Privacy Policy

Who we are

This privacy policy describes how KCRI will collect and use your personal information when you interact with us online or when we otherwise collect and use your personal information.

Please note that there are certain aspects of this privacy policy that only apply when we are required to comply with specific laws. We comply with the General Data Protection Regulation (GDPR) and the local laws applicable in the countries in which we operate. (e.g., the European data protection law, the General Data Protection Regulation).

What personal information do we use?

01. We may collect, store, and otherwise process the following kinds of personal information:
02. your full name and contact details, including email address, postal address, and telephone number;
03. information you provide when you are considered as a contractor or a job applicant which may include education and work experience, employment information, images of your signature, and information about the services you may provide to KCRI;
04. information about your use of our information and communications systems;
05. your communication preferences;

What information do we collect online?

We will also collect certain information when you interact with our website. We do this through server log files, cookies, and pixel tags. While the information obtained may not be personal information under the laws of the country you are based in, we recognize that there are certain laws (e.g., EU law) where this information is likely to be personal information.

For instance, we identify and log the Internet Protocol (IP) address of the device you use to access our website automatically in our server log files whenever you visit our website, along with the time of your visit and pages you visit. While the intention of such a practice is to calculate website usage levels and to help us diagnose problems with the website’s servers, we recognize that an IP address is also an online identifier which can be used to create profiles of individuals behind devices. Thus, if we combine non-personal information with personal information, we will treat the combined information as personal information as long as it is combined.
We will only deploy non-essential cookies, including analytics cookies, with your consent. Please see our Cookie Policy for further information about how we collect and use cookies and pixels and our use of analytics.

Do we share your personal information?

Personal information collected by OSF (through the website or otherwise) may be shared between any of our family of offices and foundations in line with the purposes set out in this privacy policy in section 6 and in accordance with the international data sharing agreements between OSF hub and regional offices.

Apart from where set out in this privacy policy, OSF will not sell, rent, or lease your personal information to other third parties. However, we may ask third-party processors to assist us or we may disclose your personal information to selected third-party processors (such as agents or sub-contractors) for the purposes outlined at section 6. The third party in question will be obligated to use any personal information they receive in accordance with our instructions.

For instance, we use a third-party marketing automation platform to assist with managing email addresses and sending emails to our subscribers. When you sign up to receive email updates from us and provide us with your email address, you will receive an automated email originating from this third party confirming your subscription and providing you with a link to unsubscribe from the list.

We may also engage third parties to assist us with website hosting, data analysis, transaction processing, grant making, and other administrative services.

Do we share your personal information?

Apart from where set out in this privacy policy, KCRI will not sell, rent, or lease your personal information to other third parties. However, we may ask third-party processors to assist us or we may disclose your personal information to selected third-party processors (such as agents or sub-contractors) for the purposes outlined in this privacy policy. The third party in question will be obligated to use any personal information they receive in accordance with our instructions.

For instance, we use a third-party marketing automation platform to assist with managing email addresses and sending emails to our subscribers. When you sign up to receive email updates from us and provide us with your email address, you will receive an automated email originating from this third party confirming your subscription and providing you with a link to unsubscribe from the list.
We may also engage third parties to assist us with website hosting, data analysis, transaction processing, grant making, and other administrative services.

Due to the need to provide the KCRI an appropriate organization, e.g. in the area of accounting, technical, IT infrastructure or current matters concerning the KCRI ‘s operations as an entrepreneur, personal data may be transferred to the following categories of recipients:

01. service providers supplying the KCRI with technical and organizational solutions (in particular to ICT service providers);
02. providers of legal, accounting, control and advisory services and supporting the KCRI in pursuing due claims (in particular law offices, financial institutions);
03. other public bodies, institutions or entities authorized by law.

Do we share your personal information?

01. Legal obligation. Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject (e.g., because we have to provide information to tax authorities).
02. Contractual relationship. Where it is necessary for us to use your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract).
03. Legitimate interests. We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests and the use of your personal information is fair, balanced, and does not unduly impact your rights.
04. Consent. We may obtain your consent to use your personal information in certain circumstances (e.g., to send you email marketing or for the use of non-essential cookies). We will ensure that when we obtain your consent, you are free both to give it and to decline to give it. Additionally, you may always withdraw your consent at any time without any further detriment to you.

What data will be processed in this Privacy Policy?

01. In the case of correspondence in traditional and electronic form using e-mail and contact forms, your data is processed for the purpose of conducting contact, including answering the questions asked, due to the legitimate interest of the controller.
Legal basis: Article 6 (1) (f) GDPR.
02. The data may also be processed for the purpose of defending the rights and asserting claims by the data controller in connection with its activities.
Legal basis: Article 6(1)(b) and (f) GDPR.
03. To maintain records of prospective, current and past clients and partners.
Legal basis: Article 6 (1) (f) GDPR.
04. To keep statistics, perform analyses and archive of the data, adapt the content of the Website to the User’s preferences, track the use of our Website
Legal basis: Article 6 (1) (f) GDPR.
05. To legitimate our interest in improving our website content and our services
Legal basis: Article 6 (1) (f) GDPR.
06. If you are a job applicant, your personal data provided in the application documents will be processed for the following purposes:
To conduct the ongoing recruitment and take action before concluding an employment agreement with you.
Your data will be used for duration of the recruitment process.
Legal basis: Article 6(1)(a) and (c) GDPR.
To carry out future recruitment, if you grant us such consent.
If you give us consent to use your personal data for the purpose of future recruitment, your data will be used for up to 2 years.
Legal basis: Article 6(1)(a) GDPR.

Providing your personal data to the controller is voluntary. However, if you do not provide your personal data or if you provide incomplete personal data, the accomplishment by the controller of the purposes may be seriously impeded or prevented.

We may process your personal information abroad, including outside the European Economic Area (EEA), provided we comply with the applicable laws and regulations. In cases where we are sharing your personal data with organizations outside the EEA, we will ensure they agree to apply equivalent levels of protection as we do, and the transfer of your personal data is compliant with applicable law.

Information about the data controller

The data controller is KCRI Sp. z o. o. with its registered office at Wadowicka 7, 30-347 Kraków, Poland, National Court Register number KRS 0000218183, (hereinafter also “KCRI” and “controller”). KCRI collected personal information which you provide by:

email: dataprotection@kcri.org,

post: Wadowicka 7, 30-347 Kraków, Poland,

contact form available at www.kcri.org.

Your rights related to data processing by the controller

In connection with your data processing by the controller you have the right to:

01. access the content of your personal data, their rectification or erasure,
02. restriction of processing your personal data,
03. portability your personal data,
04. object to processing your personal data,
05. withdrawal your consent to processing your personal data (if the legal basis is Article 6(1)(a) GDPR.

Such requests must be submitted to the controller.

You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates provisions of the GDPR.

Please contact us if you have any questions in relation to Privacy Policy at: dataprotection@kcri.org.