Privacy Policy

Fundacja Dwóch Serc (Two Hearts Foundation)
1. General Information

This Privacy Policy sets out the rules for processing personal data of users of the Fundacja Dwóch Serc website, which is built on the WordPress content management system (hereinafter referred to as the “Website”), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR).

The data controller is:

Fundacja Dwóch Serc
KRS: 0001028832
NIP: 5214013379
REGON: 524912623
Registered office: ul. Bobrowiecka 10 m. 63, 00-728 Warsaw, Poland

For matters concerning the processing of personal data, please contact us by e-mail at:

biuro@fundacjadwochserc.org

This Policy applies to the website of Fundacja Dwóch Serc.

2. Scope of Data Processed

The Controller processes users’ personal data only to the extent necessary for the proper functioning of the Website and for handling enquiries directed to the Foundation.

The scope of data processed may include:

  • the user’s IP address,
  • technical data related to the use of the Website (browser type, operating system, cookies),
  • data provided voluntarily in the contact form, in particular: first name (if provided), email address, and the content of the message.
3. Contact Form

The Website allows users to contact the Foundation via a contact form. Providing personal data is voluntary, but necessary in order to receive a response to your enquiry.

The content of messages sent through the contact form may contain information about the user’s personal situation. Such information may constitute special category data within the meaning of Article 9 of the GDPR.

Special category data is processed solely for the purpose of handling the enquiry and conducting correspondence, and only on the basis of the user’s explicit consent, given by ticking a separate checkbox in the contact form.

4. Legal Basis for Processing

Personal data is processed on the following legal bases:

  • Article 6(1)(f) GDPR – the legitimate interests of the Controller, consisting in maintaining the Website and handling correspondence addressed to the Foundation,
  • Article 6(1)(c) GDPR – compliance with legal obligations to which the Controller is subject,
  • Article 9(2)(a) GDPR – explicit consent of the data subject, in the case of special category data contained in the message content.
5. Data Retention Period

Personal data is stored for the period necessary to achieve the purpose for which it was collected, in particular until the completion of correspondence with the user.

Once correspondence has ended, data may be retained for the period required by law or until the limitation period for any potential claims expires.

Special category data contained in messages is not stored for longer than is necessary to handle the enquiry.

6. Recipients of Data

Personal data may be disclosed only to persons authorised by the Controller and bound by confidentiality, in particular:

  • members of the Foundation’s Management Board,
  • program coordinators,
  • psychologists cooperating with the Foundation,
  • entities providing IT, hosting, and technical support services to the Controller, under data processing agreements.

In connection with the use of analytical and marketing tools, data may be transferred to third countries on the basis of appropriate safeguards compliant with the GDPR, in particular standard contractual clauses or other valid legal mechanisms.

7. Rights of Data Subjects

Individuals whose personal data is processed have the right to:

  • access their data,
  • rectify their data,
  • erase their data,
  • restrict processing,
  • data portability,
  • object to processing (where processing is based on the Controller’s legitimate interest),
  • withdraw consent at any time (where processing is based on consent),
  • lodge a complaint with the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych).
8. Cookies and WordPress Technologies

The Website uses cookies that are essential for its proper functioning. With the user’s consent, it also uses analytical and marketing cookies.

The Website may use the following analytical and marketing tools:

  • Google Analytics,
  • Meta (Facebook) Pixel.

Analytical and marketing cookies are used only after the user has given consent via the cookie consent management banner. This consent may be withdrawn at any time.

Users can also manage cookie settings through their web browser.

9. Data Security

The Controller applies appropriate technical and organisational measures to protect personal data, in particular against unauthorised access, loss, destruction, or unauthorised modification.

The Website uses an SSL certificate and an up-to-date WordPress system.

10. Changes to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy in the event of changes to the law, the scope of the Foundation’s activities, or the way the Website functions. The current version of the Privacy Policy is always published on the Website.

Kindly note that this document is a translation of the original and legally binding document in Polish.