Privacy policy

of the website: signforworld.org

 

 

Introduction

This document – issued on the basis of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation) (Text with EEA relevance) – hereinafter referred to as the GDPR or General Regulation, and Act on the protection of personal data of 10 May 2018 (Journal of Laws, item 1000, as amended), hereinafter referred to as the Act – is referred to in everyday language as the Privacy Policy.

In order to carry out tasks in the public interest, in particular by submitting petitions to the relevant authorities, supporting the statutory objectives of the Centaurus Foundation and to protect the fundamental rights and freedoms of all natural and legal persons using the website signforworld.org, in particular their right to personal data protection, the principles of personal data processing and their use are regulated.

The types of personal data collected, collected and processed result from the way in which the website is used – and thus provides certain information (personal data) to the Personal Data Controller. At each stage, personal data are subject to the protection required by law, and the data subject has a number of rights related to the processing of his or her data, the rights of which are described in this document.

Who collects, gathers and processes personal data.

The controller of the personal data is the Controller of the website signforworld.org, i.e. the Centaurus Foundation – International Organization for Animals and Ecology with the registered office in Wrocław, ul. Wałbrzyska 6-8, 52-314 Wrocław, entered into the register of associations, other community-based and professional organizations, foundations and independent public health care facilities kept in the National Court Register by the District Court in Wrocław, 6th Commercial Division of the National Court Register under KRS number 0000257551, REGON 020319750, NIP 8982093147

Contact to the Personal Data Controller:

  1. e-mail kontakt@centaurus.org.pl
  2. Address for correspondence

Centaurus Foundation – International Organization for Animals and Ecology in Wrocław, ul. Wałbrzyska 6-8, 52-314 Wrocław

Contact to the personal data inspector:

  1. e-mail kancelaria@u-ska.pl
  2. correspondence address – Kancelaria Adwokacka Uszyński SKA, ul. Broniewskiego 48/127, 01-771 Warsaw.

What kind of data are processed.

All information and data are provided by the signers who voluntarily sign the documents when using the website, e.g. when signing petitions, they fill in the appropriate fields of the form and accept the form. The website Controller sends a message to the provided e-mail address containing a link, the acceptance of which constitutes the consent to the processing of personal data in accordance with the principles set out in the Privacy Policy and the Personal Data Protection Policy.

If the Signer signs the petition, the following data are processed:

  1. First name and last name.
  2. E-mail address.
  3. Phone number (optional).
  4. Correspondence address (optional)

– depending on the method of contact.

We process data from cookies stored on your device.

If you subscribe to the newsletter, the following data are processed:

  1. Email address.
  2. Mailing address (optional)

– depending on the method of contact.

We process data from cookies stored on your device.

Legal basis for the processing of personal data and their use.

  1. The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance),
  2. Act on the protection of personal data of 10 May 2018  (Journal of Laws, item 1000, as amended),
  3. Act on petitions of 11 July 2014 (Journal of Laws of 2018, item 870, as amended).

Lawfulness of processing

Article 6 of the GDPR

  1. The processing is lawful only if – and to the extent that – at least one of the following conditions is met:
  1. the data subject has consented to the processing of their personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract;
  3. processing is necessary to fulfil the legal obligation imposed on the controller;
  4. processing is necessary to protect the vital interests of the data subject or another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.

Point f of the first paragraph does not apply to processing carried out by public authorities during the performance of their tasks.

Terms of consent

Article 7 of the GDPR

  1. If processing is based on consent, the controller must be able to demonstrate that the data subject has consented to the processing of his or her personal data.
  2. If the data subject gives consent in a written declaration that also covers other matters, the request for consent must be presented in a way that is clearly distinguishable from the other matters, in an intelligible and easily accessible form, in clear and plain language. The part of such a declaration by the data subject that constitutes a breach of this Regulation shall not be binding.
  3. The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on the consent before such a withdrawal. The data subject is informed about this before he or she gives the consent. Withdrawing consent must be as easy as giving it.
  4. When assessing whether the consent has been given voluntarily, the utmost possible account shall be taken of whether, among other things, the performance of the contract, including the provision of a service, is dependent on the consent to data processing, if the processing of personal data is not necessary for the performance of this contract.

Conditions that must be met when the child gives the consent to data processing in the event of information society services

Article 8 of the GDPR

  1. If Article 6 section 1a) shall be applied, in the case of information society services offered directly to a child, the processing of personal data of a child who is over 16 years old is lawful. If the child is under 16 years old, such processing is lawful only if the consent has been given or approved by the person exercising parental authority or custody of the child and only to the extent of the consent expressed.

Member States may provide for a lower age in their law, which must be at least 13 years old.

  1. In such cases, the controller, taking into account available technology, makes reasonable efforts to verify whether the person exercising parental authority or custody of the child has consented or approved it.
  2. Section 1 does not affect the general provisions of law or contracts of the Member States, such as provisions on the validity, conclusion or effects of the contract towards the child.

Processing of special categories of personal data

Article 9 of the GDPR

  1. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data in order to clearly identify a natural person or data concerning health, sexuality or sexual orientation of that person is prohibited.
  2. Section 1 shall not apply if one of the following conditions is met:
    1. the data subject has given explicit consent to the processing of those personal data for one or more specific purposes, unless Union or Member State law provides that the data subject may not derogate from the prohibition referred to in section 1;
    2. processing is necessary for the fulfilment of obligations and the exercise of specific rights by the controller or the data subject in the field of labour law, social security and social protection, insofar as this is permitted by Union or Member State law or by collective agreement under the law of a Member State providing for appropriate safeguards for the fundamental rights and interests of the data subject;
    3. the processing is necessary to protect the vital interests of the data subject or of another natural person and the data subject is physically or legally incapable of giving consent;
    4. processing is carried out as part of authorized activities performed with appropriate safeguards by a foundation, association or other non-profit entity with political, ideological, religious or trade union purposes, provided that the processing only concerns members or former members of this entity or persons maintaining permanent contacts with it in connection with its purposes and that personal data are not disclosed outside this entity without the consent of the data subjects;
    5. the processing concerns personal data which have been clearly made public by the data subject;
    6. the processing is necessary for the establishment, exercise or defence of legal claims or in the administration of justice by the courts;
    7. processing is necessary for reasons of important public interest, on the basis of Union or Member State law, which are proportionate to the objective pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to protect the fundamental rights and interests of the data subject ;
    8. processing is necessary for the purposes of preventive health care or occupational medicine, for the assessment of an employee’s fitness to work, for medical diagnosis, for the provision of health care or social security, for treatment or for the management of health care or social security systems and services on the basis of Union or Member State law or in accordance with contract with a health care professional and subject to the conditions and safeguards referred to in section 3;
    9. processing is necessary for reasons of public interest in the field of public health, such as protecting against serious cross-border health threats or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices, on the basis of Union law or the law of a Member State which provides for appropriate, specific measures to protect the rights and freedoms of data subjects, in particular professional secrecy;
    10. processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 section 1, on the basis of the Union or Member State law, which are proportionate to the objective pursued, do not infringe the essence of the right to data protection and provide for appropriate, specific measures to protect the fundamental rights and interests of the data subject.

User rights – what you can request.

Information provided when data are collected from the data subject

If the personal data of a data subject are collected from that person, the controller shall provide the data subject with all of the following information when obtaining the personal data:

  1. the controller’s identity and contact details and, where applicable, the identity and contact details of the controller’s representative:

Centaurus Foundation – International Organization for Animals and Ecology based in Wrocław, ul. Wałbrzyska 6-8, 52-314 Wrocław, entered into the register of associations, other community-based and professional organizations, foundations and independent public health care facilities kept in the National Court Register by the District Court in Wrocław, 6th Commercial Division of the National Court Register under KRS number 0000257551, REGON 020319750, NIP 8982093147

  1. where applicable, contact details of the data protection officer:

name and name – Daniel Uszyński

e-mail – kancelaria@u-ska.pl

correspondence address – Kancelaria Adwokacka Uszyński SKA, ul. Wł. Broniewskiego 48/127, 01-771 Warsaw,

  1. purposes of personal data processing, and legal basis for processing:

– on the basis of Article 6 section 1a of the GDPR, i.e. based on the expressed consent to the processing of personal data (e.g. acceptance of the Regulations),

– on the basis of Article 6 section 1b of the GDPR, i.e. when processing is necessary for the performance of a contract to which the data subject is a party (e.g. contracts concluded with the Controller),

– on the basis of Article 6 section 1c of the GDPR, i.e. when processing is necessary to fulfil a legal obligation (e.g. obligation of public authorities),

– on the basis of Article 6 section 1e of the GDPR, i.e. processing is necessary to perform a task carried out in the public interest (e.g. information about the Controller’s statutory purposes, information about collections, appeals for help),

– on the basis of Article 6 section 1f of the GDPR, i.e. when processing is necessary for the purposes of legitimate interests pursued by the Controller,

  1. information about the recipients of personal data or categories of recipients, if any:

the recipients of personal data – apart from the controller – will only be entities authorized to obtain personal data on the basis of legal provisions,

  1. the period for which personal data will be stored, and if this is not possible, the criteria for determining this period:

– processing on the basis of Article 6 section 1a of the GDPR – until consent is withdrawn,

– processing on the basis of Article 6 section 1b of the GDPR – for a period of 6 years / or based on the legitimate interest pursued by the Controller for a longer period,

– processing on the basis of Article 6 section 1c of the GDPR – for a period of 50 years,

– processing on the basis of Article 6 section 1e of the GDPR – for a period of 5 years or until consent is withdrawn,

– processing on the basis of Article 6 section 1f of the GDPR – for a period of 5 years or until consent is withdrawn,

  1. information about automated decision-making, including profiling,

the data will be processed in an automated manner, including in the form of profiling.

User rights – what you can request.

  1. The User has the right to request the Controller to provide him or her with the access to personal data relating to the data subject.
  2. The User has the right to request the Controller to correct their personal data processed by the Controller.

The data subject has the right to request from the controller the immediate rectification of inaccurate personal data concerning them. Taking into account the purposes of processing, the data subject has the right to request that incomplete personal data be completed, including by providing an additional declaration.

  1. The User has the right to request that the Controller remove their personal data processed by the Website Controller.

The data subject has the right to request from the Controller the immediate removal of personal data relating to them, and the Controller is obliged to remove personal data without undue delay if one of the following circumstances occurs:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject has withdrawn consent on which the processing is based in accordance with Article 6 section 1a) or Article 9 section 2a), and there is no other legal basis for processing;
  3. the data subject objects to the processing on the basis of Article 21 section 1 and there are no overriding legitimate grounds for the processing or the data subject objects to the processing on the basis of Article 21 section 2 towards processing;
  4. personal data were processed unlawfully;
  5. the personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject;
  6. personal data were collected in connection with offering information society services referred to in Article 8 section
  1. The User has the right to request the Controller to restrict the processing of his or her personal data processed by the Controller,

The data subject has the right to request from the Controller the restriction of processing in the following cases:

  1. the data subject disputes the accuracy of the personal data – for a period enabling the controller to check the accuracy of the data;
  2. the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use;
  3. the Controller no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, pursue or defend claims;
  4. the data subject has raised an objection to the personal data processing on the basis of Article 21 section 1 – until it is determined whether the legally justified grounds on the part of the controller override the grounds for the data subject’s objection.
  5. The user has the right to object to the processing of his or her personal data.

The data subject has the right to object at any time – for reasons associated with their particular situation – to the processing of personal data concerning them based on Article 6 section 1e) or f), including profiling based on these provisions. The Controller is no longer allowed to process this personal data, unless they demonstrate the existence of compelling legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.

Data processing rules on the website https://signforworld.org

On the basis of the Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), I inform that that:

  • the Controller of your personal data is the Centaurus Foundation – International Organization for Animals and Ecology with its registered office in Wrocław, ul. Wałbrzyska 6-8, 52-314 Wrocław, entered into the register of associations, other community-based and professional organizations, foundations and independent public health care facilities kept in the National Court Register by the District Court in Wrocław, 6th Commercial Division of the National Court Register under KRS number 0000257551, REGON 020319750, NIP 8982093147;

2)           contact with the Data Protection Inspector – Daniel Uszyński kancelaria@u-ska.pl;

3)           Your personal data are processed on the basis of your consent and for the purpose necessary to perform a task carried out in the public interest – on the basis of Article 6 section 1 a, e and f and Article 9 section 2 d of the GDPR;

4)           the recipients of your personal data – apart from the Controller – will only be entities authorized to obtain personal data on the basis of legal provisions;

5)           Your personal data will be stored for a period of 10 years;

6)           you have the right to request the Controller to provide you with the access to your personal data, rectify or restrict the processing of your personal data;

7)           personal data may be processed, including in the form of profiling;

8)           you have the right to lodge a complaint with the supervisory authority.