Privacy Policy of Future Democracy Foundation
Respect for personal data is a priority for us in our social activities. All of our online activities are designed and implemented to use as little personal information as possible and to provide the maximum possible protection for your privacy. This website is not designed to collect personal information and its use is limited in practice to the operation of the comment system and to contacting us. Below you will find information on our handling of personal data, cookies and server logs. If you have any comments on these issues we invite you to contact us.
The IP data we acquire is anonymised by the Matomo plugin, so that we do not store your full IP address. This ensures that even in the event of unwanted activities on our Portal, there is no risk of unwanted collection or tracking of the IP addresses of those who visit us.
Who processes your personal data and on what basis?
Future Democracy Foundation based in Gliwice, 44-100, Zwycięstwa 14/105 street, KRS number 0000930145 is the owner of the internet service named Demokracja Przyszłości (Future Democracy) conducted under the internet address https://demokracjaprzyszlosci.org.pl/ (hereinafter referred to as: Portal) and thus collects and processes your personal data on the basis of this Privacy Policy. Foundation is the Administrator of your personal data within the meaning of GDPR (hereinafter referred to as: Administrator).
You can contact us about the data we process by: email fundacja@demokracjaprzyszlosci.org.pl
Your personal data may also be processed by our subcontractors who assist us in providing our services. All these entities ensure the protection of your personal data in accordance with the relevant legislation.
We process personal data on the basis of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the flow of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: GDPR) and the provisions of this Privacy Policy.
What personal data do we process, for what purpose and on what basis?
We limit the collection and use of your personal data to the necessary minimum, required for the provision of services at an appropriate level, pursuant to Article 18 of the Act on Provision of Electronic Services, including primarily for the proper display of Portal content.
If you contact us remotely. When you contact us through the Portal, we may process your Personal Data in the following capacities.
Contact form and email address – If you contact us, we need your personal data to establish and maintain communication. The purpose of the processing will be to contact you.
The personal data you provide in the form is necessary for us to establish and maintain the communication. In the case of email communication, we will process your email address, which may contain your personal data and other personal data you provide in the body of the email. In both modes of communication, you may also add other personal data that will be processed by us in the course of the communication.
The basis for the processing is Article 6(1)(f) of the GDPR, which is the legitimate purpose of our responding to inquiries made to us. Personal data will also be processed after the end of contact, on the basis of Article 6(1)(f) of the GDPR, which is the legitimate purpose of archiving correspondence for the purpose of demonstrating its course in the future and defending against potential claims.
Comments – on the Portal it is possible to add comments under the articles or other interactive content. The personal data you provide in the form (name and e-mail) is necessary for the correct display and operation of the comment system. In this case, we will process your e-mail address, which may contain your personal data and other personal data provided by you in the content of the comment.
The comment system is operated by ReplyBox, a company based in the United Kingdom, which is a separate controller of your personal data. Accordingly, ReplyBox may use cookies for its own purposes on the basis of the agreement concluded with you (account registration). This data may be transferred outside the European Economic Area, but any such transfer is always in compliance with European legislation, including GDPR, and meets data protection standards. Details of the processing of your personal data can be found in the privacy policy https://getreplybox.com/privacy-policy
ReplyBox provides one of the best protections for your personal information among the comment handling systems available. It has been carefully selected by us to ensure the least intrusion into your privacy and the most secure use of comments on our Portal.
The basis for the processing of personal data left in the comments and information about their authors is Article 6(1)(a) of the GDPR, that is, your consent resulting from the addition of the comment. You can exercise the rights related to personal data (deletion, modification) within your user account in the ReplyBox system.
If you visit our social media
As part of the social media profiles we operate, your personal data may be processed through specific interactions resulting from the respective system (e.g.: likes, comments, shares, follows). The extent to which personal data is processed on our profiles, depends on you and your profile settings in the system supporting the selected media. It is up to you to decide on the extent to which your personal data is processed. Details of the processing of your personal data within the social media profiles can be found in the privacy policies of the respective owners.
Facebook and Instagram https://www.facebook.com/privacy/policy
Linkedin https://pl.linkedin.com/legal/privacy-policy
The basis for the processing of personal data left on social media is Article 6(1)(a) of the GDPR, i.e. your consent resulting from adding a comment or other interaction. You can exercise your rights in relation to your personal data (deletion, modification) within your user account in the system supporting your social media profile.
On the basis of your social media data (likes, follows or other interactions left), we may target marketing activities of our own business, based on Article 6(1)(f) of the DPA, i.e. the legitimate purpose of promoting our business. In each case, marketing activities are directed to the general public observing our profiles. As part of specific activities, we may use statistical tools provided by the owners of the respective media. We collect and analyse anonymised statistical data on the basis of Article 6(1)(f) GDPR, i.e. for the legitimate purpose of improving our business.
In the respective social media system, we may maintain a list of blocked users (Article 6(1)(f) GDPR), on the basis of the legitimate purpose of preventing comments that are contrary to the law and good morals.
If you contact us via social media messengers
If You contact Us via social media communicators, We process the personal data that You provide in Your profile and that are publicly available. As part of your correspondence with Us through these instant messengers, you may also provide other personal data, which will be processed by Us for the purpose of communication and for archiving purposes. In each case, these data are stored on the servers of the owners of the respective communicators (social media), and their processing is governed by separate contracts or regulations (we provide more information in the section above). The processing of your data on these servers, on Our part, is limited to access and ongoing communication.
The basis for processing in this case is Article 6(1)(f) of the GDPR, on the basis of the legitimate purpose of responding to enquiries made using social media messaging. Personal data will also be processed after the contact has ended on the basis of Article 6(1)(f) GDPR, which is the legitimate purpose of demonstrating its progress in the future and defending against potential claims. The data processed within the framework of the social media communicators remains on the servers of the owners of the individual communicators and its archiving is governed by separate agreements or regulations.
If you make a donation to us
If you choose to make a donation to us we will need to process your personal data in order to post and settle your donation. We use external ICT operators (www.wplacam.ngo.pl and PayU) for the donations we accept.
The basis for the processing of your data is our legitimate interest, which is the accounting of the collected contributions in order to fulfil the obligations imposed by current legislation. In addition, we process your data to the extent necessary for the performance of the contract you conclude with us by depositing funds into our account or on the basis of your contract you conclude with a third-party operator by making a donation to us, and on the basis of our contract with the third-party operator (Art. 6(1)(b-c) GDPR).
We share accounting data, including documentation of financial flows and signed contracts. The recipients of your data are banks, tax offices, state authorities or other entities authorised by law, in order to comply with our obligations relating to the settlement of donations received (Article 6(1)(c) GDPR).
As some ICT systems use tools provided by US companies, your data may be outside the European Economic Area. Any such transfer is always made in accordance with European legislation.
If you are our associate
Your data as a contractor or performer of commissioned tasks concerning the Foundation and the Portal’s operation (including UX Research, partner acquisition, fundraising), related to financial settlements, are transferred to the Accounting Office KONKRET Marta Nowacka. As our contractor you need to provide us with your personal data in order to fulfill our obligations under accounting and tax laws, including settling transactions and issuing accounting documents.
Also, in order to enter into cooperation ther than commissioned tasks, it may be necessary for you to provide personal data. This also applies if you are our volunteer and enter into a volunteer agreement with us. For the purposes of this agreement, including the possibility of you being covered by accident insurance and/or civil liability insurance, health benefits or the obligation to pay travel and subsistence expenses, it is necessary for you to provide personal data.
In terms of communications, you will learn more about our processing of personal data in the previous section.
The basis for the processing of our contractors’ and volunteers’ data is the conclusion and performance of a contract or volunteer agreement for the purposes of cooperation (Article 6(1)(b) of the GDPR), as well as for the purpose of responding to inquiries and proposals addressed to us to conduct cooperation, i.e. due to our legitimate interest, which is to be able to contact those who address inquiries to us (Article 6(1)(f) of the GDPR). In addition, we process the data of our contractors and volunteers for the purposes of communication related to the implementation and settlement of the project, which is the Portal, i.e. on the basis of our legitimate interest (Article 6(1)(f) GDPR). Your personal data is also processed for purposes arising from our legitimate interests, which is the archiving of correspondence and our cooperation activities with you for the purpose of demonstrating them in the future and defending against potential claims (Article 6(1)(f) GDPR).
As our collaborator (contractor or volunteer), you are also a beneficiary of our promotional activities related to the operation of the Portal, which we undertake on the basis of our legitimate interest, which is the promotion of our activities through information activities, each time directed to the general public observing our profiles or through other media, on the basis of Article 6(1)(f) of the GDPR.
We process the data of associates in accounting matters in order to fulfil legal requirements resulting from accounting and tax law (on the basis of Article 6(1)(c) of GDPR) and on the basis of our legitimate interest in the form of data archiving, protection against claims and ensuring accountability of actions having accounting or tax consequences (Article 6(1)(f) of GDPR).
For how long do we process your personal information?
Personal data are processed for the periods indicated by law or when it is necessary to perform the Administrator’s services and to maintain the principle of accountability. Data processed on the basis of a legitimate purpose until objection is made. Data processed on the basis of consent until it is withdrawn. Individual processing periods may vary, in particular personal data:
- Left under comments will be processed for the duration of the comment system, unless you decide to delete your comment earlier;
- Left on a form or email correspondence will be processed for the duration of contact with you and after the end of contact for the purpose of archiving correspondence and defence against claims (Article 6(1)(f) GDPR).
- Personal data of collaborators are stored for the duration of the contact with the person concerned and after the end of the contact for the purpose of archiving correspondence and defense against claims (Article 6(1)(f) GDPR)
- Personal data of co-workers that are tax data and related documents are stored until the expiration of the statute of limitations for tax liabilities, unless tax laws provide otherwise. Other data until an effective objection is made. After this period, the data will be deleted.
- Personal data on our social media will be processed until our profile is operational, unless you choose to delete the interaction, like or comment beforehand.
What are your rights regarding data processing and how can you opt out of selected services?
You have the right to request: access, rectification, erasure, restriction of processing, object or portability of your personal data. These rights may be limited on the basis of our legitimate interests (e.g.: retention of certain personal data in case of defence against claims).
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out before the withdrawal of consent. If you withdraw your consent and there is no other legal basis for processing your personal data, we will delete your personal data immediately.
For all matters relating to your personal information, you may contact us via: e-mail: rafal.styblinski@demokracjaprzyszlosci.org.pl.
You always have the right to lodge a complaint with the supervisory authority, the President of the Office for Personal Data Protection, if you consider that we have violated data protection regulations.
You may opt out of the following services or limit the processing of your data to the following extent:
- disable the use of cookies, which is possible on the first visit to the site in the “cookie bar” (consent or configuration) or in the browser at any time. It is also possible to withdraw consent to data processing by leaving the Portal and clearing cookies in the browser or changing the configuration in the “cookies bar”;
- delete a comment in the ReplyBox system;
- request the deletion of your personal data contained in your correspondence with us, whereby some of your data will continue to be stored in order to document lawful processing of your personal data and to defend against claims.
- if you no longer wish to follow our social media profiles, you can revoke the observation/liking or other interaction at any time by visiting our profile. The rules for watching profiles, displaying profile information and withdrawing likes are governed by the social media owners, over which we have no control.
How do we use cookies?
When you first visit our site, we display information about the use of cookies. If you do not wish to receive cookies, you can change these settings by clicking on “Cookie Settings” in the “cookie bar” at the bottom of the page or in your browser settings. Restrictions on the use of cookies may affect some of the functionality available on our website.
The information collected by cookies relates to your IP address, browser type, language, operating system type, internet service provider, time and date information, location and information submitted to the site via a contact form. We use cookies to monitor and see how you use our site, to improve the site for a more efficient and seamless navigation.
Google Analytics
Is a tool that automatically records your behaviour on our website, for statistical purposes, on the basis of our legitimate interest (Article 6(1)(f) of the GDPR). The provider of the tool is Google Ireland Limited. The data may be transferred outside the European Economic Area, but Google guarantees that any such transfer is carried out in compliance with European legislation, including the GDPR (RODO) and meets data protection standards.
We use Google Analytics for the sole purpose of obtaining anonymous information about traffic to our website, i.e.: the number of people using it, the time spent and where they visit us from. This data allows us to make better use of our time and develop those areas of our online activities that are of greatest interest. We limit the amount of data analysed for our purposes and do not collect or process it outside of this tool.
How do we use server logs and cookie files?
As part of the use of our website, queries are sent to the server on which the website is hosted. Each such query is recorded in the server logs. Thus, information about your use of the website is subject to logging at the server layer. This data is not associated with individual visitors and is not used by us to identify you. Due to the use of anonymization mechanisms (Matomo), we are not able to identify any person in this way. This data is used solely for the purpose of administering the site and to ensure that the services provided to you are as efficient as possible.
The viewed resources are identified by URLs. In addition, the record may be subject to:
- Your anonymised IP address (the Matomo plug-in makes IP addresses anonymous, leaving only two octets visible),
- information about the browser and operating system you are using,
- time of incoming request and time of sending response,
- client station name – identification via HTTP protocol,
- HTTP error information,
- the URL address of the page you visited previously (referer link), in case you followed the link.
When you visit our website for the first time, we display information about the use of cookies. Via the “Cookie Settings” function, you can determine for yourself the extent to which we use these cookies in your case.
Social media tools
In the form of plug-ins on our website, such as: Facebook, Instagram, Linkedin. If you have a profile on these media, your browser can establish a direct connection with them. These plug-ins collect information about your viewing of our website. The plug-ins also enable direct transfer of content from our website to your social media profiles (interaction buttons marked with icons for the individual social media). This data is transferred outside the European Economic Area, but any such transfer is always carried out in accordance with European legislation. Details of the processing of your personal data within these media can be found in the privacy policies.
What safeguards protect your personal information?
This website has security measures in place to protect the data under our control from loss, misuse or alteration. All personal information is protected in accordance with standards of security and confidentiality. Access rights to the personal data of the Portal users have been restricted so that the information does not fall into the hands of unauthorized persons. Access to personal data has only a limited number of people managing the Portal and supervising their work.
Who can we share your information with?
We take care to limit the access to your personal data to the necessary minimum, related to the typical functioning of the website, which is the Portal. Entities whose services we use may potentially gain access to personal data processed within the Portal. If such processing is necessary (e.g. IT work on the website), we ensure the protection of personal data as required by law by means of appropriate agreements with these entities and by checking their privacy policy.
We share personal information with the following entities:
- Suppliers of external IT systems supporting our activity (hosting) and ensuring the functioning of the Portal and its elements (IT companies), which are:
- DiDHost which performs regular backups of data on its servers, including our Portal, this data is stored in encrypted form on DiDHost servers and in the Amazon cloud).
- Within the WordPress system on which our Portal is based, your personal data may be processed by the following plugins:
- CodeGuard Website Backup to create encrypted backups of our website (stored in Amazon’s cloud storage) https://panel.didhost.pl/store/codeguard
- if you are a contributor to our Portal texts: Co-Authors Plus https://wordpress.org/plugins/co-authors-plus/, in order to operate sub-accounts for authors.
- ReplyBox, based in the United Kingdom, for the operation of the comment system,
- Matomo Analytics is a tool that automatically records your behaviour on our website, for statistical purposes, based on our legitimate interest (Article 6(1)(f) of the GDPR). It is one of the safest tools in terms of the processing of personal data for analyzing website visits: https://matomo.org/privacy-policy/. As part of these analyses, we do not collect or process data that allows you to be identified. We use it because of the need to analyze the readability and attractiveness of material on our site, which enables us to grow and reach new audiences.
- GDPR Cookie Consent does not use personally identifiable information, but you must save cookies to be able to consent to our processing of them or to individually set the extent of cookie processing.
- An accountancy firm KONKRET Marta Nowacka, if working with you involves the posting of accounting documents or other transactions/data,
- A legal adviser or solicitor bound by professional secrecy in the case of legal services, investigation and defence of claims,
- Other subcontractors, if we need to use their services in our business.
- Social media owners: Meta Platforms Ireland Limited for Facebook and Instagram, and Linkedin Corp. for Linkedin, in case you visit our profiles or interact with us through them.
- Donation processing systems (www.wplacam.ngo.pl and PayU) in order to process your donations, only if you choose to donate to us through these systems.
- InterMar Marzena Puchała in the case of performing transcriptions of UX Research interviews. Only when you participate in UX Research based on your separate consent.
- Google Ireland Limited for Google Analytics for traffic analysis on our website.
We may be required to provide information collected by the Portal to authorized authorities based on lawful requests to the extent of the request.
To a very narrow extent, some personal data may be transferred outside the European Economic Area (EEA), but any such transfer is always in compliance with European legislation, including the GDPR, and meets data protection standards. We aim to avoid transfers outside this area and process data only within the EEA. Most large ISPs process personal data outside this area, hence our choice of alternative providers is limited. Despite this, we make it a policy to avoid transferring your data outside the EEA. However, if there is no alternative, we will always make sure that we comply with the standards set by European legislation (e.g. GDPR).
If you are a participant in UX Research
If you participate in UX Research, we will process your personal data necessary for the lawful use of your recording and the information obtained. For this purpose, we also need to process your contact details: name, email address, telephone number. This data will only be processed by the board of directors of the Future Democracy Foundation and the UX Research implementation team at the Foundation.
The legal basis for the processing is Article 6(1)(a) of the RODO, i.e. your consent, whether given in a statement, an email or directly during the recording. Personal data will also be processed after the completion of UX Research at the Foundation, on the basis of Article 6(1)(f) RODO, i.e. the legitimate interest to demonstrate lawful processing and collection of personal data and to defend against potential claims.
The recording and other personal data will be stored and processed for the duration of the UX Research recruitment process and for the further work of UX Research at the Foundation.
Do we process personal data in the cloud?
Due to the fact that we carry out a large part of our activities remotely, we use cloud computing, i.e. files and documents are located on an external Google Workspace server. In this way we can store: all your personal data and your image, in the form of photos and videos, data of support persons with names and contact details, contracts, accounting documents and others.
The data is stored by us in the cloud in a Google Workspace account. As we use a plan designed for NGOs, your data may be processed outside the EEA. Your data may be transferred outside the European Economic Area, but Google ensures that any such transfer is in compliance with European legislation, including RODO (GDPR) and meets data protection standards.
The basis for the processing of your data is your consent or our legitimate interest to organise, implement and lawfully account for our activities, as well as to prepare the promotion of our events through outreach activities. After your opt-out, the necessary data is still stored in the system in order to document the lawful processing of your personal data and to defend against possible claims in this regard.
Where can you file a complaint about our personal information practices?
Yes, you always have the right to lodge a complaint to the supervisory authority – Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, Poland, if you believe that we have violated data protection regulations. You can find more information about the supervisory authority at: https://uodo.gov.pl
Do we use profiling?
No, Portal does not use Personal Data to make automated decisions that are based solely on automated processing, including profiling, and that produce legal effects or similarly significantly affect users.
This policy is effective as of 5/01/2022.
Updated: 9/07/2023