1. Basic information
 
Respecting your rights as personal data subjects (data subjects) and respecting applicable legal provisions, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Act of 10 May 2018 on the protection of personal data (Journal of Laws, item 1000, as amended, hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data obtained from you.
 
This Privacy Policy covers all data obtained by the Administrator. Below we describe what information we collect, for what purpose and how and to what extent it is used.
 
The Privacy Policy also contains information about data security and our rights to access and supervise the information provided to us.
 
All words written in capital letters have the meaning given to them in the Application Terms and Conditions, unless otherwise stated in the content of this document.
 
All employees have been properly trained in the processing of personal data, and our company as the Administrator has implemented appropriate security measures and technical and organizational measures to ensure the highest level of personal data protection. We have implemented the Information Security Policy together with the necessary procedures, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all rights to which you are entitled as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. the President of the Personal Data Protection Office (hereinafter referred to as the PUODO).
 
Each identified case of a security breach is documented, and in the event of the occurrence of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and – if applicable – the PUODO are informed of such a breach of the provisions on personal data protection.
 
2. Personal Data Administrator
 
The Administrator, i.e. the entity deciding which personal data will be processed, for what purpose and in what manner, in the “Support in Gdańsk” mobile application is the Aleksandra FOSA Social Support Foundation with its registered office at ul. Chopina 42, 80-272 Gdańsk, hereinafter referred to as the Foundation.
 
You can contact us by sending an email to: nazwa@fundacjafosa.pl.
 
3. Data Protection Officer
 
For proper supervision over the protection of your personal data, the Administrator has appointed
Data Protection Inspector. All inquiries, requests, complaints regarding the processing of personal data by our company, hereinafter referred to as Notifications, should be sent to the email address: iod@fundcajafosa.pl or application@fundacjafosa.pl. The Data Protection Inspector in our company is Katarzyna Kawczyńska.
 
The following must be clearly indicated in the text of the Notification:
details of the person or persons concerned by the Notification,
the event that is the reason for the Report,
present your demands and the legal basis for these demands, – indicate the expected manner of resolving the matter.
 
4. Purposes of personal data processing
 
Providing the data referred to in point V of this Privacy Policy is necessary for the following purposes:
in order to use the services available in our Application,
to register you in our database by creating an account, which is voluntary but necessary to provide services. In such a situation, we store the data provided by you in our database to facilitate your use of services within our Application,
to arrange a telephone consultation,
to report discrimination
in order to use the training
to assess your non-discriminatory attitudes using a quiz
in order to provide support,
in order to create statistical reports (without the possibility of identifying the user).
 
5. Methods of processing personal data
 
Personal data collected via the Application and obtained by us directly from the data subjects using the initial form and by collecting additional information during the operation of the Application.
 
We process these data mainly using IT systems, and in the case of obtaining data provided to us in written correspondence, also manually.
 
The information we collect through the Application may be used by us in connection with the conduct of our business for the purposes described in Section IV above.
 
In our Application we collect the following information, including personal data:
– identification data: e-mail address; gender, age, telephone number, correspondence address
(in case of sending the letter in traditional form)
– technical data: device IP address, data collected by Google Analytics and Apple – health data, in particular: disability, mental crisis / mental disorders, psychosexual orientation / sexuality, racial or ethnic origin, religious or ideological beliefs
 
In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the purposes referred to in point IV above.
 
The IP address of the device referred to above is information resulting from the general rules of connections made on the Internet (such as the IP address and other information contained in system logs) used by the Application administrator for technical purposes. IP addresses may also be used for statistical purposes.
 
Personal data for which we are the Administrator are obtained from you directly in the process of sending forms included in the Application, emails or written correspondence. They primarily contain data declared by you.
 
Each of you, as a person using our Application, has the opportunity to choose whether and to what extent you want to use our services and share data about yourself within the scope specified in the content of these Privacy Policy.
 
We process personal data for the time necessary to achieve the purposes listed in point IV above. Personal data may be processed for a period longer than indicated above, in the event that such right or obligation imposed on the Administrator results from specific legal provisions or when the service we perform is of a continuous nature.
 
The source of data processed by the Application are only the data subjects.
 
6. Legal basis for processing personal data The basis for processing your personal data is:
Article 6 paragraph 1 letter a of the GDPR and Article 9 paragraph 2 letter a of the GDPR, i.e. when the data subject has given his/her explicit consent to the processing of such personal data for one or more specific purposes (identification data, data concerning health, data concerning sexuality and psychosexual orientation),
art. 6 sec. 1 letter f of the GDPR, i.e. the legitimate interest of the Controller, which is the creation of statistical data, with particular emphasis on the IP addresses of devices referred to in point V above, the creation of data backup copies, the determination, defense or pursuit of claims until their limitation period (technical data) and potential correspondence with Users.
 
7. Period of personal data processing
 
Your personal data processed in connection with the provision of services are processed by us for the period of provision of the Service to the extent necessary for its proper implementation, and after this period only to the extent necessary to fulfill obligations arising from legal provisions and in connection with any claims or defense against claims.
 
Your personal data processed on the basis of consent (identification data, special category data, in particular health data) are processed by us until you withdraw your consent, i.e. until you delete your account in the Application.
 
Your personal data processed on the basis of the legitimate interest of the Administrator are processed until you object to their further processing.
 
8. Recipients of personal data/Disclosure of personal data
 
We do not share any personal data with third parties without the express consent of the data subject. Personal data may be shared only with public law entities, i.e. authorities and administration bodies (e.g. tax authorities, law enforcement agencies and other entities authorized by generally applicable laws) without the consent of the data subject.
 
Personal data will be made available primarily to our employees in accordance with the rights and authorizations they have in order to ensure the proper handling of data processing processes and in the time and scope necessary.
 
Our Employees have been trained in the principles of personal data processing and the applicable legal provisions regarding the principles of personal data processing and protection and are obliged to keep this information confidential.
 
In justified cases, personal data may also be made available to trusted cooperating entities, solely for purposes related to the provision of the Service or ensuring its proper provision.
 
9. Entrustment of personal data
 
Personal data may also be entrusted for processing to processors, i.e. entities that process data on behalf of the Administrator. In such a situation, as the Administrator, we conclude a personal data processing agreement with the processor. The processor processes the entrusted personal data only for the needs, to the extent and for the purposes indicated in the entrustment agreement.
 
Without entrusting your personal data for processing, we would not be able to conduct our business within the Application. As the Administrator, we entrust personal data
Users to process data to entities providing services to us as the Administrator, which are necessary for the current functioning of the Application;
 
10. Rights of natural persons
 
You can freely exercise the rights of natural persons specified in the GDPR. To do this, send an appropriate request regarding the implementation of the rights of individuals to our email address: iod@fundacjafosa.pl or application@fundacjafosa.pl .
 
In justified cases, in order to correctly identify a person, we may ask you to provide additional information or to provide the necessary documents confirming your identity.
 
All requests related to the implementation of your rights should be submitted directly to the Administrator.
 
If you wish to exercise your rights to withdraw your consent to data processing or to delete your data, please use the “Delete account” tab in the Application. If you wish to exercise your rights referred to below, please send a request directly from the Application from the appropriate menu item.
 
The right to freely express or withdraw consent to the processing of data You have the right to freely express or withdraw consent to the processing of personal data. In the event that your personal data is processed on the basis of your consent, we will provide the possibility of withdrawing it at any time by deleting your account in the Application.
 
Withdrawal of consent will have immediate effect from the moment of its withdrawal and will not affect the processing of data that took place before its withdrawal.
 
Withdrawing your consent will not entail any negative consequences for you, but it will prevent us from continuing to provide services through the Application.
 
The right to information
Under Articles 12 and 13 of the GDPR, you have the right to a range of information (including information about your data, the contact details of the Data Protection Officer, the purposes and legal basis for processing personal data, the recipients or categories of recipients of personal data, if any, or the period for which the data will be processed or the criteria for determining that period).
 
We meet this obligation with our current document, the Privacy Policy.
 
The right to access personal data
Under Article 15 of the GDPR, you have the right to information about what data we process about you and for what purpose, as well as the right to obtain a copy of your personal data.
 
We exercise the right to access data by sending a request to obtain a copy of your personal data by sending a request to the e-mail address: nazwa@fundacjafosa.pl .
 
You may obtain copies of the information we hold from you. In such a case, we will provide you with a copy of the personal data you have provided in a structured, commonly used, machine-readable format within no more than 30 days of receiving your request. We do not charge a fee for preparing, processing and issuing the first copy of the data.
 
In the event of subsequent requests, we may charge you a fee based on the costs of preparing, processing and delivering this data. In such a case, we will inform you of the amount of the fee before processing another copy of the data.
 
The right to rectify personal data
Pursuant to Article 16 of the GDPR, you have the right to rectify (correct, update, supplement) your personal data.
 
If your personal data has changed, please inform us about this fact so that the data we have is consistent with the actual state and up to date. Also in a situation where there has been no change in personal data, but for any reason this data is incorrect or has been recorded incorrectly (e.g. due to a typo), please inform us directly from the Application from the appropriate menu item in order to correct such data or correct it yourself, if the Application allows it.
 
The right to have your personal data deleted
Under Article 17 of the GDPR, you have the right to request the deletion of your personal data. We exercise this right in response to the use of the „Delete account” tab in the Application. NOTE: deletion of personal data will result in our company ceasing to provide you with Services.
 
You may request the deletion of your personal data in particular when:
the purposes for which the personal data were collected have been achieved, e.g. you have completed
your use of our Services,
the basis for the processing of your personal data was solely consent, which was subsequently withdrawn and there are no other legal grounds for further processing of your personal data,
you have filed an objection pursuant to Article 21 of the GDPR and you believe that we have no overriding legal grounds for continuing to process your personal data,
Your personal data has been processed unlawfully (for purposes that are against the law or without any basis for processing personal data) – please remember that in such a case you must have a basis for your request,
the need to delete your personal data results from legal provisions,
despite the declaration upon registration that he or she is 16 years of age, the personal data relate to a minor and were collected in connection with the provision of information society services.
 
However, the right to request the deletion of personal data may be limited if such processing is necessary for us to fulfill an obligation under the law or to establish, pursue or defend legal claims.
 
You can request the deletion of your data by unchecking the „Consent to the processing of personal data” option in the „user profile” settings of the Application.
 
The right to restrict the processing of personal data
Under Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data. We exercise this right based on an express request to limit the processing, together with a justification, sent to us at the address: nazwa@fundacjafosa.pl.
 
A request to limit data processing results in our company only being able to store your data until the matter is resolved.
 
You may exercise the right to restrict the processing of your personal data if:
you question the accuracy of the personal data provided – for a period enabling the accuracy of the questioned data to be verified;
the processing of your personal data is unlawful, but you object to the deletion of your personal data;
the personal data we process are no longer necessary to achieve the purpose for which we processed them, but you need them to establish, pursue or defend against legal claims;
you object to the processing of personal data due to a specific situation specified in the provisions on personal data protection.
 
The right to transfer personal data
Under Article 20 of the GDPR, you have the right to request the transfer of your personal data to another service provider.
 
You only have this right if the basis for the processing of your data was consent and the data was processed in an automated manner.
 
The right to object to the processing of personal data
Pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data.
 
We exercise this right by sending us an explicit objection to the processing of your data, which we have previously processed for legitimate purposes in accordance with the law.
 
The right to lodge a complaint with a supervisory authority
Under Article 77 of the GDPR, you have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority, i.e. the President of the Personal Data Protection Office, ul. Stawki 2; 00-193 Warsaw, if you believe that we are processing your personal data unlawfully or in any way violate your rights under the generally applicable provisions of law on personal data protection.
 
We respect your privacy and guarantee you the possibility of exercising your rights arising from the provisions of the law regarding the processing of personal data. In order to avoid unnecessary disputes, before filing such a complaint, we encourage you to contact our Data Protection Officer directly (iod@fundacjafosa.pl).
 
Limitations related to the exercise of the rights of the personal data subject
The above-mentioned rights and the manner of their implementation may be subject to restrictions in justified cases. Such a situation will occur if the restriction results from the obligations specified in the law, to which we are obliged. In such a case, we will provide you with appropriate information along with the justification of our decision.
 
11. Information on the obligation to provide data
Providing some personal data is necessary for us to properly provide Services or fulfill a request or notification. Applying the principle of minimization, we do not collect more data than is necessary to fulfill them.
 
Failure to provide the required information may result in our limiting or discontinuing the provision of the Services or fulfilling your request or submission.
 
Persons reporting adverse events related to the service we offer may be required to provide additional data if such data is required by law or applicable reporting procedures.
 
12. Document update rules
As needed, as our business practices change and as legal provisions change, we will update the Privacy Policy with appropriate provisions.
 
We will inform people using the Application about any changes through notifications in the Application as part of the messages on the main application dashboard. Additionally, in the event of significant changes related to privacy protection and personal data protection, we may send additional information to the email address provided to us or require you to re-accept the principles of personal data processing and privacy protection in connection with the processing of information based on cookies and other similar technologies.
 
13. Final provisions
This Privacy Policy is effective from the date of publication, December 1, 2020.
In matters not regulated by these Privacy Policy, the relevant provisions of generally applicable law shall apply accordingly. In the event of any inconsistency between the provisions of the Privacy Policy and the above provisions, these provisions shall prevail.