§1 Definitions
Service – the website “obpolska.pl” operating at the address https://obpolska.pl
External service – websites of partners, service providers, or service recipients cooperating with the Administrator
Service Administrator / Data – The Service Administrator and Data Administrator (hereinafter referred to as the Administrator) is the company “Fundacja Operation Blessing Polska”, conducting business at the address: Hoża 86 / 410, 00-682 Warszawa, with a tax identification number (NIP): 5252917083, with a National Court Register number (KRS): 0000984255, providing electronic services through the Service
User – an individual for whom the Administrator provides electronic services through the Service.
Device – an electronic device with software through which the User accesses the Service
Cookies – text data collected in the form of files placed on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Personal data – mean information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing – means marking stored personal data with the aim of limiting their processing in the future
Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
Consent – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
Pseudonymization – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Anonymization – Data anonymization is an irreversible process of data operations that destroys / overwrites “personal data” preventing its identification, or linking a specific record with a particular user or natural person.
§2 Data Protection Officer
In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, please contact the Administrator directly.
§3 Types of Cookie Files
Internal cookies – files placed and read from the User’s Device by the service teleinformatics system
External cookies – files placed and read from the User’s Device by external service teleinformatics systems. Scripts of external services that may place cookies on the User’s Device have been consciously placed on the Service through scripts and services available and installed on the Service
Session cookies – files placed and read from the User’s Device by the Service during one session of that Device. After the session ends, the files are removed from the User’s Device.
Persistent cookies – files placed and read from the User’s Device by the Service until they are manually deleted. The files are not automatically deleted after the Device session ends unless the User’s Device configuration is set to delete cookie files after the Device session ends.
§4 Data Storage Security
Cookie file storage and reading mechanisms – Mechanics of storing, reading, and exchanging data between Cookie Files stored on the User’s Device and the Service are carried out through built-in mechanisms of internet browsers and do not allow for downloading other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. Transferring viruses, trojans, and other worms to the User’s Device is also practically impossible.
Internal cookies – Cookie files used by the Administrator are safe for User Devices and do not contain scripts, content, or information that could threaten the security of personal data or the security of the User’s Device.
External cookies – The Administrator takes all possible actions to verify and select service partners in terms of User security. The Administrator selects well-known, large partners with a global social trust for cooperation. However, the Administrator does not have full control over the content of cookie files from external partners. The Administrator is not responsible for the security of cookie files, their contents, and their licensed use by scripts installed on the Service from external partners, to the extent allowed by law. A list of partners is included in the further part of the Privacy Policy.
Cookie control
The User can change settings regarding the storage, deletion, and access of cookie file data by any website at any time
Information on how to disable cookies in the most popular computer browsers is available on the following page: how to disable cookies or at one of the designated providers:
Managing cookies in Chrome browser
Managing cookies in Opera browser
Managing cookies in Firefox browser
Managing cookies in Edge browser
Managing cookies in Safari browser
Managing cookies in Internet Explorer 11 browser
The User can delete all cookie files saved so far at any time using the tools of the User’s Device through which the User uses the Service.
User-side threats – The Administrator employs all necessary technical measures to ensure the security of data placed in cookie files. However, it should be noted that the security of this data depends on both parties, including the User’s activities. The Administrator is not responsible for the interception of this data, impersonation of the User’s session, or their deletion due to the conscious or unconscious activities of the User, viruses, trojans, and other spyware that may infect the User’s Device. Users should follow internet usage guidelines to protect themselves from these threats.
Storage of personal data – The Administrator ensures that all efforts are made to process personal data voluntarily provided by Users securely, with limited access, and in accordance with their intended purposes and processing goals. The Administrator also ensures that all efforts are made to secure the data held against loss through the use of appropriate physical and organizational security measures.
§5 Purposes for which cookie files are used
Improvement and facilitation of access to the Service
Personalization of the Service for Users
Conducting statistics (users, number of visits, types of devices, etc.)
Serving multimedia services
Providing social services
§6 Purposes of processing personal data
Personal data voluntarily provided by Users are processed for one of the following purposes:
Provision of electronic services:
Newsletter services (including sending advertising content with consent)
Communication between the Administrator and Users regarding the Service and data protection
Ensuring the legitimate interests of the Administrator
Anonymously and automatically collected User data are processed for one of the following purposes:
Conducting statistics
Ensuring the legitimate interests of the Administrator
§7 Cookie Files of External Services
The Administrator uses JavaScript scripts and web components of partners in the Service that may place their own cookie files on the User’s Device. Remember that you can decide on the allowed cookie files that can be used by individual websites by changing the settings of your browser. Below is a list of partners or their implemented services in the Service that may place cookie files:
Multimedia services:
YouTube
Social/linked services:
(Registration, Login, content sharing, communication, etc.)
Twitter
Facebook
Newsletter services:
MailChimp
Statistic services:
Google Analytics
Other services:
Google Maps
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, data processing objectives, and ways of using cookie files at any time.
§8 Types of collected data
The service collects data about Users. Some data is collected automatically and anonymously, while some data is personal data voluntarily provided by Users when signing up for various services offered by the Service.
Anonymously collected data automatically:
IP address
Browser type
Screen resolution
Approximate location
Pages visited on the website
Time spent on specific pages of the website
Operating system type
Previous page address
Referral page address
Browser language
Internet connection speed
Internet service provider
Data collected during registration:
First name / last name / pseudonym
Username
Email address
IP address (collected automatically)
Data collected when subscribing to the Newsletter service:
First name / last name / pseudonym
Email address
IP address (collected automatically)
Data collected when adding a comment:
First name and last name / pseudonym
Email address
Website address
IP address (collected automatically)
Some data (without identifying information) may be stored in cookies. Some data (without identifying information) may be shared with statistical service providers.
§9 Access to personal data by third parties
As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or sold to third parties.
Entities responsible for maintaining the infrastructure and services necessary for running the service, such as hosting companies, newsletter service providers, or online payment intermediaries, may have access to the data (often based on a data processing agreement).
Data processing for the Newsletter service
In order to provide the Newsletter service, the Administrator uses the services of a third party – MailChimp. Data entered in the newsletter subscription form is transmitted, stored, and processed by this external service provider.
It should be noted that the partner mentioned above may modify their privacy policy without the Administrator’s consent.
Data processing for Hosting, VPS, or Dedicated Servers
To run the service, the Administrator uses the services of an external hosting provider, VPS, or Dedicated Server provider – OVH sp. z o.o. All data collected and processed by the service is stored and processed within the infrastructure of the service provider located within the European Union. Access to this data is regulated by an agreement between the Administrator and the Service Provider.
Processing of data for online payments
In the case of online payments, all payment-related data is directly transmitted by the User to the payment processor – Przelewy24.pl. Selected data necessary for transaction processing is then passed on to the Administrator by this entity. The transfer of data is regulated by an agreement between the Administrator and the Service Provider.
§10 Method of processing personal data
Personal data voluntarily provided by Users:
Personal data will not be transferred outside the European Union unless published as a result of individual User action (e.g. commenting), making the data available to anyone visiting the website.
Personal data will not be used for automated decision-making (profiling).
Personal data will not be sold to third parties.
Anonymously collected data automatically:
Anonymous statistical data, not considered personal data, will be transferred outside the European Union.
Anonymous statistical data will not be used for automated decision-making (profiling).
Anonymous statistical data will not be sold to third parties.
§11 Legal basis for the processing of personal data
The service collects and processes User data based on:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
art. 6 (1) (a)
the data subject has given consent to the processing of their personal data for one or more specified purposes
art. 6 (1) (b)
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
art. 6 (1) (f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
Act of 10 May 2018 on the protection of personal data
Telecommunications Law of 16 July 2004
Act of 4 February 1994 on copyright and related rights
§12 Period of processing personal data
Personal data voluntarily provided by Users:
As a rule, the personal data provided is stored only for the duration of the Service provided within the Service by the Administrator. They are deleted or anonymized within 30 days from the end of the service provision (e.g. deletion of a user account, unsubscribing from the newsletter, etc.)
An exception is a situation that requires the protection of the legitimate interests of further processing of this data by the Administrator. In such a situation, the Administrator will retain the data indicated, from the time of the User’s request for deletion, for no longer than 3 years in the event of a violation or suspicion of a violation of the service regulations by the User.
Anonymously collected data automatically:
Anonymous statistical data, not considered personal data, is stored by the Administrator for the purpose of conducting service statistics for an indefinite period.
§13 User rights related to the processing of personal data
The service collects and processes User data based on:
Right to access personal data
Users have the right to access their personal data, which is carried out upon request made to the Administrator.
Right to rectify personal data
Users have the right to request the correction of incorrect or incomplete personal data from the Administrator, upon request made to the Administrator.
Right to erase personal data
Users have the right to request the immediate deletion of personal data from the Administrator, upon request made to the Administrator. In the case of user accounts, data deletion involves anonymizing data that could identify the User. The Administrator reserves the right to delay the deletion of data to protect the legitimate interests of the Administrator (e.g. if the User has violated the Terms and Conditions or the data was obtained through correspondence).
In the case of the Newsletter service, Users have the option to delete their personal data themselves using the link provided in each email message.
Right to restrict the processing of personal data
Users have the right to restrict the processing of personal data in cases specified in art. 18 of the GDPR, e.g. questioning the accuracy of personal data, which is carried out upon request made to the Administrator.
Right to data portability
Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used, machine-readable format, which is carried out upon request made to the Administrator.
Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in cases specified in art. 21 of the GDPR, which is carried out upon request made to the Administrator.
Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.
§14 Contact with the Administrator
You can contact the Administrator in one of the following ways:
Mailing address – Operation Blessing Poland Foundation, Hoża 86 / 410, 00-682 Warszawa
Email address – Info@obpolska.pl
Phone call – +48 603 813 330
Contact form – available at: /contact
§15 Service requirements
Limiting the storage and access to Cookie files on the User’s Device may cause some functions of the Service to not work correctly.
The Administrator is not responsible for any malfunctions of the functions of the Service if the User limits the ability to store and read Cookie files in any way.
§16 External links
In the Service – articles, posts, entries, or User comments may contain links to external websites that the Service Owner does not collaborate with. These links and the pages or files linked to them may be dangerous to your Device or pose a threat to the security of your data. The Administrator is not responsible for the content outside the Service.
§17 Changes in Privacy Policy
The Administrator reserves the right to change this Privacy Policy without informing Users in terms of the use and utilization of anonymous data or the use of cookies.
The Administrator reserves the right to change this Privacy Policy regarding the processing of Personal Data, informing Users with user accounts or subscribed to the newsletter service via email within 7 days of the changes. Continued use of the services indicates acknowledgment and acceptance of the changes to the Privacy Policy. If a User does not agree with the changes, they are required to delete their account or unsubscribe from the Newsletter service.
Any changes to the Privacy Policy will be published on this subpage of the Service.
Changes to the Privacy Policy come into effect upon publication.