PRIVACY POLICY

The Privacy Policy is for users of https://donboscomakululu.org website.

Who is the Privacy Policy applicable to?
The Privacy Policy is applicable to the users of website located under the domain https://donboscomakululu.org run by Don Bosco Makululu Foundation with its registered office in Warsaw at 30 lok.302 Mikolaja Kopernika Street, KRS: 0001103865; NIP: 5253003497; REGON: 528661738, which is its sole owner.

On the basis of what legal provisions are your personal data processed or may be?
The rules regarding the protection of personal data have been specified in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), the Act of the Protection of Personal Data of 10 May 2018 and in special acts (lex specialis) in the national order.

Who is a controller of the personal data?
We hereby inform that the controller of personal data is Don Bosco Makululu Foundation with its registered office in Warsaw at 30 lok.302 Mikolaja Kopernika Street, KRS: 0001103865; NIP: 5253003497; REGON: 528661738. Inquiries regarding the protection of personal data should be sent by post to the address mentioned above or by e-mail to the contact@donboscomakululu.org

What are the purposes and range of processing your personal data? What is the target of providing personal data?
We hereby inform that personal data is or may be processed for the following purposes and range:
a) for purposes related to the conclusion and implementation of the provisions of the contract where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR). The scope of services included in the contract is specified in the statute of the provision of services and includes enabling the user to make a donation for the purpose indicated by the user. In this case the scope of processed data includes: name, surname, e-mail address, telephone number, donation amount. Providing the data is contractual otherwise it is not possible to conclude a contract.
b) Processing of personal data is based not only on point a (above) but also on Article 6 (1)(c) GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject and Article 6 (1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller – it is necessary since the controller i.e. Salesian Missionary Foundation „Don Bosco” is obliged to issue a confirmation of a donation you have made;
c) in order to send the newsletter – in the case of users who have agreed to receive it. The legal basis for the processing of personal data is Article 6 (1)(a) GDPR i.e. the data subject has given consent to the processing of his or her personal data. In this case the scope of processed data includes e-mail address. If there is any personal data in the e-mail address, e.g. name or surname, this data is also included.
d) for contact purposes, i.e. providing answers, feedback to your questions on matters related to the activities of the Salesian Missionary Foundation. The legal basis for the processing of personal data is legitimate interests pursued by the controller (Article 6 (1)(f) GDPR). The legitimate interest of the controller is considered to be answer to your questions. In this case the scope of processed data may include: name, surname, e-mail address, telephone number or possibly other data provided in the inquiry. Providing data is voluntary however not doing that will result in the inability to provide an answer and/or feedback to your question.
e) for purposes related to the investigation of claims related to the contract. The legal basis for the processing of personal data is legitimate interests pursued by the controller (Article 6 (1)(f) GDPR), where the legitimate interest of the controller is the processing of the personal data in connection with the controller’s necessity to investigate data claims in relation to the concluded contract.
Information on changing the purpose of processing the personal data
We hereby inform that the controller of the personal data is not going to process the personal data in any other purpose than the personal data was collected. In a case of change, the controller of the personal data informs the data subject about another purpose before further processing. Moreover, the controller provides the data subject with any other relevant information referred to in Article 13 GDPR and when it is required under applicable law – is obliged to obtain the consent.

What is the source of the data?
Personal data is provided directly from the data subject, i.e. it is obtained directly from you.

How long will your personal data be processed according to the time principle?
a) for contact purposes, i.e. providing answers, feedback to your questions – until you provide feedback, and in case of further questions – until comprehensive information is provided;
b) for the purposes related to the conclusion and implementation of the provisions of the contract – for the duration of the contract;
c) for the purposes related to sending newsletter – from the moment you consent to receiving it until you withdraw your consent to receive it;
d) for purposes related to investigating claims in connection with the contract – during the time specified in applicable law, entitling to pursue claims in connection with the concluded contract, but not longer than for 10 years.
Information about recipients of personal data and categories of recipients

We hereby inform that the personal data may be:
a) entrusted to processing within the meaning of Article 28 GDPR to processors – i.e. entities to which the controller entrusts data in connection with necessity of providing services under the concluded contract. Processors are e.g. entities providing services in the field of marketing activities, accounting and financial services, in the IT area. The list of entities to which personal data is entrusted is available at the link https://donboscomakululu.org/lista-procesorow/
b) disclosed to state authorities under applicable law,
Transferring your personal data to a third country (i.e. outside the EEA)

  1. We hereby inform that in connection with the services provided to you, personal data is or may be transferred outside the EEA (European Economic Area), i.e. to a third country.
  2. Information on the list of entities outside the EEA to which personal data is disclosed is available at the link https://donboscomakululu.org/lista-procesorow/

What are the rights of the data subject?
We hereby inform that the data subject has the right to demand from the controller the access to the personal data of the data subject, rectify it, delete it or limit processing and the right to object the processing as well as the right to transmit data.

Who is the supervisory authority?
We hereby inform that the supervisory authority in the matter of protection of personal data is the President of the Personal Data Protection Office. We hereby inform about the right to lodge a complaint with the supervisory authority i.e. President of the Personal Data Protection Office with its registered office in Warsaw (00-193) at Stawki 2 Street, www.uodo.gov.pl
Information on automated processing including profiling

  1. We hereby inform that the personal data are not liable to automated decision making, including profiling within the meaning of article 22 GDPR.
  2. We hereby inform that by entering the data controller’s website cookies have been used. Full particulars on the cookies used by the controller are available at https://donboscomakululu.org/cookies-policy-donboscomakululu/
    How do we protect personal data?
    We hereby inform that in order to protect privacy and personal data the controller of the data has implemented appropriate technical and organizational measures to ensure the security of personal data processing.