|
Register
Fundacja K.I.D.S. Klub Innowatorów Dziecięcych Szpitali
What are you looking for?
Enter minimum 3 chars of name, code or tag to start searching

PRIVACY AND COOKIES POLICY OF THE WEBSITE

PRIVACY (GDPR) AND COOKIES POLICY 


K.I.D.S. FOUNDATION CHILDREN'S HOSPITAL INNOVATORS CLUB


This Privacy Policy concerns the protection of personal data and the issue of the installation of cookies and the use of similar technologies (hereinafter: "Privacy Policy"). The Privacy Policy sets out the rules for the use of information, including personal data, for the purposes indicated in its Part 2, processed by the data controller, i.e. the: K.I.D.S. Foundation Children's Hospital Innovators Club with its registered office in Warsaw, ul. Chmielna 73, 00-801 Warsaw, registered in the register of associations, other social and professional organizations, foundations and independent public health care institutions of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Economic Department of the National Court Register under the number 0000793389, REGON: 383824678, NIP: 5272898236 (hereinafter: "Foundation").


E-mail contact with the Foundation info@kids.org.pl


Telephone contact +48 576 333 578


This policy is available on the Website (https://www.kids.org.pl). Please check each time if any changes have been made to the Privacy Policy since the last time you used the Website because we may be obliged to, or on our own initiative, update this Policy.


The Privacy Policy sets out the principles of data processing through the pages of the Website and the other purposes indicated in Part 2 of the Website. 


Part 1 of the Privacy Policy sets out the framework for data processing, including a description of the rights that a person whose data the Foundation processes has. 


Part 2 of the Privacy Policy sets out the purposes, legal basis and principles for the length of data processing. 


Part 3 of the Privacy Policy sets out the rules for the use of cookies and similar technologies. 


Table of Contents


1 General information


1.1 What is personal data?


1.2 What rights do you have in relation to the processing of your personal data?


1.3 What does processing data based on consent mean?


1.4. How can you notify us of your rights or other data protection issues?


1.5. Who has access to personal data?


1.6. How we do not process personal data


1.7. Changes to this Privacy Policy


1.8 External links


1.9. Is the provision of data voluntary?


1.10. Where does the foundation obtain data from?


2. Individual purposes of data processing


2.1 Acquisition of funds from donors


2.2. Data of donors


2.3. Contacting the Foundation (by phone / email / traditional correspondence) and entering into cooperation agreements


2.4 Use of image for promotional purposes and building the image of the Foundation


2.5 Accounts in social networks


3. Data acquisition through cookies including the processing of personal data


3.1 General information


3.2 For what purpose does the Foundation use cookies?


3.3 Controlling and deleting cookies


3.4 Information data


3.5 Protection of personal data


3.6 Deletion of data obtained through the mechanism of cookies and information data


General information

1.1 What is personal data?

Personal data means any information about an identified or identifiable natural person ("data subject"). Thus, it will be data such as first and last name, address, date of birth, telephone number or email address (the list is not closed).


Personal data is processed in accordance with GDPR, i.e. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). 


1.2 What rights do you have in relation to the processing of your personal data?

You are entitled to: 


access to the data, including obtaining a copy of the data; 

data portability; 

the right to rectification and erasure of data;

to restrict processing; 

to not be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects or is similarly significantly affected; 

to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection) - ul. Stawki 2, Warsaw 00-193.  


Right to object


Whenever your personal data is processed on the basis of Article 6(1)(f) or (e) GDPR (see below), i.e. in the case of so legitimate interest or action in the public interest, you may object at any time. You can raise an objection using the account details indicated at the beginning of the Privacy Policy. 


(See more: www.uodo.gov.pl). We also encourage you to read the leaflet on your rights available at https://www.gov.pl/cyfryzacja/rodo-informator.  


1.3 What does processing based on consent mean?

If processing of personal data based on consent (e.g., use of an image for promotional purposes - see more Part 2) was to take place, remember that: 


consent is always voluntary; 

consent can be revoked at any time in person at the Foundation's headquarters, by mail or email (see above for contact details); 

withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. 

1.4 How can you notify us of your rights or other data protection issues?

You can exercise your rights in person at the Foundation's headquarters, by postal correspondence or by email (see above for the administrator's contact details). 


In response to your request, you may be asked to provide the data necessary to identify your personal information (among others, to find it) or to verify your identity (to confirm that you are the person you claim to be). In this case, personal data will be processed only to the extent necessary to document the proper performance of obligations related to the reported request (including, but not limited to, proper documentation of the withdrawal of consent) for the purposes of defense against claims (Article 6(f) GDPR, the so-called legitimate interest of the Data Controller) and for the purposes of fulfilling obligations under GDPR (including, but not limited to, accountability Article 6(1)(c) GDPR). For these purposes, data will be processed for a maximum period of the statute of limitations for potential related claims.


1.5 Who has access to personal data? 

Only authorized employees/co-workers acting under the Foundation's instruction will have access to personal data. The data may also be disclosed to service providers, e.g. IT service providers supporting the implementation of the Foundation's purposes listed below (after prior conclusion of relevant entrustment agreements). Data may also be disclosed to recipients who are separate administrators. For details, see below when discussing the various purposes of data processing (see Part 2 and Part 3).


1.6 How we do not process personal data

Unless you are expressly informed to the contrary, in the course of data processing there will be no: 


Profiling;

Decision-making by fully automated means; 

Transfer of data outside the European Economic Area. 


1.7 Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy, which may be influenced by developments in Internet technology, possible changes in the law on the protection of personal data. We will inform about any changes in a visible and understandable way on the pages of the Website. 


1.8 External links

The https://www.kids.org.pl Website may contain links to other websites. Such websites operate independently of the Website and are not supervised by the Foundation in any way. These websites may have their own privacy policies and regulations, with which we recommend that you familiarize yourself.


If you have any doubts about any of the provisions of this Privacy Policy, we are at your disposal - our details can be found in the contact section.


1.9 Is the provision of data voluntary? 

The provision of data is, as a rule, voluntary. Whenever the provision of data will be obligatory (e.g. as a result of legal regulations), the person providing the data will be informed about it separately (e.g. on the form through which personal data will be collected). 


1.10. Where does the Foundation obtain the data from? 

As a rule, the Foundation obtains data directly from the data subject. In exceptional cases, the Foundation may obtain data from other sources. In particular, personal data may come from the legal representative, businesses providing contact information of their employees. The Foundation may also verify the collected data in publicly available registers such as the National Court Register (KRS), Central Register and Information on Economic Activity (CEIDG). 


Individual purposes of data processing

2.1 Acquisition of funds from donors 

Objectives of personal data processing and legal basis


Accepting donations is within the framework of the performance of tasks in the public interest (Basis: Art. 6 (1) (e) GDPR) in connection with the performance of tasks specified by the provisions of the Act on Foundations of April 6, 1984. The Foundation also processes personal data in order to fulfill its reporting obligations related to fundraising from donors (Article 6(1)(c) GDPR in connection with the provisions of the law. For more information please see https://www.gov.pl/web/rozwoj/fundacje. 


Fundraising through the pages of the Website. Making donations to the Foundation through the Website requires the User to provide their personal data, whereby the User's first name, last name and e-mail address are mandatory for making a donation. Providing other personal data is optional. Failure to provide mandatory personal data means that the process of making a donation to the Foundation is abandoned and the donation cannot be made through the Website. The provision of data is voluntary but necessary for the Foundation to properly fulfill its reporting obligations under the law. 


The data will be processed for the period necessary to fulfill the aforementioned reporting obligations, i.e. 6 years.


Recipients of data and source of data acquisition


After entering and confirming personal data, the User is redirected to an external website Tpay.com for online payment. In order to make the payment, the data will be disclosed to online payment processing partners. Detailed information on the processing of personal data is available directly on the payment operator's website (https://tpay.com/polityka-prywatnosci-note). From the payment operator the Foundation obtains the data mentioned above. 


In fulfillment of the reporting obligations under the law, donor data may also be shared with public authorities. 


The Foundation does not share donor data with gift recipients unless prior consent is obtained for this purpose. 


2.2 Donor data

Support of the endowed falls within the framework of the performance of tasks in the public interest (Basis: Art. 6 (1) (e) GDPR) in connection with the performance of tasks specified by the provisions of the Law on Foundations of April 6, 1984. The Foundation also processes personal data in order to fulfill reporting obligations related to fundraising from donors (Article 6(1)(c) GDPR in connection with the provisions of the law. For more information please see https://www.gov.pl/web/rozwoj/fundacje. 


The provision of data is voluntary but necessary in order for the Foundation to properly fulfill its reporting obligations under the law. 


The data will be processed for the period necessary to fulfill the aforementioned reporting obligations, i.e. 6 years.


Recipients of data and source of data acquisition


As part of the fulfillment of reporting obligations under the law, the recipients' data may also be made available to public authorities. 


2.3 Contacting the Foundation (by phone / email / traditional correspondence) and entering into cooperation agreements

Personal data processing purposes and legal basis


Personal data will be processed for the following purposes:


answering the question asked (through the contact form, the email address/phone number indicated for contact) and conducting further correspondence in connection with it (basis: Article 6(1)(f) GDPR -> legitimate interest of the Foundation;

if further correspondence will be related to the process of concluding or executing a contract, personal data will be processed for this purpose as well (basis: Article 6(1)(b) GDPR and also Article 6(1)(f) GDPR -> legitimate interest of the Foundation, in the case of persons delegated to execute a contract on behalf of a contracting party;

personal data obtained in connection with ongoing correspondence may also be processed for the purpose of asserting or defending against claims (Article 6(1)(f) GDPR) -> the legitimate interest of the Foundation).

If a cooperation agreement is concluded, the data will also be processed for the purpose of fulfilling legal obligations, e.g. those related to the payment of Social Security contributions. 


Period of data processing


In the case of the purposes indicated in points a)-c), the provision of data is voluntary but necessary for the implementation of the aforementioned purposes. Personal data will be processed for the period of limitation of potential claims related to the correspondence, in particular those arising from the process of concluding and implementing the contract.


Recipients of the data


The Foundation may entrust your data to, for example, IT service providers. 


2.4 Use of image for promotional purposes and image building of the Foundation

Objectives, legal basis, period of data processing, voluntariness of providing data


Dissemination of the image - for promotional purposes of the Foundation - is based, as a rule, on the consent of the person depicted in it. Providing data in this case is completely voluntary. The data will be processed until the consent is withdrawn. 


Permission is not required to disseminate the image of:


of a well-known person, if the image was taken in connection with the performance of public functions, in particular political, social, professional;

of a person constituting only a detail of a whole such as a gathering, landscape, public event; 

when the person received an agreed payment for posing.

In the above cases (a)-(c), the provision of data is voluntary and based on the legitimate interest of the Foundation. The person whose image will be disseminated may object. The data will be processed for a maximum of 2 years, unless an objection is raised earlier. 


2.5 Social media accounts

Principles of personal data protection within the framework of social media accounts (administration of Facebook fanpage and other social networks)


Purposes of using personal data: 


management of social media accounts; 

technical administration of accounts (creation, publishing);

interactions (public or private messages) with Facebook (or other portal) subscribers and other users;

usage statistics.

Basis of data processing:


(in terms of obtaining information about other users) - Article 6(1)(f) GDPR, i.e. legitimate interest of the data controller. 


Categories of data obtained:


Data visible by default on Facebook (or on another portal, respectively): 


In particular:


Name or nickname;


Profile photo or avatar;


Message presentation;


Publications;


Messages exchanged;


Data made public by you as part of your general Facebook settings;


Data on the use of the platform to create anonymous statistics.


Source of data


Facebook (or other social network) users


Facebook (or other social network)


The administrator does not configure itself and does not have data about you from cookies stored by Facebook (or other social network). Statistical data resulting from these cookies is made available to the administrator only in aggregated (anonymous) form, and not individualized. Therefore, only the websites (Facebook, among others) can technically respond to your requests for the cookies used.


Voluntariness of providing data


The provision of data is voluntary. You make your own decisions in this regard. In order to use personalized information, social features or online response services, the user must be a member of the social network.


Recipients


Access to data between users is governed by the rules of the respective social network. 


Transfer of data outside the EU


Publications will be accessible due to their presence on Facebook outside the European Union. The data necessary for the compilation of statistics may be processed outside the European Union in accordance with the data management policies implemented by Facebook (or other social network). 


Duration of data processing


Data is stored for the duration of the existence of the social network account in question, except for the exercise of the right to delete or object by the interested party.


Acquisition of data through cookies including processing of personal data 

3.1 General information

Cookies are small text files that are placed on your computer by websites you visit. They are commonly used to improve the operation of websites or enhance their performance, as well as to provide information to website owners. The table below explains the cookies we use and why. 


We use two categories of cookies: session cookies and permanent cookies. 


Session files - remain on your device until you leave the website or turn off your software (web browser);

permanent files remain on the device for the time specified in the parameters of the file or until they are manually deleted by the user.


3.2 For what purpose does the Foundation use cookies?

The Administrator of the Website (the Foundation) uses two categories of cookies: "essential" and "optional" for the following purposes:


1. "Essential" cookies for the purpose and to the extent necessary for the proper display of the website. This is to provide basic functions such as security, network management and accessibility. You can disable them by changing your browser settings, but this may affect the functioning of the site.


Session cookies may be used on the Website for this purpose. 


2 "Optional" cookies for the purpose of researching the preferences of people using our site with the results of this research being used to improve the quality of the website's display.


For this purpose, permanent and session cookies may be used on the Website. 


The use of this category of cookies is based on your consent. 


The indicated data is not combined with information such as the first and last name, email address and other data that allows easy identification of the website visitor.  


 


Designation of tool and provider: 


Google Analytics / Provider: Google Inc.


Categories of data acquired


Is there any entrustment of data? 


Is there a transfer of data outside the European Economic Area? 


Purpose of using the information


Unique identifiers, IP addresses, activity information, location, browser language information, device model information


Data entrustment occurs. The entrustment agreement is available at: https://privacy.google.com/businesses/processorterms/


As part of the service provided, there may be a transfer of data outside the EEA and Switzerland, mainly to the United States. To this end, Google ensures the security of this data flows by:


- participation in the Privacy Shield program: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI


These cookies are used to collect information about how visitors use our site. We use this information to create reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the site and the blog from which visitors visited the site and the pages visited.


Read Google's discussion of privacy and data protection https://support.google.com/analytics/answer/6004245


 


You can withdraw your consent at any time and stop the installation and acquisition of data through cookies. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.


3.3 Controlling and deleting cookies

Most browsers offer the option to accept or reject all cookies. The user can also easily change the settings for such cookies in the browser settings. Please note that blocking all cookies from the Website may cause difficulties in operation or completely prevent you from using certain functionalities of our Website.


Managing and deleting cookies varies depending on the browser you use. You can find out exactly how to do this by using your browser's Help function or by visiting http://www.allaboutcookies.org, which explains step-by-step how to control and delete cookies in most browsers.


 


You can see browser-specific information on the following pages:


Google Chrome

Microsoft Edge

Mozilla Firefox

Microsoft Internet Explorer

Opera

Apple Safari


To opt out of the Google Analytics mechanism on all sites, visit: http://tools.google.com/dlpage/gaoptout


3.4 Performance data 

Even in the absence of the installation of cookies, the website administrator may access the following data characterizing the use of the website (hereinafter: other exploitation data): 


the ID number assigned to the device of the website visitor, 

markings identifying the termination of the telecommunications network, 

ICT system (type of device, operating system, web browser) used by the Internet user, 

information about the beginning, end and scope of each use of the site. 

 


In order to ensure the highest possible quality of the site, we occasionally analyze log files to determine: which pages are visited most often, which web browsers are used, whether the structure of the site is error-free, etc.


 


Usage data is not combined with such information as name, email address and other data that allows easy identification of the website visitor.  


3.5 Protection of personal data

Information obtained through the cookie mechanism and information data may constitute personal data within the meaning of the GDPR in certain exceptional situations. If the information indicated above qualifies as personal data, the Foundation is the controller of the personal data. Even in case of doubt whether a certain category of information is personal data, the Foundation implements mechanisms to protect this information as personal data. 


The processing of the above categories of data to the extent that it is necessary for the proper display of the site ("essential" cookies) is based on the so-called legitimate interest of the site administrator (Article 6(1)(f) GDPR. This may involve: 


occasionally analyzing log files to determine: which browsers are used by visitors to the website; which tabs, pages or subsites are most or least frequently visited or viewed; whether the website's structure is error-free;

to prevent unauthorized access to the website and the distribution of malicious codes; to interrupt denial-of-service attacks; and to prevent damage to computer systems and electronic communications systems.

 


In the above cases, you have the right to object (when the processing is based on Article 6(1)(f) GDPR).


 


On the other hand, if you agree to the installation of "optional" cookies (analytical cookies, e.g. provided by Google Analytics) then the information collected in this way will be used for the purpose of researching the preferences of people using our website with the purpose of using the results of this research to improve the quality of the website displayed. In this case, the basis for data processing is Article 173(2) of the Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800) in conjunction with Article 6(1)(a) GDPR. As indicated by Article 174 of the Telecommunications Law, the data protection regulations apply to obtaining the consent of the subscriber or end user.


 


You can withdraw your consent at any time and delete cookies from your device. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.


 


Recipients of data: IT entities providing services to the Foundation and, in the case of analytical files, Google (see above. 


 


3.6 Deletion of data obtained through the cookie mechanism and information data

Personal data will be deleted or anonymized at most after the expiration of the statute of limitations for potential claims related to the use of the site (no later than 1 year from the date of consolidation), or earlier if you raise an effective objection. Provision of data is voluntary, but necessary for the aforementioned purposes.