Privacy policy [until 17 July 2024]

This policy was effective until 17 July 2024.

What will this document tell you?

This Privacy Policy contains the most important information about the processing of personal data by the Panoptykon Foundation. It will tell you about the purpose and legal basis of our processing and how long we will retain your personal data. The rights of the individuals whose personal data we process are also explained.

We make every effort to ensure that we handle your personal data in a way that respects your privacy and autonomy, lawfully and in line with the mission and values of the Panoptykon Foundation.

This document has three parts.

Part one will tell you how you should understand the terms we use throughout this document. You will learn about your rights and how you can contact us about anything connected with the protection of your personal data.

Part two is a detailed description of the situations where we may process your personal data.

Part three will tell you how we use cookies (cookie files).

By clicking the links in the table of contents below, you will be taken to the part of this document that contains the information you need.

PART I. GENERAL INFORMATION

§ 1. The controller

  1. The controller in respect of your personal data is Fundacja Panoptykon [Panoptykon Foundation] with its registered office in Warsaw (Orzechowska 4/4, 02-068 Warszawa). The controller will be referred to in this Privacy Policy as the “Foundation” or “we/us”.
  2. Our registration records are kept by the District Court for the City of Warsaw, 12th Commercial Division. We are entered in the official register of associations, community and professional organisations, foundations and independent healthcare providers. The register is part of the National Court Register, and our registration number is 0000327613.
  3. If you wish to contact us about anything connected with the protection of your personal data, write to us (Orzechowska 4/4, 02-068 Warszawa) or email at fundacja@panoptykon.org.

§ 2. Definitions

Whenever you find any of the following capitalised terms anywhere in this document, it will have the meaning set out below.

  1. “Policy” means the document you are reading now, i.e. the privacy policy of the Panoptykon Foundation.
  2. “Websites” means our websites, including panoptykon.org, cyfrowa-wyprawka.org, podsluchjaksiepatrzy.org, ktocienamierzyl.pl, niktciniepowie.org, stopcenzurze.eu, pnpt.org, panoptykon.com.pl, panoptykon.eu and all the web pages contained within them.
  3. “Social Media” means the social networking sites we use for communication, namely Facebook, Twitter, YouTube, LinkedIn, and Wykop.

§ 3. Security of your data

  1. All your personal data we collect is processed by us as a controller in accordance with the GDPR, or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. To read the GDPR, please refer to the Official Journal of the EU.
  2. We use the technical measures required by personal data protection regulations to prevent your personal data from being accessed and/or modified by unauthorised persons.

§ 4. Your rights

  1. Whenever we process your data,
    1. you have the right to access your data,
    2. you may have your data rectified,
    3. you may require us to erase your data if this is permitted by the GDPR,
    4. you have the right to restriction of the processing of your data as permitted by the GDPR.
  2. Contact us if you wish to exercise any of the rights or to find out more about them. For our contact details, please see paragraph 1(3) of the Policy.

§ 5. The right to object

  1. You may object to our processing of your data in two situations:
    1. when we process your personal data to promote our activities directly. You will not have to give us any reasons for your objection, and we will always accept it;
    2. when we process your personal data for our legitimate interests other than promoting our activities (these interests are described in the relevant paragraphs of part two of the Policy). If you wish to object on this basis, you will have to demonstrate your particular situation – when submitting your objection, please tell us why you do not want us to process your personal data.
  2. Contact us if you wish to exercise your right to object. For our contact details, please see paragraph 1(3) of the Policy. In some situations, we will enable you make an objection in other ways. For details, please refer to the relevant paragraphs of part two of the Policy.

§ 6. Profiling

However we obtain your personal data and whatever the purpose of our processing of your data, we will not make decisions about you that would be based solely on automated processing of your data and would have legal effects on you or otherwise significantly affect you.

§ 7. Your right to lodge a complaint with the President of the Office for Personal Data Protection

If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the supervisory authority in your country of residence. In Poland, the authority is the President of the Personal Data Protection Office [pol. Prezes UODO], whose website is available at https://uodo.gov.pl, other authorities in Europe are listed at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

§ 8. Enquiries about the Policy and where it is published

  1. If you have any questions about the Policy, write to us or email us. For our contact details, please see paragraph 1(3) of the Policy.
  2. The Policy is available on the https://en.panoptykon.org/privacy-policy website.

PART II. DETAILED INFORMATION ABOUT THE PROCESSING OF YOUR DATA

§ 9. Use of our Websites

As you use our Websites (after all, you are using one of them while you are reading this Policy), please take note of the following points.

1. What data do we process?

We use the Matomo tool to produce and access analytics about visits to our Websites. Matomo uses a script to collect the following information:

  1. the IP address of your device (this information is anonymised, but access to the full IP address is allowed to server administrators);
  2. the type of device from which you are accessing our Website;
  3. the resolution of the screen on which our Website pages are displayed;
  4. the type of the operating system of your device;
  5. the name of the domain from which you are accessing our website;
  6. details of your location (country and town or city);
  7. analytics for the content you access on our Websites (excluding analytics for the behaviour of individual users).

We will also process your personal data provided in your comments about the content of our Websites.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data to ensure the operation of the Websites, to correct errors and to review analytics for visits to the Websites and the popularity of their content (excluding analytics for the behaviour of individual users).

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. What should you do if you do not want us to process your data to produce analytics for visits to our Websites?

Whatever other rights you may have under the GDPR, you may set your Internet browser to disable the tracking of you as a user (the 'Do not track' signal). If we receive this signal, we will not collect any data, and the analytics tool will ignore your visits to our Websites. You may use the links below to find out how to set the 'Do not track' signal in your browser: Google Chrome, Opera, Mozilla Firefox, Safari.

5. Do you have to provide us with your data?

No, you don't. It is voluntary. Also, we will not require you to log in or to provide any personal data when adding comments about anything on our Websites.

6. What are the legal grounds we rely on to process your data?

The processing of your personal data is based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are to ensure the operation of the Websites, to correct errors and to review analytics for visits to the Websites.

8. Who will we share your data with?

We will share your data with:

  1. the provider of analytics software to us,
  2. the entity that keeps personal data for us,
  3. the provider of IT services to the Foundation.
9. How long will we process your personal data?

We will process your data until you object to our processing of your data.

10. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 10. Subscribing to the PanOptyka newsletter, the Ochotnicy and Cyfrowa Wyprawka and other thematic e-mailing lists

If you have subscribed to our newsletter or our mailing lists, please take note of the following points.

1. What data do we process?

We process your e-mail address, the initial date of your subscription to our newsletter or mailing list, the date when you unsubscribed, a record of the emails we have sent to you; in the case of the newsletter, the fact that you opened an email containing the newsletter; in the case of the Ochotnicy mailing list, additional data that you may have provided to us when contacting us.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

  1. to promote our activities defined in our constitutional documents by providing anyone interested with information about the Foundation's activities through means of electronic communication;
  2. in the case of the Ochotnicy mailing list, to inform anyone interested that they can join us in our activities;
  3. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. How to unsubscribe from our newsletter or mailing list?

If you wish to unsubscribe from our newsletter or mailing list, you may contact us in the way described in paragraph 1(3) of the Policy or click on the 'unsubscribe' link you will find in the email footer.

5. Do you have to provide us with your personal data?

No, you don't. It is voluntary, but if we do not know your e-mail address, we will not be able to send you our newsletter or mailing list emails.

6. What are the legal grounds we rely on to process your data?

The legal grounds for our processing of your data are:

  1. Article 6(1)(b) of the GDPR, i.e. our contract with you under which we send you our newsletter or mailing list emails; the provisions of the mailing list terms and conditions apply to such a contract;
  2. Article 6(1)(f) of the GDPR, which is our legitimate interest.
7. What is our legitimate interest?

Our legitimate interest is to improve the efficiency of the Foundation's work by assessing interactions between the Foundation and the present and past recipients of our content. For this purpose, we use a customer relationship management (CRM) system, and this helps us work towards the objectives defined in our constitutional documents.

8. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to distribute our newsletter and mailing list emails and to manage our customer relationships (CRM);
  2. the entity that keeps personal data for us;
  3. the provider of IT services to the Foundation.
9. How long will we process your personal data?

We will stop sending your our newsletter and mailing list emails when we receive your decision to unsubscribe from them. We will retain the information that you once subscribed to our newsletter and mailing list emails until we receive your objection or for one year of the end of the calendar year in which our CRM system recorded our last interaction with you, including your interaction in a different context (such as your donation to us).

10. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 11. Making donations

Whenever you wish to make a donation to us, please take note of the following points.

1. What data do we process?

When you use the e-payment tool on our website to make a donation to us, we will process your e-mail address, the donation amount and your forename and surname, If you use the traditional bank transfer method, we will process the transfer details. These will include your forename and surname, the donation amount, your bank account number, your address and the information you provide in the transfer description field.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

  1. to finance our activities defined in our constitutional documents, which includes keeping the necessary financial and accounting records;
  2. to analyse the payments received by the Foundation;
  3. to send thank-you letters to our donors to thank them for their donations and to tell them about how the money was used;
  4. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication;
  5. to defend ourselves against potential claims.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't, but if we do not have your data, we will not be able to accept and process your donation.

5. What are the legal grounds we rely on to process your data?

We process your data:

  1. to enter into and comply with our donation agreement with you (Article 6(1)(b) of the GDPR);
  2. to comply with the Foundation's legal obligations as regards keeping our accounting records (Article 6(1)(c) of the GDPR);
  3. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.
6. What is our legitimate interest?

Our legitimate interests are:

  1. to send you a thank-you letter for your donation and, to tell you once a year about how we used the donations (you will receive such information electronically if you have used the e-payment tool or given us your e-mail address in the traditional bank transfer description field, or by post to the address assigned to your bank account number or to any other address you may share with us);
  2. to improve the efficiency of the Foundation's work by assessing interactions between the Foundation and the present and past recipients of our content. For this purpose, we use a customer relationship management (CRM) system, and this helps us work towards the objectives defined in our constitutional documents; and
  3. to defend ourselves against potential claims related to the donations we receive.
7. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM);
  2. the entity that keeps personal data for us;
  3. the provider of IT services to the Foundation;
  4. the e-payment system operator;
  5. our postal and courier service providers;
  6. the banks we use;
  7. tax authorities if they wish to inspect our records, and certified auditors in the process of conducting financial audits.
8. How long will we process your personal data?
  1. We will process your data in our financial and accounting records for five (5) years of the end of the calendar year in which you made your donation to us, but always until the expiry of the related tax liability.
  2. We will retain your data we process to analyse the payments we receive and the efficiency of our work until we receive your objection or for one year of the end of the calendar year in which our CRM system recorded our last interaction with you, including your interaction in a different context (your receipt of a newsletter email from us).
9. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 12. Supporting us with 1% (1.5%) of your tax

Whenever you wish to support us with 1% (1.5%) of your tax, please take note of the following points.

1. What data do we process?

If you consent in your annual tax return to give us your data, we will process your forename and surname, your address, the tax amount we receive, your spouse's details (if you filed a joint tax return) and, where appropriate, additional information provided in the 1% (1.5%)-tax-donation section of your tax return.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

  1. to finance our activities defined in our constitutional documents;
  2. to analyse the payments received by the Foundation;
  3. to send thank-you letters to our donors for the 1% (1.5%) of tax and to tell them about how the money was used;
  4. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication;
  5. to defend ourselves against potential claims.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't. It is voluntary. You will decide whether or not to share your personal data with us when you are completing your annual tax return.

5. Where do we get your personal data from?

We will receive your personal data from the Polish National Tax Administration authorities.

6. What are the legal grounds we rely on to process your data?

We process your data:

  1. on the basis of your consent (Article 6(1)(a) of the GDPR). Please note that you may withdraw your consent at any time, but this will not affect the lawfulness of our processing of your data before the withdrawal;
  2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.
7. What is our legitimate interest?

Our legitimate interest is:

  1. to send you a thank-you letter for the 1% (1.5%) of your tax and to tell you how we used the money (you will receive such information by post to you address we receive from the tax authorities or electronically if you wish so and provide us with your e-mail address);
  2. to improve the efficiency of the Foundation's work, which helps us work towards the objectives defined in our constitutional documents, by assessing interactions between the Foundation and those donating 1% (1.5%) of the tax. For this purpose, we use a customer relationship management (CRM) system’
  3. to defend ourselves against potential claims related to the 1% (1.5%) of tax we receive.
8. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM);
  2. the provider of IT services to the Foundation;
  3. the entity that keeps personal data for us;
  4. our postal and courier service providers.
9. How long will we process your personal data?
  1. The CD or hard copy document containing your personal data we receive from the Polish National Tax Administration authorities will be destroyed within six (6) months after receipt.
  2. We will retain your data we process to analyse the efficiency of our work until we receive your objection, withdraw your consent or for one year of the end of the calendar year in which our CRM system recorded our last interaction with you, including your interaction in a different context (e.g. making a donation).
10. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 13. Contacting us by e-mail or phone

Whenever you contact us by email or phone, please take note of the following points.

1. What data do we process?

We process your e-mail address or phone number, as well as any other information you may give us, such as your forename and surname, or information about your circumstances.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

  1. to answer your message or to deal with a matter you have told us about, and
  2. to analyse our communication and the enquiries we receive.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't. It is voluntary. However, we may be unable to answer your message unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

  1. to work towards our objectives defined in constitutional documents by managing our incoming post or email and/or dealing with your matter and answering your message;
  2. to improve the efficiency of the Foundation's work by looking into and answering the enquiries we receive, which helps us work towards our objectives defined in constitutional documents.
7. Who will we share your data with?

We will share your data with:

  1. the provider of IT services to the Foundation;
  2. the entity that keeps personal data for us.
8. How long will we process your personal data?

We will process your data until we receive your objection to the processing. If there is a matter we have decided not to deal with, any information related to it will be destroyed immediately, but not later than by the end of the calendar year of our initial contact with you.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 14. Competitions

If you have entered a competition we are running, please take note of the following points.

1. What data do we process?

We will process you e-mail address, your answers in the competition and, where appropriate, other information depending on the nature of the competition (this will be made clear in the competition rules), and if you win the competition, we will also process your forename and surname, and your mailing address.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

  1. to enable you to enter our competition,
  2. to send you a prize if you win the competition,
  3. to defend ourselves against potential claims related to your taking part in the competition.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't. It is voluntary. However, you will not be able to participate in the competition unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

  1. to run the competition, which includes receiving and managing competition entries, communicating the results, selecting winners and sending prizes to them;
  2. to defend ourselves against potential claims related to your taking part in our competition.
7. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM);
  2. the provider of IT services to the Foundation;
  3. the entity that keeps personal data for us;
  4. our postal and courier service providers (in the case of winners).
8. How long will we process your personal data?
  1. If you are a winner in our competition, we will process your data for 6 (six) years of the end of the competition, as this is the statutory period after which any related claims will expire.
  2. In all our cases, we will delete your data immediately, not later than within 6 (six) months after the competition was decided.
9. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 15. Media relations

If you work for the media and contact us for our comments or if we contact you in connection with our activities, please take note of the following points.

1. What data do we process?

We will process your forename and surname, your contact details (e-mail address and/or phone number), your affiliation (in certain situations we may process information about your previous affiliation) and, where appropriate, information about your interactions with the Foundation in the past.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

  1. to answer your question or enquiry,
  2. to establish and/or maintain relations with journalists,
  3. to promote our activities defined in our constitutional documents by distributing press releases,
  4. to analyse the efficiency of our communication and media mentions about us;
  5. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Where do we get your personal data from?

We may receive your data directly from you if you have agreed to receive press releases from us. We may also receive your data from publicly available sources (such as your media company's website) or from other media organisations and/or media people.

5. Do you have to provide us with your data?

No, you don't. It is voluntary. However, we will not be able to distribute press releases to you and maintain communication continuity unless you provide your data.

6. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are:

  1. to promote our activities defined in our constitutional documents by distributing press releases, answering media enquiries and maintaining media relations;
  2. to improve our activities by analysing the efficiency of our communication, for which we use our customer relationship management (CRM) system.
8. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM) in order to distribute press releases;
  2. the entity that keeps personal data for us;
  3. the provider of IT services to the Foundation;
  4. our provider of PR services – where necessary.
9. How long will we process your personal data?

We will process your data until we receive your objection to the processing or for one year of the end of the calendar year in which our CRM system recorded our last interaction with you, including your interaction in a different context (such as your donation to us).

10. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 16. Attending events which require registration

If you have chosen to attend one of our events which require registration (such as short courses or conferences), please take note of the following points.

1. What data do we process?

We will process your forename and surname or your pseudonym, your e-mail address and other information to the extent required by the nature of the event (such as a short course) or our agreement with a grant provider.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

  1. to enable you to register to attend our events;
  2. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't. It is voluntary. However, you will not be able to attend an event which requires registration unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data:

  1. to enter into and comply with our agreement with you (e.g. for a training) (Article 6(1)(b) of the GDPR);
  2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.
6. What is our legitimate interest?

Our legitimate interest is:

  1. to improve our activities by analysing the efficiency of our communication and maintain relationships, for which we use our customer relationship management (CRM) system;
  2. to comply with the requirements set by the organisations that provide funds to us.
7. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM) in order to register event participants;
  2. the entity that keeps personal data for us;
  3. the provider of IT services to the Foundation;
  4. the organisers of an event under a contract with us if you choose to attend the event,
  5. the grant provider that provided funds to pay for an event if the provision of data is a requirement under our agreement with them;
  6. if an event is provided online, to the videoconferencing platform operator or, in certain situations, the platform used to live stream the event.
8. How long will we process your personal data?

We will process your data until we receive your objection to the processing or for one year of the end of the calendar year in which our CRM system recorded our last interaction with you, including your interaction in a different context (such as your donation to us). If we are required to retain your data for a longer period because of the nature of our event or under our agreement with a grant provider, we will make it clear to you when you are registering to attend the event or when we invite you to the event.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection.

§ 17. Speaking on the Panoptykon 4.0 podcast

Whenever you are invited to speak on the Panoptykon 4.0 podcast, please take note of the following points.

1. What data do we process?

We will process your forename and surname, pictures of you, your voice, your contact details, affiliation, a brief biographical note about you and any information you give us on the podcast.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

  1. to invite you to speak on the Panoptykon 4.0 podcast and to publish the podcast featuring you on our website, on the web pages of the Tok FM radio station, on our YouTube and Vimeo channels and promoting it on Social Media;
  2. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, where necessary, to personalise our communication.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don't. It is voluntary. However, you will not be able to speak on the Panoptykon 4.0 podcast unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data:

  1. based on Article 6(1)(a) of the GDPR), that is your consent to participate in the podcast and publish your image – remember that you can withdraw your consent at any time; however, before you withdraw your consent, your data are processed legally;
  2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.
6. What is our legitimate interest?

Our legitimate interests are:

  1. to approach you with an invitation to speak on the podcast,
  2. to improve our activities by analysing the efficiency of our communication, for which we use our customer relationship management (CRM) system.
7. Who will we share your data with?

We will share your data with:

  1. the provider of the software we use to manage our customer relationships (CRM);
  2. the entity that keeps personal data for us;
  3. the provider of IT services to the Foundation;
  4. the graphic designer working on materials to promote the podcast if a picture of you and/or your forename and surname are used in the materials;
  5. Tok FM radio station;
  6. the podcast recording platform we use;
  7. the operators of Vimeo streaming platform as well as the operators of the Facebook, Twitter, Wykop, LinkedIn, and YouTube Social Media.
8. How long will we process your personal data?

We will process your data until you withdraw your consent or until we receive your objection to the processing. The withdrawal of your consent will not affect the lawfulness of our processing of your data before the withdrawal.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

The server we use is located in the EU, but it may transfer your data to subcontractors in Canada, which means your data may be transferred outside the European Economic Area. A list of such subcontractors is available on the website of our server provider. Where this is the case, the transfer of your personal data will be based on a decision of the European Commission, which considers Canada to be a country that has an adequate level of personal data protection. As the podcast is published on the YouTube platform, your data will also be transferred to the United States, in which case your data will be transfer on a legal basis provided for in the GDPR.

§ 18. Interactions via our social media accounts

If you are following us on any Social Media (Facebook, Twitter, Wykop, LinkedIn, YouTube) or if our advertisements and/or sponsored posts are displayed on your device, please take note of the following points.

1. What data do we process?

We will process your user name, forename and surname (if such information is displayed on your profile page), the date when you started to follow us, your comments and reactions to our content, and all other information you may give us via such channels, as well as any data that the social medium concerned processes for statistical purposes. If advertising content is targeted at you, we will process your age category, sex, location (town/city) and your interests/hobbies.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

  1. to interact with you via our Social Media channels, which includes answering your private messages and engaging in discussions with you following your comments on our posts;
  2. to promote our activities through Social Media posts, including advertising content and sponsored posts targeted at particular groups of users of a particular Social Medium;
  3. to gather statistics, which involves Social Media operators providing us statistics for the number of impressions for our posts, the post reach, the number of interactions, demographic information about our followers; such information is statistical (we cannot identify the person), but it is gathered by observing your behaviour on Social Media.
3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Where do we get your personal data from?

We will receive such data from you when you start following us on Social Media or otherwise first interact with us. In the case of targeted advertising, we may receive your data from the Social Media where such advertising content is displayed for us, namely Facebook Ireland Ltd. or Google Ireland Ltd.

We will provide your data to the Social Media where we have our accounts, i.e. Facebook Ireland Ltd., Google Ireland Ltd., Twitter Inc., Wykop sp. z o.o. and LinkedIn Corp.

5. Do you have to provide us with your data?

No, you don't. It is voluntary, but once you interact with us on any of our Social Medial profile pages, we will have access to your user name (or your forename and surname) and, where appropriate, your profile image.

6. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are to answer your messages and comments, to communicate our activities, to promote the Foundation, and to review statistics for our Social Media channels.

8. How long will we process your personal data?

We will process your data as long as you follow our accounts or interact with us. Please note that you can always delete your comments on our posts, stop following us or delete your Social Media account.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

Some Social Media where we have our accounts (Facebook, Twitter, LinkedIn, YouTube) transfer your data outside the European Economic Area, including to countries which, according to the European Commission, do not have an adequate level of personal data protection. In such situations, your personal data is transferred on a legal basis provided for in the GDPR.

PART III. INFORMATION ABOUT COOKIES

We install cookies, or cookie files, only to ensure that online forms work properly and to record the fact that you have completed the form on the crm.panoptykon.org website, i.e. whenever you subscribe to one of our mailing lists (the PanOptyka newsletter, the Ochotnicy or Cyfrowa Wyprawka mailing lists, other mailing lists), make a donation to us via the First Data Polcard system, send us a competition entry, register to attend an event or complete a survey. We store cookie files for the duration of your browser sessions. This means that the files are deleted once you close your browser.

Previous versions of the Privacy Policy

Version effective until 10 October 2022

Version effective until 25 May 2018