Nemesis Foundation privacy policy

Introduction
The protection of privacy and lawful processing of personal data is a very important issue for the Nemesis Foundation.
The Nemesis Foundation (hereinafter referred to as the Foundation in the test) takes appropriate measures to ensure the protection of personal data. In this Policy, we define how we collect, use, store and otherwise process personal data. The policy also defines the rights of persons whose data the Foundation processes and the rules on which these rights can be exercised. The personal data processing policy applies to all cases in which the Foundation processes personal data. Please read this document carefully. The Foundation may change this Policy in response to changes in its activities, as well as due to the need to adapt its operations to the latest technological requirements in the field of security and in connection with changes in the law. The Foundation will inform you in advance about changes to the Policy.
The Foundation developed the Policy applying the principles resulting from the general regulation on the protection of personal data No. 679/2016 (“GDPR”).

Who is responsible for the processing of personal data?
The Nemesis Foundation is responsible for the processing of personal data, NIP 575 190 7482, KRS 000 1010 916. The Foundation is the administrator of personal data within the meaning of art. 4 point 7 GDPR.
In matters related to the processing of personal data, you can contact the Foundation’s office at

KRS: 0001010916
NIP: 5751907482
REGON: 524217372
Email: kontakt@fundacjanemesis.sbs

How does the Foundation protect personal data?
We provide appropriate technical, physical, electronic and administrative safeguards to protect personal data against unauthorized access. We follow generally accepted standards to protect the personal information you provide to us, both during transmission and once we receive it. Unfortunately, the transmission of information over the Internet (including by e-mail) is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of data sent to us – any transmission is at the sender’s own risk. Upon receipt of information constituting personal data, we will apply appropriate procedures and security rules to prevent unauthorized access to this data

What rights do persons have in connection with the processing of their personal data by the Foundation?
Persons whose personal data is processed by the Foundation have the following rights under the provisions of the GDPR:

  1. Each person has the right to receive information regarding the processing of personal data (in particular, information for what purpose, what data and by whom they are processed and to whom they have been made available, etc.).
  2. Each data subject has the right to lodge a complaint with the Foundation regarding data processing and may lodge a complaint with the Personal Data Protection Office, ul. Stawki 2, Warsaw, (https://uodo.gov.pl/).
  3. Each data subject has the right to receive a copy of the data we process.
  4. Each data subject has the right to request the deletion of personal data (if they believe that the Foundation is not entitled to process them) or to object to their processing.
  5. Each data subject has the right to submit a request to limit the processing of personal data.
  6. Each data subject has the right to request rectification or correction of personal data.
  7. You have the right to transfer personal data.

To exercise your rights, you can contact the Foundation directly. Each request for access to data should be sent by e-mail.
The Foundation will try to respond to each request within 1 month. However, in more complex cases or in the event of many inquiries submitted at the same time, the Foundation may extend the response time, which we will inform you about.
We strive to ensure that the information we process is correct and up to date. Therefore, in the event of changes to your data, please inform the Foundation so that it is possible to update the processed data. We will update data that is incorrect or out of date.

Information for people who register or participate in training

The scope of personal data that the Foundation obtains from you includes:

  1. name and surname,
  2. email address,

The purpose of processing personal data by the Foundation is:

  1. enabling you to register for training
  2. issuing an invoice
  3. sending the electronic version of the certificate
  4. contacting you regarding this project and its future editions,
  5. fulfillment of reporting obligations and other legal obligations imposed on the Foundation.

Additional information
Can the Foundation transfer personal data to other entities?
As a rule, the Foundation does not transfer personal data to other entities. However, in some situations, the transfer of personal data may be necessary or necessary to achieve the purposes of processing.
The Foundation may transfer data to entities that help to achieve the Foundation’s goals or help to conduct its activities. The purpose of transferring personal data is to enable the Foundation to achieve its goals and conduct business. Most of these entities operate as processing entities (in accordance with Article 28 of the GDPR), however, some of them may act as independent personal data controllers. The entities to which we may transfer personal data include the following categories:

  • Companies providing IT services and server maintenance,
  • Companies providing services in the field of IT security and providing IT services,
  • Companies providing telecommunications and similar services,
  • External legal and tax advisors,
  • Banks and insurance companies,
  • Auditors.
    We may also share personal data in order to respond to requests made to the Foundation by authorized state and judicial authorities (e.g. prosecutors, courts, police, offices), as well as to requests from entities that co-finance our activities and control the use of our funds.
    In other cases, we will not share data with third parties, unless we have the consent of the data subjects to do so, or we have an appropriate legal basis for doing so.

How long will we process personal data?
We will process personal data for the period necessary to achieve the purposes referred to above and until the legal obligations imposed on us are fulfilled. As a rule, we will process personal data for 6 years from the end of the legal relationship between the Foundation and participants of training courses conducted by the Foundation. This period is justified by the limitation period for civil and tax claims applicable in Poland.

Does the Foundation perform profiling?
The Foundation does not make any decisions based on automated data processing systems. We also do not profile.
Links to other websites

The Foundation’s website may contain links to websites. We try to ensure that the links we place lead to websites with a high standard of personal data protection. However, we are not responsible for the use of personal data, security and the content of these websites. Please read the privacy policy of these websites and their regulations, because using these websites means complying with the rules set by their owners.

This version of the privacy policy was published in March 2023.