GDPR Information Obligation

The following information provides a concise, understandable, and transparent summary of the details contained in the Privacy Policy regarding the Data Controller, the purpose and method of personal data processing, and your rights related to such processing. This summary is provided in the form required to fulfill the GDPR information obligation. Full details about the processing methods and entities involved can be found in the referenced Privacy Policy.

Who is the Data Controller?
The Data Controller (hereinafter referred to as the Controller) is Fundacja Vis in Unitate, headquartered at:
al. Zwycięstwa 1, 44-100 Gliwice, Poland
Tax Identification Number (NIP): 7011218580
The Controller provides services electronically through the Website.

How can you contact the Data Controller?
You can contact the Controller in any of the following ways:

• Postal address: Fundacja Vis in Unitate, al. Zwycięstwa 1, 44-100 Gliwice

• Email address: kontakt@visinunitate.org

Has the Controller appointed a Data Protection Officer?
Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.
For matters concerning data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data and what are the sources?
Personal data is collected from the following sources:

• From individuals whose data is being processed

• From social media platforms, when users register via these platforms and give explicit, informed consent

What type of personal data do we process?
We process standard personal data voluntarily provided by users (e.g., name, username, email address, phone number, IP address, etc.).
A detailed scope of processed data is available in the Privacy Policy.

What is the purpose of data processing?
Personal data voluntarily provided by users is processed for the following purposes:

• Provision of electronic services:

  • Account registration and maintenance and related functionalities

  • Newsletter services (including promotional content with consent)

  • Commenting/liking content without registration

• Communication with users regarding the Website and data protection

• Pursuing the Controller’s legitimate interests

What are the legal grounds for data processing?
The Website collects and processes user data on the basis of:

• Regulation (EU) 2016/679 (GDPR):

  • Art. 6(1)(a) – consent of the data subject

  • Art. 6(1)(b) – performance of a contract or steps prior to entering into a contract

  • Art. 6(1)(f) – legitimate interests pursued by the Controller

• Polish Personal Data Protection Act of 10 May 2018

• Telecommunications Law of 16 July 2004

• Copyright and Related Rights Act of 4 February 1994

What legitimate interest is pursued by the Controller?
Examples include:

• Establishing, exercising, or defending against legal claims

• Assessing potential client risk

• Evaluating planned marketing campaigns

• Conducting direct marketing

How long do we process personal data?
As a rule, personal data is stored only for the duration of service provision. Data is deleted or anonymized within 30 days after the termination of service (e.g., account deletion, newsletter unsubscription).
In exceptional cases, to protect the Controller’s legitimate interests, the data may be stored longer—up to 3 years from the time of a deletion request if there is a violation or suspicion of violation of service terms.

Who receives the personal data?
As a rule, the sole recipient of data is the Controller.
However, data processing may be outsourced to third parties that provide services to the Controller for website operation, including but not limited to:

• Hosting service providers

• Newsletter service providers

Will your data be transferred outside the European Union?
Personal data will not be transferred outside the EU unless voluntarily published by the user (e.g., comments or posts), making it accessible to all website visitors.

Will data be subject to automated decision-making?
Personal data will not be used for automated decision-making or profiling.

What rights do you have regarding your personal data?

• Right to access – you may request access to your personal data

• Right to rectification – you may request correction or completion of incorrect or incomplete data

• Right to erasure – you may request deletion of your personal data (e.g., by anonymization)

• Right to restrict processing – in cases specified in Article 18 GDPR

• Right to data portability – you may request your data in a structured, machine-readable format

• Right to object – you may object to data processing based on Article 21 GDPR

• Right to lodge a complaint – you may file a complaint with the data protection supervisory authority