This website uses cookies to deliver services in accordance with the Privacy Policy. You can independently define the conditions for storing or accessing cookies in your browser.

Privacy Policy

Introduction

This document – issued based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) – hereinafter as GDPR or general regulation and the Act of May 10, 2018 on personal data protection (Journal of Laws, item 1000), hereinafter referred to as theAct – is referred to in the common language as the Privacy Policy.

The types of personal data collected, gathered and processed are a result of the way you use the website – and thus provide certain information (personal data) to the Personal Data Controller. At each stage, personal data is subject to the protection required by law and the data subject has a number of rights related to the processing of their data, which are described in this document.

 

Who collects, gathers and processes personal data?

The Controller of the personal data is the Centaurus Foundation – International Organization for Animals and Ecology, based in Wrocław, 6-8 Wałbrzyska Street, 52-314 Wrocław, entered in the register of associations, other social and professional organizations, foundations and independent public health care institutions kept in the National Court Register by the District Court in Wrocław, 6th Economic Department of the National Court Register under the number KRS 0000257551, REGON (National Business Registry Number) 020319750, NIP (Tax ID) 8982093147.

Contact to the Personal Data Controller:

  1. e-mail biuro@kancelarie-warszawa.com.pl

Contact to the Personal Data Inspector:

  1. e-mail biuro@kancelarie-warszawa.com.pl

 

What data are processed?

All information and data are provided voluntarily by Donors.

If the User contacts the Controller, the following data may be processed:

  1. first and last name,

  2. correspondence address,

  3. e-mail address,

  4. phone number

– depending on how the contact is established.

We process data from cookies stored on the User’s device.

If the User supports a fundraiser, the data from the transfers are processed.

If the User subscribes to the newsletter – the data provided by the donor, in particular the email address.



Legal basis for processing personal data.

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

  2. Act dated May 10, 2018 on the protection of personal data (Journal of Laws item 1000).

Compliance of processing with the law

Article 6 of the GDPR

  1. Processing is lawful only if, and to the extent that, one or more of the following conditions are met:

  1. the data subject have given their consent to the processing of their personal data for one or more specified purposes;

  2. processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract;

  3. processing is necessary for the fulfillment of the legal obligation of the Controller;

  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

  6. processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Paragraph 1 let. f) does not apply to processing carried out by public authorities in the performance of their tasks.

Conditions for consent

Article 7 of the GDPR

  1. If the processing is based on consent, the Controller must be able to demonstrate that the data subject has consented to the processing of their personal data.

  2. If the data subject gives their consent in a written statement that also addresses other issues, the request for consent must be presented in a way that makes it clearly distinguishable from the other issues, in an understandable and easily accessible form, in clear and simple language. The part of such a statement made by the data subject that constitutes a violation of this Regulation shall not be binding.

  3. The data subject has the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. The data subject is informed of this before giving consent. Withdrawal of consent must be as easy as giving it.

  4. In assessing whether consent was given voluntarily, the greatest possible consideration shall be given to whether, among other things, the performance of a contract, including the provision of a service, depends on consent to data processing, if the processing of personal data is not necessary for the performance of that contract.

Conditions for the child's consent in the case of information society services

Article 8 of the GDPR

  1. If Article 6(1)(a) applies, in the case of information society services offered directly to a child, it is lawful to process the personal data of a child who has reached the age of 16. If the child is under the age of 16, such processing is lawful only in cases where consent has been given or it was approved by the person with parental authority or custody of the child and only to the extent of the consent given.

Member States may provide for a lower age limit in their laws, which must be at least 13 years old.

  1. In such cases, the Controller, taking into account the available technology, shall make reasonable efforts to verify that the person with parental authority or custody of the child has given consent or approved it.

  2. Sec. 1 does not affect general provisions of the contract law of the Member States, such as provisions on the validity, conclusion or effect of a contract with respect to a child.

Processing of special categories of personal data

Article 9 of the GDPR

  1. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning that person's health, sexuality or sexual orientation is prohibited.

  2. Sec. 1 does not apply if one of the following conditions is met:

    1. the data subject has expressly consented to the processing of such personal data for one or more specific purposes, unless the law of the European Union or a Member State provides that the data subject may not waive the prohibition referred to in sec. 1;

    2. processing is necessary for the fulfillment of obligations and the exercise of specific rights by the Controller or the data subject in the fields of labor law, social security and social protection, insofar as authorized by the law of the European Union or a Member State, or by a collective agreement under the law of a Member State providing adequate safeguards for the fundamental rights and interests of the data subject;

    3. processing is necessary to protect the vital interests of the data subject or another natural person, and the data subject is physically or legally incapable of giving consent;

    4. processing shall be carried out within the framework of legitimate activities carried out with appropriate safeguards by a foundation, association or other non-profit entity with political, philosophical, religious or trade union purposes, provided that the processing concerns only members or former members of the entity or persons in regular contact with it in connection with its purposes and that the personal data are not disclosed outside the entity without the consent of the data subjects;

    5. processing concerns personal data made public in an obvious manner by the data subject;

    6. processing is necessary to establish, assert or defend claims or within the scope of administration of justice by the courts;

    7. processing is necessary for reasons of substantial public interest, on the basis of the law of the European Union or a Member State, which are proportionate to the stated purpose, do not violate the essence of the right to data protection, and provide for adequate and concrete measures to protect the fundamental rights and interests of the data subject;

    8. processing is necessary for the purposes of preventive health or occupational medicine, assessment of the employee's fitness for work, medical diagnosis, provision of health care or social security, treatment or management of health care or social security systems and services on the basis of the law of the European Union or a Member State or in accordance with a contract with the health care professional and subject to the conditions and safeguards referred to in sec. 3;

    9. processing is necessary for reasons of public interest in the field of public health, such as protection against serious cross-border health threats or ensuring high standards of quality and safety of health care and medicinal products or medical devices, on the basis of the law of the European Union or a Member State, which provides for appropriate specific measures to protect the rights and freedoms of data subjects, in particular professional secrecy;

    10. processing is necessary for archival purposes in the public interest, for scientific or historical research, or for statistical purposes in accordance with Article 89(1), on the basis of the law of the European Union or a Member State, which are proportionate to the designated purpose, do not prejudice the essence of the right to data protection, and provide for appropriate specific measures to protect the fundamental rights and interests of the data subject.



Donor's rights – what can be requested?

Information provided when collecting data from a data subject

If the personal data of the data subject is collected from the data subject, the Controller shall provide the data subject with all of the following information when obtaining the personal data:

  1. the Controller’s identity and contact information and, when applicable, the identity and contact information of their representative:

Centaurus Foundation – International Organization for Animals and Ecology, based in Wrocław, 6-8 Wałbrzyska Street, 52-314 Wrocław, entered in the register of associations, other social and professional organizations, foundations and independent public health care institutions kept in the National Court Register by the District Court in Wrocław, 6th Economic Department of the National Court Register under the number KRS 0000257551, REGON (National Business Registry Number) 020319750, NIP (Tax ID) 8982093147.

  1. where applicable – the contact information of the Data Protection Officer:

e-mail - biuro@kancelarie-warszawa.com.pl

mailing address – Kancelaria Adwokacka, ul. Biała 4/20B, 00-895 Warszawa,

  1. purposes of the processing of personal data and the legal basis for the processing:

- on the basis of Article 6(1)(a) of the GDPR, i.e. on the basis of expressed consent to the processing of personal data (e.g. acceptance of the Regulations),

- on the basis of Article 6(1)(b) of the GDPR, i.e. when the processing is necessary for the performance of a contract to which the data subject is a party (e.g. contracts concluded with the Controller),

- on the basis of Article 6(1)(c) of the GDPR, i.e. when processing is necessary for the fulfillment of a legal obligation (e.g. an obligation of public authorities),

- on the basis of Article 6(1)(e) of the GDPR, i.e. the processing is necessary for the performance of a task carried out in the public interest (e.g. informing about the Controller's statutory goals, informing about collections, appeals for help),

- on the basis of Article 6(1)(f) of the GDPR, i.e. when processing is necessary for the purposes of the legitimate interests pursued by the Controller,

  1. information about recipients of personal data or categories of recipients, if any:

the recipients of the personal data – except for the Controller – will be exclusively entities authorized to obtain personal data pursuant to the provisions of law,

  1. the period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

- processing on the basis of Article 6(1)(a) of the GDPR – until withdrawal of consent,

- processing on the basis of Article 6(1)(b) of the GDPR – for a period of 6 years / or based on the legitimate interest pursued by the Controller for a longer period,

- processing on the basis of Article 6(1)(c) of the GDPR – for a period of 50 years,

- processing on the basis of Article 6(1)(e) of the GDPR – for a period of 5 years or until the consent is withdrawn,

- processing on the basis of Article 6(1)(f) of the GDPR – for a period of 5 years or until withdrawal of consent,

  1. information about automated decision-making, including profiling,

the data will be processed automatically, including in the form of profiling;

User's rights – what can be requested?

  1. The User has the right to request from the Controller the access to personal data concerning the data subject.

  2. The User has the right to request the Controller to correct their personal data processed by the Controller.

The data subject has the right to request from the Controller the immediate correction of their personal data that is inaccurate. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.

  1. The User has the right to request the Controller to delete their personal data processed by the Administrator of the website.

The data subject has the right to request from the Controller the immediate erasure of personal data concerning them, and the Controller is obliged to erase the personal data without undue delay if one of the following circumstances applies:

    1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

    2. the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing;

    3. the data subject objects under Article 21(1) to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21(2) to the processing;

    4. the personal data has been processed in an unlawful manner;

    5. the personal data must be deleted in order to comply with a legal obligation under the law of the European Union or a Member State to which the Controller is subject;

    6. the personal data was collected in connection with the offering of information society services referred to in Article 8(1).

  1. The User has the right to request the Controller to restrict the processing of their personal data processed by the Controller,

The data subject has the right to request the Controller to restrict processing in the following cases:

  1. the data subject questions the accuracy of the personal data – for a period that allows the Controller to verify the accuracy of the data;

  2. processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction on its use;

  3. the Controller no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, assert or defend claims;

  4. the data subject has objected under Article 21(1) to the processing – until it is determined whether the legitimate grounds on the part of the Controller override the grounds for the data subject's objection.

  1. The User has the right to object to the processing of their personal data.

The data subject has the right to object at any time – for reasons related to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) or (f), including profiling under these provisions. The Controller shall no longer be allowed to process such personal data unless the Controller demonstrates the existence of valid legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.

Principles of data processing as part of campaigns

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), I would like to inform that:

1) the Controller of your personal data is Centaurus Foundation with its registered office in Wrocław, 6-8 Wałbrzyska Street, 52-314 Wrocław, entered in the register of associations, other social and professional organizations, foundations and independent public health care institutions kept in the National Court Register by the District Court in Wrocław, 6th Economic Department of the National Court Register under the number KRS 0000257551, REGON (National Business Registry Number) 020319750, NIP (Tax ID) 8982093147.

2) contact with the Data Protection Officer – biuro@kancelarie-warszawa.com.pl

3) your personal data is processed for the purpose necessary for the performance of a task carried out in the public interest – on the basis of Article 6(1)(e) and (f) and Article 9(2)(d) of the GDPR;

4) the recipients of your personal data – except for the Controller – will be exclusively entities authorized to obtain personal data pursuant to the provisions of law;

5) your personal data will be stored for a period of 10 years;

6) you have the right to request from the Controller the access to your personal data, their rectification or restriction of processing;

7) personal data may be processed also in the form of profiling;

8) you have the right to lodge a complaint with a supervisory authority.


Give support!
Cart