The General Data Protection Regulation, known as GDPR (General Data Protection Regulation), is a legal regulation of the European Union that came into effect on May 25, 2018. The GDPR introduces new rules for the protection of personal data of the European Union and its citizens. The Jankowo Foundation's service adheres to these principles in accordance with the regulations presented below:
- Principle of legality, fairness, and transparency: Personal data may only be processed in a manner that is lawful, fair, and transparent to the data subject.
- Purpose limitation: Personal data may only be collected and processed for specific, explicit, and legitimate purposes and may not be further processed in a manner inconsistent with those purposes.
- Data minimization: Processed personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
- Accuracy: Personal data must be accurate and, where necessary, kept up to date. Any outdated or inaccurate data should be deleted or corrected.
- Storage limitation: Personal data may only be stored for the period necessary to achieve the purposes for which they are processed.
- Integrity and confidentiality: Personal data must be processed in a way that ensures appropriate security, including protection against unauthorized access, loss, damage, or disclosure.
- Accountability and transparency: Entities processing personal data must document compliance with GDPR regulations and be prepared to provide information to supervisory authorities upon request.
Rights of the data subjects: The GDPR grants numerous rights to individuals whose data is processed, including the right to access the content of their data, the right to have it corrected, the right to be forgotten (data deletion), the right to data portability, and others.
- Consent: If the processing of personal data is based on consent, this consent must be expressed in a clear and unambiguous manner.
- Data controller obligations: Data controllers are required to appoint a data protection officer (DPO) in certain cases, monitor compliance with GDPR regulations, and report data breaches.
- Transfer of data to third countries: The transfer of personal data to countries outside the EU or EEA is permitted only under specific conditions and must meet certain criteria.
- Data breaches: In the event of a data security breach, data controllers are required to report the incident to the supervisory authority and notify the individuals whose data may have been compromised if it is likely that the breach will have a negative impact on their rights and freedoms.
Rights of the data subjects:
- Right of access: You have the right to access your data that is being processed. At any time, you can download a copy of your data. This can be done using Google tools or other tools provided for this purpose. For security reasons, you may be subject to verification. After successful verification, you will be able to download your data with appropriate security measures.
- Right to data deletion: You have the right to request the deletion of your data. If after requesting data deletion it turns out that we are legally obliged to continue processing your data, we will inform you of this.
- Right to data rectification: You can exercise the right to rectification if you notice that your personal data is incorrect or incomplete. In such a case, we commit to removing any inconsistencies or errors in the data we process and to completing it if it is incomplete.
- Right to restrict data processing and storage: Upon your request, we will limit data processing to storage only. We will cease other activities related to data processing.
- Right to data portability: Upon your request, we will provide you with your data, but remember to specify who will receive it.
- Right to object to profiling: At any time, you can object to data storage and request its deletion. However, before you express your objection, be aware that this will result in the deletion of your email address from the Jankowo Foundation's service data and the loss of all your activity history. After exercising the right to object, log out of the Jankowo Foundation's site on all devices and clear your cookies.
- Right to object to direct marketing: You have the right to object to direct marketing.
- This policy applies to the website operating at the URL: https://jankowo.org/.
- The owner of the service and the Personal Data Administrator is the Jankowo Foundation.
- The contact email address of the operator: firstname.lastname@example.org.
- The Administrator of your personal data provided voluntarily on the Website is the Operator.
- The Service uses personal data for the following purposes: managing newsletters, managing the comment system, handling inquiries through forms, presenting offers or information.
- The Service collects information about users and their behavior through voluntarily provided data in forms, which are entered into the Operator's systems, and by saving cookies ("cookies") on the end-users' devices.
SELECTED DATA PROTECTION METHODS USED BY THE OPERATOR
- Data entry areas are protected by a secure transmission layer (SSL certificate). This means that personal data entered on the website is encrypted on the user's computer and can only be read on the target server.
- Personal data stored in the database is encrypted in such a way that only the Operator holding the key can read it. This ensures data protection in the event of a security breach of the database from the server.
- User data is stored in encrypted form. Hashing is a one-way function that prevents its reversal, which is the contemporary standard for storing user data.
- The Operator periodically changes its administrative passwords.
- Data protection includes regular data backups performed by the Operator.
- An important aspect of data protection is the regular updating of all software used by the Operator to process personal data, including regular updates of software components.
- The service is hosted (technically maintained) on the operator's servers: cyber_Folks.
YOUR RIGHTS AND ADDITIONAL INFORMATION ABOUT THE USE OF DATA
- In some situations, the Administrator has the right to share your personal data with other recipients if it is necessary to fulfill the obligations incumbent on the Administrator. This applies to the hosting company covered by the data processing agreement and authorized bodies.
- Your personal data is processed by the Administrator no longer than is necessary for the purposes related to the provision of the service. For marketing data, the data will not be processed for more than 3 years.
- You have the right to request from the Administrator access to your personal data, their correction, deletion, restriction of processing, and data portability.
- You have the right to object to the processing of personal data for the realization of legally justified interests by the Administrator, including profiling. However, the right to object cannot be exercised if there are valid legally justified reasons for processing, overriding your interests, rights, and freedoms, especially concerning establishing, investigating, or defending claims.
- You have the right to lodge a complaint with the President of the Office for Personal Data Protection against the Administrator's actions.
- The provision of personal data is voluntary.
- Automated decision-making, including profiling for direct marketing purposes conducted by the Administrator, may apply to you.
- Personal data is not transferred to third countries within the meaning of data protection regulations. This means that we do not transfer them outside the European Union.
INFORMATION IN FORMS
- The Service collects information provided voluntarily by the user, including personal data if they have been provided.
- The Service may record information about connection parameters (timestamp, IP address).
- In some cases, the Service may save information facilitating the linking of data in the form with the email address of the user filling out the form. In such a case, the user's email address appears in the URL of the page containing the form.
- Data provided in the form are processed for the purpose resulting from the specificity of the form, for example, to make a donation to the Jankowo Foundation or other organizations through the Jankowo Foundation for a clearly indicated purpose and handling of this process, registration for the newsletter service, etc. Each time the context and description of the form clearly inform what it is for.
Information on users' behavior on the site may be logged. This data is used to administer the service.
KEY MARKETING TECHNIQUES
- The Operator uses an automated solution enabling the personalization of the Service's actions towards users, e.g., sending email messages to users after visiting specific subpages, if the user has consented to receive commercial correspondence from the Operator.
INFORMATION ABOUT COOKIES
- Cookies are IT data, in particular, text files, which are stored on the Service User's end device and are intended for use with the Service's websites. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.
- The entity placing cookies on the Service User's end device and accessing them is the Service operator. Cookies are used to maintain the user's session on the Service.
- To achieve the objectives specified above in the "Key Marketing Techniques" section.
- The Service uses two basic types of cookies: "session" and "permanent". "Session" cookies are temporary files that are stored on the User's end device until leaving the Service, leaving the website, or closing the web browser software. "Permanent" cookies are stored on the User's end device for the time specified in the cookies' parameters or until they are deleted by the User.
- Web browsing software (web browser) usually allows the storage of cookies on the User's end device by default. Service Users can change the settings for cookies. Web browsers allow for the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the web browser.
- Cookies placed on the Service User's end device may also be used by entities cooperating with the Service operator, in particular, this applies to such companies as Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
MANAGING COOKIES – HOW TO PRACTICALLY EXPRESS AND WITHDRAW CONSENT
- If the user does not want to receive cookies, they can change the settings of their browser. We inform you that disabling the handling of cookies necessary for authentication processes, security, and maintaining user preferences may make it difficult, and in extreme cases, prevent the use of websites.
- To manage cookie settings, select from the list below the web browser you are using and follow the instructions: Edge , Internet Explorer , Chrome , Safari , Firefox , Opera .
- Mobile devices: Android , Safari (iOS) , Windows Phone .