Polish League Against Defamation
PRIVACY POLICY
Introduction
- Ensuring lawful processing of personal data is a priority of the Polish League Against Defamation, hereinafter referred to as the Foundation. Concerned about the security of the data entrusted to us, the Foundation has developed internal procedures and recommendations to protect https://rdi.org.pl/english website users’ personal data against unauthorized access, acquisition by an unauthorized person, processing in violation of applicable laws, and alteration, loss, damage or destruction. The Foundation makes every effort to respect the privacy of each person whose personal data it processes. This Policy indicates how personal data is collected, used, stored and otherwise processed. The Policy also sets out the rights of the persons whose data the Foundation processes and the principles under which these rights can be exercised. The Personal Data Processing Policy applies to all cases in which the Foundation processes personal data.
- Personal data are processed by the Foundation in compliance with data protection regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or RODO, OJ L 119, 4.5.2016, p. 1-88).
- This Privacy Policy (hereinafter: „Policy”) sets forth the principles of personal data processing and protection adopted by the Foundation. The Policy regulates matters concerning the type of personal data that are collected by the Foundation, the ways in which such data are used, the entities to which the data are shared, the ways and means of security regarding personal data, the rights of the persons concerned, information regarding cookies:
- The Policy and the provisions of generally applicable law govern the distribution of the Foundation’s unpaid service of electronic delivery of NL.
- The Foundation accepts single and recurring payments from donors through a third-party electronic payment operator, and in this regard processes data on single and recurring payment transactions in accordance with applicable regulations.
- This Policy is made available to the public at https://rdi.org.pl/english and at the Foundation’s headquarters.
- In order to use the https://rdi.org.pl/english and at the Foundation’s headquarters.
website and read its content, the User must have a data communications device with access to the Internet, a correctly configured web browser in the current or previous version: Microsoft Edge, Mozilla Firefox, Google Chrome, Safari or Opera, as well as an active and correctly configured e-mail account
Basic terms
Personas name, telephone number, address, identity card number. An identifiable person is a person whose identity can be determined directly or indirectly, in particular, by reference to an identification number or one or more specific factors determining his physical, physiological, mental, economic, cultural or social characteristics. Information is not considered to identify a person if it would require excessive cost, time or effort;
- data processing – any operation performed on personal data, in particular, such as collection, recording, storage, elaboration, modification, sharing and deletion of personal data, including operations performed in a traditional manner or in computer systems
- personal data breach – violation of personal data security rules leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed;
User – a physical person, legal person or organizational unit without legal capacity, who uses the site rdi.org.pl or the registration form, and in the case of natural persons – a person whose personal data is processed by the Foundation in connection with their use of the site https://rdi.org.pl/english
Administrator of personal data
The Polish League Against Defamtion referred to as the Foundation, with its registered office at ul. Grzybowska 4 lok. 197, 00-131 Warsaw, KRS number 0000486992, e-mail: rodo@rdi.org.pl. The Foundation is a controller of personal data within the meaning of Article 4 point 7 of the RODO. In matters related to the processing of personal data, the Foundation’s Data Protection Officer can be contacted at: rodo@rdi.org.pl.
Protection of personal data – general assumptions
In order to protect personal data from accidental, unlawful or unauthorized damage, loss, modification, access, disclosure or use, the Foundation provides appropriate technical, physical, electronic and administrative safeguards, adapted to the possible risks involved in their processing. Personal data transmitted to the Foundation, both during transmission and after receipt, are protected in accordance with generally accepted standards.
Upon receipt of information constituting personal data, appropriately developed security procedures and policies are applied to ensure full security for the personal data processed.
Newsletter offered through the website www.rdi.org.pl
- The Foundation provides the Newsletter service, within the framework of which it sends information concerning its statutory activity, in particular information on programs, projects, ongoing legal cases, events, events organized by the Foundation, which may contain marketing or promotional content and news on issues related to the area of the Foundation’s activity, to the User’s e-mail address indicated in the Newsletter form.
- In order to subscribe to the Newsletter, one must activate the newsletter in a special newsletter form available at https://rdi.org.pl/english.
- Within the Newsletter service the following data are processed: names, surnames and e-mail addresses of subscribers and subscribers to the Foundation’s newsletter. The basis for data processing is the consent granted, which can be revoked at any time by termination of the Newsletter service agreement, in the manner indicated in point 4. Provision of data is voluntary, but necessary to use the Newsletter service offered by the Foundation.
- The provision of the Newsletter service to the User is free of charge, and the agreement between the Foundation and the User is concluded, for an indefinite period of time, when the Foundation confirms the User’s registration on the Newsletter recipient list. The User may terminate the agreement for free Newsletter services at any time, without having to provide a reason. To terminate the agreement, the User should use the deactivation link, which is included in each message in the Newsletter, or send an e-mail to the Foundation at: rodo@rdi.org.pl or to the Foundation’s mailing address.
Information for those who have contacted the Foundation using the contact form offered through the www.rdi.org.pl website.
- The Foundation provides Users with the opportunity to communicate with the Foundation using the RDI project contact form.
- To use the form, it is necessary to complete its mandatory fields, enter the content, and then send a message to the Foundation through it.
- The Foundation will respond immediately, electronically, by sending an email to the User using the personal information provided in the registration form.
- If the User decides to send the Foundation a request through the RDI project contact form offered through https://rdi.org.pl/english, the User consents to the processing of the data contained in the request. The consent may be withdrawn at any time, except if, as a result of positive consideration of the User’s application and following an agreement with the User on the implementation of the RDI project, the Foundation initiates the implementation of the RDI project, for which it will be necessary to process the User’s personal data. In that case, the User’s personal data will be processed at least until the completion of the RDI project, which the Foundation will be obliged to pursue, after the User’s consent has been withdrawn, and the processing of the data will then take place on the basis of Article 6(1)(f) of the RODO.
- The purpose of the Foundation’s processing of personal data is:
- to enable Users to make an application to the RDI project,
- evaluating the User’s application,
- implementation of the RDI project,
- contacting the User regarding the project,
- fulfill reporting obligations, and meet other legal obligations imposed on the Foundation.
Information for those who make a donation to the Foundation
- Financial support of the Polish League Against Defamation Foundation is possible by making a donation by wire transfer to a bank account or through the Przelewy24 and PayPal online payment systems.
- In the case of a donation made to the Foundation by wire transfer to a bank account, the Foundation processes the personal data provided by the bank, namely: name, account number, donation amount, address. This is necessary for the execution of the agreement and the fulfillment of the Foundation’s legal obligations (e.g. under accounting regulations).
- Additional information provided in the title of the transfer (e.g. e-mail address) is processed on the basis of the Foundation’s legitimate interest, in order to send thanks for support. The addresses from bank transfers of donors are also used for the same purpose.
- In the case of a donation made through the Przelewy24 or PayPal system, the Donor should provide the amount of the donation, first and last name, in order to enable the Foundation to perform its obligations related to the conclusion of the agreement (e.g., to issue a certificate that will allow the donation to be tax-deductible) and an e-mail address, which is necessary for the system to technically process the payment. This is necessary for the execution of the contract and the fulfilment of the Foundation’s legal obligations. Providing the data is voluntary, but necessary to make the donation. The e-mail address may also be used by the Foundation, based on legitimate interest, to send a confirmation of the transfer and to thank you for your support.
- The data of those who support the Foundation with donations are processed until an objection to the processing of such data is received, however, in order to comply with the obligations under generally applicable laws, the data will be stored for the period required by such laws, e.g. accounting and tax law.
Principles of collection of personal data by the Foundation
- The Foundation is the administrator of personal data and obtains personal data primarily directly from the Users, following a request to the User, for consent to data processing. In some situations, the Foundation obtains personal data on the basis of generally applicable laws, without the need to obtain special consent from the User – in such a situation, the provision of data is voluntary, but necessary for the purpose for which the personal data are collected (e.g. conclusion of an agreement).
- The Foundation obtains personal data, in particular, in terms of:
- contact information (such as name, home/residence/correspondence/business address, e-mail and telephone number);
- data concerning the User necessary for the performance of the agreement concluded with the Foundation, i.e. the provision of free newsletter service ( name, e-mail address);
- data necessary to make electronic payments to the Foundation (name, surname, e-mail address, postal code, bank account number);
Method of processing of personal data by the Foundation
- Acting on the basis of generally applicable laws, the Foundation shall ensure control over the type and scope of personal data processed, the period and manner of processing, as well as the persons authorized to process them.
- Personal data shall be processed by the Foundation for as long as it is necessary for the purpose for which the personal data were collected, unless otherwise provided by the provisions of applicable law.
- The Foundation shall take all security measures to destroy or anonymize or pseudonymize data (temporarily or permanently de-identify personal data), in situations provided by law, as well as when personal data are no longer necessary for the purpose for which they were collected.
- The Foundation declares that:
- processes personal data in accordance with the generally applicable law on personal data protection;
- maintains a register of persons authorized to process personal data
- applies technical and organizational measures to ensure the protection of personal data processing
- collects personal data only for designated legitimate purposes and does not subject them to further processing incompatible with those purposes;
- keeps personal data in a form that allows identification of the persons to whom they relate for no longer than necessary to achieve the purpose of processing; taking into account pseudonymization and anonymization in situations provided for by law
- processes personal data substantively correct and adequate in relation to the purposes for which they are processed.
- The employees of the Foundation, the Foundation’s authorities, associates and persons who provide services to the Foundation, using personal data, are authorized to access the personal data. Each of the aforementioned persons has access only to personal data necessary and within the scope and purpose specified by the Foundation. Each of the authorized persons is entered in the register of authorized persons. Authorized persons are obliged to comply with the principles of personal data protection, securing personal data, and keeping confidential all information about personal data and ways of securing them.
Purposes of personal data processing by the Foundation
- The data collected by the Foundation may be used, among others, for the following purposes:
- on the basis of Article 6(1)(b) RODO the realization of services of providing content on the website, newsletter service and electronic payments
- on the basis of Article 6(1)(c) RODO the realization of legal obligations incumbent on the Foundation, resulting from applicable law, and concerning the provision of services, bookkeeping and tax matters
- on the basis of: art. 6 section 1 letter f RODO – to contact Users, donors and other persons (including both those providing services to and/or on behalf of the Foundation, as well as in matters related to the statutory activities of the Foundation) both in a traditional manner (mail, telephone/fax) and through electronic correspondence (e-mail, online meeting platforms) the Foundation may request personal data for purposes related to the legitimate interest of the Foundation
- on the basis of Article 6.1.a of the RODO if the User consents to the processing of personal data (e.g. for marketing purposes, promotional purposes, etc.).
- Provision of personal data, when the User’s consent is not required, is always voluntary, but failure to do so will prevent the realization of the service or purposes referred to above.
Period of storage of personal data by the Foundation
- Personal data will be retained by the Foundation for the period necessary to fulfill the purposes indicated herein, but no longer than it is required by generally applicable laws. The specific period of storage of personal data by the Foundation depends on the basis and purpose of processing such data. The Foundation shall always inform about it before or during the collection of personal data.
- The Foundation indicates that the duration of processing of personal data depends on the legal basis:
- personal data processed on the basis of the consent of the person concerned are processed until the consent is withdrawn
- personal data obtained without consent for the purpose of marketing or promotional activities (direct marketing) are processed until the Foundation receives an objection to their processing
- personal data obtained through the use of technology (e.g., cookies) will be stored until the Foundation receives an objection to its processing
- personal data obtained in connection with the performance of obligations under generally applicable law will be stored until the expiration of the statute of limitations for such obligations, as specified by law
- personal data processed in connection with the provision of services will be stored until the Foundation’s possible establishment, defence or vindication of claims, in accordance with the generally applicable statute of limitations for claims.
Sharing and entrusting the processing of personal data by the Foundation
- The Foundation shall not share, sell or otherwise disclose the personal data it collects, except as described in the Policy or when required by generally applicable law.
- The Foundation may transfer data to entities that help achieve the objectives of the Foundation or help conduct its activities. The intention of transferring personal data is to enable the Foundation to achieve its objectives and conduct its activities. Most of these entities act as so-called processors (pursuant to Article 28 of the RODO), but some of them may act as independent controllers of personal data. Entities to which the Foundation may transfer personal data include the following categories:
- Companies providing IT and server maintenance services,
- Companies providing IT security services,
- Companies providing telecommunications and similar services,
- External legal advisors,
- Banks,
- Insurance companies,
- IT companies that provide IT services,
- The Foundation requires these entities in accordance with the law to process the data necessary for the purposes, while maintaining a high degree of privacy and security of personal data processed by them on behalf of the Foundation.
- The Foundation may also share personal data in order to respond to requests made to the Foundation by authorized state and judicial authorities (e.g., prosecutors, courts, police, offices)
- In other cases, the Foundation will not share data with third parties unless it has the consent of the data subjects to do so, or has a proper legal basis for doing so.
Rights of persons whose data is processed by the Foundation
- Every data subject whose personal data is processed has the right to access their personal data. The data subject is entitled to:
- The right to access the content of your personal data and to receive a copy (Article 15 RODO),
- The right to rectify your data (Article 16 RODO),
- The right to erasure of one’s data (Article 17 RODO) – if the circumstances referred to in Article 17(3) RODO have not occurred,
- The right to request the controller to restrict the processing of your data (Article 18 RODO),
- The right to portability of one’s data (Article 20 RODO) – if the processing is carried out on the basis of a contract: for the purpose of its conclusion or execution (pursuant to Article 6(1)(b) RODO), and by automated means,
- The right to object to the processing of your data (Article 21 RODO) – if the processing takes place for the purpose of carrying out a task carried out in the public interest or in the exercise of public authority entrusted to the controller (i.e. for the purpose referred to in Article 6(1)(e) RODO),
- The right to lodge a complaint to the supervisory authority of the President of the Office for Personal Data Protection (Article 77 of the RODO) – in case she/he considers that the processing of her/his personal data violates the provisions of the RODO or other national regulations governing personal data protection in force in the Republic of Poland. For questions, contact the Data Protection Officer.
- If the processing of personal data is based on the User’s consent, the User has the right to withdraw consent to the processing of his/her personal data by notifying the Foundation in any way – to the e-mail address rodo@rdi.org.pl, and the Foundation will stop processing the personal data. Withdrawal of consent does not affect the compatibility of data processing until the consent is withdrawn.
- Exercise of all the above rights can be done by sending an e-mail to: rodo@rdi.org.pl
- In the event that the processing of personal data by the Foundation is found to be in violation of the law, the User may file a complaint with the supervisory authority, in the case of the Republic of Poland – the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.
- The Foundation shall respond to all requests received from persons wishing to exercise their data protection rights in accordance with applicable data protection laws.
Cookies and analysis software
By using the https://rdi.org.pl/english website, the User agrees to place, on their computer, cookies which do not contain any personal data, but only technical information, including the address of the website from which they come, user’s own settings or data entered into forms; they may also contain IP address, browser or visited URLs.
- Each user of the rdi.org.pl website has the possibility of disabling the use of cookies, which, however, involves the fact of limiting the operation of certain functions of the website. Each user may also – at any time – change the settings for the site, as well as delete cookies.
- Cookies are used only for testing the functionality of the rdi.org.pl website.
- The Foundation may use the following cookies:
- Authentication files – used for activities and services supporting the user on the website
- Static files – used to collect information about the end user’s use of the website
- Functional files – used to remember the end user’s selected settings and personalize the user interface,
- each user can manage cookies and for this purpose you need to change the settings in the browser. Ways to change shown below (for the most popular search engines)
Google Chrome
Menu > Settings > Show advanced settings > Privacy > Content settings > Cookies – select the appropriate option.
Microsoft Edge
Menu > Tools > Internet options > Privacy – select the appropriate option.
Mozilla Firefox
Menu > Options > Privacy > History – select the appropriate option.
Opera
Menu > Preferences > Advanced > Cookies – select the appropriate option.
Safari
Menu > Preferences > Privacy > Cookies – select the appropriate option.
The Foundation may use both
- Google Analytics – allowing to evaluate the quality of advertising campaigns, implemented using the Google Ads service, as well as to study the behavior and traffic of Users and to compile traffic statistics.
- Google Maps – allowing them to store information about the User, which enables the use of the map functionality available through the Google Maps service. Google Inc. may track the User’s location.
The Foundation may use marketing tools available as part of Facebook, and combine this information with information about the User collected as part of Facebook’s use, which is independent of the Foundation. For details, please refer to Facebook’s privacy policy: https://www.facebook.com/privacy/explanation.
Additional provision
- All trademarks, graphic elements, logos, name and images posted on the website https://rdi.org.pl/english are intellectual property, the rights to which belong to the Foundation.
- The Foundation reserves the right to unilaterally make changes to the content of this Privacy Policy at any time.
- Significant changes to the Policy will be signalled by clearly visible notices posted on the website https://rdi.org.pl/english, no later than 3 days prior to the effective date of its new wording.
- The changes shall become effective on the date of their publication within the https://rdi.org.pl/english