Privacy policy

Data controller

The controller of your personal data is EPIQ Fundacja Wzmocnienia Zdrowia, with its registered office in Warsaw (02-792), ul. A. Branickiego 15, Poland, entered in the Polish National Court Register under KRS 0001194954, NIP 9512630080.

For any matters relating to the protection of personal data, you can contact us at: fundacja@epiq.org.pl.

What data we process

The wzmocnia.pl website contains no data-collecting forms. Contact is made by email.

• Data provided in correspondence — when you email us, we process your email address, the content of your message, and any other data you choose to provide (e.g. name, institution, phone number).
• Technical data — our hosting provider automatically logs data such as IP address, browser type, and the date and time of your visit, in order to ensure the security and proper operation of the website.

Purposes and legal bases

• Handling correspondence and enquiries about the programme and cooperation — based on our legitimate interest in communicating and responding to enquiries (Art. 6(1)(f) GDPR); where the contact aims at establishing cooperation, in order to take steps prior to entering into a contract (Art. 6(1)(b) GDPR).
• Ensuring the security, stability and proper operation of the website — based on our legitimate interest (Art. 6(1)(f) GDPR).

Cookies and browser storage

The website uses no tracking cookies and no analytics tools. In your browser’s local storage (localStorage) we save only your colour-scheme preference (light/dark). This information stays on your device, is not transmitted to us or shared with third parties, and you can delete it at any time by clearing your browser data.

Recipients of the data

Data may be entrusted to entities providing services necessary to run the website and communication, in particular the hosting provider (Vercel Inc.) and the email provider. These entities process the data solely on our documented instructions, under data processing agreements.

Transfers outside the European Economic Area

For hosting services, data may be processed by a provider established outside the European Economic Area (Vercel Inc., USA). Such transfers are carried out with the safeguards required by the GDPR, in particular the Standard Contractual Clauses approved by the European Commission.

Retention periods

• We keep correspondence for as long as necessary to handle the matter and, afterwards, for the limitation period of any claims (as a rule up to 3 years), unless a longer period is required by law.
• Technical server-log data is kept for the period set by the hosting provider’s policy, no longer than necessary to ensure security.

Your rights

In connection with the processing of your data, you have the following rights:

• the right of access to your data and to obtain a copy,
• the right to rectification of your data,
• the right to erasure of your data,
• the right to restriction of processing,
• the right to object to processing based on legitimate interest,
• the right to data portability,
• the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

Voluntariness of providing data

Providing your data is voluntary but necessary for us to respond to your enquiry or to establish cooperation.

Automated decision-making

We do not make decisions based solely on automated processing, including profiling.

Changes to this privacy policy

We may update this policy, for example in connection with changes to how we process data or to the law. The current version is always available on this page.