This Policy has been issued by the Impact Foundation’s Personal Data Administrator with its registered office in Warsaw at 3a/47 Stawki Street, 00-193 Warsaw, registered by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000611651, NIP: 9452193485, REGON: 364168520 and is addressed to all users (hereinafter: “Users“) of our website (hereinafter: “Website“). The definitions used in this Policy are explained in Section XIII below.
The Data Administrator is the Impact Foundation with its office in Warsaw. The Administrator’s contact details are given in point XII below.
This Policy may be amended and updated to take into account changes in practices related to the Processing of Personal Data by the Administrator or changes in generally applicable law. We encourage you to read this Policy carefully and check this page regularly to verify any changes that the Administrator may make in accordance with this Policy.
Processing of Users’ Personal Data
Acquiring Personal Data: Administrator may collect Users’ Personal Information such as: name, surname, address and contact details, including e-mail address, telephone number, as well as job title and company data. The Administrator may collect Users’ Personal Data, in particular, in the following cases:
- providing Personal Data by Users (e.g. e-mail, telephone contact via online form or in any other way).
- obtaining Users’ Personal Data as a result of conducting business relations / entering into or performing a contract (e.g. purchase by the User of the Administrator’s service or product).
- Obtaining Users’ Personal Data published in social media (e.g. obtaining information from Users’ profiles in social media, within a range in which such information is visible as public).
- Obtaining Personal Data from third parties (e.g. contractors, financial intermediaries, law enforcement agencies, including administrative bodies or courts, etc.).
- to obtain or ask Users to provide Personal Data of Users, during their visits to the Administrator’s websites or using any functions or resources available on or through the Website. When Users visit the Site, Users’ devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site and other technical communications information), some of which may constitute Personal Information. When you visit the Site, no Personal Information about you will be stored by the Administrator without your prior, express consent. However, temporary storage of log files and cookies facilitates the use of our Website. For this reason, Users are asked to agree to this on our Website. The granting of the aforementioned consent is optional and does not affect the possibility of using the Website. In some cases, the use of our Website may be restricted to a certain extent without such consent.
Personal Data Processed: Categories of Personal Data of Users Processed by the Administrator may, in particular, include:
- Personal data: first name(s), surname(s), first name used, sex, date, photo.
- Contact details: delivery address, company (employer) address, telephone number, fax number, e-mail address, social media profile details.
- Payment details: billing address, bank account number, first and last name of the bank account holder, account security data.
- Message content: all communications, inquiries, statements, views and opinions about us, sent by Users or published in social media or through the Site.
Legal basis for the Processing of Personal Data: When Processing Users’ Personal Data for the purposes set out in this Policy, the Administrator will refer to one or more of the following legal grounds, as appropriate:
- Processing is based on the User’s prior free, specific, conscious and clear consent to the Processing;
- Processing is necessary for the execution of the agreement that the User has concluded or intends to conclude with the Administrator;
- Processing is necessary to fulfil the legal obligation imposed on the Administrator;
- Processing is necessary to protect the vital interests of any private person;
- Processing is necessary in order to manage, conduct and promote the Administrator’s activities and does not cause any damage to the interests or fundamental rights and freedoms of the User.
The purposes of the Processing of Personal Data: The purposes for which the Administrator may process Users’ Personal Data are as follows:
- Administrator’s Website: running and managing our Website, presenting its content; publishing advertisements and other promotional and marketing information; communication and contacting customers and suppliers, as well as potential employees or co-workers, through our Website.
- Offering Administrator’ s products and services to Users: presenting our Website and other services; providing promotional materials at Users’ request; communication related to Administrator’s services.
- Marketing communication: presenting in any way (including e-mail, telephone, text message, social media, mail and personal contact) messages and other information that may be of interest to Users, including the distribution of a newsletter and other commercial information, after obtaining Users’ consent to send information in an appropriate manner under generally applicable law.
- Communication and IT operations: management of communication systems, operation for IT security purposes and IT security audits.
- Financial management: sales, finance, audit and sales management.
- Research: engaging Users in order to obtain information on Users’ opinions about the Administrator’s products and services;
- Improving our products and services: identifying problems with existing products and services; planning improvements to existing products and services; and creating new products and services.
Sharing Personal Data with third parties
The Administrator may share Users’ Personal Data:
- To administrative or judicial authorities, at their request, in order to inform about an actual or suspected violation of applicable law;
- to persons carrying out audits, lawyers, PR agencies, taking into account the obligation of confidentiality arising from the contract or imposed on these entities by law;
- Third parties processing the entrusted data on behalf of the Administrator, regardless of their place of establishment, in accordance with the requirements contained in this point III below;
- Any entity competent for the purpose of preventing, investigating, detecting or prosecuting offences or executing criminal measures, including securing and countering threats to public security;
- Any acquiring entity, in case of sale or transfer of any organised part of the Administrator or shares in the Administrator’s share capital (including reorganisation, termination or liquidation).
We currently use links on our sites to the following social networking sites:
- Facebook https://www.facebook.com/ImpactCEE/
- Twitter https://twitter.com/ImpactCEE
- YouTube https://www.youtube.com/channel/UC5KYNlPumkOXUe9XJ_jm-XA
- LinkedIn https://www.linkedin.com/company/impact_cee
If we engage a third party to process Users’ Personal Data in accordance with a contract of entrustment concluded with such party, the Processor will be obliged to do the following: (i) Process only the Personal Data as instructed in advance by the Administrator in writing; and (ii) Take all reasonable steps to protect the confidentiality and security of the Personal Data and to comply with all other requirements of generally applicable law.
The entities that process User Personal Data obtained through the Site are the companies that created the Site and those that provide technical support services to the Administrator in connection with the use of the Site. This entity stores and processes Users’ Personal Data obtained during the use of the Site by the Users. The processor ensures full security of Users’ Personal Data by using the appropriate and latest technical and organisational measures. Processors may not use the Users’ Personal Data provided to them for purposes other than those for which they were entrusted by the Administrator. The Administrator has concluded an agreement with the Processor to entrust the processing of personal data, on the basis of which the entity was obliged to comply with the requirements for the protection of Users’ Personal Data.
International transfer of Personal Data
At present, the Administrator does not transfer and does not intend to transfer any Personal Data of the Users to third countries which are not members of the European Union or to international organisations. Where necessary, this Policy will be amended, and transfers of your Personal Information may take place only in accordance with standard contractual arrangements that Administrator implements before such transfers are made. In this case, Users will be entitled to request a copy of the Administrator’s standard contractual terms, using the contact information in Section XII below.
The Administrator informs that appropriate technical and organizational protection measures have been implemented in order to protect the Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with applicable law.
The Administrator shall not be liable for the actions or omissions of the Users. Users are responsible for making sure that all Personal Data is sent to the Administrator in a secure manner.
Accuracy of Data
The administrator shall take all appropriate measures to make sure that:
- The Personal Data of Users processed by the Administrator is accurate and, if necessary, up-to-date; and
- All User’s Personal Data which are Processed by the Administrator and which are incorrect (given the purpose for which they are Processed) will be deleted or corrected without undue delay.
The Administrator, at any time, may ask Users about the accuracy of the Processed Personal Data.
The Administrator takes all reasonable steps to ensure that the Personal Information that it processes is limited to those Personal Information that are reasonably required for the purposes outlined in this Policy.
Storage of Data
The criteria determining the time period in which the Administrator stores Users’ Personal Data are as follows: Administrator retains copies of Users’ Personal Information in an identifiable form only as long as is necessary to achieve the purposes outlined in this Policy, unless a longer retention period is required by law. In particular, Administrator may retain Users’ Personal Information for as long as necessary to establish, use, or defend claims.
In accordance with the General Data Protection Regulation, the Users’ Personal Data, which are Processed by the Administrator, are entitled to the following rights:
- The right of access to personal data;
- the right to rectify personal data;
- the right to remove personal data;
- the right to restrict the processing of personal data;
- the right to transfer personal data;
- the right to object to the processing of personal data;
- the right not to be subject to a decision involving automated processing.
If the Processing of Personal Data is carried out on the basis of the consent given by the Users, the Users have the right to withdraw their consent at any time without affecting the lawfulness of the Processing carried out on the basis of their consent before its withdrawal.
In case of improper Processing of Personal Data, Users have the right to lodge a complaint to the state supervisory body for data protection, i.e. to the President of the Office for Personal Data Protection.
The above does not affect the rights of the Users arising from laws or other generally applicable provisions of law.
In order to execute one or more of these rights or inquire about these rights or any other regulations of this Policy or about Processing of Users’ Personal Data, please contact us using the contact details indicated in point XII below.
Cookie files (cookies)
A cookie is a small file placed on your device when you visit the website (also on our Website). It records information about your device, browser, and in some cases, your preferences and typical actions that you perform while browsing the Website. The Administrator may Process Users’ Personal Data through Cookie technology in accordance with this policy.
The Administrator uses the following Websites:
When a user uses the Website, data about the user is automatically collected. This data includes: IP address, domain name, browser type, operating system type. This data may be collected by cookies, the Google Analytics system and may be recorded in server logs.
Cookies are text files of small size sent to a user’s computer or other end device when browsing the Website. Cookies remember the user’s preferences, which makes it possible to improve the quality of the services provided, improve search results and the relevance of the information displayed, as well as personalize the Website and create Website statistics.
The administrator of the cookies is The Impact Foundation with its headquarters in Warsaw, Poland.
You may opt out of cookies (or apply appropriate preferences for their use in your web browser) by selecting applying specific settings in that browser.
The Administrator utilizes the types of cookies listed below:
- Technical files – files that are critical, enabling users to navigate the Website and use its features, such as accessing secure areas on the Website.
- Performance files – files which collect information about how users browse the Website, which parts of the Website they visit most often.
- Functional files – files which record choices made by users (such as username, language, or the region in which users reside)
Third-party social media (e.g., Facebook, Twitter, LinkedIn) may record information about you, for example, when you click on the “Add” or “Like” button for a particular social network while on the Website. The Service Provider does not control third-party sites or their activities. Information about various social media sites is available on their respective platforms.
Data provided by the user or collected automatically is used by the Administrator for the following purposes:
- proper operation, configuration, security and reliability of the Website,
- session status monitoring,
- customization of the information displayed according to the preferences of the user,
- analysis, statistics, research and audit of how the Website is viewed.
If you have any questions, doubts or comments regarding the information contained in this Policy, please contact us at firstname.lastname@example.org.
In case of questions concerning issues related to the Processing of Users’ Personal Data by the Administrator, including those related to the execution of rights referred to in point IX of this Policy, please contact us at the following e-mail address: email@example.com.
- Administrator means the entity that decides how and for what purposes Personal Data is processed. The Administrator is responsible for the compliance of the processing with applicable data protection law.
- Personal Data means any information about an identified individual or an identifiable individual. Examples of Personal Data that the Administrator may process are listed in Section II above.
- Processing or Processed means any activity relating to Personal Data whether or not performed by automatic means, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, making available by transmission, dissemination or otherwise making available, arranging or merging, limiting, erasing or destroying.
- Processor means any person or entity that processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).