Privacy policy

This version is effective from 17 July 2024.

What will this document tell you?

This Privacy Policy contains the most important information about the processing of personal data by the Panoptykon Foundation. It will tell you about the purpose and legal basis of our processing and how long we will retain your personal data. The rights of the individuals whose personal data we process are also explained.

We make every effort to ensure that we handle your personal data in a way that respects your privacy and autonomy, lawfully and in line with the mission and values of the Panoptykon Foundation.

This document has three parts.

Part one explains basic terms we use throughout this document. You will learn about your rights and how you can contact us about anything connected with the protection of your personal data.

Part two is a detailed description of the situations where we may process your personal data.

Part three will tell you how we use cookies.

By clicking the links in the table of contents below, you will be taken to the part of this document that contains the information you need.

PART I. GENERAL INFORMATION

§ 1. The controller

1. The controller in respect of your personal data is Fundacja Panoptykon [Panoptykon Foundation] with its registered office in Warsaw (Orzechowska 4/4, 02-068 Warszawa). The controller will be referred to in this Privacy Policy as the “Foundation” or “we/us”.
2. Our registration records are kept by the District Court for the City of Warsaw, 12th Commercial Division. We are entered in the official register of associations, community and professional organisations, foundations and independent healthcare providers. The register is part of the National Court Register, and our registration number is 0000327613.
3. If you wish to contact us about anything connected with the protection of your personal data, write to us (Orzechowska 4/4, 02-068 Warszawa) or email at fundacja@panoptykon.org.

§ 2. Definitions

Whenever you find any of the following capitalised terms anywhere in this document, it will have the meaning set out below.

1. “Policy” means the document you are reading now, i.e. the privacy policy of the Panoptykon Foundation.
2. “Websites” means our websites, including panoptykon.org, cyfrowa-wyprawka.org, podsluchjaksiepatrzy.org, ktocienamierzyl.pl, niktciniepowie.org, stopcenzurze.eu, pnpt.org, panoptykon.com.pl, panoptykon.eu and all the web pages contained within them.
3. “Social Media” means the social networking sites we use for communication, including Facebook, X (Twitter), YouTube, LinkedIn, Wykop, Instagram, Mastodon.

§ 3. Security of your data

1. All your personal data we collect is processed by us as a controller in accordance with the GDPR, or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. To read the GDPR, please refer to the Official Journal of the EU.
2. We use the technical measures required by personal data protection regulations to prevent your personal data from being accessed or modified by unauthorised persons.

§ 4. Your rights

1. Whenever we process your data,
   1. you have the right to access your data,
   2. you may have your data rectified,
   3. you may require us to erase your data if this is permitted by the GDPR,
   4. you have the right to restriction of the processing of your data as permitted by the GDPR.
2. Contact us if you wish to exercise any of the rights or to find out more about them. For our contact details, please see paragraph 1(3) of the Policy.

§ 5. The right to object

1. You may object to our processing of your data in two situations:
   1. when we process your personal data to promote our activities directly. You will not have to give us any reasons for your objection, and we will always accept it;
   2. when we process your personal data for our legitimate interests other than promoting our activities (these interests are described in the relevant paragraphs of part two of the Policy). If you wish to object on this basis, you will have to demonstrate your particular situation – when submitting your objection, please tell us why you do not want us to process your personal data.
2. Contact us if you wish to exercise your right to object. For our contact details, please see paragraph 1(3) of the Policy. In some situations, we will enable you make an objection in other ways. For details, please refer to the relevant paragraphs of part two of the Policy.

§ 6. Profiling

However we obtain your personal data and whatever the purpose of our processing of your data, we will not make decisions about you that would be based solely on automated processing of your data and would have legal effects on you or otherwise significantly affect you.

§ 7. Your right to lodge a complaint with the President of the Office for Personal Data Protection

If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the data protection authority in your country of residence. In Poland, the authority is the President of the Personal Data Protection Office [pol. Prezes UODO], whose website is available at https://uodo.gov.pl, other authorities in Europe are listed at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

§ 8. Enquiries about the Policy and where it is published

1. If you have any questions about the Policy, write to us or email us. For our contact details, please see paragraph 1(3) of the Policy.
2. The Policy is available on the https://en.panoptykon.org/privacy-policy website.

PART II. DETAILED INFORMATION ABOUT THE PROCESSING OF YOUR DATA

§ 9. Use of our Websites

As you use our Websites (after all, you are using one of them while you are reading this Policy), please take note of the following points.

1. What data do we process?

We use Matomo to generate and access aggregate statistics about visits to our Websites. Matomo gives us 100% data ownership. It uses a script to collect the following information:

1. the anonymised IP address of your device;
2. the type, brand and model of your device;
3. the resolution of the screen;
4. the type of the operating system of your device;
5. the name, language and engine of your browser, and the browser extensions you have installed;
6. the name of the domain from which you are accessing our website;
7. details of your location (country);
8. what content and for how long you access on our Websites.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data to ensure the operation of the Websites, to correct errors and to review analytics for visits to the Websites and the popularity of their content.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. What should you do if you do not want us to process your data to produce analytics for visits to our Websites?

Whatever other rights you may have under the GDPR, you may set your Internet browser to disable the tracking of you as a user (the ‘Do not track’ signal). If we receive this signal, we will not collect any data, and the analytics tool will ignore your visits to our Websites. You may use the links below to find out how to set the ‘Do not track’ signal in your browser: Google Chrome, Opera, Mozilla Firefox, Safari.

5. Do you have to provide us with your data?

No, you don’t. It is voluntary. Also, we will not require you to log in to use our Websites.

6. What are the legal grounds we rely on to process your data?

The processing of your personal data is based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are to ensure the operation of the Websites, to correct errors and to review analytics for visits to the Websites.

8. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation,
2. the providers of server space.

9. How long will we process your personal data?

We will process your data until you object to our processing of your data.

10. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 10. Subscribing to the PanOptyka newsletter, the Ochotniczki & Ochotnicy, Cyfrowa Wyprawka and other thematic e-mailing lists

If you have subscribed to our newsletter or our mailing lists, please take note of the following points.

1. What data do we process?

We process your e-mail address, the initial date of your subscription to our newsletter or mailing list, the date when you unsubscribed, a record of the emails we have sent to you; in the case of the newsletter, the fact that you opened an email containing the newsletter.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

1. to promote our activities defined in our constitutional documents by providing anyone interested with information about the Foundation’s activities through means of electronic communication;
2. together with other information about you that we keep in our CRM system – to assess the effectiveness of our activities and, when appropriate, to personalise our communication.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. How to unsubscribe from our newsletter or mailing list?

If you wish to unsubscribe from our newsletter or mailing list, you may contact us in the way described in paragraph 1(3) of the Policy or click on the ‘unsubscribe’ link you will find in the email footer.

5. Do you have to provide us with your personal data?

No, you don’t. It is voluntary, but if you want to receive our newsletter or mailing list emails, we do need your e-mail address.

6. What are the legal grounds we rely on to process your data?

The legal grounds for our processing of your data are:

1. Article 6(1)(b) of the GDPR, i.e. our contract with you under which we send you our newsletter or mailing list emails; the provisions of the mailing list terms and conditions apply to such a contract;
2. Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interest is to improve the efficiency of the Foundation’s work by assessing interactions between the Foundation and the present and past recipients of our content. This helps us work towards the objectives defined in our constitutional documents.

8. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation,
2. the providers of server space.

9. How long will we process your personal data?

We will stop sending your our newsletter and mailing list emails when we receive your decision to unsubscribe from them. We will retain the information that you once subscribed to our newsletter and mailing list emails:

1. for five years of the end of the calendar year in which you made a donation to us or supported us with your 1.5% of your tax,
2. for one year of the end of the calendar year in which our CRM system recorded our last interaction with you other than mentioned above (e.g. participation in a competition),

unless we receive your prior objection.

10. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 11. Making donations

Whenever you wish to make a donation to us, please take note of the following points.

1. What data do we process?

When you use the e-payment tool on our website to make a donation to us, we will process your e-mail address, the donation amount and your forename and surname, If you use the traditional bank transfer method, we will process the transfer details. These will include your forename and surname, the donation amount and date, your bank account number, your address and the information you provide in the transfer description field.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

1. to finance our activities defined in our constitutional documents, which includes keeping the necessary financial and accounting records;
2. to analyse the payments received by the Foundation;
3. to send thank-you letters to our donors to thank them for their donations and to tell them about how the money was used;
4. together with other information about you – to assess the effectiveness of our activities and, when appropriate, to personalise our communication;
5. to defend ourselves against potential claims.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t, but if without your data we will not be able to accept and process your donation.

5. What are the legal grounds we rely on to process your data?

We process your data:

1. to enter into and comply with our donation agreement with you (Article 6(1)(b) of the GDPR);
2. to comply with the Foundation’s legal obligations as regards keeping our accounting records (Article 6(1)(c) of the GDPR);
3. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

1. to send you a thank-you letter for your donation and, to tell you once a year about how we used the donations (you will receive such information electronically if you have used the e-payment tool or given us your e-mail address in the traditional bank transfer description field, or by post to the address assigned to your bank account number or to any other address you may share with us);
2. to improve the efficiency of the Foundation’s work by assessing interactions between the Foundation and the present and past donors. This helps us work towards the objectives defined in our constitutional documents; and
3. to defend ourselves against potential claims related to the donations we receive.

7. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. the e-payment system operator;
4. our postal and courier service providers;
5. the banks we use;
6. tax authorities if they wish to inspect our records, and certified auditors in the process of conducting financial audits.

8. How long will we process your personal data?

We will process your data:

1. for five (5) years of the end of the calendar year in which you made your donation to us or supported us with the 1.5% of your tax, but always until the expiry of the related tax liability;
   1. for five (5) years of the end of the calendar year in which you made your donation to us or supported us with the 1.5% of your tax;
2. for one year of the end of the calendar year in which our CRM system recorded our last interaction with you other than mentioned above (e.g. participation in a competition),

unless we receive your prior objection.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 12. Supporting us with 1.5% of your tax

Whenever you wish to support us with 1.5% of your tax, please take note of the following points.

1. What data do we process?

If you consent in your annual tax return to give us your data, we will process your forename and surname, your address, the tax amount we receive, your spouse’s details (if you filed a joint tax return) and, when appropriate, additional information provided in the 1.5%-tax-donation section of your tax return.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

1. to finance our activities defined in our constitutional documents;
2. to analyse the payments received by the Foundation;
3. to send thank-you letters for supporting us with the 1.5% of tax and to tell the supporters about how the money was used;
4. together with other information about you – to assess the effectiveness of our activities and, when appropriate, to personalise our communication;
5. to defend ourselves against potential claims.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t. It is voluntary. You will decide whether or not to share your personal data with us when you are completing your annual tax return.

5. Where do we get your personal data from?

We will receive your personal data from the Polish National Revenue Administration.

6. What are the legal grounds we rely on to process your data?

We process your data:

1. on the basis of your consent (Article 6(1)(a) of the GDPR). Please note that you may withdraw your consent at any time, but this will not affect the lawfulness of our processing of your data before the withdrawal;
2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interest is:

1. to send you a thank-you letter for the 1.5% of your tax and to tell you how we used the money (you will receive such information by post to you address we receive from the tax authorities or electronically if you wish so and provide us with your e-mail address);
2. to improve the efficiency of the Foundation’s work, which helps us work towards the objectives defined in our constitutional documents, by assessing interactions between the Foundation and its supporters;
3. to defend ourselves against potential claims related to the 1.5% of tax we receive.

8. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. our postal and courier service providers.

9. How long will we process your personal data?

The CD or hard copy document containing your personal data we receive from the Polish National Revenue Administration will be destroyed within three (3) months after receipt. We will retain your data:

1. for one year of the end of the calendar year in which our CRM system recorded our last interaction with you other than mentioned above (e.g. participation in a competition),

unless we receive your prior objection our you withdraw your consent.

10. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 13. Contacting us by e-mail or phone

Whenever you contact us by email or phone, please take note of the following points.

1. What data do we process?

We process your e-mail address or phone number, as well as any other information you may give us, such as your forename and surname, or information about your circumstances.

2. Why do we need your data? What is the purpose of our processing of your data?

We process your data:

1. to manage our correspondence, including answering your message or to dealing with a matter you have told us about,
2. for the purposes related to the content of the correspondence,
3. for the purpose of future communication, and
4. to analyse our communication and the enquiries we receive.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t. It is voluntary. However, we may be unable to answer your message unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

1. to work towards our objectives defined in constitutional documents by managing our incoming post or email or dealing with your matter and answering your message;
2. to work towards the objectives in our constitutional documents,
3. to improve the efficiency of the Foundation’s work by looking into and answering the enquiries we receive, which helps us work towards our objectives defined in constitutional documents.

7. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation,
2. the providers of server space.

8. How long will we process your personal data?

We will process your data until we receive your objection to the processing. If there is a matter we have decided not to deal with, any information related to it will be deleted immediately, but not later than by the end of the calendar year of our initial contact with you.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 14. Competitions

If you have entered a competition we are running, please take note of the following points.

1. What data do we process?

We will process you e-mail address, your answers in the competition and, when appropriate, other information depending on the nature of the competition (this will be made clear in the competition rules), and if you win the competition, we will also process your forename and surname, and your mailing address.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

1. to enable you to enter our competition,
2. to send you a prize if you win the competition,
3. to defend ourselves against potential claims related to your taking part in the competition.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t. It is voluntary. However, you will not be able to participate in the competition unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

1. to run the competition, which includes receiving and managing competition entries, communicating the results, selecting winners and sending prizes to them;
2. to defend ourselves against potential claims related to your taking part in our competition.

7. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. our postal and courier service providers (in the case of winners).

8. How long will we process your personal data?

1. If you are a winner in our competition, we will process your data for 6 (six) years of the end of the competition, as this is the statutory period after which any related claims will expire.
2. In other cases, we will delete your data immediately, not later than within 6 (six) months after the competition was decided.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 15. Media relations

If you work for the media and contact us for our comments or if we contact you in connection with our activities, please take note of the following points.

1. What data do we process?

We will process your forename and surname, your contact details (e-mail address and phone number), your affiliation (including previous ones) and, when appropriate, information about your past interactions with the Foundation.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

1. to answer your question or enquiry,
2. to establish or maintain relations with journalists,
3. to promote our activities defined in our constitutional documents by distributing press releases,
4. to analyse the efficiency of our communication and media mentions about us;
5. together with other information about you – to assess the effectiveness of our activities and, when appropriate, to personalise our communication.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Where do we get your personal data from?

We may receive your data directly from you if you have agreed to receive press releases from us. We may also receive your data from publicly available sources (such as your media company’s website) or from other media organisations or media people.

5. Do you have to provide us with your data?

No, you don’t. It is voluntary. However, we will not be able to distribute press releases to you and maintain communication continuity unless you provide your data.

6. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are:

1. to promote our activities defined in our constitutional documents by distributing press releases, answering media enquiries and maintaining media relations;
2. to improve our activities by analysing the efficiency of our communication.

8. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. the provider of PR services – as and when appropriate.

9. How long will we process your personal data?

We will send you press releases until you unsubscribe. We will process your data and the information about the subscription being cancelled:

1. for five (5) years of the end of the calendar year in which you made your donation to us or supported us with the 1.5% of your tax
2. for one year of the end of the calendar year in which our CRM system recorded our last interaction with you other than mentioned above (e.g. sending a press release, participation in a competition),

unless we receive your prior objection.

10. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 16. Attending events which require registration

If you have chosen to attend one of our events which require registration (such as short courses or conferences), please take note of the following points.

1. What data do we process?

We will process your forename and surname or your pseudonym, your e-mail address and other information to the extent required by the nature of the event (such as a short course) or our agreement with a grant provider.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

1. to enable you to register to attend our events;
2. together with other information about – to assess the effectiveness of our activities and, when appropriate, to personalise our communication;
3. to fulfil the reporting requirements.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t. It is voluntary. However, you will not be able to attend an event which requires registration unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data:

1. to enter into and comply with our agreement with you (e.g. for a training) (Article 6(1)(b) of the GDPR);
2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interest is:

1. to improve our activities by analysing the efficiency of our communication and maintain relationships;
2. to comply with the requirements set by our grant donors.

7. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. the co-organisers of an event (when applicable),
4. the grant donors funding the event, if the provision of data is a requirement under our agreement with them;
5. in case of an online event – to the videoconferencing platform operator and, in certain situations, the platform used to live stream the event.

8. How long will we process your personal data?

We will process your data:

1. for five (5) years of the end of the calendar year in which you made your donation to us or supported us with the 1.5% of your tax;
2. for one year of the end of the calendar year in which our CRM system recorded our last interaction with you other than mentioned above (e.g. participation in a competition),

unless we receive your prior objection.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

No.

§ 17. Speaking on the Panoptykon 4.0 podcast

Whenever you are invited to speak on the Panoptykon 4.0 podcast, please take note of the following points.

1. What data do we process?

We will process your forename and surname, voice, your contact details, affiliation, and – when appropriate – a picture, a brief biographical note about you and any information you give us on the podcast.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

1. to invite you to speak on the Panoptykon 4.0 podcast and to publish the podcast featuring you on our website, on the web pages of the Tok FM radio station, on our YouTube channel, on streaming platforms, including Spotify and Apple Podcasts, and to promote it on Social Media;
2. together with other information about you – to assess the effectiveness of our activities and, when appropriate, to personalise our communication.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Do you have to provide us with your data?

No, you don’t. It is voluntary. However, you will not be able to speak on the Panoptykon 4.0 podcast unless you provide your data.

5. What are the legal grounds we rely on to process your data?

We process your data:

1. based on Article 6(1)(a) of the GDPR), that is your consent to participate in the podcast and publish your image – remember that you can withdraw your consent at any time; however, before you withdraw your consent, your data are processed legally;
2. based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

6. What is our legitimate interest?

Our legitimate interests are:

1. to approach you with an invitation to speak on the podcast,
2. to improve our activities by analysing the efficiency of our communication.

7. Who will we share your data with?

We will share your data with:

1. the providers of IT services to the Foundation;
2. the providers of server space;
3. the graphic designer working on materials to promote the podcast if a picture of you or your forename and surname are used in the materials;
4. the podcast produces (Tok FM radio);
5. the podcast recording platform;
6. the streaming platforms (including Spotify and Apple Podcasts);
7. the Social Media.

8. How long will we process your personal data?

We will process your data until you withdraw your consent or until we receive your objection to the processing. The withdrawal of your consent will not affect the lawfulness of our processing of your data before the withdrawal.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

Your data will be transferred outside the EEA due to the publication of the podcast on YouTube, Spotify and Apple Podcasts – according to the regulations provided by these platforms.

§ 18. Interactions via our social media accounts

If you are following us on any Social Media or if our advertisements or sponsored posts are displayed on your device, please take note of the following points.

1. What data do we process?

We will process your user name, forename, surname, and profile picture (if such information is displayed on your profile page), the date when you started to follow us, your comments and reactions to our content, and all other information you may give us via such channels, as well as any data that the social medium concerned processes for statistical purposes. If advertising content is targeted at you, we will process your age category, sex, location (town/city) and your interests/hobbies.

2. Why do we need your data? What is the purpose of our processing of your data?

We will process your data:

1. to interact with you via our Social Media channels, which includes answering your private messages and engaging in discussions with you following your comments on our posts;
2. to promote our activities through Social Media posts, including advertising content and sponsored posts targeted at particular groups of users of a particular Social Medium;
3. to gather statistics, which involves Social Media operators providing us statistics for the number of impressions for our posts, the post reach, the number of interactions, demographic information about our followers; such information is statistical (we cannot identify the person), but it is gathered by observing your behaviour on Social Media.

3. What are your rights?

Your rights are described in paragraphs 4 and 5 of the Policy.

4. Where do we get your personal data from?

We will receive such data from you when you start following us on Social Media or otherwise first interact with us. In the case of targeted advertising, we may receive your data from the Social Media where such advertising content is displayed for us, such as Meta Platforms Ireland Limited or Google Ireland Limited.

We will provide your data to the Social Media where we have our accounts, i.e. Meta Platforms Ireland Limited, Google Ireland Ltd., Twitter International Unlimited Company, Wykop sp. z o.o., LinkedIn Ireland Unlimited Company.

5. Do you have to provide us with your data?

No, you don’t. It is voluntary, but once you interact with us on any of our Social Medial profile pages, we will have access to your user name (or your forename and surname) and, when applicable, your profile image.

6. What are the legal grounds we rely on to process your data?

We process your data based on Article 6(1)(f) of the GDPR, which is our legitimate interest.

7. What is our legitimate interest?

Our legitimate interests are to answer your messages and comments, to communicate our activities, to promote the Foundation, and to review statistics for our Social Media channels.

8. How long will we process your personal data?

We will process your data as long as you follow our accounts or interact with us. Please note that you can always delete your comments on our posts, stop following us or delete your Social Media account.

9. Will we transfer your personal data outside the European Economic Area (EEA)?

Some Social Media we use transfer your data outside the European Economic Area, including to countries which, according to the European Commission, do not have an adequate level of personal data protection. In such situations, your personal data is transferred on a legal basis provided for in the GDPR.

PART III. INFORMATION ABOUT COOKIES

We install cookies only to ensure that online forms work properly and to record the fact that you have completed the form on the crm.panoptykon.org website and whenever you subscribe to Cyfrowa Wyprawka mailing list, send us a competition entry, register to attend an event, complete a survey, and when you are redirected to the Polcard online payment system.