INFORMATION ON PERSONAL DATA PROCESSING (GDPR)
Foundation aims to ensure its Users’ safety by processing their data in a manner guaranteeing its safety and confidentiality, including protection from unauthorised and/or illegal processing, as well as its accidental loss, deletion or corruption, as well as protection from unauthorised access to any User’s data and/or devices used for the processing of that data and from unauthorised use of this data and/or devices. In order to achieve that goal Foundation uses appropriate technical and organisational means.
Foundation uses any and all available means to ensure that the personal data collected and processed by Foundation is:
- a) processed in accordance with any applicable laws, in a diligent manner, understandable for its Users;
- b) collected for specific, clear and legally justified purposes and processed in a manner compliant with those purposes;
- c) adequate, relevant and limited to an extent necessary for the purposes, for which it is processed;
- d) correct and updated when necessary.
1 GENERAL PROVISIONS
1.3 The data controller for personal data collected through the Service is [Fundacja NeuroLandscape], address: [ul. Suwalska8/78, 03-252 Warsaw], National Court Register (KRS) number: , Tax Identification Number (NIP): , National Business Registry Number (REGON): , email address: [firstname.lastname@example.org]
1.6 A User whose personal data is processed has the right to cancel their consent, referred to in Clause 1.5 by sending a statement via email to the address: email@example.com. Such a cancellation does not have impact on the legality of personal data processing that been happening based on that consent before its cancellation by the User.
means an entity which decides on purposes and manners of personal data processing, individually or in agreement with other entities (here: Foundation).
means text files saved on the hard drive of the User’s device, used in particular to enable using various Foundation Services and to identify and recognise the User’s device at a reconnection to the Services.
means this document comprising all information related to collecting, using, reviewing and/or processing User’s personal data by Foundation.
means Fundacja NeuroLandscape, address: [ul. Suwalska8/78, 03-252 Warsaw], National Court Register (KRS) number: , Tax Identification Number (NIP): , National Business Registry Number (REGON): , email address: [firstname.lastname@example.org],
means all Foundation products made available to the Users, including the website www.neurolandscape.org and other websites belonging to Foundation, applications and services offered by Foundation, including also the service of informing about the details of Foundation’s offer and activities via a newsletter service.
means a natural person acting on its own behalf or on behalf of an entity in which it is employed (regardless of the legal basis of such employment) who uses the Services.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
means Polish Act on Rendering Electronic Services dated 18 July 2002
3 COLLECTING AND PROCESSING PERSONAL DATA
3.1 The Controller collects and processes the following Users’ personal data for the following purposes:
3.1.1 to make available to the Users commenting on Blog posts (1 a GDPR, art. 10 ust. 2 ARES – upon the consent) Processed personal data: name, e-mail address;
3.1.2 for statistical, analytical and reporting purposes (art. 6.1 f GDPR – legitimate interests pursued by the Controller) Processed personal data: name, e-mail address, statistical browsing data: unique User ID, the date and time, the title of the page being viewed, the URL of the page being viewed, the URL of the page that was viewed prior to the current page, the screen resolution, the time in local time zone, the files that were clicked on and downloaded, the links clicked on to an outside domain, the type of device, and the country, region, and city.
3.1.3 to make available registration and participation in any events organized by Fundacja NeuroLandscape (art. 6.1 a GDPR – za zgodą). This means especially:
- a) creating a list of participants
- b) carrying out registration in order to make participation possible
- c) performance of the programme.
Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image/video recording;
3.1.4 to process donations: name, surname, address, country of residence, billing data, telephone number, e-mail address.
3.1.5. to archive the data (art. 6.1 f GDPR – legitimate interest pursued by the Controller) Processed personal data: name (names), surname, country of residence, position, institution, billing data, telephone number, e-mail address, image/video recording.
3.2 Processing Users’ personal data means performing an operation or a set of operations on personal data or on sets of personal data in an automatic or non-automatic manner, such as collecting, saving, organising, ordering, storing, adapting or modifying, downloading, viewing, using, sharing by sending, making available or other type of sharing, adjusting or merging, limiting, deleting or destroying.
3.3 User’s personal data may be shared with the entities who cooperate with Foundation or perform particular services for Foundation (legal, marketing, advertising, IT, logistic services – in the scope necessary to perform these services).
3.4 Due to the cooperation of Foundation with its related entities and service providers established outside of EEA, your personal data may be transferred to states outside of EEA.
In order to ensure an adequate level of security of the personal data transferred to states in relation to which the European Commission has not issued an adequacy decision, Foundation uses standard data protection clauses adopted by the European Commission, referred to in art. 46.2 c) GDPR. The standard clauses are available on the European Commission website.
3.5 In case of an infringement of the personal data protection Foundation shall promptly (if possible not later than within 72 hours from discovering the infringement) notify a relevant supervising authority about the infringement. In case when the infringement might cause high risk of infringement of rights and freedoms of a natural person, Foundation shall promptly inform the User, to whose personal data the infringement pertains, about the infringement.
3.6 Foundation is obliged to keep a record of all Users’ personal data protection infringements, including information of the circumstances of each infringement, its results and steps taken to remedy the infringement.
4 PERSONAL DATA SECURITY
4.1 In order to prevent unauthorised or illegal access to Users’ personal data, its accidental loss, corruption or deletion, Foundation uses appropriate technological solutions and means of security. Data protection is ensured by the use of SSL/TLS (Secure Socket Layer/Transport Layer Socket) technology used for Internet data transmission protection and firewalls.
4.2 Only the Controller and persons authorised by the Controller, who undertook to keep the Users’ personal data in confidentiality, have access to the Users’ personal data.
4.3 Foundation keeps a record of persons authorised to process the Users’ personal data.
4.4 Any personal data shared with Foundation is stored for a period required for the purposes for which it has been collected or for a period set forth by the applicable law.
5 USERS’ RIGHTS PERTAINING TO THE PERSONAL DATA
5.1 A User is entitled to request the Controller to give them access to the User’s personal data, to correct, delete or limit processing of the personal data, to object against processing their personal data and to move their personal data. In each case when a User wishes to use any of the above rights, they can file a request to the Controller via email to the following address: email@example.com.
5.2 The Controller is obliged to take actions facilitating exercising the right to access their personal data by the User. The Controller is freed from that obligation only in a situation where it cannot identify the User who requests to be granted access to the personal data.
5.3 The Controller is obliged, within a month from receipt of a relevant request, to share with the User, to whom the personal data pertains, all information regarding actions taken in relation to their request regarding their right to be given access to their personal data, to correct and/or delete their personal data, the right to limit processing of their personal data, the right to move their personal data, the right to object and the right not to be subject to a decision based solely on automated processing (profiling). Taking into account the level of complexity of a given request or the number of requests, the above period may be extended by additional two months. In case of such extension, the Controller is obliged, within one month from receipt of a given request, to inform the interested User about such an extension, along with an outline of its causes.
6.2 Cookies allow to precisely identify individual needs of a given User and, consequently, offer them a better and more personalised Services.
6.3 Cookies are also used for the following purposes:
- a) statistical, as described in 3.1.2.
6.4 The User can specify the scope of access of cookies to their device in the browser settings.
6.5 Disabling Cookies may lead to difficulty or inability to use certain Services.
7 FINAL PROVISIONS
7.2 Foundation is not liable for any links that may be found on Foundation’s websites, which lead and/or allow Users to directly enter any third party websites, nor for any potential personal data protection infringements that could occur in connection with browsing such websites. Because of that a User shall acknowledge any privacy provisions which may be found on such third party websites.
Last update 15 October 2023 (date of publication)