Fulfilling the information obligation related to the processing of your personal data, acting in accordance with
article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
protection of individuals with regard to the processing of personal data and on the free movement
such data and the repeal of Directive 95/46/EC (hereinafter “GDPR”), we would like to inform you that the Braingreen Foundation with
seated in Warsaw:
1. will process the personal data provided by you in order to enable participation in initiatives
organized by the Foundation, in particular signing up for classes and using them as part of
“Integration and education program for children and youth – citizens of Ukraine and Poland”.
2. No automated decisions will be made in relation to personal data (without participation
human), including data will not be profiled.

WHO ADMINISTRATES THE DATA
1. The administrator of personal data is the BrainGreen Foundation with its registered office in Warsaw at ul. Rydygier
13/162, 01-793 Warszawa, entered into the register under KRS number 0000964547, NIP 5252903313,
REGON: 521709494, phone: +48 883 453 475, e-mail: hello@braingreen.org (Foundation).
2. For questions regarding the method and scope of processing the data provided by you, and also
the Data Protection Officer appointed by us will answer about your rights. Questions can
send to the e-mail address: hello@braingreen.org.
3. The administrator ensures that the data is collected only to the extent necessary for the indicated purpose and only
for the period necessary.

THE GUESTS

WHAT DATA IS PROCESSED AND WHERE THEY COME FROM
1. The personal data administrator processes your personal data necessary for the implementation of the specified
purpose of processing, in particular: name, surname, address of residence, NIP, PESEL, postal address
e-mail address, profile on a social networking site, mailing address, telephone number, which
were transferred in the course of the Administrator’s activity for the benefit of the charges.
2. Your personal data has been obtained by the Administrator directly from you or from the entity that you
sent to the Foundation.

PURPOSE OF DATA PROCESSING
1. Data processing is necessary for:
1) enabling you to take advantage of the assistance provided by the Foundation,
2) ongoing contact, e-mail correspondence and via mobile applications, contact
telephone,
3) informing you about the possibility of taking advantage of other activities offered by the Foundation i
activity,
4) to use the web application to sign up for classes and use them as part of
“Integration and education program for children and youth – citizens of Ukraine and Poland

2. The basis for processing the data provided by you are:
1) Voluntary consent (Article 6(1)(a) of the GDPR) – in the scope of data processing
personal data in the web application;
2) Implementation of a public task entrusted to the administrator (Article 6(1)(e) of the GDPR) – in
the scope of the offer of our facility;
3) Implementation of legal obligations incumbent on the administrator (Article 6(1)(c) of the GDPR) –
in terms of legal obligations that we must comply with.

3. Providing data is necessary to use the assistance provided by the Foundation.
4. Providing your personal data is voluntary. If you don’t, you won’t
could use the Foundation’s help and the web application. Refusal to provide data or request
removing them may prevent the Administrator from providing information about its activities and
keeping in touch.

DATA STORAGE PERIOD
Your personal data will be stored for the time required by law, i.e. the period
necessary to achieve the purposes set out in point 3. In the case of data processing based on
consent, the data will be processed until its withdrawal. After the required archiving period, your data
will be deleted or anonymized.

DONORS AND CONTRACTORS

WHAT DATA IS PROCESSED AND WHERE THEY COME FROM
1. The administrator processes your personal data in the following scope: name, surname, employer, position
business, e-mail address, correspondence address, telephone number, address of residence,
NIP, REGON, PESEL.
2. Your personal data was obtained by the Administrator directly from you or from your employer
or the entity you represent or from public registers (KRS, CEIDG).

PURPOSE OF DATA PROCESSING
The administrator processes your data in order to:
1) ongoing contact in connection with the conclusion or performance of the contract, presentation of the offer,
sending an order, answering questions (legal basis: Article 6(1)(f) of the GDPR);
2) conducting e-mail and traditional correspondence related to the performance of contracts,
orders, submitted offers and inquiries (legal basis of Article 6(1)(f) of the GDPR);
3) telephone contact related to the services provided and running her activity, in
including the performance of contracts, providing information about services (legal basis of Article 6(1)(f) of the GDPR);
4) informing about events organized by the Administrator or in which the Administrator
participates (legal basis of Article 6(1)(f) of the GDPR);
5) for other legally justified purposes related to establishing and maintaining
business contacts and creating a network of contacts, e.g. by exchanging business cards,
organization/participation of meetings/conferences/events (legal basis: Article 6(1)(f)
GDPR).

DATA STORAGE PERIOD
1. The administrator will process your personal data for the period necessary to perform the contract, a
also for the period of limitation of claims under the contract. In the case of data processing based on
legitimate interest of the Administrator – data will be processed for a period enabling implementation
this interest or to file an effective objection to data processing.
2. The processing period may be extended within the limits of the law if the data processing
personal data is necessary to investigate or defend against claims.
3. After the processing period, the data will be deleted or anonymized.

RECRUITMENT

WHAT DATA IS PROCESSED AND WHERE THEY COME FROM
1. The administrator processes your personal data in the following scope: name, surname, date of birth, information
about education, information about experience and qualifications, information about interests, photo
(image), e-mail address, mailing address, telephone/fax number, address
residence.
2. Your personal data has been provided to the Administrator electronically to the e-mail address
Administrator or in paper form submitted to the Administrator’s office. your personal data
The administrator obtained it directly from you.

PURPOSE OF DATA PROCESSING
We process your data in order to:
1) recruit people interested in working or cooperating with the Administrator
(legal basis: Article 221 of the Labor Code and Article 6(1)(c) of the GDPR, Article 6(1)(a)
GDPR);
2) assessment of your qualifications to work in the position covered by the application (legal basis of Article 6
sec. 1 lit. c GDPR, art. 6 sec. 1 lit. a GDPR);
3) invitations to an interview (legal basis: Article 6(1)(c) of the GDPR, Article 6(1)
lit. a GDPR);
4) with your consent, the data entrusted to the Administrator will also be processed for management purposes
future recruitment processes (Article 6(1)(a) of the GDPR)

DATA STORAGE PERIOD
1. The administrator will process your personal data until the end of recruitment for
position covered by the application.
2. In the case of consent to the processing of personal data for the purposes of future recruitment
The administrator will store your data for a period of 2 years from the moment of their collection. IN
in the case of data processing based on the legitimate interest of the Administrator – the data will be
processed for a period enabling the implementation of this interest or until effective notification
objection to data processing. If the processing is based on the consent of the data
are processed until it is withdrawn.

3. The processing period may be extended within the law if the data processing
personal data is necessary to investigate or defend against claims.
4. After the processing period, the data will be deleted or anonymized.

WHO HAS ACCESS TO DATA
1. In connection with the activity conducted by the Administrator, to the extent that it is necessary,
the recipients of personal data may be entities to which the Administrator will entrust the processing
personal data, in particular:
5) System Administrator https://wspieradzieci.nabor.pcss.pl/ – Institute of Bioorganic Chemistry
Polish Academy of Sciences Poznań Supercomputing and Networking Center, ul. Noskowski
12/14, 61-704 Poznań, NIP: 777-00-02-062,
6) Other entities cooperating with our facility, if access to your data is necessary
to carry out their tasks,
7) entities providing accounting services,
8) entities conducting postal or courier activities,
9) banks, if it is necessary to conduct settlements,
10) entities responsible for the operation of IT systems and equipment,
11) public authorities and other entities to whom the Administrator will provide personal data on the basis of
the law.

DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA
The administrator does not transfer personal data outside the EEA.

RIGHTS OF THE DATA SUBJECTS
1. You have the right to:
1) access to the content of your data, including obtaining a copy of this data,
2) request rectification (correction) of personal data or their supplementation,
1) information about the processed data, including the purposes and grounds for processing,
2) restrictions on the processing of personal data,
3) withdrawal of consent at any time without affecting the lawfulness of processing, provided that
processing is done based on consent,
4) transfer of personal data,
5) request the deletion of personal data (the so-called right to be forgotten), if:
a) the data are no longer necessary for the purposes for which they were collected or otherwise
processed;
b) there is no legal basis for processing your personal data;
c) you have objected to the processing and there are no overriding rights
legitimate grounds for processing;
d) your data is processed unlawfully;
e) Your data must be deleted in order to fulfill the obligation resulting from the regulations
laws.

6) object to processing for marketing purposes or on a legal basis
legitimate interest of the Administrator,
7) complaints to the supervisory body, i.e. the President of the Office of Personal Data Protection in the case of
recognizing that the processing of personal data violates the law, including the GDPR.

3. Applications regarding the exercise of these rights should be submitted in writing or electronically to the following addresses
indicated in point 1.

DATA SECURITY

1. The administrator makes every effort to ensure the security of the data entrusted to him
personal. Administrator:
1) ensures transparency of data processing,
2) informs about the processing of data at the time of their collection, except for situations where
under separate regulations is not obliged to do so,
3) ensures that the data is collected only to the extent necessary for the indicated purpose and processed
were only for the period in which it is necessary,
4) ensures confidentiality of access by accessing them only by authorized persons,
2. In order to ensure the integrity and confidentiality of data, the Administrator:
1) has implemented procedures enabling access to personal data only to authorized persons and
only to the extent that it is necessary due to the tasks they perform,

2) applies organizational and technical solutions to ensure that all operations on
personal data are properly secured,
3) also takes the necessary actions to ensure that entities cooperating with the Administrator provide
a guarantee that appropriate security measures are applied whenever
process personal data on behalf of the Administrator,
4) if necessary, implement additional measures to increase data security.
3. In a situation where, despite the security measures taken, a data protection breach has occurred
personal data and this breach could result in a high risk of violating the rights and freedoms of individuals,
data subjects, the controller shall immediately inform the data subjects of such an event
concern.

FINAL PROVISIONS
1. The personal data processing policy is verified on an ongoing basis and, if necessary
needs updated.
4. The personal data processing policy applies from May 25, 2022.