DonateWise sp. z o.o. having its registered office in Warsaw (02-662 at Świeradowska street 47, registered in the National Court Register under the number KRS 0000872831, with the following identification numbers: NIP (tax identification number) 5213914956 and REGON (business activity number) 387707662 for processing of personal data collected from users of donate-wise.org (hereinafter: the “Website”).
The Policy complies with the information duty resulting from:
Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, of 04.05.2016, p. 1) (hereinafter: GDPR).
1. Personal data – as stipulated by Article 4(1) of GDPR means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data controller
2. The controller of personal data of Users of the Website is:
DonateWise sp. z o.o. with its registered office in Warsaw (02-662) at ul. Świeradowska 47, registered in the National Court Register under the number KRS 0000872831, NIP (tax identification number) 5213914956, REGON (business activity number) 387707662.
The individual in charge of personal data protection and the Data Protection Officer is:
Filip Jaraczewski, tel. 791 669 696
Basis, purpose and scope of processing
3. The data controller declares that the personal data of users are processed in compliance with:
(Article 6(1b)), i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (Article 6 (1a)), i.e., the data subject has given consent to the processing of his or her personal data for marketing purposes.
4. The data controller shall process personal data for performance of the contract (provision of webinar training services) or for the purpose indicated in the consent. The data controller shall process personal data only to the extent necessary for those purposes and for a period necessary for performance of the contract, or until a website user revokes his or her consent.
5. The following personal data of Website users are collected in the Controller’s Website at donate-wise.org:
– Full name;
– E-mail address;
– Phone number
6. The recipients (processors) of personal data shall be: Entity providing maintenance services for donate-wise.org as well as entities providing IT services for DonateWise sp. z o.o., including entities not based in the European Economic Area. Exchange of personal data with those entities in governed by a data processing agreement.
7. Personal data of Website Users are not made available to third parties, except where granting access to such data results from applicable law under which the personal data Controller is obliged to transfer the data to authorised entities.
8. The Controller collects website logs, yet without relating them to personal data in any manner. Based on the log files, statistical information may be generated for administration purposes. Collective summaries in form of such statistical information shall not contain any characteristics identifying visitors to the Website.
Rights of Users. Right of access
In accordance with Articles 15 – 22 of GDPR, all users have the following rights:
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. In accordance with Article 15, the Controller shall provide a copy of the personal data undergoing processing to the data subject.
The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based
c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, pending their rectification
b) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
c) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
7. Users may exercise their rights in form of sending a relevant request to email@example.com. To enable correct identification, the request should be sent from the e-mail address used for registration. It is implementation of Article 12(6) of GDPR. The request may be also submitted by mail – the user should send a registered letter with the request to the postal address of the Company managed by the Controller.
8. As stipulated by the law, the Controller shall respond to the requesting user within up to one month, specifying the steps undertaken. If such steps are not undertaken, the Controller shall inform the requesting user accordingly.
9. The Controller’s activity is subject to complaint lodged with a supervisory authority.
The Website is equipped with safety measures in order to protect personal data controlled by the Controller against loss, improper use and modification. The Controller holds relevant documentation and has implemented appropriate procedures related with protection of personal data in the company.
The Controller ensures that all disclosed information are protected in compliance with the applicable law and safety protection standards, in particular:
a) The personal data collected by the Controller may be directly accessed, in compliance with Article 29 of GDPR, only by authorised employees or business partners of the data Controller and authorised individuals managing the Website, holding relevant authorisations.
b) The Controller declares that in compliance with Article 28 of GDPR, where provision of services is to be carried out on behalf of the Controller by other entities, the partners are required by the Controller to ensure appropriately high standards of protection of the personal data to be processed, to enter into relevant processing agreements confirming that the standards are applied by the partners and that the entities’ compliance with such standards is subject to control.
c) In order to ensure due protection for services provided electronically, the Website Controller applies a high level of safeguards, including cryptographic protection of personal data transmission (SSL protocol) in accordance with section C to the Regulation of the Minister of Internal Affairs and Administration on recording of processing of personal data as well as technical and organisational conditions to be met by IT devices and systems used for processing of personal data of 29 April 2004 (Journal of Laws of 2004 No. 100, item 1024).
d) Due to the public nature of the Internet, use of services provided electronically may involve risks, irrespectively of due diligence applied by the data Controller.
Cookies. Reference to other websites
1. The website uses “session” cookies (stored until the user leaves the website or closes the browser) and permanent cookies (stored in the user’s computer for a certain period).
2. Users of the website can modify the corresponding settings. The browser allows for deleting and blocking files. For detailed information, refer to the Help section or documentation of the browser
3. If cookies are disabled, certain functionalities of the website will be usually limited or blocked.
Third party cookies:
2. The cookies used by the donate-wise.org webpages do not store personal data.
2. The data controller reserves the right to implement changes, to withdraw or modify functions or properties of webpages of the Website, and to discontinue their activity, to transfer the rights to the Website and to perform any legal operations allowed by the applicable law.