Privacy Notice

 

PRIVACY NOTICE Kraków Food Bank

Personal Data Controller The controller of your personal data is the Association Bank Żywności w Krakowie (hereinafter: the "Controller"), with its registered office at ul. Zabłocie 20/22, 30-701 Kraków, Poland. You can contact the Controller in writing via traditional mail at the address: ul. Zabłocie 20/22, 30-701 Kraków.

Data Protection Officer The Controller has appointed a Data Protection Officer (DPO), who can be contacted via email at: iodo@rt-net.pl

Legal Basis Personal data is processed pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Contact We process your personal data provided when contacting us (including your name, surname, email address, and any other information included in your message). Providing this data is necessary to establish contact. We process this data for the purpose of responding to your inquiry based on our legitimate interest (Article 6(1)(f) GDPR). Personal data will be processed for 5 years and subsequently assessed for necessity and possibly deleted. The data does not originate from third parties. The Controller does not conduct automated decision-making.

Business Contacts Personal data is processed to facilitate the exchange of information within the framework of business communication, based on our legitimate interest (Article 6(1)(f) GDPR). Personal data may originate from third parties, such as employees, collaborators, volunteers, beneficiaries, contractors, customers, or public officials. Personal data will be processed indefinitely. The Controller does not conduct automated decision-making.

Donations We process your personal data provided in the payment form or transfer (such as name, surname, address, email address, and bank account number). Providing personal data is necessary to support our activities. Personal data is processed to enable and manage the donation (Article 6(1)(b) GDPR) and to issue accounting documents (Article 6(1)(c) GDPR). Data will be processed for 5 years from the donation settlement.

We also use your email address and mailing address to send thank-you messages and inform you about initiatives funded through your support, based on our legitimate interest (Article 6(1)(f) GDPR). Data will be processed for one year or until you object. The data does not originate from third parties. The Controller does not conduct automated decision-making.

1.5% Tax Support Personal data is processed for the purpose of expressing gratitude and for statistical and informational purposes related to individuals donating 1.5% of their tax. Processing is based on our legitimate interest (Article 6(1)(f) GDPR) and relevant national laws. Data will be stored for 1 year from receipt from the Tax Office. The data does not originate from third parties. The Controller does not conduct automated decision-making.

Invoices Personal data is processed to issue invoices and payments (Article 6(1)(b) GDPR) and to account for invoices (Article 6(1)(c) GDPR) under the Accounting Act. Data will be processed for 5 years starting from the beginning of the year following the year in which the accounting documents were issued. The data does not originate from third parties. The Controller does not conduct automated decision-making.

Food Drives We process your personal data, including name, phone number, and email address, to enable participation and maintain contact during food collection initiatives. Data is processed based on our legitimate interest (Article 6(1)(f) GDPR). Data will be processed for 5 years and subsequently assessed for necessity and possible deletion. The data does not originate from third parties. The Controller does not conduct automated decision-making.

Social Media Buttons By placing social media buttons (Facebook, Instagram, YouTube, Twitter, LinkedIn) on our websites, we provide social media operators with the ability to collect and further process users' personal data for their purposes.

  • Clicking these buttons redirects you to the respective social media website, where your activity may be tracked and used for behavioral marketing.
  • Social media operators may place cookies on your device, tracking your activity across various websites.

The placement of these buttons is based on our legitimate interest (Article 6(1)(f) GDPR) to promote and publicize the Controller’s activities. We do not store this data ourselves. The use of data by social media operators is not subject to our arrangements with them.

Managing Social Media Fan Pages We use your personal data collected during visits to our fan pages (Facebook, Instagram, YouTube, LinkedIn) and activities undertaken on those pages. Your activity (likes, comments, sharing content) is visible to other users per the nature of these platforms. We use your data to manage our fan pages and provide content based on our service contract (Article 6(1)(b) GDPR).

Server Administration and Website Statistics We use personal data relating to your activity on our websites, including HTTP query content (URL, IP address, browser type, OS, language, timestamp, cookie identifiers, viewed resources). This data is recorded in server logs. We use this data to administer the server, ensure its security, and gather statistics, based on our legitimate interest (Article 6(1)(f) GDPR).

Cookies Cookies are small text files stored on users' devices, enabling website functionality customization and statistical analysis. We use cookies to:

  • adapt website content to users' preferences,
  • optimize website usage,
  • create statistics,
  • maintain user sessions,
  • deliver advertising content.

Users can change their cookie settings at any time in their browser settings. Disabling cookies may affect website functionality but does not prevent browsing. Cookies placed on the user's device do not modify the device's configuration. Cookies regulations also apply to similar technologies used within the Service.

Entities to Whom We Disclose Your Data Our website contains links to other websites. We are not responsible for the privacy policies of these websites. We disclose your personal data to:

  • PayU S.A.
  • Stripe Payments Europe Ltd.
  • Facebook Ireland Limited
  • Offnet.pl
  • FreshMail Sp. z o.o.
  • Institute for Supporting Non-Governmental Organizations

Data may also be disclosed to public authorities under applicable law or to our partners under data processing agreements.

Your Rights You have the right to:

  • access your personal data (Article 15 GDPR),
  • receive a copy of your data in a machine-readable format (Article 20 GDPR),
  • rectify your personal data (Article 16 GDPR),
  • erase your personal data (Article 17 GDPR),
  • restrict processing (Article 18 GDPR),
  • object to data processing based on legitimate interests (Article 21 GDPR),
  • withdraw your consent at any time (Article 7 GDPR),
  • lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

Changes to the Privacy Policy We reserve the right to change or supplement this Privacy Policy. Any updates will be posted on our websites, and in case of significant changes, we will inform you directly via email.