Privacy Policy

The policy regulates the basic principles of privacy protection and personal data of users, as well as the method and rules for using cookies on the website https://app.topcharity.eu/ (hereinafter: the Website).

The introduction of the privacy policy results from the requirements of direct analytical service providers and information requirements arising from legal provisions regarding the implementation of the principles of using cookies. The privacy policy summarizes (separates) the processes and information obligations carried out by the personal data controller.

The privacy policy implements the method of fulfilling requirements resulting from:

• Google Analytics Terms of Service (https://www.google.com/analytics/terms/us.html);
• Provisions of the Act of July 12, 2024, on Electronic Communications (Journal of Laws 2024.1221);
• Provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).

The controller of your personal data is the Omenaa Foundation with its registered office in Warsaw, at ul. Heleny Kozłowskiej 1 lok. 43, 00-710 Warsaw. The Foundation is entered into the register of associations, other social and professional organizations, foundations, and independent public health care facilities by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register.

KRS: 0000509539.

REGON: 147357946.

NIP: 5272719133.

Contact with the Controller is possible by sending an e-mail to [email protected] or by mail to the correspondence address indicated above.

Your personal data will be processed for purposes related to your use of the functionalities available on the Website, in particular:

• in order to handle and respond to inquiries sent via the contact form available on the Website;
• in order to collect analytical and statistical data related to measuring traffic on the Website and user behavior, which serves to improve the quality of services and optimize the Website.

Your personal data will be processed on the following legal bases:

• Art. 6(1)(f) GDPR (Legitimate interest of the Controller): regarding the handling of inquiries sent via the contact form. The legitimate interest of the Controller is the ability to respond to an inquiry directed by an interested person and to maintain communication with potential partners, donors, and other interested parties.
• Art. 6(1)(a) GDPR (Consent): regarding the collection of analytical data via cookies, based on the consent expressed by the User through the consent management mechanism (cookie banner).
• Art. 6(1)(f) GDPR (Legitimate interest of the Controller): regarding ensuring the security and proper functioning of the Website, as well as pursuing and defending against potential claims.

The Controller processes the following categories of personal data:

• data provided in the contact form: name and surname, e-mail address, message content, and other data provided voluntarily by the User in the content of the inquiry.
• data collected automatically (cookies and analytical data): IP addresses, browser and device data, and analytical/statistical data (including visited subpages, visit time, traffic source).

Providing personal data in the contact form is voluntary but necessary to handle the inquiry. The consequence of not providing data will be the inability to respond to the message.

Personal data is stored only for the period necessary to achieve the specific purpose for which it was collected:

• contact form data: for the period of conducting correspondence and handling the inquiry, and then for the period necessary to secure or pursue potential claims (as a rule, 3 years from the date of the last contact);
• analytical data (cookies): in accordance with the validity period of individual cookies, specified in the section regarding cookies.

Recipients of personal data may be entities providing auxiliary services to the Controller, which include:

• hosting and Website maintenance providers;
• analytical service providers (Google LLC – as part of Google Analytics);
• IT service and technical support providers;
• e-mail service providers.

In connection with the use of the Google Analytics service, personal data may be transferred to third countries (including the United States). The transfer of data takes place on the basis of appropriate safeguards provided for in the GDPR, including the European Commission's decision stating an adequate level of data protection (EU-US Data Privacy Framework) or standard contractual clauses.

Every data subject has the right to:

• request access to their personal data from the Controller;
• rectification of personal data;
• erasure of personal data;
• restriction of personal data processing;
• object to the processing of personal data (in particular, to processing based on the legitimate interest of the Controller);
• data portability;
• withdrawal of consent to the processing of personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal (applies to data processed on the basis of consent);
• file a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

The data Controller does not engage in automated decision-making, including profiling, that would produce legal effects concerning you or similarly significantly affect you.

Profiling may take place only through analytical services, in accordance with the consents expressed by the User.