1. Who is the controller of your data?
The controller of your personal data is the Foundation for Entrepreneurship Development "Twój StartUp" based in Warsaw (registered office: ul. Żurawia 6/12, unit 766, 00-503 Warsaw).
This privacy policy applies to services provided by the Foundation through the organized business unit nextgen design (contact: phone (+48) 693 634 345, email: kontakt@nextgendesign.pl), delivered by Daniel Aniszewski.
2. Why do we process your data?
A. In connection with services provided via nextgen design for the purpose of concluding or executing a contract (Art. 6(1)(b) of the Regulation). Your data will be stored until the contract is fulfilled;
B. To fulfill legal obligations in connection with the cooperation (Art. 6(1)(c) of the Regulation), such as the obligation to retain certain documents for periods specified by law, e.g.: – Accounting Act of Sept. 29, 1994 (Journal of Laws 2017, item 1858); – Tax Ordinance Act of Aug. 29, 1997 (Journal of Laws 1997 No. 137, item 926); – Act of March 1, 2018 on anti-money laundering and countering terrorism financing (Journal of Laws 2018, item 723);
C. For the potential establishment, exercise or defense of legal claims – our legitimate interest (Art. 6(1)(f) of the Regulation). Data will be processed until the claims expire;
D. With your consent – for purposes defined in the consent (Art. 6(1)(a)). Data will be processed until the consent is withdrawn.
B. To fulfill legal obligations in connection with the cooperation (Art. 6(1)(c) of the Regulation), such as the obligation to retain certain documents for periods specified by law, e.g.: – Accounting Act of Sept. 29, 1994 (Journal of Laws 2017, item 1858); – Tax Ordinance Act of Aug. 29, 1997 (Journal of Laws 1997 No. 137, item 926); – Act of March 1, 2018 on anti-money laundering and countering terrorism financing (Journal of Laws 2018, item 723);
C. For the potential establishment, exercise or defense of legal claims – our legitimate interest (Art. 6(1)(f) of the Regulation). Data will be processed until the claims expire;
D. With your consent – for purposes defined in the consent (Art. 6(1)(a)). Data will be processed until the consent is withdrawn.
3. What data do we process?
To conclude a contract, we require data on the agreement/order form (without it, we can’t proceed). Optional data may be requested – not essential for the contract – such as a phone number for easier contact. While providing services, we may come into possession of additional data, resulting from your use of our services.
4. Who may access your data?
A. Public authorities – when required by law (e.g. for anti-money laundering measures);
B. Processors – entities processing your data on behalf of the Foundation, based on data processing agreements (e.g. Foundation beneficiaries, IT specialists, archive services, hosting providers);
C. External data controllers – third-party entities with legitimate interest (e.g. legal advisers, courier/postal services, debt collection companies if invoices go unpaid);
D. Entities outside the EEA – only when necessary and with appropriate safeguards, such as:
a) Cooperation with entities in countries with EU Commission adequacy decisions;
b) – Use of standard contractual clauses issued by the EU Commission.
We will always inform you at the time of data collection if your data may be transferred outside the EEA.
B. Processors – entities processing your data on behalf of the Foundation, based on data processing agreements (e.g. Foundation beneficiaries, IT specialists, archive services, hosting providers);
C. External data controllers – third-party entities with legitimate interest (e.g. legal advisers, courier/postal services, debt collection companies if invoices go unpaid);
D. Entities outside the EEA – only when necessary and with appropriate safeguards, such as:
a) Cooperation with entities in countries with EU Commission adequacy decisions;
b) – Use of standard contractual clauses issued by the EU Commission.
We will always inform you at the time of data collection if your data may be transferred outside the EEA.
5. Are your data profiled?
Your data will not be subject to profiling or automated decision-making about preferences or future behavior.
6. What are your rights?
A. Right to access your personal data (Art. 15);
B. Right to rectify your data (Art. 16);
C. Right to erase your data (“right to be forgotten”) if there's no justification for further processing (Art. 17);
D. Right to restrict processing – for storage or specific agreed actions (Art. 18);
E. Right to data portability – receive your data in a machine-readable format (e.g. .csv) or request its transfer to another controller (Art. 20);
F. Right to withdraw consent – at any time, without affecting the lawfulness of prior processing (Art. 7(3)). To withdraw consent, email: kontakt@nextgendesign.pl;
G. Right to object – when processing is based on legitimate interest (Art. 21). After review, we will stop processing unless we demonstrate overriding legitimate grounds;
H. Right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (UODO) in Poland.
B. Right to rectify your data (Art. 16);
C. Right to erase your data (“right to be forgotten”) if there's no justification for further processing (Art. 17);
D. Right to restrict processing – for storage or specific agreed actions (Art. 18);
E. Right to data portability – receive your data in a machine-readable format (e.g. .csv) or request its transfer to another controller (Art. 20);
F. Right to withdraw consent – at any time, without affecting the lawfulness of prior processing (Art. 7(3)). To withdraw consent, email: kontakt@nextgendesign.pl;
G. Right to object – when processing is based on legitimate interest (Art. 21). After review, we will stop processing unless we demonstrate overriding legitimate grounds;
H. Right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (UODO) in Poland.
7. Contact
If you need more information or wish to exercise your rights, please contact us at: rodo@twojstartup.pl
8. Updates to the privacy policy
The controller is committed to regularly updating this privacy policy.
