Young Generation Development Foundation


1. ABOUT US

  1. The controller of personal data collected via the Website is the FUNDACJA ROZWOJU MŁODEGO POKOLENIA (Foundation for the Development of the Young Generation), with its registered office at: Opolska 62 / 3, 46-061 Zimnice Wielkie, email address: [email protected] ("Controller").
  2. FUNDACJA ROZWOJU MŁODEGO POKOLENIA operates the Website and is responsible for the proper provision of Electronic Services through the Website.

2. GENERAL PROVISIONS

  1. This privacy policy of the Website is a measure implemented by the Controller to define the actions taken by the Controller to protect personal data provided to the Controller by data subjects. It also serves to inform data subjects about the procedures in place regarding personal data processing in the Controller’s organization, particularly regarding the purposes and legal grounds for processing, the categories of recipients to whom the personal data is transferred, and to fulfill the Controller’s information obligation under Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR").
  2. The Service Provider takes particular care to protect the interests of data subjects and, in particular, ensures that the data collected is: processed lawfully, collected for specific, lawful purposes and not further processed in a manner incompatible with those purposes, factually correct and adequate in relation to the purposes for which it is processed, stored in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing.
  3. This privacy policy is informational and does not create any obligations for the Users of the Website.
  4. All words, phrases, and acronyms used on this page and beginning with a capital letter (e.g., Service Provider, Website, Electronic Service) should be understood according to their definitions set out in this Privacy Policy or in the Website's Terms of Service (if applicable), available on the Website.
  5. The personal data of the User is processed in accordance with the GDPR, the Act of 10 May 2018 on the protection of personal data (hereinafter referred to as the "Personal Data Protection Act"), and the Act on Providing Services by Electronic Means of 18 July 2002 (Journal of Laws 2002 No. 144, item 1204, as amended).

3. PURPOSE AND SCOPE OF DATA COLLECTION

  1. The purpose, scope, and recipients of data processed by the Service Provider depend on the User’s actions on the Website. For example, if the User intends to use an Account, their personal data will be processed to conclude and perform the agreement for the use of the Account.
  2. The Controller processes the personal data of the User or their representatives for the following purposes:
    • conclusion and performance of the agreement for the provision of Electronic Services,
    • fulfillment of legal obligations, including tax and accounting regulations,
    • conducting legal, arbitration, administrative, court-administrative, enforcement, and mediation proceedings,
    • documenting contractual relations for evidence purposes for the duration of the limitation period of related claims,
    • direct marketing of services or goods offered by the Controller, including via email newsletters,
    • handling complaints and claims related to statutory warranty rights.
  3. The Service Provider may process the following personal data of Users using the Website:
    • User’s full name,
    • email address,
    • Name of the cooperating Organization,
    • Name of the Branch of the cooperating Organization.
  4. Providing the personal data listed above is not mandatory but is necessary to conclude and perform the agreement for the provision of Electronic Services on the Website. The exact scope of required data is always indicated in advance on the Website, during its use, and in the Terms of Service (if applicable).
  5. Personal data concerning the User may be transferred to public authorities or other third parties to the extent and in cases required by applicable law. Additionally, personal data may be transferred to entities providing accounting, bookkeeping, and legal services for the Controller under a separate agreement.
  6. The Controller declares that it has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk related to the processing of personal data entrusted to it, as referred to in Article 32 of the GDPR. The Controller regularly reviews and updates the technical and organizational measures to ensure adequate protection of personal data.
  7. The Controller also declares that, to ensure the security of personal data processing, it has implemented a Data Protection Policy. This Policy is a measure adopted by the Controller under Article 24(1) and (2) of the GDPR to establish procedures for handling personal data within the Controller’s organization, ensuring that data is processed in compliance with the GDPR.
  8. Processing of personal data for the purposes specified above in point 3(2) includes, in particular: collection, modification, storage, viewing, updating, analysis, and archiving.
  9. The Service Provider also processes anonymized data related to the use of the Website (e.g., number of Users) to generate usage statistics. These data are collective and anonymous, meaning they do not contain features that would identify the Users of the Website.
  10. Personal data concerning the User will be stored by the Controller for the following periods:
    • if the legal basis for processing is the necessity of processing for the proper performance of the contract – until the limitation period for claims arising from the contract expires,
    • if the legal basis for processing is a legitimate interest – until the basis for processing no longer exists, particularly until the limitation of claims of the Controller or the User, the dissolution of the Controller’s legal entity, or the final determination, satisfaction, or defense of a claim or other right in legal, arbitration, administrative, court-administrative, enforcement, or mediation proceedings,
    • if the legal basis for processing is the fulfillment of legal obligations imposed on the Controller – until this basis no longer exists.

4. COOKIES AND USAGE DATA

  1. The Service Provider does not process the data contained in cookies when using the Website.

5. LEGAL BASIS FOR DATA PROCESSING

  1. Providing personal data by the Service Recipient is voluntary; however, failure to provide the personal data indicated on the Website and in the Website Terms of Service (if applicable), necessary for the conclusion and performance of the agreement for the use of the Electronic Service, will result in the inability to conclude such an agreement.
  2. The legal basis for the processing of personal data for the purpose specified above in Section 3(2)(a) is that it is necessary for the performance of a contract. The legal basis for the processing of personal data for the purpose specified above in Section 3(2)(b) is that it is necessary for compliance with a legal obligation to which the Controller is subject. The legal basis for processing personal data for the other purposes indicated above in Section 3 is the legitimate interest pursued by the Controller.

6. DATA SUBJECT RIGHTS RELATED TO PERSONAL DATA PROTECTION

The data subject may exercise their rights via the form available at: https://app.gorodo.pl/api/zadanie/7343568809

A. Right to Information

  1. At the time of collecting personal data, the Controller is obliged to provide the data subject with all of the following information:
    • the identity and contact details of the Controller and, where applicable, of the Controller’s representative,
    • where applicable, the contact details of the Data Protection Officer (DPO),
    • the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing,
    • the recipients or categories of recipients of the personal data, if any,
    • where applicable, information about the intention to transfer personal data to a third country or an international organisation,
    • the period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period,
    • whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data.
  2. If the Controller intends to further process personal data for a purpose other than that for which the personal data were collected, prior to that further processing, the Controller shall inform the data subject about that other purpose and provide any other relevant information.

B. Right to Withdraw Consent

  1. The data subject has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

C. Right of Access to Personal Data

  1. The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing,
    • the categories of personal data concerned,
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
    • where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period,
    • the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing,
    • the right to lodge a complaint with a supervisory authority,
    • where the personal data are not collected from the data subject, any available information as to their source,
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic form.

D. Right to Rectification and Erasure of Personal Data

  1. The data subject has the right to request the Controller to rectify inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  2. The data subject is entitled to request the Controller to erase their personal data without undue delay, and the Controller is obliged to erase the personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and where there is no other legal ground for the processing;
    • the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
    • the personal data have been unlawfully processed;
    • the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
    • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
  3. The data subject’s rights indicated in point 2 above do not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject, for the establishment, exercise or defence of legal claims, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to is likely to render impossible or seriously impair the achievement of the objectives of that processing.
  4. The Controller is obliged to inform the data subject about the rectification or erasure of personal data, unless this proves impossible or involves disproportionate effort.

E. Right to Restriction of Processing

  1. The data subject has the right to obtain from the Controller restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the data subject – for a period enabling the Controller to verify the accuracy of the personal data,
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
    • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims,
    • the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject.
  2. The Controller is obliged to inform the data subject about the restriction of processing, unless this proves impossible or involves disproportionate effort.

F. Right to Data Portability

  1. The data subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Controller, where: the processing is carried out by automated means, and the processing is based on the data subject’s consent or is necessary for the performance of a contract.
  2. In exercising the right referred to above, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. It shall also not adversely affect the rights and freedoms of others.

G. Right to Object and Rights Related to Automated Decision-Making in Individual Cases

  1. The data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The Controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed by the Controller for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject shall have the right to object – on grounds relating to their particular situation – to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  5. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision: is necessary for entering into, or performance of, a contract between the data subject and the Controller, is authorized by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, or is based on the data subject’s explicit consent.

7. Final Provisions

  1. The Website may contain links to other websites. The Service Provider encourages users, upon navigating to other websites, to review the privacy policy applicable to those sites. This privacy policy applies solely to this Website.
  2. The Controller makes available appropriate technical measures to prevent unauthorized access to and modification of personal data transmitted electronically by unauthorized persons, including:
    • securing the data set against unauthorized access.
  3. In all matters related to the processing of personal data, including in particular issues concerning the provisions of this privacy policy, the Service Recipient should contact the Controller using the following contact details:
en_USEN
pl_PLPL en_USEN
Scroll to Top