indispensable to achieve the purposes of processing.

We use the Google Analytics tool for analytical purposes. Google will therefore use the personal information of our site users when they consent to the use of the relevant cookies on our site, in accordance with Google’s Privacy Policy and Terms of Service.

The Foundation, running the Active Citizens – National Fund program in consortium with the Shipyard Foundation and the Academy of Civic Organizations Foundation, is jointly responsible for the processing of personal data under this program.

The Foundation may also transfer data to entities that help achieve the objectives of the Foundation or help conduct its activities. The purpose of providing personal data is to enable the Foundation to achieve its goals and conduct its activities. Most of these entities are operating as so-called “”new” entities. processors (according to Article 28 of the RODO), but some of them may act as independent controllers of personal data. Entities to whom we may transfer personal data include the following categories:

• Companies that provide IT services and server maintenance,
• Companies providing IT security services,
• Companies providing telecommunications and similar services,
• Outside legal advisors,
• Banks,
• Insurance companies,
• IT companies that provide IT services,
• Auditors.

We may also make personal data available in order to respond to requests made to the Foundation by authorized state and judicial authorities (e.g., prosecutors, courts, police, offices), as well as at the request of entities that co-fund our activities and control our use of funds.

In other cases, we will not share data with third parties unless we have the consent of the data subjects to do so, or we have a proper legal basis for doing so.

Does the Foundation process personal data outside the European Economic Area?

Some of our sub-suppliers (processors) are based outside the European Economic Area. Using their services, we may transfer data outside this area. However, we ensure that the transfer of data outside the EEA always respects the principles of the RODO and is carried out in accordance with the law.

How long will we process your personal data?

We will process personal data for the period of time necessary to fulfill the purposes mentioned above and until we fulfill the legal obligations imposed on us. As a general rule, we will process personal data for 6 years after the end of the legal relationship between the Foundation and participants or grantees of programs and projects conducted by the Foundation. This period is justified by the applicable statute of limitations for civil and tax claims in Poland.

Does the Foundation perform profiling?

The Foundation does not make any decisions based on automated data processing systems. We also do not perform profiling.

Links to other websites

The Foundation’s pages may contain links to websites. We try to make sure that the links we post lead to sites with a high standard of data protection. However, we are not responsible for the use of personal information, security and content of these websites. Please read the privacy policies of these sites and their terms and conditions, as using these sites means complying with the rules set by their owners.