top of page

Privacy Policy

Policy on the processing of personal data of the Polistratos - Institute for Systemic Innovation Foundation (“Data Processing Policy” or “Policy”)

 

Introduction

The protection of privacy and the lawful processing of personal data is a top priority for the Polistratos Foundation (“Foundation”, “We”). The Foundation takes appropriate measures to ensure that the personal data of individuals with whom we work or whose data we otherwise process is protected. In this Policy we set out how we collect, use, store and otherwise process personal data. The Policy also sets out the rights of those whose data the Foundation processes and the basis on which those rights can be exercised. This Data Processing Policy applies to all cases where the Foundation processes personal data. Please read this document carefully. The Foundation may amend this Policy in response to changes in its operations, as well as the need to adapt its operations to the latest technological security requirements and as the law changes. The Foundation will provide advance notice of changes to this Policy.

 

The Foundation has developed the Policy by applying the principles arising from the General Data Protection Regulation 679/2016 (“GDPR”).

 

Who is responsible for processing personal data?

The Polistratos Foundation, with its registered office at ul. Nowogrodzka 18a/21,  00-511 Warsaw, NIP: PL7011155230, KRS 0001046942 is responsible for the processing of personal data. The Foundation is the controller of personal data within the meaning of Article 4(7) of the GDPR.

 

For matters relating to the processing of personal data, the Foundation’s Data Protection Officer can be contacted at info[at]polistratos.org.

 

How does the Foundation protect personal data?

We provide appropriate technical, physical, electronic and administrative safeguards to protect personal data from unauthorised access. We adhere to generally accepted standards to protect the personal information transmitted to us, both during transmission and once received. Unfortunately, the transmission of information over the Internet (including by email) is not completely secure. While we will do our best to protect personal information, we cannot guarantee the security of data sent to us – any transmission is at the sender’s own risk. Once we receive information that constitutes personal data, we will apply appropriate security procedures and policies to prevent unauthorised access to that data.

 

What rights do individuals have in relation to the processing of their personal data by the Foundation?

Individuals whose personal data is processed by the Foundation have the following rights under the provisions of the DPA:

  • Every person has the right to receive information regarding the processing of his or her personal data (in particular, information on the purpose for which the data is being processed, by whom it is being processed and to whom it has been disclosed, etc.).

  • Any data subject has the right to lodge a complaint with the Foundation regarding the processing of data and may lodge a complaint with the Office for the Protection of Personal Data, ul. Stawki 2, Warsaw, (https://uodo.gov.pl/).

  • Every data subject has the right to receive a copy of the data we process.

  • Any data subject has the right to request the erasure of personal data (if he or she considers that the Foundation has no right to process it) or to object to its processing.

  • Any data subject has the right to request the restriction of the processing of personal data.

  • Every data subject has the right to request the rectification or amendment of personal data.

  • You have the right to portability of your personal data.

  • In order to exercise your rights, you can contact the Foundation directly. Any request for access to data should be made in writing or by email. If there is any doubt about the identity of the person making the request, the Foundation will ask you to complete the request, in particular with the necessary identification data.

 

The Foundation will endeavour to respond to each request within 1 month. However, in more complex cases or in the event of multiple requests made at the same time, the Foundation may extend the deadline for response and we will inform you of this.

 

If you are interested in the Foundation’s activities or wish to support the Foundation’s activities, the Foundation will process your personal data:

 

1) If you agree to receive ongoing information from the Foundation, in which we will inform you about the Foundation’s activities, opportunities to support the Foundation, planned events and new initiatives

 

We process your personal data on the basis of Article 6(1)(a) GDPR, i.e. on the basis of your consent to the processing of your personal data. Your Consent may be withdrawn at any time, which does not affect the validity of personal data processing carried out prior to the withdrawal of consent; the scope of personal data processed by the Foundation includes your email address and telephone number.

 

2) When making a donation to the Foundation or supporting the Foundation in other ways, including by donating 1% of income tax

 

We process personal data to the extent necessary to handle such a donation and the 1% donation, including its proper accounting and reporting, and to thank you for your support. The legal basis for the processing of personal data is Article 6(1)(f) GDPR, i.e. our legitimate interest.

 

Can the Foundation transfer personal data to other entities?

In principle, the Foundation does not transfer personal data to other entities. However, in certain situations the transfer of personal data may be necessary or essential to achieve the purposes of the processing.

 

The Foundation may also transfer data to entities that help to achieve the Foundation’s objectives or help to carry out its activities. The purpose of the transfer of personal data is to enable the Foundation to fulfill its objectives and to carry out its activities. Most of these entities act as so-called processors (in accordance with Article 28 of the GDPR), but some of them may act as independent controllers of personal data. The entities to whom we may transfer personal data include the following categories:

  • Companies providing IT and server maintenance services,

  • Companies providing IT security services,

  • Companies providing telecommunications and similar services,

  • External legal advisers,

  • Banks,

  • Insurance companies,

  • IT companies that provide IT services,

  • Auditors.

 

We may also make personal data available in order to respond to requests made to the Foundation by authorised state and judicial authorities (e.g. prosecutors, courts, police, offices), as well as at the request of entities that co-fund our activities and control our use of funds.

 

Otherwise, we will not share data with third parties unless we have the consent of the data subjects to do so or we have an appropriate legal basis for doing so.

 

Does the Foundation process personal data outside the European Economic Area?

Some of our subcontractors (processors) are based outside the European Economic Area. When using their services, we may transfer data outside this area. However, we ensure that the transfer of data outside the EEA always respects the principles of the GDPR and is carried out in accordance with the law.

​

How long will we process personal data?

We will process personal data for the period necessary to fulfill the purposes referred to above and until we have fulfilled the legal obligations imposed on us. As a general rule, we will process personal data for 6 years after the end of the legal relationship between the Foundation and participants or grantees of programmes and projects run by the Foundation. This period is justified by the applicable limitation period for civil and tax claims in Poland. 

 

Does the Foundation carry out profiling?

The Foundation does not make any decisions on the basis of automated data processing systems. We also do not carry out profiling.

 

Links to other websites

The Foundation’s pages may contain links to websites. We endeavour to ensure that the links we include lead to websites with a high standard of personal data protection. However, we are not responsible for the use of personal data, security or content of these websites. Please read the privacy policies of these websites and their terms and conditions, as your use of these websites implies your compliance with the rules set out by their owners.

 

This version of the privacy policy was published on 28 August 2023.

POLISTRATOS

Institute for Systemic Innovation

Contact

Email: info[at]polistratos.org

ul. Nowogrodzka 18a/21

00-511 Warszawa

Poland

NIP: PL7011155230

Follow Us

Sign up to get the latest news on our consulting services.

Thanks for subscribing!

© 2023 Polistratos Institute. All rights reserved.

bottom of page