Personal Data at Solidarity Fund PL

Solidarity Fund > Personal Data at Solidarity Fund PL

DEFINITIONS

Terms used in this document shall be understood to mean:

  • personal data (hereinafter also “data”) – within the meaning of Article 4(1) of the GDPR shall mean any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly,
  • processing – within the meaning of Article 4(2) of the GDPR shall be understood to mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
  • data subject – you and any other person whose data shall be processed.
  • GDPR – Regulation 2016/679 of European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

If you want to know the details of how we obtain and use your personal data, read this document.

GENERAL INFORMATION

Who is responsible for processing personal data?

Solidarity Fund PL, ul. Mysłowicka 4, 01-612 Warsaw, Poland VAT ID (NIP): 526-226-42-92, REGON: 012345095, KRS No.: 0000024453 (the “SFPL”) shall be responsible for the processing of your data and shall be the controller thereof within the meaning of Article 4(7) of the GDPR.

The SFPL has appointed a Data Protection Officer whom you can contact for all matters relating to the processing of your personal data by the SFPL:

Daria Suwała

Data Protection Officer

Solidarity Fund PL

ul. Mysłowicka 4

01-612 Warszawa

iod@solidarityfund.pl

The SFPL shall process personal data only in connection with its mission and purposes as set out in its statutes, i.e. within the framework of its engagement in development collaboration with other countries and in connection with operation of the organisation itself.

On what legal basis are personal data processed at the Solidarity Fund PL?

The SFPL may process both so-called ordinary and special categories of personal data, including political and philosophical views and other data the disclosure of which could pose a high risk to the rights and freedoms of data subjects.

In the case of the so-called ordinary data, your data may be processed on the following grounds:

  1. processing shall take place following obtaining your consent – the basis is the consent given, i.e. Article 6(1)(a) of the GDPR, or
  2. processing shall take place in connection with activities performed prior to entering into a contract with you and performance of that contract, or another contract to which you and the SFPL are parties – the basis is Article 6(1)(b) of the GDPR.
  3. processing shall be necessary due to a legal obligation on the SFPL (e.g. employment law, insurance regulations, and tax regulations) – the basis is Article 6(1)(c) of the GDPR in connection with the relevant legal provisions.
  4. processing shall take place in order to pursue the legitimate interest of the SFPL related to the performance of our statutory tasks – the basis is Article 6(1)(f) of the GDPR. Exceptions shall include situations where your interests or your fundamental rights and freedoms which require protection of personal data override these interests, in particular where the data subject is a child.

For special categories of personal data:

  1. The processing shall be necessary for the performance of tasks relating to the employment of employees and other persons, and the scope of the processing is defined in the regulations – Article 9(2)(b) of the GDPR in connection with relevant regulations is the basis,
  2. The processing shall take place upon your explicit consent – the basis is the consent you have given, i.e. Article 9(2)(a) of the GDPR.

How long shall personal data be processed?

Personal data shall be processed for a period of 6 years unless contracts binding the SFPL and universally binding provisions of Polish law stipulate other processing periods. In this case, the SFPL shall inform you precisely of a different time period for processing your data than 6 years and the basis for extending or shortening this period.

What rights shall you have in relation to the processing of your personal data by the SFPL?

In the course of the SFPL’s processing of your personal data, you shall have the following rights under the provisions of the GDPR:

  1. You shall have the right to receive information about the processing of your personal data (in particular, information for what purpose, on what basis, and by whom they shall be processed and to whom they shall be made available).
  2. You shall have the right to lodge a complaint with the SFPL about the processing of your data.
  3. You shall have the right to control your data and its processing by exercising your rights under Articles 15-22 of the GDPR, insofar as these rights apply, and in particular:
  • You shall have the right to request access to your personal data, including obtaining information on the manner, purpose and scope of data processing and receiving a copy of the data processed by the SFPL;
  • You shall have the right to request rectification or amendment of your personal data;
  • You shall have the right to request deletion of your personal data or to object to its processing. The SFPL shall comply with the request if the grounds provided for in Article 17 of the GDPR apply, i.e.:
    • the data are no longer necessary for the purposes for which they were collected by the SFPL,
    • you have withdrawn your consent to the processing of your data and the SFPL has no other legal basis to process the personal data,
    • you object to the processing of personal data and there are no overriding legitimate grounds on the part of the SFPL for the processing despite the objection,
    • the data were processed unlawfully,
    • the data should be deleted in order to comply with a legal obligation or the data was collected in connection with the provision of information society services offered to the child;

Your right to delete data does not apply to data processed on the basis of applicable law or to data processed for the establishment, defence, investigation of possible claims;

  • You shall have the right to request that we restrict the processing of your personal data. The SFPL shall comply with the request if the prerequisites provided for in Article 18 of the GDPR apply, i.e.:
    • you notice that the data are inaccurate – the restriction is made for a period that allows the SFPL to verify the accuracy of the data,
    • your data are being processed unlawfully, but you do not want them to be deleted by the SFPL,
    • data are no longer needed by the SFPL, but may be needed by you to establish, assert, or defend a claim,
    • you file an objection to the processing of your data – the restriction is made until it is determined whether the SFPL’s existing legitimate grounds override the grounds for the objection;
  • You shall have the right to transfer your data if the processing is based on your consent or is necessary for the conclusion and performance of a contract to which you are a party;
  • You shall have the right to object to the processing of your personal data if the processing is based on a legitimate interest of the SFPL;
  • You shall have the right to withdraw your consent to the processing of personal data at any time, whereby the withdrawal of consent does not affect the lawfulness of actions performed prior to the withdrawal of consent.

To exercise your rights, please contact the SFPL directly, through the designated Data Protection Officer (email: iod@solidarityfund.pl) – we are committed to protecting your rights to the best of our ability.

You can also lodge a complaint with the President of the Office of Personal Data Protection if you consider that the processing violates the provisions of the GDPR.

Can the SFPL share your personal data with other entities?

In general, the SFPL shall not share your personal data with other entities. However, in some situations, transfer of personal data may be necessary or indispensable to achieve the purposes of the processing.

Entities with whom we may share your data shall be included in the following categories:

  • Partners of the SFPL
  • Companies that provide IT services and server maintenance,
  • Companies that provide telecommunications services.
  • External legal counsel,
  • Banks,
  • Insurance companies,
  • Auditors.

The SFPL may also disclose personal data in order to respond to requests made to the SFPL by authorised governmental and judicial authorities (e.g., prosecutors, courts, police, and offices) as well as to requests from entities that co-fund its activities and control the use of its funds.

Does the SFPL process personal data outside the European Economic Area?

The SFPL may transfer data outside the European Economic Area when working with some of the SFPL’s partners and service providers (processors) who are based there. The SFPL ensures that any transfer of data outside the EEA always respects the principles of the GDPR and is lawful.

Should the SFPL transfer your data outside the European Economic Area, we shall inform you exactly where and to whom the data shall be transferred, and what measures have been taken to ensure the security of the data to be transferred.

Information regarding the processing of personal data within the SFPL’s website and social media

I. Visitors to the SFPL’s website

When you visit the SFPL’s website, you remain anonymous until you decide otherwise. The information contained in system logs (e.g. IP address) is used by the SFPL for technical purposes related to server administration. In addition, IP addresses are used to gather general, statistical demographic information such as the region from where you connect to us. Provision of personal data is therefore voluntary, and failure to provide such data has no consequences for the person visiting the website.

Our website uses the “cookies” and similar technologies – hereinafter collectively referred to as the Cookies.

The legal basis for the collection of your personal data derived from the Cookies comes from Article 6(1)(f) GDPR. Data read from the Cookies shall be used to:

  • adapt the website to your individual settings, such as your choice regarding the storage of Cookies on your device or the display language,
  • conduct statistical analysis of website visitors, such as website visitation statistics, which shall serve to, among other things, build development strategies and enhance website transparency.

Data shall be processed until the purposes for which it was collected (as indicated above) are achieved, or until an effective objection is raised to the processing of the data or until you delete the Cookies from your terminal device you use to connect to our website depending on which event occurs first.

For more information about the Cookies, including how to manage and delete the Cookies, please see the “Cookies Policy” section below.

II. SFPL and social media

Data about users of the SFPL’s website may also come from the use of social networking plug-ins available on the website.

Collaboration with Facebook:

Following the wording of the judgment of the Court of Justice of the European Union of June 5, 2018 (Ref. C-210/16), Meta Platforms Ireland Ltd (formerly: Facebook Ireland Ltd; “Facebook”) shall be the joint controller of personal data of the SFPL’s fanpage users.

Additionally, following the wording of the judgment of the Court of Justice of the European Union of 29 July 2019 (Ref. C-40/17), Facebook shall also be the joint controller of personal data of people using the Facebook plug-in posted on the SFPL’s website.

The purpose and scope of data collection and further processing and use by Facebook, as well as your privacy rights and settings, can be found in Facebook’s privacy policy >>>>> 

As the SFPL’s collaboration with Facebook involves the joint control of personal data, you shall have the right to obtain an extract of the arrangements made between Facebook and the SFPL with regard to the joint control to be carried out. An extract of key information is available here >>>>> 

Collaboration with Twitter:

Twitter International Company with its registered office in Ireland (“Twitter”) shall be jointly responsible for the processing of personal data of users of the SFPL’s profile on Twitter.com and of users of the Twitter plug-in on the SFPL’s website.

The purpose and scope of data collection and further processing and use by Twitter, as well as your privacy rights and settings, can be found in Twitter’s privacy policy >>>>>

Collaboration with YouTube (Google):

YouTube is a service provided by Google. Google Ireland Limited (“Google”) shall be jointly responsible for the processing of personal data of users of the SFPL’s profile on YouTube.com and of persons using the YouTube plug-in on the SFPL’s website.

The purpose and scope of data collection and further processing and use by Google, as well as your privacy rights and settings, can be found in Google’s privacy policy >>>>>

Where does the SFPL obtain data from in connection with its work with social media providers?

In working with social networking providers, the SFPL obtains personal data in part directly from users of its website and in part from user profiles on these sites.

  • To the extent that the SFPL obtains data directly from you, the provision of personal data is completely voluntary, and failure to provide such data has no effect on you.

You may use the website and the SFPL’s social media profiles without providing any personal data and remain anonymous at all times (where you are merely browsing the website or any of the SFPL’s profiles on these sites without interacting with the plugins or these profiles).

  • To the extent that the SFPL obtains your data as a user from your social media profiles in connection with your interaction with the plugins, disclosure shall be made of data about you in the form of anonymous statistical summaries prepared by the social networking providers (Facebook, Twitter, Google).
  • To the extent that the SFPL obtains data from your social media profiles in connection with your interaction with the SFPL’s profile located on those sites, disclosure shall be made of any data posted to your profile that is marked as “Public” or that you explicitly make available to the SFPL through your profile by marking your privacy settings so that we can review it. As with plug-ins, when you interact with the SFPL’s social networking profiles, the SFPL may also obtain anonymous statistical summaries from the social networking providers (Facebook, Twitter, Google) which are also prepared with your data included.

How and why does the SFPL use data in connection with its work with social media providers?

The SFPL processes your data in order to create analyses, statistics and summaries that shall serve to improve the effectiveness of our actions and build a development strategy – in the vast majority of cases such statistics are created on the basis of non-personal data or anonymised data. In some cases, personal data collected through the Cookies may be used. Should personal data be used for this purpose, their processing shall be carried out on the basis of the need to execute the SFPL’s legitimate interest in the form of carrying out analytical and statistical activities aimed at the development of the SFPL, and therefore on the basis of Article 6(1)(f) of the GDPR (until the above purpose is achieved or until an effective objection is raised to the processing of the data depending on which event occurs first).

Personal data disclosed by you as part of your social media profiles shall also be processed in order to share information about the SFPL and its functioning and initiatives undertaken as well as to inform about the SFPL’s activities, for the purpose of realising the SFPL’s legitimate interests, and therefore on the basis of Article 6(1)(f) GDPR (until an effective objection to their processing is raised or until the data are removed from the profile depending on which event occurs first).

In connection with the operation of social networks, there may be profiling of the user, i.e., creation of a profile containing information about the interests or certain characteristics of the user. Certain features provided by social media providers allow the compilation of personal data about users and the creation of statistics and summaries from that information that the SFPL may later use to tailor the content it shares with users. At the same time, we inform you that decisions based on the created profiles shall not be made in an automated manner.

Who can access the data?

Data collected by the SFPL in connection with social networking plugins and through social media profiles shall also be processed by the providers of these social networking sites as joint data controllers for the purposes and in the manner specified in their own privacy policies. These data may be processed outside the European Economic Area (EEA), and the social networking providers shall ensure that your privacy is respected when data shall be processed outside the EEA. Additional privacy information can be found in the privacy policies of the providers.

In addition, the personal data you disclose as public on social networking sites may be available to an unrestricted audience, including audiences in countries outside the European Economic Area (EEA). As we have no control over the content you post on social media, we urge you to share content in a reasonable fashion.

COOKIE POLICY

What are Cookies?

Cookies are IT data, in particular text files, which are stored on the end device of a website user and are intended for use on websites. More information about Cookies >>>>> [1] or [2] 

How and why does the SFPL use Cookies?

As part of its website, the SFPL uses Cookies that are persistent in nature, functional Cookies that allow the SFPL to remember your settings for the website, and analytical Cookies provided by third parties that are solely responsible for the cookie technology used.

For information on what Cookies are distributed within the SFPL’s website, please use the settings of the browser you use to connect to our website.

We do not combine the usage data and information contained in Cookies with any other data in our possession or to which we may have access.

Managing Cookies

You can change your Cookie management settings. You can use your Internet browser to delete Cookies that have already been saved. If you do not want Cookies to be stored on your device in the future, you can change your browser settings. However, you should be advised that disabling or limiting the use of Cookies necessary to maintain your preferences may make it difficult, and in extreme cases, even impossible for you to use our website (e.g., make you have to reselect the language in which the SFPL’s website is displayed each time).

INFORMATION ON PROCESSING OF PERSONAL DATA
IN INDIVIDUAL PROCESSES CARRIED OUT BY THE SFPL

I. Processing of personal data in grant and partnership projects implemented by the SFPL – information for Applicants (contact persons and persons representing Applicants).

The purpose of processing personal data is to carry out the call for proposals under the grant competition or the call for partnership proposals, i.e. to:

  • enable submission of an application for funds under a grant competition or partnership call and to contact the Applicant;
  • analyse and evaluate the project proposal and select entities to receive funding.

The scope of data processed includes: name and function of the contact person or person representing the Applicant, mailing address, telephone number, name and registration data of the organisation, information about key persons in the project implementation (role and responsibilities).

Provision of contact details and details of persons representing the organisation by the Applicant shall be necessary for the call for proposals. Provision of other data shall be voluntary.

Data shall be processed on the basis of consent and for the purposes of the SFPL’s legitimate interests, on the basis of Article 6(1)(f) of the GDPR) until the evaluation of the application and selection of the entities that shall receive funding, and thereafter for the period necessary to secure the SFPL’s potential claims and to demonstrate the accountability of the SFPL’s actions, including in connection with Article 5(2) of the GDPR (also on the basis of Article 6(1)(f) of the GDPR).

The data shall be made available to members of the Commission or Panels reviewing the proposals. Team members may also include representatives of donors such as the Ministry of Foreign Affairs, the European Commission, and other national and foreign, public and private entities.

You have the following rights under Articles 15-22 of the GDPR: link.

If you provide the SFPL with the data of other natural persons in connection with the recruitment of grant or partnership applications, you must bear in mind your obligation to provide information pursuant to Article 14 of the GDPR, i.e. you must inform these persons of the category and purpose of the processing of their personal data, of the provision of personal data to the Solidarity Fund PL, as well as inform these persons of their rights.

The information obligation does not apply if one or more of the exemptions referred to in Article 14(5) of the GDPR apply.

II. Processing of personal data in grant and partnership projects carried out by the SFPL

Information for Grant Recipients, Partners (contact persons and those representing Grant Recipients and Partners), and Beneficiaries.

The purpose of processing personal data shall be to:

  • undertake activities prior to the conclusion of the agreement, in pursuit of its conclusion, and after its conclusion, implementation of the agreement and the grant/partnership project, including monitoring of project activities;
  • enforce reporting obligations and evaluation of the project;
  • comply with other legal obligations imposed on the SFPL, including those under tax and accounting law,
  • secure potential claims, including those related to the implementation of the accountability principle under Article 5(2) of the GDPR.

The scope of data processed may include:

  • in case of contact persons – name, surname, e-mail address, telephone number, address data, other information necessary for realisation of project activities.
  • In the case of persons authorised to represent the entity – name, surname and function in the organisation, and for the purposes of carrying out the verification process in relation to the provisions on anti-money laundering, terrorist financing and organised crime, anti-corruption and sanctioning regimes in force in the territory of the Republic of Poland, also the PESEL number, or another equivalent national identification number, date of birth, address of residence, citizenship held, information on the status of the beneficial owner in the entity.
  • In the case of persons involved in the project on the part of the Grant Recipient or the Partner – name and surname, e-mail address, telephone number, address of residence or professional activity, data on professional experience, and education and other information necessary for the implementation of project activities.
  • In the case of Grant Recipients/Partners who are natural persons, the data shall be processed on the following grounds: in order to take steps prior to the conclusion of a contract and for the performance of the contract to which the data subject is a party – Article 6(1)(b) of the GDPR, due to legal obligations incumbent on the controller – Article 6(1)(c) of the GDPR in connection with provisions relating to personal income tax, social security, and also due to the legally justified interest of the SFPL as an controller (performance of statutory activities, security of potential claims, including those related to the implementation of the principle of accountability arising from Article 5(2) of the GDPR – Article 6(1)(f) of the GDPR).
  • In the case of persons representing Grant Recipients/Partners and in the case of Beneficiaries, personal data shall be processed due to the legally justified interest of the SFPL as an controller (performance of statutory activities, security of potential claims, including those related to the implementation of the accountability principle under Article 5(2) of the GDPR, performance of the contract and the grant/partnership project, including the monitoring of project activities, enforcement of reporting obligations, project evaluation, ensuring contact with the Grant Recipient/Partner, security of potential claims, including those related to the implementation of the accountability principle under Article 5(2) of the GDPR) – Article 6(1)(f) of the GDPR.
  • In the case of a Beneficiary, the SFPL may additionally process special category data concerning the Beneficiary, i.e. data revealing political or philosophical views. The data shall be processed on the basis of the Beneficiary’s explicit consent, i.e. under Article 9(2)(a) of the GDPR.

 

You have the following rights under Articles 15-22 of the GDPR: link.

If you are a Grant Recipient/Partner and you provide the data of other natural persons (Beneficiaries, other persons connected with the realisation of the project), you need to remember about your obligation to provide information resulting from Article 14 of the GDPR, thus, you need to inform these persons about the category and the purpose of processing of their personal data, about making their personal data available to the Solidarity Fund PL as well as inform these persons about their rights.

The information obligation does not apply if one or more of the exemptions referred to in Article 14(5) of the GDPR apply.

In the event of transfer of third party data, the processing of such data shall be governed by the Grant or Partner Agreements in accordance with the provisions of the GDPR.

III. Processing of personal data in the framework of applications for observation missions, trainings, workshops and other events organised by the SFPL – information for Candidates and Participants

Recruitment stage of Candidates for the event

The purpose of processing personal data of Candidates for observation missions, trainings, workshops, and other events organised by the SFPLs is to organise and conduct recruitment for these events, i.e. to enable the submission of an application for participation in the event.

The scope of the data processed may include name, surname, date of birth, e-mail address, citizenship data, information regarding the organisation, function within the organisation, telephone number, address data, data regarding work experience, education.

The data shall be processed: on the basis of the consent obtained when applying for the event (Article 6(1)(a) of the GDPR), until it is withdrawn or until the recruitment of Candidates for the event is closed. The data shall be made available to the members of the Commission selecting the Candidates.

A stage of event realisation – processing of data of event participants

The purpose of processing the personal data of Event Participants is to:

  • organise an event and allow the Participant to participate in an event organised by the SFPL,
  • account for participation in the event,
  • secure potential claims, including those related to the implementation of the accountability principle under Article 5(2) of the GDPR.

Subsequently, the data shall be processed on the following grounds: in order to take steps prior to the conclusion of a contract and for the performance of the contract to which the data subject is a party (Article 6(1)(b) of the GDPR), due to the legal obligation incumbent on the SFPL controller (Article 6(1)(c) of the GDPR in connection with accounting and tax regulations), as well as due to the legally justified interest of the controller (Article 6(1)(f) of the GDPR – in the form of ensuring contact with the Participant and securing potential claims, including those related to the implementation of the principle of accountability arising from Article 5(2) of the GDPR).

Data shall be made available to entities involved in the execution of events, including donors, international organisations, national and foreign non-governmental organisations, to the extent necessary for the execution of the event for a period not longer than the closing of the reporting stage and settlement of the event, unless applicable regulations or donor requirements provide for a longer period of data processing by these SFPLs. The data may also be made available to auditors and state authorities entitled to inspection.

You have the following rights under Articles 15-22 of the GDPR: link.

IV. Conducting contract award procedures under the Public Procurement Law (PPL)

Your personal data shall be processed on the basis of Article 6(1)(c) of the GDPR for the purpose of conducting public procurement proceedings and entering into a contract, and the legal basis for its processing is the legal obligation to apply formalised procurement procedures incumbent on the SFPL.

The scope of the processed data may include first name, surname, date of birth, e-mail address, citizenship data, information regarding the organisation, function in the organisation, telephone number, address data, data regarding work experience, education, bank account data, and other information required under the PPL (public procurement law).

Recipients of your personal data shall include persons or entities to whom the documentation of the proceedings shall be made available on the basis of Article 18 and Article 74 of the Public Procurement Law Act.

Your personal data shall be stored, in accordance with Article 78 paragraph 1 of the PPL, for a period of 4 years from the date of completion of the contract award procedure. The data retention period may be longer if the duration of the contract exceeds 4 years or the donor requires a longer record retention period.

The obligation to provide personal data concerning you directly is a requirement specified in the provisions of the PPL Act, related to participation in the public procurement procedure; consequences of failure to provide certain data result from the PPL Act.

You have the following rights under Articles 15-22 of the GDPR: link provided the following do not apply:

  • the right to erase personal data (in relation to Article 17(3)(b), (d) or (e) of the GDPR);
  • the right to move personal data as referred to in Article 20 of the GDPR;
  • the right to object to the processing of personal data (under Article 21 of the GDPR);

If you provide data of other natural persons for the purpose of the proceedings, you must remember your obligation to provide information pursuant to Article 14 of the GDPR, i.e. you must inform these persons of the category and purpose of the processing of their personal data, of making personal data available to the Solidarity Fund PL as well as inform these persons of their rights.

The information obligation does not apply if one or more of the exemptions referred to in Article 14(5) of the GDPR apply.

V. Conducting contract award procedures under procedures other than the PPL

Your personal data shall be processed on the basis of Article 6(1)(c) of the GDPR in connection with the provisions of the Act on public finances – in order to conduct procurement proceedings in an expedient, economical, effective, and reliable fashion, Article 6(1)(b) of the GDPR – in order to take steps prior to the conclusion of a contract and for the performance of the contract, and on the basis of Article 6(1)(f) of the GDPR – the legitimate interest of the controller (ensuring accountability to the donor).

The scope of the data processed may include name, surname, date of birth, email address, nationality details, information about the organisation, position within the organisation, telephone number, address details, details of work experience, education, bank account details and other information required by law and by the Procurement Policy of Solidarity Fund PL which is available on our website.

With regard to the recipients of your personal data, the SFPL shall apply the provisions of Article 18 and Article 74 of the Public Procurement Law to the extent described in the Procurement Policy of the Solidarity Fund PL to ensure openness and transparency of the proceedings.

Your personal data shall be stored for a period of 5 years from the date of completion of the procurement procedure, and if the duration of the contract exceeds 5 years, the storage period covers the entire duration of the contract.

The obligation to provide personal data concerning you directly results from the purpose of participation in the procurement procedure; the consequences of failure to provide certain data result from the Solidarity Fund PL Procurement Policy.

You have the following rights under Articles 15-22 of the GDPR: link provided the following do not apply:

  • the right to erase personal data (in relation to Article 17(3)(b), (d) or (e) of the GDPR);
  • the right to move personal data as referred to in Article 20 of the GDPR;
  • the right to object to the processing of personal data (under Article 21 of the GDPR);

If you provide data of other natural persons for the purpose of the proceedings, you must remember your obligation to provide information pursuant to Article 14 of the GDPR, i.e. you must inform these persons of the category and purpose of the processing of their personal data, of making personal data available to the Solidarity Fund PL as well as inform these persons of their rights.

VI. Processing of data in the recruitment process of Candidates for employees and co-workers

The purpose of processing personal data shall be to:

carry out the process of recruitment of employees and co-workers as well as to establish the employment or collaboration relationship based on a contract of mandate.

The scope of your data processing may include: name, surname, data concerning professional experience, education, contact details, other information voluntarily provided in your CV and other documents (e.g. cover letter) submitted to the SFPL.

Personal data in the process of recruitment of future employees shall be processed on the following grounds: execution is necessary for the performance of a legal obligation of the controller (Article 6(1)(c) of the GDPR) in connection with the relevant provisions of the Labour Code, in order to take steps prior to entering into a contract and for the performance of the contract to which the data subject is a party (Article 6(1)(b) of the GDPR), due to a legitimate legal interest of the controller (Article 6(1)(f) of the GDPR – securing claims, ensuring accountability). In the case of consent to the processing of data for the purposes of further recruitment, data shall be processed on the basis of Article 6(1)(a) of the GDPR.

Personal data in the process of recruitment of co-workers shall be processed on the following grounds: in order to take steps prior to the conclusion of a contract and for the performance of the contract to which the data subject is a party (Article 6(1)(b) GDPR), due to the legitimate legal interest of the controller (Article 6(1)(f) GDPR – securing claims, ensuring accountability). In the case of consent to the processing of data for the purposes of further recruitment, data shall be processed on the basis of Article 6(1)(a) of the GDPR.

Your data shall be made available to authorised employees of the Solidarity Fund PL.

The data shall be processed for the period necessary to carry out the recruitment process and to secure potential claims, and in the case of consent – for the purpose of future recruitment.

You have the following rights under Articles 15-22 of the GDPR: link.

VII. Processing of Staff Personal Data

Your personal data as an employee shall be processed on the following grounds: the processing shall be necessary for the performance of a legal obligation of the controller (Article 6(1)(c) of the GDPR) in connection with relevant legislation, among others. The data subject is obliged to perform the activities which are required under the Labour Code, tax regulations, social insurance, in order to take steps prior to concluding a contract and to perform the contract to which the data subject is a party (Article 6(1)(b) GDPR), due to the legitimate legal interest of the controller (Article 6(1)(f) GDPR – securing claims, ensuring accountability).

Your data shall be made available to authorised employees of the Solidarity Fund PL, and in the scope in which it is required under contracts and provisions of law: to the donor, the Social Insurance Institution (ZUS), other offices and institutions authorised to control by law, as well as to auditors insofar as it is required for audit research. Upon your knowledge and consent, data may also be shared with other entities such as training companies for the purpose of conducting a training.

Your data shall be stored for a period of 50 years, under Article 6(1)(c) of the GDPR in connection with the Act on Pensions from the Social Insurance Fund.

You have the following rights under Articles 15-22 of the GDPR: link.

VIII. Processing of personal data of co-workers

Personal data of co-workers shall be processed on the following grounds: processing shall be necessary for the performance of a legal obligation of the controller (Article 6(1)(c) of the GDPR) in connection with the relevant provisions of, among others, the tax law, social security, in order to take steps prior to the conclusion of a contract and for the performance of the contract to which the data subject is a party (Article 6(1)(b) of the GDPR), due to a legitimate legal interest of the controller (Article 6(1)(f) of the GDPR – securing claims, ensuring accountability).

Your data shall be made available to authorised employees of the Solidarity Fund PL, and in the scope in which it is required under contracts and provisions of law: to the donor, the Social Insurance Institution (ZUS), other offices and institutions authorised to control by law, as well as to auditors insofar as it is required for audit research. Upon your knowledge and consent, data may also be shared with other entities such as training companies for the purpose of conducting a training.

Your data shall be stored for a period of 50 years, under Article 6(1)(c) of the GDPR in connection with the Act on Pensions from the Social Insurance Fund.

You have the following rights under Articles 15-22 of the GDPR: link.

IX. Processing of data in connection with whistleblowing procedure (whistleblowing and whistle-blower protection)

The provision of data in a whistleblowing procedure is not mandatory, and the following rules apply when the whistle-blower has provided their data.

Your personal data shall be processed to:

  • analyse the received notification and conduct an investigation in accordance with the procedures in force at the SFPL and the commonly applicable laws, in particular the Act on countering money laundering and financing of terrorism of 1 March 2018 – the legal basis is formed by implementation of the legal obligation to implement the procedure for reporting by employees or other persons performing activities for the SFPL of actual or potential violations of regulations in connection with the legitimate interest of the SFPL, which is the prevention of fraud (Article 6(1)(c) in connection with Article 6(1)(f) of the GDPR);
  • detect and mitigate fraud in connection with the SFPL’s activities and conducting investigations. The legal basis for the processing is the SFPL’s legitimate interest (Article 6(1)(f) GDPR) in protecting the SFPL’s property interests from possible misuse;
  • establish or assert possible claims or the defence against such claims by the SFPL. The legal basis for data processing is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR) in enabling the establishment, investigation or defence against claims.

Your information may be shared with the following entities:

  • entities and authorities authorised to process such data under the provisions of law,
  • entities that the SFPL has contracted to perform activities related to its operations, including IT solutions and services providers and entities that provide archiving and document destruction services.

Your personal data shall be retained until the investigation is complete. Once the investigation has been completed, data may be retained until the statute of limitations for claims related to the completed investigation.

You have the following rights under Articles 15-22 of the GDPR: link.

Skip to content