In this document we explain how we, as a collector, process your personal information at the Panoptykon Foundation. We specify key groups of persons whose data we collect and we explain the purposes for which we do so, on what legal grounds and how long we store it. We also inform on the rights enjoyed by those whose data we process.
We use our best efforts to ensure that our activities involving personal data are consistent with the law, the mission and values represented by Panoptykon Foundation and that they are based on respect for privacy and autonomy of the persons whose data we process.
Panoptykon is registered in Warsaw, Poland 02-068, ul. Orzechowska 4/4. You can contact us by e-mail: firstname.lastname@example.org or by regular post to the registered address.
Where and how we process data
We usually process personal data in electronic form and on our dedicated server, and – in a limited scope – on office computers, external drives and phones. We use IT tools, incl. our Customer Relationship Management system (further: CRM system), e-mail and cloud file storage, hosted by ourselves and used by our team and our processors (see below). A certain portion of the data is processed in the paper form.
To whom we entrust data
We entrust personal data to third parties delivering IT and accounting services for Panoptykon. Our processors operate on the basis of written contracts and are responsible for personal data protection equally as we are.
Moreover, if communication by regular mail is used, personal data is processed on our behalf by postal intermediaries (the Polish Post and other selected companies operating under Postal Law) on the basis of written contracts and their own terms of services.
In certain situations, we may share data with other processors, e.g. co-organizers of an event. In such cases we will always inform about it in advance, e.g. during registration.
Rights of the persons whose data we process
Individuals whose data we process have the right to access and receive a copy of their personal data, to have inaccurate data rectified or completed, as well as - in specified cases - to have it erased or request the restriction or suppression.
The persons whose data we process on the basis of our legitimate interest (e.g. when sending thanks to our supporters), have right to object to the processing of their personal data (by letting us know that they do not wish that we use their data in such a manner).
Some agreements, such as a donation agreement, may be terminated on the principles specified by law or in the agreement itself. On the other hand, when we process data on the basis of your consent, you may withdraw it at any time. In these two cases (when we process data on the basis of an agreement or a consent) the person whose data we process also have the right to demand that their data be transferred.
We wish to make exercising your rights as easy as possible. However as a collector we have to make sure we do not give access to your data to an unauthorized person. Thus, if we take a suspicion that someone falsely claims to be you, we may ask you to provide additional information. Don’t worry though, we will not ask you for a scan of your ID.
If you think that your rights have been violated you may lodge a complaint with the data protection authority. However, if you notice any problem, please do inform us in the first place. We use our best efforts to protect your rights in the best possible manner. If we make a mistake, we would like to correct it as soon as possible.
Whose data we process and on what principles
User data in the panoptykon.org domain
Through our websites we collect data only in the scope necessary to administer these websites, ensure streamlined operation of the functionalities offered in their framework and to analyze efficiency of communication.
Our tool to generate and analyze statistics of website visits (Piwik) by using cookies collects, as follows: IP address (anonymized), type of the device from which the connection is effected, resolution of the screen on which the websites were viewed/displayed, type of the operating system, name of the domain from which users enter our site, location details (country, town), and information on what content a given user viewed on our website.
The collected data is not paired with any specific individuals who view our websites. Everyone may use them anonymously – we do not require registration. We do not seek identification, unless this is necessary in connection with the nature of the undertaken activity, i.e., for instance, in the case of granting a donation.
In the same way, we do not require providing any personal data in comments to the texts posted at the panoptykon.org website. We process personal data, if any, made available this way on the basis of our legitimate interest exclusively in order to display comments and replies to them. If you do not want the information referring to you personally to be made public, please do not publish it there. We remove only such content which is inconsistent with the binding law or the website terms of service.
As for the information published at the website and statistical data collected in Piwik, we retain it until the closure of the Foundation’s activity.
Data of our supporters
You can support Panoptykon financially, granting donations by bank transfer to the bank account or via First Data Polcard processor for online payments.
In the case of a donation granted to us by bank transfer to the bank account, we process personal data provided to us by the bank, i.e.: name and surname, bank account number, amount donated, and address. This is necessary for the performance of the agreement and the legal obligations imposed on the Foundation (e.g. on the basis of accountancy regulations).
We process additional information provided in the transfer title (e.g. e-mail address) on the basis of our legitimate interest to send acknowledgements for support. For the same purpose, we also use addresses from bank transfers received from our donors. Once or twice a year we send them thank-you notes for supporting Panoptykon, a summary on what we spent the money received and copies of our materials. If you do not wish this kind of contact from our side, please add a line to the transfer title saying “No address” or send your objection (e.g. “Please do not send to me any thank-you notes for support by regular mail.”) to the e-mail address: email@example.com. We may also direct correspondence to the address other than that visible on a bank transfer, or contact you by e-mail – in such a case we also kindly ask you to contact us, or write an e-mail address in the title of the transfer.
In the case of online donations through First Data Polcard system we ask you to provide your name and surname so that we can know with whom we enter into an agreement (e.g. to be able to issue a donation receipt for tax purposes), the donation amount and your e-mail address which is necessary for the technical payment processing by the CRM system. This is necessary for the performance of the agreement and the legal obligations imposed on the Foundation. Providing one’s personal data is voluntary, but necessary for granting a donation. We also use the e-mail address provided – on the basis of our legitimate interest – to confirm we received a donation and thank you for support. If you do not wish to receive acknowledgements, send your objection to the following address: firstname.lastname@example.org.
Supporters’ data is retained for 5 years from the end of a calendar year in which we recorded the last interaction with a given person in our CRM system.
Data of media people
We process data of media people (journalists, publishers, etc.) obtained directly from them, from the editorial staff or from the Internet. The scope of processed data include: name and surname, gender, e-mail address, telephone number, affiliation (current and former ones), publishing house’s address, and history of interactions and publications. We process such data on the basis of our legitimate interest in order to inform the above persons on the activities undertaken by Panoptykon and for the purpose of constituency relationship management.
We process such data until the closure of the Foundation’s activity. You may file your objection against the processing of your data – if you do not wish to receive press releases from us or in case of any additional questions, please contact us.
If you want to receive press releases of Panoptykon and invitations to media meetings, please contact us as well. Providing one’s personal data is voluntary, but necessary to receive our mailing.
Data of persons using non-public communication channels
Data of persons with whom we contact via e-mail (addresses in the domain of panoptykon.org), by phone, by means of text messages (SMS), through Signal or by regular letters is processed by us on the basis of our legitimate interest, in order to exchange correspondence, for the purposes arising from the content of communications or in order to initiate a contact in the future. Such data may include: name and surname, address, e-mail address, telephone number, and any possible information contained in the message. Providing such data is voluntary. We process such data for the purpose of constituency relationship management until the closure of Panoptykon Foundation’s activity, except for sensitive data which we remove or anonymize immediately after closing a given case.
We encourage you to send interesting information to us. When writing or calling us, please try not to provide any redundant data. If we need additional information, we will ask for it. We reserve the possibility to publish (e.g. through placing on the website) information sent to us connected with the subject matter Panoptykon deals with, but without disclosing personal data.
Data of persons communicating with the Foundation through social networks
As a principle, we do not combine your interactions with us on Facebook with the information which you provide to us otherwise (e.g. by email), unless something else arises from the circumstances (e.g. you wrote to us a private message on Facebook in which you provided your e-mail requesting that we contact you). We do not share your personal data with anyone, but Facebook or Twitter, respectively, have access to all the information about you as data collectors.