Website privacy policy

https://krdo.pl/

1. GENERAL PROVISIONS
   1. Administrator of personal data collected through the website https://krdo.pl/ is the Senior-Care Foundation, head office address: ul. Młynarska 3, 56-400 Oleśnica, delivery address: ul. Młynarska 3, 56-400 Oleśnica, NIP: 911 203 37 42, REGON: 385 473 450, entered in the Central Register and Information on Economic Activity, e-mail address rejestr@krdo.pl, hereinafter referred to as “Administrator”, who is also the Service Provider. Place of business activity: ul. ks. Franciszka Sudoła 28, 56-400 Oleśnica, delivery address: ul. ks. Franciszka Sudoła 28, 56-400 Oleśnica, NIP: 9111823413, REGON: 932884322, e-mail address rejestr@krdo.pl, hereinafter referred to as “Administrator”.
   1. Personal data collected by the Administrator through the website shall be processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals, with regard to the processing of personal data, and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR and the Personal Data Protection Act of 10 May 2018.
2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
   1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data through the website https://krdo.pl/ in the case of:
      1. the user using the contact form. Personal data is processed on the basis of art. 6 (1) (f) GDPR as a legitimate interest of the Administrator.
      2. the user subscribing to the Newsletter in order to send commercial information electronically. Personal data is processed after a separate consent has been given, on the basis of art. 6 (1) (a) GDPR.
   2. TYPE  OF  PERSONAL  DATA  PROCESSED. The  Administrator  processes  the  following categories of user’s personal data:
      1. Full name,
      2. Home address,
      3. E-mail address,
      4. Telephone number.
   3. ARCHIVING PERIOD FOR PERSONAL DATA. Personal data of users is stored by the Administrator: 
      1. where the processing is based on the performance of a contract, for as long as it is  necessary for the performance of the contract, and thereafter for a period corresponding to the limitation period. Unless otherwise provided by a specific provision, the statute of  limitations is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.
      2. where the basis for data processing is consent, for as long as the consent is not  revoked, and after the revocation of consent, for a period of time corresponding to the statute of limitations for claims which the Administrator may assert and which may be asserted against it. Unless otherwise provided by a specific provision, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.
   4. When using the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the internet provider, the domain name, the type of browser, the access time, the type of operating system.
   5. Navigation data may also be collected from users, including information about the links and links they choose to click on or other actions taken on the website. The legal basis for such actions is the legally justified interest of the Administrator (art. 6, item 1, (f) GDPR) to facilitate the use of electronically supplied services and to improve the functionality of those services.
   6. The provision of personal data by the user is voluntary.
   7. Personal data will also be processed in an automated way in the form of profiling, if the user agrees to this on the basis of art. 6 (1) (a) GDPR. The consequence of profiling will  be to assign a profile to a person in order to make decisions about them or to analyse or predict their preferences, behaviours and attitudes.
   8. The Administrator shall take particular care to protect the interests of the data subjects and, in particular, ensure that the data it collects is:
      1. processed lawfully,
      2. collected for marked, lawful purposes and not subjected to further processing incompatible with those purposes,
      3. factually correct and adequate for the purposes for which it is processed and stored in a form which permits the identification of the persons concerned for no longer than is necessary to achieve the purpose of the processing.
3. DISCLOSURE OF PERSONAL DATA
   1. Users’ personal data is transferred to service providers used by the Administrator to maintain the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Administrator’s  instructions regarding the purposes and methods of processing  this data (processors), or independently determine the purposes and methods of its processing (administrators).
   2. Personal data of users is stored only in the European Economic Area (EEA).
4. THE RIGHT TO CONTROL, ACCESS AND RECTIFY THEIR OWN DATA
   1. The data subject has the right to access the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the  right to object, the right to withdraw consent at any time without affecting the compliance with the right of processing, which was carried out on the basis of consent before its withdrawal.
   2. Legal basis of the User’s request:
      1. Access to data – Art.15 GDPR.
      2. Data rectification – Art.16 GDPR.
      3. Data deletion (the so-called Right to be forgotten) – Art.17 GDPR.
      4. Restriction of processing – Art. 18 GDPR.
      5. Data transfer – Art. 20 GDPR.
      6. Objection – Art. 21 GDPR.
      7. Consent withdrawal – Art. 7, item 3 GDPR.
   3. In order to exercise the powers referred to in point 2, an appropriate e-mail may be sent to: rejestr@krdo.pl.
   4. If a user makes a claim based on the above rights, the Administrator shall comply with the claim or refuse to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator is not able to fulfill the request within one month, it will fulfill the request within another two months by informing the user about the intended extension of  the deadline and the reasons for it within one month of receiving the request.
   5. If it is found that the processing of personal data violates the provisions of GDPR, the data subject has the right to file a complaint with the President of the Office for Personal Data Protection.
5. “COOKIES”
   1. The Administrator’s website uses “cookies”.
   2. The installation of cookies is necessary for the proper provision of services on the website. The cookies contain information necessary for the proper functioning of the website; they also provide the possibility to compile general statistics on website visits.
   3. The site uses the following types of “cookies”: session and permanent
      1. “Session cookies” are temporary files that are stored in the user’s terminal device until logging out (leaving the site).
      2. “Permanent cookies” are stored in the user’s terminal device for the time specified in the cookie parameters, or until they are deleted by the user.
   4. The administrator uses its own cookies in order to better understand how the user interacts with the content of the website. The files collect information about the user’s use of the website, the type of website the user was redirected from, as well as the number of visits and the time of the user’s visit to the website. This information does not record specific personal data of the user, but is used to compile statistics on the use of the site.
   5. The user has the right to decide on the access of “cookies” to their computer by selecting them in advance, in the window of their browser. Detailed information about the possibility and methods of using “cookies” is available in your software (web browser) settings.
6. FINAL PROVISIONS
   1. The Administrator shall apply technical and organisational measures ensuring the protection of the personal data processed, appropriate to the risks and categories of the protected data, and in particular, shall protect the data against their disclosure to unauthorised persons, seizure by unauthorised persons, processing in violation of applicable regulations, as well as against data alteration, loss, damage or destruction.
   2. The Administrator provides appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data sent electronically.
   3. In matters not governed by this privacy policy, the GDPR and other relevant provisions of Polish law shall apply accordingly.