I. GENERAL PROVISIONS

The Controller with regard to the use of web sites operating at the following addresses: www.janpawel2.pl; www.cjanpawel2.pl; www.sjanpawel2.pl; www.mjanpawel2.pl, is a church legal entity under the business name of the John Paul II Centre “Don’t be afraid!”, address: 34 Totus Tuus Street, 30-610 Cracow, entered in the Register, Tax Identification Number (NIP): 676 – 231 – 30 – 02, National Business Registry Number (REGON): 120197018, hereinafter referred to as: The “Controller”

Your Personal Data is processed according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as: the “GDPR”.

II. LEGAL BASES, PURPOSES AND TERMS OF THE PROCESSING OF YOUR DATA ON THE WEB SITE

The Controller processes your Personal Data to the extent necessary to render the individual services offered by the Web Site.

Your Personal Data is processed by the Controller:

In order to render electronic services within a scope of retail sales of Goods via the Internet – the legal basis for the processing of Personal Data is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR), in this case we process Personal Data for the term of the contract and until the time limits for pursuing claims expire;

In order to consider petitions and complaints related to the concluded Transactions – the basis for the processing of Personal Data is the necessity of fulfilling the legal obligation incumbent on the Controller (Article 6 (1) (c) of the GDPR), in this case we process Personal Data within a period of one year from the end of the statutory warranty period or your rights resulting from it;

In order to possibly establish, pursue or defend against claims – the legal basis for processing is the legitimate interest of the Controller (i.e. protection of its rights; Article 6 (1) (f) of the GDPR); in this case, we process Personal Data until the time limits for pursuing claims expire;

For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (i.e. analysis of the activity of users
of the Web Site, as well as their preferences in order to improve the functionality of the Web Site; Art. 6 section 1 (f) of the GDPR), in this case Personal Data are processed on the basis of an additional legal basis (e.g. enabling to process Personal Data in order to perform the contract) – if the Controller ceases to have this legal basis, the Personal Data shall be anonymised;

In order to fulfil the statutory obligation incumbent on the Controller, resulting in particular from tax regulations and accounting regulations
– the legal basis for processing is the legal obligation (Article 6 (1) (c) of the GDPR); in this case, the Personal Data is processed until an expiry of the limitation period in respect of tax obligations;

For the marketing purposes of the Controller:
a. if marketing activities are performed without the use of means of electronic communication, the legal basis for the processing is the legitimate interest of the Controller related to a promotion of the economic activity conducted (Article 6 (1) (f) of the GDPR in connection with recital 43 of the GDPR), Personal Data is processed until you withdraw your consent;
b. if marketing activities are performed with the use of means of electronic communication, the legal basis for the processing is a consent to such activities (Article 6 (1) (a) of the GDPR and the provisions of other legal acts requiring such a consent); Personal data is processed until you withdraw your consent.
3. The Controller may process your Personal Data:

a. First name and surname,
b. Residence address,
c. Telephone,
d. E-mail address,
e. IP address,
f. amounts of the Donation
If you conduct an economic activity, the Controller shall additionally process:
a. Name of the company/partnership,
b. Tax Identification Number (NIP).

A scope of the specified data complies with the adequacy principle. A failure to specify the aforementioned data prevents the use of the services of the Web Site.
Upon an expiry of the processing period, your Personal Data is promptly erased or anonymised.

In connection with the implementation of the Transaction, your personal data shall be disclosed to external recipients, in particular entities responsible for the operation of IT systems, entities operating courier or postal services, banks and payment operators, entities providing accounting services, marketing agencies and entities related to the Controller.

In case of providing information about the user
of the Web Site by a competent authority or a third party, the Controller shall make available your Data, if such an obligation results from applicable law provisions.

The Controller does not transfer your Personal Data to a third country or an international organisation outside the European Economic Area.

III. Data of the donors and supporters of the John Paul II Centre “Don’t be afraid!”!”

You can support financially and in-kind the John Paul II Centre “Do not be afraid!”. You can make cash donations by traditional transfer or via the Przelewy24/Dotpay/eCard payment system and the on-line payment system as well as via payment cards to the John Paul II Centre bank account.
When you transfer the donation to the benefit of the John Paul II Centre via direct transfer to a bank account, we process the personal data provided to us by the bank, i.e. first name, surname, account number, amount of donation, address, transfer title. It is necessary to perform the donation agreement and fulfil the obligations incumbent on the John Paul II Centre (e.g. on the basis of accounting law provisions).
If you specify data in the title of the transfer (e.g. e-mail address), we shall process it on the basis of our legitimate interest in order to convey the words of thanks for your support. For the same purpose We use addresses
from bank transfers of persons giving us donations. Several times a year (but no more than 4 times) we send our Donors, e.g. the words of thanks for the support of the John Paul II Centre.
If you do not want this form of contact from the John Paul II Centre, please

to include “I do not wish any communication” in the transfer title. You can also send your objection to the following e-mail address: centrum@janpawel2.pl. We can also redirect correspondence to an address other than the one specified in the transfer or communicate with you electronically – in this case, please enter your e-mail address in the transfer title or contact us.
When you donate to the John Paul II Centre via Przelewy24/Dotpay/eCard, please specify your first name and surname to know with whom we are concluding the contract (e.g. to be able to issue a certificate to make a tax deduction or return the financial resources paid), amounts of donation and e-mail address, which is necessary to handle payments through the platform and the CRM system. It is of necessity in order to perform the donation agreement and fulfil the legal obligations imposed on the John Paul II Centre. You provide your data on a voluntary basis, but required and necessary to make a donation.
You can also specify additional data, such as a correspondence address for the purposes of the John Paul II Centre. The e-mail address and correspondence address (if specified) shall be used to confirm the transfer and to express the words of thanks for the support provided. If you do not wish to receive any words of thanks – tick the appropriate box in the donation form (if available) or contact us: telephone

+48 12 257 53 06, e-mail: centrum@janpawel2.pl

We process the data of persons who provide us with support for 5 years from the end of the calendar year in which we recorded the last interaction with a given person in the CRM system (e.g. donation, resignation from the newsletter, participation or registration in an event that requires registration, contact via e- mail).

IV. AUTOMATED PROCESSING OF PERSONAL DATA

The Controller fails to subject your data to the automated processing (including in the form of profiling), except for the information contained in cookie files.

V. RIGHTS

Pursuant to the provisions of the GDPR, you have the following rights related to the control of the processing of your Personal Data:
a) the right of access by the data subject (including obtaining information on what kind of Personal Data is processed by the Controller, receiving a copy of your Personal Data);

b) the right to rectification of inaccurate, incomplete data by the data subject;

c) the right to erasure of your Personal Data if it is incomplete, out of date, untrue or has been collected in violation of the law provisions or is unnecessary to achieve the purpose for which it has been collected; notwithstanding the aforementioned, you have the option to delete your account on the Web Site (however, this is not tantamount to the erasure of your Personal Data);

d) the right to lodge a complaint with the supervisory body involved in the protection of personal data – in Poland, it is the President of the Office for Personal Data Protection (e.g. if it is considered that the processing of your Personal Data constitutes a breach of the provisions the of the GDPR or other provisions on the protection of Personal Data);

e) the right to restriction of processing of your Personal Data;

f) the right to object processing of your Personal Data, if the processing is based on the legitimate interest of the Controller or for the purpose of direct marketing.
If Personal Data is processed on the basis of your consent, you have the right to:
g) the right to withdraw consent at any time;
h) the right to data portability.
In order to exercise your rights, please contact the Controller via the communication channels indicated in item VIII: “Contact Details”
VI. COOKIE FILES
The Web Site uses information contained in the cookie files.

Cookie files are IT data, in particular text files, which are stored on your end device (e.g. in the computer memory) and are intended for using the web pages of the Web Site.

Cookie files are used for the following purposes:
a) identification of your person on the Web Site;
b) saving the Goods in the Basket;
c) saving personal data on the Website;
d) adjusting the content of the Web Site to your individual preferences (e.g. page layout);
e) keeping anonymous statistics allowing the Controller to improve the functionality of the Web Site.
The Web Site uses the following types of cookie files: permanent cookie files, session cookie files, advertising cookie files, functional cookie files and security cookie files.

There are cases where the software used for browsing web sites (web browser) enables cookie files to be stored on the end device by default. It is possible to change the settings of cookie files at any time. These settings can be changed in particular so that to block the automatic handling of cookie files in the web browser settings or to inform about their placing on the device every time. Restrictions on the use of cookie files may have an impact some of the functionalities available on the Web Site. Cookie files may also be used by advertisers and partners cooperating with the Web Site operator.

The detailed information on the settings cookie files and their self-deletion in the most popular web browsers should be available in the “Help” (or other similar) section of the web browser and on the following web sites:

· Internet Explorer Internet Browser:
· https://windows.microsoft.com/pl-pl/windows-10/edge-privacy-faq
· Chrome Internet Browser:
· https://support.google.com/chrome/answer/95647?hl=plX
·Firefox Internet Browser: https://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20ciasteczek
· Opera Internet Browser:
· https://support.norton.com/sp/pl/pl/home/current/solutions/v57840314_NortonM_Retail_1_pl_pl
· Microsoft Edge Internet Browser:
· https://windows.microsoft.com/pl-pl/windows-10/edge-privacy-faq
· Safari Internet Browser:
· https://support.apple.com/kb/PH5042?locale=en_US

VII. SECURITY OF PERSONAL DATA

The Controller implements appropriate security measures to ensure that Personal Data is processed by it in a safe and secure manner, ensuring, first of all, that solely and exclusively authorised persons have an access to the data and solely and exclusively to the extent that it is necessary due to the tasks they perform. The Controller takes all steps in order to ensure that the entities cooperating with it guarantee the use of appropriate security measures, whenever they process personal data at the request of the Controller.
In particular, these are the following security measures:
securing data against an unauthorised access;
SSL certificate.

VIII. CONTACT DETAILS

In case of any questions, applications and requests regarding your Personal Data or if you wish to exercise a specific right, you can contact the Controller in one of the following forms:
JOHN PAUL II CENTER “Don’t be afraid!” in Cracow
Correspondence address: 34 Totus Tuus Street, 30-610 Cracow
e-mail: administracja@janpawel2.pl and centrum@janpawel2.pl
telephone: +48 12 257 53 06

The Controller reserves the right to exercise your rights related to
the processing of Personal Data upon a positive verification of your identity.

IX. AMENDMENT TO THE PRIVCY POLICY

The Controller seeks to ensure that this Privacy Policy is up-to-date and to update it in case of any amendments to the law, judicial decisions, guidelines of authorities responsible for supervising the processing of personal data, introduction of Codes of Good Practice (if the Controller is bound by such codes), changes in technology, methods, amendments in respect of purposes or legal basis for the processing of Personal Data.