The entity that decides on what for and how the Users’ data is used is Federacja Znaki Równości with registered office in Kraków, address:
ul. Czyżówka 43,
entered into the register of associations, other social and professional organizations and healthcare facilities of the National Court Register under the KRS number: 0000644083, whose documents are kept by the District Court for Kraków Śródmieście in Kraków, XI Commercial Division of the National Court Register, with taxpayer identification NIP number 676-251-61-65.
You can reach the Controller via e-mail at: firstname.lastname@example.org
How does the Controller collect personal data?
The Controller collects personal data through:
- forms and surveys available on the Webpage including the forms used for signing petitions, appeals, positions, statements,
- communication sent to the e-mail addresses posted on the Webpage,
- Internet services used form making donations or payments to the Controller the links to which are posted on the Webpage,
- Cookie files.
What personal data is used by the Controller?
The Controller uses personal data submitted by the Users. It includes all or some of the types of the data listed below:
- identification data (name, surname, nickname, image),
- contact details (e-mail address, telephone number, names of the profiles in social media such as Facebook, Twitter, Instagram, mailing address),
- data related to the need for psychological or legal counseling as well as the data necessary to organize the counselling,
- data necessary to include the volunteer in the Controller’s social activity (e.g. profession, education, declared field of support, availability)
- data related to the User’s support for the Controller’s activity (e.g. amounts of the donations, the payment details)
Whose personal data is used by the Controller?
Controller processes the data of the persons that:
- registered for the events organized by the Controller,
- reported their will to receive Controller’s newsletter and bulletin or other similar materials,
- want to be or are the Controller’s volunteers,
- started the communication with the Controller through e-mail addresses posted on the Webpage.
- signed the petitions, appeals, positions, statements opened by the Controller for signature,
- Controller’s supporters or sympathizers who support the Controllers activity through Internet crowdfunding, auctions or payment services linked to on the Webpage,
- persons who take part in the recruitments organized by the Controller and described on the Webpage.
The Controller processes the personal data to obtain the following goals:
- to organize and manage the events as well as to inform about their venue, time, agenda, course an to send report from an event,
- organizing marketing and social campaigns related to the Controller’s activity,
- to send information about the Controller’s social activity in the form of newsletters, bulletins, invitations, other materials (e.g. presentations, reports),
- to include the volunteers in the Controller’s social activity and to coordinate the volunteers’ actions,
- to respond to the communication sent to the e-mail addresses posted on the Webpage,
- to manage the collection of signatures under petitions, appeals, positions and statements opened to signature by the Controller. To handle the submission of petitions, appeals, positions and statements to their recipients and to inform the signatories about the way they were considered.
- for processing of the matters related to the support provided by the sympathizers and the donors (e.g. bookkeeping related to the donations, sending the expressions of gratitude),
- handling the recruitment processes and concluding the agreements resulting from these processes (e.g. civil law agreements or employment agreements).
Who has access to data?
The data is available to:
- the members of the Board and the Supervisory Committee (without limitations),
- the people who are members of the Federation’s General Assembly (within the scope necessary to carry out their statutory functions),
- the Controller’s associates and employees (e.g. for the person coordinating Krakow Center of Equality DOM EQ within the scope limited to its support),
- the people who are the Controller’s volunteers (within the scope limited to their functions e.g. organizing events, carrying out marketing and social campaigns, providing psychological or legal counselling),
- the providers of external services (e.g. bookkeeping, hosting, auction services, crowdfunding services, analytics services etc.) within the scope necessary to provide the services,
- the individual and institutional donors within the scope necessary to report the way the granted financial support was spent by the Controller.
- the recipients of petitions, appeals, positions, statements (within the scope necessary to disclose the lists of people who support the abovementioned documents
The Controller processes the data on following legal basis:
- Article 6.1.a) GDPR (data subject’s consent) as regards the data processed to distribute the newsletter, bulletin and similar communication and as regards the signatures under petitions, appeals, positions and statements opened to signature by the Controller,
- Article 6.1.b) GDPR (contracts and steps prior to entering into a contract) as regards the voluntary service agreements, recruitments, provision of psychological and legal counselling and donation agreements,
- Article 6.1.c) GDPR (i.e. legal obligation) as regards the data which must be provided in relation to the performance of a concluded contract (e.g. data related to social security or taxation),
- Article 6.1.d) GDPR (i.e. protection of vital interest of the data subject or another person) when processing is necessary to protect life or health of a person asking for the Controller’s help or a person whose assistance by the Controller is necessary,
- Article 6.1.f) GDPR (i.e. legitimate interest) as regards the data used in the reports for the individual or institutional donors or as regards the data used to express the gratitude for the provided support as well as in relation to the data used for marketing purposes.
Submitting personal data is voluntary. Failure to submit the data makes impossible taking part in an event, receiving the bulletin or other similar communication, using legal or psychological counselling, signing the petition or other document, taking part in a recruitment, concluding a contract with the Controller.
In cases provided for by law (including but not limited to labour and social security or tax law) submitting the data is compulsory
W wypadkach wskazanych w przepisach prawa (w szczególności prawa pracy i ubezpieczeń społecznych lub prawa podatkowego) podanie danych jest obowiązkowe.
Till when the data is processed?
Controller processes the data for as long as it is necessary to fulfil the goals referred to in the Policy. The data processed under the terms of:
- consent are processed till its withdrawal. The consent withdrawal produces results only for the future,
- contract are processed for its effective period and for the time set for in the provision of law (e.g. labour law) or for the time necessary to make claims or defend against the claims,
- legal obligation are processed for the time resulting from the provisions of law and necessary to comply with the obligation,
- vital interest for the time necessary for its protection,
- legitimate interest till the completion of reporting activities or till making the expressions of gratitude for the provided support.
The data subjects’ rights
The data subjects have the following rights:
- to access the data,
- to request rectification of data
- to request for erasure of data or restriction of processing,
- to object to the processing,
- right to data portability.
- right to withdraw the consent at any time,
- to file a complaint with the regulator (i.e. President of the Data Protection Auhority / Prezes Urzędu Ochrony Danych Osobowych)
The Controller does not carry out profiling activities.
Transfers out of European Economic Area
The Controller uses e-mail services delivered by Google. Depending on the situation, in case of submitting the personal data via e-mail, the data might be transferred to the servers out of European Economic Area. The transfer relies on standard contractual clauses approved by the European Commission.
Controller uses the statistical analysis of the traffic on Webpage through Google Analytics (Google Inc. with the seat in the USA). The Controller transfers to the provider only anonymized data and does not transfer any personal data. The service relies on the use of cookie files placed in the User’s end device. As regards the information related to the User’s preferences gathered through Google marketing network the User may look through and edit the information resulting from Cookie files thank to the tool:
Controller uses the remarketing techniques enabling to fit the marketing content to the User’s behavior on the Webpage. It may make impression the User’s personal data is used for tracing, however in practice there is no personal data transfer between the Controller and the marketing operators. Enabled cookie files service is the technical condition of operation of remarketing techniques.
The Controller uses Facebook pixel technology. This is a technique that enables Facebook service (Facebook Inc. with the seat in the USA) to know that the user registered on Facebook uses the Webpage. In this case Facebook relies on data in relation to which Facebook is the controller. The service relies on the use of Cookie files.
The Controller uses Cookie files referred to at the beginning of the Policy. The Controller places the Cookie file on the User’s end device and has access to their content. The Cookie files are used to carry out the goals described above in the part called Marketing techniques. The Cookies used by the Webpage are stored in the User’s end device for the time indicated in these files or till their removal by a User. Usually the Internet browsers enable by default the storage of Cookie files in the Users’ end devices. The browsers enable also deletion or automatic blocking of the Cookie files. If a User does not want to receive the Cookie files or wants to block them it is necessary to refer to the browser settings. Below are the links to the instructions of the most common browsers:
For mobile devices:
The Cookie files placed on the User’s end devices might be used by the entities cooperating with the Controller, i.e. Google (Google Inc. with the seat in the USA), Facebook (Facebook Inc. with the seat in the USA), Twitter (Twitter Inc. with the seat in the USA)