- General Information
- The website is operated by the Andrzej Krzanowski Foundation, hereinafter referred to as the “Foundation”.
- The operator of the website acts in the capacity of the controller of personal data provided, on a voluntary basis, by the users while taking advantage of the services provided.
- Personal data provided by the users in order to take advantage of the services rendered are relied upon while activating and while rendering such services. The tasks performed with the use of the data provided include, in particular, the following:
- technical activation of the services,
- informing about changes to applicable rules and regulations,
- rendering technical services, including providing answers to questions asked by users.
- The website collects information about users and their behaviors in the following manner:
- based on data provided via the forms, on a voluntary basis, and then entered into the Operator’s systems,
- by saving cookie files on the users’ devices.
- Detailed information on the processing of personal data
Personal data are processed pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L, 119) hereinafter referred to as GDPR, with the provisions of the Act on the Provision of Electronic Services and of other applicable legal regulations taken into consideration.
- Details of the personal data controller: the Andrzej Krzanowski Foundation with its registered office in Czechowice-Dziedzice, at ul. Mickiewicza 28, NIP (Tax ID): 652-172-40-05, entered into the Register of Foundations and Societies under the number KRS 0000503299.
- The Controller has appointed a Data Protection Officer who may be contacted in writing via:
- traditional mail sent to: ul. Mickiewicza 28, 43-502 Czechowice-Dziedzice, Poland,
- email: email@example.com.
- The Foundation wishes to inform that unless the wording of the specific forms provides otherwise (e.g. by stating that the provision of data is voluntary), the services provided by the Foundation cannot be taken advantage of on an anonymous basis or with the use of pseudonyms.
- In order to create a customer account and sign up for the Foundation's services, one has to create a login and provide the following data:
- first name and surname,
- e-mail address.
- Types of data processed, objectives and legal basis for processing the data by the Foundation and expected retention period:
Type of data Purpose of processing Legal basis Retention period Compulsory data required to perform orders Service-related settlements Article 18(2) of the Act on Provision of Electronic Services
Article 6(1)(b) GDPR (data is indispensable in order to perform the agreement)
Until the expiry of the limitation period for claims, if any. Performing legal obligations related to accounting Article 6(1)(c) GDPR (performance of legal obligations related to accounting) Seeking the satisfaction of or defense against potential claims Article 6(1)(f) GDPR (legitimate interest) Data contained in correspondence exchanged with the Controller (contained in contact forms, exchanged via the submission system, e-mail, traditional mail) Exchanging correspondence, handling reports, requests, queries or complaints Presenting the wording of representation or requests submitted by a given data subject Article 6(1)(c) GDPR (performance of legal obligations in connection to answering requests of data subjects)
Article 6(1)(f) GDPR (legitimate interest)
Until the expiry of the limitation period for claims, if any. Seeking the satisfaction of or defense against potential claims Article 6(1)(f) GDPR (legitimate interest) All aforementioned types of personal data processed by the Controller with the use of IT systems Making and storing backup copies, ensuring ability to permanently ensure confidentiality, integrity, accessibility and resilience of systems and processing services; ensuring ability to quickly restore availability of personal data and access thereto in the event of a physical or a technical event. Article 6(1)(c) in conjunction with Article 32(1)(b) and (c) GDPR (performance of legal obligations related to ensuring security, integrity and availability of data) Pursuant to the internal backup creation time schedule.
- Where the Controller processes personal data based on a consent granted, such a consent may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing performed prior to its withdrawal.
- Data subjects may exercise the following rights in connection with their personal data:
of access to data
Article 15 GDPR
Essence of the right: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in this provision.
Right to rectification and supplementation Article 16 GDPR
Essence of the right: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure Article 17 GDPR
Essence of the right: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds provided for in this provision applies.
Right to restriction of processing Article 18 GDPR
Essence of the right: Restriction of processing shall mean labeling the personal data stored in order to restrict
their future processing. Where data have been so labeled, they may only be processed, with the exception of storage,
with the data subject's consent or for purposes set forth in this provision. The restriction of processing may be requested in situations set forth in this provision.
Right to data portability Article 20 GDPR
Essence of the right: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
Right to object Article 21 GDPR
Essence of the right: If the data are processed in connection with direct marketing purposes, the data subject shall have the right to object, at any time, to processing of their personal data for the needs of such direct marketing, including by profiling, to the extent to which the processing is related to such direct marketing.
The right to object may also be exercised in other cases specified in Articles 21-22 GDPR
Data may be disclosed to entities operating to the order of the Controller or performing services for the benefit of the Controller, including, in particular:
- economic operators rendering services related to seeking the satisfaction of or defending against claims, as well as providing legal and accounting services (debt recovery, legal firms, tax consultants, accounting offices),
- subcontractors and service technicians,
- to authorities which are entitled, pursuant to applicable legal regulations, to demand that personal data be disclosed to them, including, in particular, courts, prosecutors, the Police, fiscal and customs administration bodies,
- other entities authorized to access data pursuant to applicable legal regulations.
- The data subject shall have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office [Prezes Urzędu Ochrony Danych Osobowych], ul. Stawki 2, 00-193 Warszawa, where they are of the opinion that their personal data are processed in violation of applicable laws and regulations.
- Selected data protection measures
- The Operator uses different measures to protect personal data. These include, in particular, the following:
- protection against unauthorized access
- protection against loss of data
- Transmission of data from log-in sites and data forms is protected (SSL certificate).
- The Operator protects data against loss (e.g. disk matrices, backup copies made on a regular basis).
- The Operator applies adequate fire protection measures at data processing locations (e.g. special fire suppression systems).
- The Operator applies adequate protection measures to data protection system, securing these against blackouts (e.g. redundant power supply lines, power generators, uninterrupted power supply systems (UPS)).
- The Operator applies physical protection measures preventing data protection locations from being accessed (access control, CCTV).
- The Operator ensures that servers, being an element of the data processing system, are operated in adequate environmental conditions (e.g. environmental conditions control, specialist air conditioning systems).
- The Operators applies organizational measures to ensure that a high degree of protection and privacy is ensured (training, internal regulations, password policies, etc.)
- The Operator has appointed a Data Protection Officer.
- The Operator uses different measures to protect personal data. These include, in particular, the following:
- The website uses cookie files.
- Cookie files contain IT data. They usually have the form of text files that are stored on the website user’s device and are intended to assist in using the website. Cookies usually contain the name of the website from which they originate, information on their storage period on a given device, as well as their number.
- It is the Operator of the website that acts in the capacity of the entity placing cookies on the website user’s end device, and having access to such cookies.
- Cookies are used for:
- generating statistical data helping understand how the users take advantage of the website, thus making it possible to improve its structure and content,
- storing information on referrals, in connection with the referral program.
- The website uses two main types of cookie files: session cookies and persistent cookies. Session cookies are temporary files that are stored on the end user’s device until the user logs out, leaves the website or shuts down their software (Internet browser). Persistent cookies are stored on the end user’s device for the duration specified in the parameters of the cookies or until they are deleted by the user.
- Software used for browsing websites (Internet browser) usually accepts, by default, cookie files that are stored on the user’s device. Website users may change cookie-related settings of their browser. The Internet browser allows them to delete cookie files. Cookies may also be blocked automatically. Detailed information concerning this operation may be found under the browser’s Help tab or in the browser’s manual.
- The Operator analyzes its website traffic by taking advantage of the Google Analytics service.
- Where the user does not wish to receive cookie files, they may alter their browser settings accordingly. We wish to inform that disabling cookies that are required for authentication purposes, as well as for ensuring proper levels of safety and for storing the user’s preferences may hinder, and in extreme cases prevent the use of websites.
- To manage your cookie settings, select your Internet browser from the list below and follow the instructions provided in the link: