BrainGreen Foundation privacy and cookie policy

This Privacy and Cookie Policy describes the principles for processing personal data and the use of cookies on the BrainGreen Foundation website, available at braingreen.org.

The BrainGreen Foundation ensures that it takes care of your privacy and processes personal data with respect for applicable law, in particular the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), as well as national data protection laws.

1. Data controller

The controller of your personal data is:

BrainGreen Foundation ul. Szpitalna 6, 00-031 Warszawa Poland, e-mail: hello@braingreen.org

KRS Number: 0000964547, REGON: 521709494, NIP: 5252903313

2. What data do we collect and for what purpose?

We process personal data depending on how you use our website and what interactions you undertake with us.

A. Data collected automatically when using the website (Cookies):

When you visit our website, we automatically collect information stored in cookies and data related to your activity on the site. This data is used for:

  • Ensuring proper website functionality: Maintaining sessions, adapting the appearance.
  • Analyzing statistics and improving functionality: Understanding how users interact with the website, which allows us to enhance it.
  • Customizing content to user preferences: Remembering language settings or other preferences.
  • Ensuring security: Detecting and preventing fraud and abuse.

B. Data collected during interactions with Us (e.g., contact forms, donation forms, newsletter sign-ups, volunteer/equipment donation forms):

If you choose to contact us or support our activities, we may collect the following data:

  • Identification data: First name, last name, email address, phone number.
  • Address data: Residential/correspondence address (for donations, issuing confirmations, or sending thank-you notes).
  • Donation data: Donation amount, preferred payment method, information necessary for transaction processing (e.g., bank account number – in case of bank transfers).
  • Data regarding your involvement: Information provided in volunteer forms (e.g., availability, skills) or equipment donation forms.
  • Other data: Any other information you voluntarily provide in the content of messages or forms.

Purposes of processing data obtained in this way:

  • Fulfilling your request/application: Handling inquiries sent via the contact form, volunteer applications, equipment donation requests.
  • Processing and accounting for donations: Receiving payments, issuing confirmations, fulfilling legal obligations related to donations.
  • Direct marketing: Sending newsletters, information about our activities and campaigns (only with your consent).
  • Legitimate interests of the Controller: Defending against claims, pursuing claims, conducting internal statistics and analyses.
  • Fulfilling legal obligations: Issuing accounting documents, responding to requests from public authorities.

3. Legal basis for data processing

We process your personal data based on:

  • Your consent (Art. 6(1)(a) GDPR): For newsletters, data collected by some cookies (if consent is required). You can withdraw your consent at any time.
  • Necessity for the performance of a contract or to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR): For handling inquiries (e.g., contact form, volunteer application), processing donations.
  • Necessity for compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR): Applies, for example, to tax obligations related to donations, record-keeping.
  • Necessity for the purposes of the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR): Applies to website statistical analysis, security, claims handling, direct marketing (in some cases).

4. Data recipients

Your personal data may be transferred to the following categories of recipients:

  • Entities providing IT services to us (hosting, website maintenance).
  • Payment service providers (for donations).
  • Accounting and legal firms (to the extent necessary to fulfill our legal obligations or defend against claims).
  • Partners cooperating with us in achieving our statutory goals (e.g., within partnership projects, equipment distribution, event organization – only to the necessary extent).
  • Public authorities authorized to obtain data based on applicable legal provisions.

We do not sell or rent your personal data.

5. Data retention period

Your personal data will be stored for the period necessary to achieve the purposes for which it was collected, as well as:

  • Data related to donations – for the period required by tax law regulations.
  • Data related to contract/application fulfillment – for the time necessary to perform it, and then for the period of limitation of claims.
  • Data processed based on consent – until consent is withdrawn, unless there is another legal basis for its processing.
  • Data collected automatically (cookies) – according to their specific characteristics and expiration time, or until you delete them.

6. Your rights

You have the following rights regarding your personal data:

  • Right of access to data: You have the right to obtain information on whether and how we process your personal data.
  • Right to rectification of data: You can request the correction of incomplete or inaccurate data.
  • Right to erasure (“right to be forgotten”): You can request the deletion of your data if there is no longer a legal basis for its processing.
  • Right to restriction of processing: You can request the restriction of data processing in specific situations (e.g., when you contest the accuracy of the data).
  • Right to data portability: You have the right to receive your data in a structured, commonly used and machine-readable format and transmit it to another controller.
  • Right to object: You have the right to object to the processing of your data based on the Controller’s legitimate interest.
  • Right to withdraw consent: If we process data based on your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with a supervisory authority: If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

To exercise the above rights, please contact us at: hello@braingreen.org.

7. Cookies

Our website uses cookies. Cookies are small text files sent by a web server and stored on your device.

We use two main types of cookies:

  • Session cookies: These are temporary files stored in the device’s memory until the browser session ends. They are permanently deleted from the device’s memory after closing the browser.
  • Persistent cookies: These are stored in the device’s memory for a specified period in the cookie parameters or until deleted by the user.

We use cookies for the purpose of:

  • Facilitating website use: Remembering your preferences and settings.
  • Collecting anonymous statistics: Allowing us to analyze website traffic and improve its operation, without identifying individual users.
  • Content customization: Presenting content that may be of interest to you.

Managing cookies:

Most web browsers accept cookies by default. However, you can change your browser settings at any time to block cookies or receive notifications when they are sent. Detailed information on managing cookies can be found in your internet browser settings.

Please remember that disabling cookies may affect some functionalities available on our website.

8. Data security

The BrainGreen Foundation implements appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. This includes, among others, data encryption, the use of secure communication protocols (SSL/TLS), limited access to data, and regular security audits.

9. Changes to the privacy policy

We reserve the right to make changes to this Privacy and Cookie Policy. Any changes will be published on this page, and significant changes will be communicated in a more prominent manner. We recommend regularly reviewing this Policy to stay informed about our privacy protection practices.

10. Contact

If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us:

BrainGreen Foundation ul. Szpitalna 6, 00-031 Warszawa Poland, e-mail: hello@braingreen.org

Last updated:  1. 06. 2025