Fundacja Polskie Serce – Polish Heart Foundation

Menu
Menu
Make a donation
logo_polskie-serce
Menu

Privacy policy

1) Name and contact details of the responsible person

This privacy statement contains information about the processing of personal data on the company’s website at the URL http://polskieserce.org.

Person responsible:

Polish Heart Foundation
Nowokramska 13
60-438 Poznan
Poland

+48 607 884 284

biuro@polskieserce.org
www.polskieserce.org

Data Protection Officer contact details:

The foundation’s data protection officer can be contacted at the foundation’s address above and at biuro@polskieserce.org.

2 Scope and purpose of personal data processing

2.1 Calling up the website

When calling up this website, www.polskieserce.org, data is automatically sent to the server of this website by the web browser used by the visitor and stored in a log file for a certain period of time. Until automatic deletion, the following data is stored without further input by the visitor:

– IP address of the visitor’s terminal device
– Date and time of access by the visitor
– Name and URL of the page accessed by the visitor
– Website from which the visitor accessed the foundation’s website (so-called referrer URL)
– The browser and operating system of the visitor’s terminal device, as well as the name of the access provider used by the visitor.

The processing of this personal data is justified on the basis of Article 6(1) sentence 1(f) RODO. The Foundation has a legitimate interest in processing the data in order to:

– to establish a smooth connection to the foundation’s website
– enabling a user-friendly use of the website
– to recognise and guarantee the security and stability of the systems
– to facilitate and improve the administration of the website

The processing is not carried out for the express purpose of gaining knowledge of the person visiting the website.

2.2 Contact form

Visitors can send messages to the company via the contact form on the website. In order to receive a reply, at least a valid e-mail address is required. All other information can be provided voluntarily by the person making the enquiry. By sending a message via the contact form, the visitor agrees to the processing of the personal data provided. The data is processed exclusively for the purpose of handling and responding to enquiries via the contact form. This is done on the basis of freely given consent in accordance with Article 6 (1) sentence 1 (a) of the DPA. Personal data collected for the purpose of using the contact form are automatically deleted as soon as the enquiry has been processed and there is no reason for further storage (e.g. another order for our foundation).

2.3 Newsletter

By registering for the newsletter, the visitor expressly consents to the processing of the personal data provided. To subscribe to the newsletter, the visitor only needs to provide an email address. The legal basis for the processing of the visitor’s personal data for the purpose of sending newsletters is consent pursuant to Article 6 (1) sentence 1 (a) of the DPA.

The visitor can unsubscribe from receiving future newsletters at any time. This can be done via the special link at the end of the newsletter or by sending a corresponding email to biuro@polskieserce.org.

3 Transfer of data

Personal data will be transferred to third parties if:

– the data subject has expressly consented to this in accordance with Article 6(1) sentence 1(a) GDPR
– the transfer is necessary for the assertion, exercise or defence of legal claims in accordance with Article 6(1) sentence 1(f) GDPR and there are no grounds for assuming that the data subject has an overriding interest in non-disclosure which deserves protection.
– there is a legal requirement to provide the data on the basis of Article 6(1) sentence 1(c) GDPR there is a legal obligation, and/or
– it is necessary for the performance of a contractual relationship with the data subject pursuant to Article 6(1) sentence 1(b) GDPR.

In other cases, personal data will not be disclosed to third parties.

4. Cookies

So-called cookies are used on the website. These are data packets exchanged between the foundation’s website server and the visitor’s browser. They are stored by the individual device used (computer, notebook, tablet, smartphone, etc.) when visiting the website. Therefore, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Cookies store information that arises in connection with the specific end device used. The Foundation cannot therefore in any way obtain direct knowledge of the identity of the website visitor.

Cookies are mostly accepted according to the basic settings of browsers. The browser settings can be configured in such a way that cookies are not accepted on the devices used or that a special notification appears every time a new cookie is created. Please note, however, that the deactivation of cookies may mean that not all website functions can be used in the best possible way.

The use of cookies serves to enhance the user experience of the foundation’s online offering. For example, session cookies can be used to track whether a visitor has already visited individual pages of the website. When you leave the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor’s device for a limited period of time. When the visitor revisits the website, it is automatically recognised that the visitor has already called up the website before and which entries and settings were made at that time, so that they do not have to be repeated.

Cookies are also used to analyse visits to the website for statistical purposes and to improve the website. These cookies make it possible to automatically recognise on a new visit that the website has already been called up by a visitor before. In this case, the cookies are automatically deleted after a certain period of time.

The data processed by the cookies is justified for the aforementioned purposes in order to protect the legitimate interests of the legal foundation on the basis of Article 6 (1) sentence 1 (f) RODO.

5 Your rights as a data subject

Insofar as your personal data is processed when you visit our website, you have the following rights as a “data subject” within the meaning of the RODO:

5.1 Information

You can request information from us as to whether we process your personal data. You have no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to § 57 StBerG or if the information must be kept confidential for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding the above, there may be an obligation to provide the information if the State’s interest outweighs the interest in secrecy, in particular taking into account the threatened damage. The right to information is also excluded if the data are stored only because they cannot be deleted due to legal or statutory retention periods or are only used for data security or data protection control purposes, provided that the provision of the information would require a disproportionate effort and processing for other purposes is precluded by appropriate technical and organisational measures. Insofar as the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about:

– Purposes of data processing
– Categories of personal data processed by you
– The recipients or categories of recipients to whom your personal data are disclosed, in particular in the case of recipients in third countries
– where possible, the intended period of retention of your personal data or, where this is not possible, the criteria for determining the period of retention
– the existence of the right to rectification, erasure or restriction of the processing of personal data concerning you or to object to such processing
– the existence of the right to have recourse to a data protection supervisory authority
– where the personal data has not been collected from you as the data subject, the information available on the origin of the data
– Where applicable, the existence of automated decision-making, including profiling, and relevant information on the logic used, as well as the extent and intended effects of the automated decision-making.
– Where applicable, in case of transfers to recipients in third countries, unless there is an EU Commission decision on the adequacy of the level of protection under Article 45 (3) GDPR, information on what appropriate safeguards are provided to protect personal data under Article 46 (2) GDPR.

5.2 Correction and completion

If we discover that we hold incorrect personal data about you, you may request that we correct the incorrect data immediately. If your personal data is incomplete, you can ask us to complete it.

5.3 Deletion

You have the right to erasure (“right to be forgotten”), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:

– The personal data is no longer necessary for the purposes for which it was processed.
– The justification for the processing was solely your consent, which you withdrew.
– You have objected to the processing of your personal data that we have made public
– You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for processing
– Your personal data has been unlawfully processed
– The erasure of your personal data is necessary to comply with a legal obligation to which we are subject

You do not have the right to erasure if, in the case of lawful non-automated processing, erasure is not possible or is only possible with disproportionate effort due to the specific nature of the storage and your interest in erasure is slight. In this case, restriction of processing takes the place of deletion.

5.4 Restriction of processing

You may request us to restrict processing if one of the following reasons applies:

– You question the accuracy of the personal data. In this case, you can request a restriction for a period that allows us to check the accuracy of the data.
– The processing is unlawful and you request that we restrict the use of your personal data instead of deleting it.
– Your personal data is no longer required by us for the purposes of processing, but you need it to assert, exercise or defend legal claims
– You have lodged an objection in accordance with Article 21 (1) of the GDPR. A restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh yours.

Restriction of processing means that your personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift a restriction, we are obliged to inform you.

5.5 Data portability

You have the right to data portability if the processing is based on your consent (Article 6(1) sentence 1(a) or Article 9(2)(a) RODO) or on a contract to which you are party and the processing is carried out by means of automated procedures. The right to data portability in this case includes the following rights, insofar as the rights and freedoms of others are not affected: You can require us to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. If it is technically feasible, you can request that we transfer your personal data directly to another controller.

5.6 Objection

Insofar as the processing is based on Article 6 (1) sentence 1 (e) RODO (performance of a task in the public interest or in the exercise of official authority) or on Article 6 (1) sentence 1 (f) RODO (legitimate interest of the controller or a third party), you have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation. This also applies to profiling on the basis of Article 6 (1) sentence 1 (e) or (f) RODO. Once you have exercised your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

You may object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling related to such direct marketing. Once you have exercised this right to object, we will no longer use the personal data concerned for direct marketing purposes.

You have the option of informally notifying our office of your objection by telephone, email or at our postal address given at the beginning of this privacy policy.

5.7 Revocation of consent

You have the right to revoke your consent at any time with effect for the future. You can inform us of the revocation of your consent informally by telephone, email or to our postal address. Revocation does not affect the lawfulness of the processing carried out on the basis of consent until the revocation is received. Once the revocation has been received, the processing of data which was based solely on your consent will be discontinued.

5.8 Complaint

If you consider that the processing of personal data concerning you is unlawful, you may lodge a complaint with the data protection supervisory authority having jurisdiction over your place of residence or work or over the place of the alleged infringement.

5.9 Status and update of this Privacy Policy

This Privacy Policy is current as of 22 May 2018. We reserve the right to update the Privacy Policy from time to time to improve data protection and/or to reflect changes in government practice or case law.

6 External services

6.1 Google Maps (with permission)

This website uses the Google Maps mapping service via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on our website, Google Maps is deactivated the first time you access our website. A direct connection to Google’s servers is only established if you activate Google Maps yourself (consent in accordance with Article 6(1)(a) of the DPA). This ensures that your data is not transferred to Google on your first visit to the website.

Once activated, Google Maps records the user’s IP address. These are then generally transferred to a Google server in the USA and stored there. Google Maps uses “cookies”, which are text files placed on your computer that help the website analyse how users use the site. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission.

For more information on the handling of user data, please see Google’s privacy policy: https://www.google.de/ intl/en/policy/ privacy/

6.2 OpenStreetMap (with permission)

We use the OpenStreetMap (OSM) mapping service. The provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

To ensure privacy on our site, OpenStreetMap is disabled when you first access our site. A direct connection to the OpenStreetMap servers is only established if you activate OpenStreetMap yourself (consent in accordance with Article 6(1)(a) of the RODO). This ensures that your data is not transferred to OpenStreetMap the first time you access the website.

If you activate OpenStreetMap, your IP address and other information about your behaviour on this website will be transmitted to OSMF. OpenStreetMap may store cookies in your browser for this purpose. These are text files that are stored on your computer and enable analysis of your use of the website. You can disable the use of cookies by making the appropriate settings in your browser. Please note, however, that if you do so, you may not be able to use the full functionality of this website.

In addition, your location may be recorded if you have allowed this in your device settings – e.g. on your mobile phone. The provider of this website has no control over this data transmission. Details can be found in OpenStreetMap’s privacy policy at the following link: https://wiki.osmfoundation.org/ wiki/ Privacy_Policy.

The use of OpenStreetMap is in the interest of the attractive presentation of our online offers and the easy finding of the places we indicate on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) RODO.