I. General Provisions
This privacy policy contains information on the processing and protection of personal data of persons using the website ifp.org.pl that is hosted by the Foundation Instytut Finansów Publicznych, hereinafter referred to as the “Foundation” with its registered office in Warsaw.
The Foundation cares about privacy and ensures a high standard of protection of personal data of Website Users. The administrator of personal data, whose rules of processing are described below, is the Foundation.
II. Glossary
Foundation: “Institute of Public Finance Foundation ” with its registered office in Warsaw at 12 Tyniecka Street 2/3, entered into the register of associations, other social and professional organizations, foundations and independent public health care institutions of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division, under KRS number 0001012233, NIP 5214002111, REGON 524255154.
Website: website with all functionalities at www.ifp.org.pl
User: a person using the Website
Policy: this privacy policy
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
III. Data collected via the Website
The Foundation respects the privacy of people using the Website and therefore collects personal data only to the extent that it is necessary for the efficient functioning and management of the Foundation’s website and uses them only for this purpose.
IV. Policy on collecting data
As a result of using the Website, the Foundation may process the following personal data: e-mail address.
In all matters related to the protection of personal data, you can contact us by regular mail to the Foundation’s address or electronically at: biuro@ifp.org.pl
Providing data by the User is voluntary, however, it may be necessary to use the functionality of the Website.
While realizing its statutory activity, the Foundation uses contacts of people interested in the areas of our activity. This is the Foundation’s internal database, which is used to:
- informing about publications and current work of the Foundation;
- inviting and confirming attendance at events organized or co-organized by the Foundation;
- informing about campaigns and actions undertaken by the Foundation;
- establishing and maintaining contacts with media representatives.
V. Data recipients
- In our activities, we adhere to the highest ethical standards and care about protecting the privacy of people who have entrusted us with their data. The recipients of the Website Users’ personal data may be employees and associates of the Foundation who have been duly authorized and trained to process Users’ personal data.
- The personal data we store is shared with:
-
- companies or entities with whom we have signed data processing agreements. These entities are, among others: entities that provide to us a service of IT system maintenance, a service of printing and mailing our letters and information materials, that conduct educational and information campaigns regarding the statutory objectives of the Foundation. These entities have access to the data entrusted to them only for the purpose of carrying out our assignment based on the agreement on entrusting the processing of personal data. The recipients of personal data will be the following external entities cooperating with the Administrators:
- internet domain provider;
- newsletter service provider;
- companies providing tools for analyzing activity on the Website using direct marketing to Website users (e.g. Google Analytics);
- company providing accounting and legal services (etc.) authorized to obtain personal data on the basis of applicable law.
- companies or entities with whom we have signed data processing agreements. These entities are, among others: entities that provide to us a service of IT system maintenance, a service of printing and mailing our letters and information materials, that conduct educational and information campaigns regarding the statutory objectives of the Foundation. These entities have access to the data entrusted to them only for the purpose of carrying out our assignment based on the agreement on entrusting the processing of personal data. The recipients of personal data will be the following external entities cooperating with the Administrators:
- In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable provisions of law or a final decision.
VI. Transfer of personal data to a third country
Due to the Administrator’s use of tools such as Google Analytics or Facebook Pixel, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, Korea South, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:
- in the case of Great Britain, Canada, Israel and Japan – decisions of the European Commission stating an adequate level of personal data protection in each of the above-mentioned third countries;
- for the US, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia, adequacy contractual clauses in line with the standard contractual clauses set out in the Commission Implementing Decision ( EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.
You can obtain from the Administrator a copy of the data transferred to a third country.
VII. Legal basis and purpose of data processing
Using the Website and services provided by the Administrators requires the processing of your personal data. Below you will find detailed information about the purposes and legal grounds for processing, as well as the processing period and the obligation or voluntariness to provide them.
Purpose of processing | Processed personal data |
Legal basis
|
|
Contact form | email address | article 6 sec. 1 lit. a GRDP – consent of the person whose data is processed |
Providing the above personal data is voluntary, but necessary in order to receive a response to the message sent (the consequence of not providing them will be the inability to receive a response). The administrator will process the above personal data until consent is withdrawn. |
Maintaining the Administrator’s profiles on Facebook, Instagram, LinkdedIn and YouTube (hereinafter jointly: “Sites”) |
1. your profile name 2. the data that is posted on your profile as public |
article 6 sec. 1 lit. a GDPR (processing is necessary to implement the Administrator’s legitimate interest, in this case, keeping profiles on the Sites) |
Providing of the above personal data is voluntary, but necessary for you to use the Administrator’s profile on a given Sites (the consequence of not providing them will be the inability to use the Administrator’s profile. The Administrator will process the above-mentioned personal data until an effective objection is raised or the purpose of processing is achieved. The Administrator informs that he processes personal data processed for the purpose described above only in the scope of your use of the Administrator’s profile 1, and in the scope of other use by you of: 1. Facebook and Instagram – your personal data is processed by Meta Platforms Ireland Limited based on its regulations and privacy policy 2. LinkedIn website – your personal data is processed by LinkedIn Ireland Unlimited Company based on its regulations and privacy policy; 3. YouTube – your personal data is processed by Google LLC based on its regulations and privacy policy; All questions and claims arising from your other use of the Services should be addressed directly to the above-mentioned entities. |
Organizing an event (on-site or online) and enabling you to participate |
1. name and surname; 2. e-mail address; 3. optional – other contact details; 4. details of the organization you belong to; 5. answers to the questions in the registration form |
article 6 sec. 1 lit. b GDPR (processing is necessary to perform the contract for participation in the event concluded with the person that the data refers to or to take up the steps in order to conclude the contract) | Providing the above personal data is a condition for concluding and performing the contract for participation in the event (their provision is voluntary, but the consequence of not providing them will be the inability to participate in the event). The administrator will process the above personal data unitl the time of limitation of claims arising from the contract for participation in the event. |
Conclusion and performance of the Agreement for the delivery of the Newsletter | email address | article 6 sec. 1 lit. b of the GDPR (processing is necessary to perform the Agreement for the provision of the Newsletter concluded with the data subject, or to take action to conclude it) and art. 6 sec. 1 lit. f GDPR (processing is necessary in order to implement the legitimate interest of Administrator 1, in this case informing about news and promotions) |
Providing the above personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing it will be the inability to receive the Newsletter). The administrator will process the personal data from the time of effective objection or achievement of the purpose of processing, or until the statute of limitations for claims under the Agreement for the provision of the Newsletter (depending on which of the above-mentioned events occurs first). |
Determination, investigation or defense against claims |
1. name and surname/company; 2. e-mail address; 3. address of residence/registered office; 4. PESEL/KRS number; 5. tax identification number. |
article 6 sec. 1 lit. f of the GDPR (processing is necessary to implement the Administrator’s legitimate interest, in this case to establish, investigate or defend against claims that may arise in connection with the provision of services or the use of the Website) | Providing of the above personal data is voluntary, but necessary to determine, investigate or defend against claims that may arise in connection with the provision of services or the use of the Website (the consequence of not providing the above-mentioned data will be the Administrator’s inability to take the above-mentioned actions) The Administrator will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the provision of services or the use of the Website. |
Analysis of your activity on the Website |
1. date and time of the visit; 2. device IP number; 3. type of device operating system; 4. approximate location; 5. type of web browser; 6. time spent on the Website; 7. visited subpages and other actions taken within the Website. |
article 6 sec. 1 lit. f GDPR (processing is necessary to implement the legitimate interest of the Joint Controllers, in this case obtaining information about your activity on the Website) |
Providing of the above personal data is voluntary, but necessary in order for the Joint Controllers to obtain information about your activity on the Website (the consequence of not providing it will be the Joint Controllers’ inability to obtain the above-mentioned information). The joint controllers will process the above-mentioned personal data until the objection is successfully raised or the purpose of processing is achieved. |
Website administration |
1. IP address; 2. server date and time; 3. information about the web browser; 4. operating system information. |
article 6 sec. 1 lit. f GDPR (processing is necessary to implement the Administrator’s legitimate interest, in this case to ensure the proper operation of the Website) |
The above data is automatically saved in the so-called server logs each time you use the Website (administering them without the use of server logs and automatic saving would not be possible). Application of the above personal data is voluntary, but necessary to ensure the proper operation of the Website (the consequence of not providing them will be the inability to operate the Website properly). The joint controllers will process the above-mentioned personal data until the objection is successfully raised or the purpose of processing is achieved. |
Adding comments on the Website |
1. name; 2. e-mail address; 3. IP number. |
article 6 sec. 1 lit. a GDPR (personal data processing is based on consent) |
Providing the above personal data is voluntary, but necessary in order to add a comment (the consequence of not providing them will be the inability to add a comment). The administrator will process the above personal data until the consent is withdrawn (deletion of the comment). |
VIII. Users’ rights related to data processing
- In connection with the processing of personal data, a User has the right to:
- access to data – the Foundation is obliged to provide a User with all information about the method and scope of the User’s personal data being processed;
- rectification of data – if a User believes that the data is incorrect or incomplete, he may request their rectification by the Foundation;
- deletion of data – a User is entitled to request the deletion of his personal data, and the Foundation is obliged to comply with the request if it is legally justified;
- restrictions on the processing of personal data – a User is entitled to request the restriction of the processing of his personal data in cases specified in the regulations;
- transfer of personal data – a User is entitled to request the transfer of personal data by the Foundation in a structured, commonly used machine-readable format, only if the processing took place on the basis of a contract or consent and was carried out automatically);
- objection to data processing – a User may object to the processing of his personal data on the basis of a legitimate interest or for statistical purposes (due to his particular situation) or to the processing of data for direct marketing purposes.
- In order to exercise the rights, you can contact the Foundation electronically at the following address: biuro@ifp.org.pl
- If it is found that there has been a violation of the provisions on the protection of personal data, a User has the right to submit a complaint to the President of the Office for Personal Data Protection with its registered office in [00-193] Warsaw at 2 Stawki Street.
IX. Data deletion request
If you request removal of your data from our contact database or you object to their processing, we will remove your data from the database and we will not send you information that you do not want. A user should submit a request to delete data by sending an e-mail to: biuro@ifp.org.pl
X. Scope and change of our website’s privacy policy
- The described privacy protection rules apply only to websites in the ifp.org.pl domain. We are not responsible for the privacy policies of other websites linked to our website.
- We reserve the right to change the above privacy policy by publishing its new version on our website.
XI. Cookie Provisions
- The ifp.org.pl website uses text files commonly referred to as cookies (cookies) in order to obtain statistical information about the traffic and activity of Users and the way the Website is used, e.g. in order to adapt the Website to the needs of users. Cookies are used to collect information on how to use our Website and the correct configuration of the website, as well as to remember the User’s settings.
- The website uses cookies for statistical purposes using Google Analytics, subject to Google’s Privacy Policy. Cookies stored from 1 minute to 2 years are used for analysis, research and audience audit, and in particular to create anonymous statistics that show how website users use the Website.
- We use marketing tools on the Website, such as Facebook Pixel, which allows us to target people who visit our website with personalized Facebook ads. This involves the use of Facebook cookies. More information about Facebook’s policy can be found on Facebook’s website. Each Facebook user can manage their personal privacy settings in their Facebook account.
- The Site may contain links to websites owned and operated by third parties (Facebook, YouTube, LinkedIn or Twitter). Third-party websites have their own privacy policies and use their own cookies. The Foundation is not responsible for cookies sent by other websites to which we publish links on the Website.
- The User may at any time disable the acceptance of cookies in their browser, however, the effect of such a change may be difficulties related to the operation of services provided via the Website. Due to the variety of available browsers and applications used to operate websites, managing cookies in different browsers looks different, therefore, before starting to use the Website, we recommend that you familiarize yourself with the method of managing privacy/security functions placed in the menu of the browser used by the User, and configuring them in the method preferred by the User.
XII. Profiling
In order to create your profile for marketing purposes and to address direct marketing to you (e.g. advertisements on the Facebook social network) tailored to your preferences, the Administrator will process your personal data in an automated manner, including profiling it – however, this will not cause any any legal consequences or similarly significantly affect your situation. The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity on the Website. The legal basis for the processing of personal data for the above purpose is art. 6 sec. 1 lit. f of the GDPR, according to which the Joint Controllers may process personal data in order to pursue their legitimate interest, in this case conducting marketing activities tailored to the preferences of recipients. Providing the above personal data is voluntary, but necessary for the implementation of the above purpose (the consequence of not providing them will be the Administrator’s inability to conduct marketing activities tailored to the preferences of recipients).
The administrator will process personal data for the purpose of profiling until the objection is successfully raised or the purpose of processing is achieved. Also remember that you can disable Facebook Pixel in the cookie popup.
XIII. Rights
In connection with the processing of personal data, you have the following rights:
- the right to information which personal data concerning you is processed by the Administrator and to receive a copy of this data (the so-called Right of Access). The release of the first copy of the data is free of charge, the Administrator may charge a fee for the next ones;
- if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request their rectification;
- in certain situations, you can ask the Administrator to delete your personal data, e.g. when:
- the data will no longer be needed by the Administrator for the purposes of which he informed you;
- you have successfully withdrawn your consent to data processing – unless the Administrator has the right to process data on a different legal basis;
- the processing is against the law;
- the need to delete the data results from the legal obligation imposed on the Administrator;
- in the event that personal data is processed by the Administrator on the basis of consent to processing or in order to perform the Agreement concluded with the Aministrator, you have the right to transfer your data to another administrator;
- in the event that personal data is processed by the Administrator on the basis of your consent to the processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal);
- if you decide that the processed personal data is incorrect, their processing is unlawful, or the Administrator no longer needs specific data, you can request that the Administrator does not make any operations, but only stores them;
- you have the right to object to the processing of personal data of which the basis for processing is the legitimate interest of the Administrator. In the event of an effective objection, the Administrator will stop processing personal data in the above-mentioned purpose;
- you have the right to submit a complaint to the President of the Office for Personal Data Protection when you consider that the processing of personal data violates the provisions of the GDPR.
XIV. Cookies
The administrator informs that the website uses “cookies” (cookies), installed on your end device. These are small text files that can be read by the Joint Controllers’ system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google).
The administrator uses cookies for the following purposes:
- ensuring the proper operation of the Website – thanks to cookies, it is possible to operate the Website efficiently, use the functions available on it and conveniently move between individual subpages;
- ensuring security – cookies are used to authenticate users and prevent unauthorized use of the customer’s account. They are therefore used to protect the user’s personal data against access by unauthorized persons;
- increasing the comfort of browsing the Website – thanks to cookies, it is possible to detect errors on some subpages and improve them constantly;
- maintaining the session state after logging in to the account – thanks to cookies, it is not required to provide authentication data on each viewed subpage, which is conducive to the comfort of using the Website;
- creating statistics – cookies are used to analyze how users use the Website (e.g. how many users visit it, how long they stay on it, which content arouses the greatest interest). Thanks to this, it is possible to constantly improve the Website and adapt its operation to user preferences.
- conducting marketing activities – thanks to cookies, the Administrator can direct advertisements to users tailored to their preferences.
Your administrator can place both permanent and temporary files on your device. Temporary files are usually deleted when the browser is closed, while closing the browser does not delete permanent files.
Information about cookies used by the Administrator is displayed in the panel at the bottom of the Website. Depending on your decision, you can enable or disable cookies for specific categories (except essential cookies) and change these settings at any time.
Data collected by using cookies do not allow the Administrator to identify you.
The administrator uses the following tools that use cookies:
- necessary cookies of the Website – these files enable the proper and safe functioning of the Website (they are used, among others, to adjust the layout of the website to the screen of the device), therefore turning them off is not possible (the operation of these files is a condition for using the Website website). Necessary cookies remain on your end device for up to 1 year;
- Google Analytics – this tool (using cookies provided by Google LLC) enables the collection of statistical data on how users use the website, including about the number of visits, duration of visits, search engine used, location. The collected data helps to improve the Website and make it more user-friendly. Cookies used by Google Analytics remain on your end device for up to 2 years;
- Google Ads – this tool (using cookies provided by Google LLC) allows you to collect data about your preferences (including subpages visited, content viewed) and allows you to target ads displayed on other websites that you visit. Cookies used by Google Ads remain on your end device for up to 3 months;
- Facebook Pixel – this tool (using cookies provided by Meta Platforms Ireland Limited) allows you to determine that you have visited the Website, as well as directing you to advertisements displayed on Facebook and Instagram social networks and measuring their effectiveness. Cookies used by Facebook Pixel remain on your end device for up to 3 months.
Through most commonly used browsers, you can check whether cookies have been installed on your device, as well as delete installed cookies and block their installation in the future by the Website or other websites. Disabling or limiting the use of cookies may, however, cause quite serious difficulties in using the Website, e.g. in the form of the need to log in to each subpage, longer page loading time, restrictions in the use of functionalities.
XV. Final Provisions
To the extent not covered by this Policy, generally applicable provisions on the protection of personal data shall apply.
The policy is effective from April 14, 2023.