Privacy Policy

Last updated: 23 January 2026.

1. 1. 1. Personal Data Administrator
         The personal data administrator is the Public Value Agreement Foundation, with its registered office in Warsaw (01-461), ul. Bogatyńska 3/2, entered into the National Court Register under KRS number 0001212818. You can contact the administrator by email: ado@publicvalue.pl.
         
         
      2. Data processed in connection with the use of the website

         • Our website address is: https://publicvalue.pl.

         • Comments
           When a visitor leaves a comment on the website, we collect the data visible in the comment form, as well as the IP address and browser signature of the user to help detect spam (legal basis: Article 6(1)(f) of the GDPR – the controller’s legitimate interest in moderating content and protecting against spam; additionally, Article 6(1)(b) of the GDPR – performance of the contract for the publication of comments).

           Based on the e-mail address, an anonymised string (hash) may be created and sent to the Gravatar service to check whether the user uses it. The Gravatar service privacy policy is available at: https://automattic.com/privacy/. Once the comment is approved, the user’s profile picture becomes publicly visible in the context of the comment.

         • Media
           If a registered user uploads image files to the website, we recommend avoiding images containing EXIF tags with GPS location data. Visitors to the website may download such images and read the location data they contain (legal basis: Article 6(1)(b) of the GDPR – performance of a contract for the publication of content).

         • Cookies
           Cookies are used to ensure the proper functioning of the website, to remember user preferences and to analyse website traffic (legal basis: Article 6(1)(a) of the GDPR – user consent for non-essential cookies; Article 6(1)(f) of the GDPR – legitimate interest of the controller for cookies necessary for the functioning of the website).

           If the user leaves a comment on the website, they may consent to their name, e-mail address and website being stored in cookies. These are for the user’s convenience so that they do not have to fill in this information again when leaving further comments. These cookies expire after one year.

           When you visit the login page, we create a temporary cookie to check whether your browser accepts cookies. It does not contain any personal data and is deleted when you close your browser.

           When you log in, we also create cookies that are necessary to save your login information and selected screen display options. Login cookies expire after two days, and screen option cookies expire after one year. Selecting the ‘Remember me’ option extends your login to two weeks. After you log out, the login cookies are deleted.

           When editing or publishing an article in your browser, an additional cookie containing the ID of the edited article is saved. It does not contain any personal data and expires after one day.

         • Embedded content from other websites
           Articles on the website may contain embedded content (e.g. videos, images, articles) from other websites. Such content behaves as if the user had visited that website directly. These websites may collect data about the user, use cookies, attach additional third-party tracking systems, and monitor interactions with the embedded material, including tracking interactions if the user has an account and is logged in to that website (legal basis: Article 6(1)(f) of the GDPR – the controller’s legitimate interest in displaying richer content).

      3. Data processed in connection with the Foundation’s activities
         Personal data is processed only to the extent necessary to achieve the Foundation’s statutory objectives, in particular for the purpose of:
         
         
         • handling donations and issuing certificates for tax purposes (legal basis: Article 6(1)(c) and (b) of the GDPR – legal obligation and performance of a donation agreement),
           
           
         • providing assistance to beneficiaries and running projects (legal basis: Article 6(1)(f) of the GDPR – legitimate interests pursued by the controller),
           
           
         • cooperating with persons involved in the Foundation’s activities (volunteers, associates) (legal basis: Article 6(1)(b) of the GDPR – performance of a contract),
           
           
         • keeping a register of signatories to the Declaration for the Common Good (including granting the title of Actual Signatory or Correspondent) and maintaining contact with signatories (legal basis: Article 6(1)(f) of the GDPR – legitimate interest of the controller in engaging the community and achieving its statutory objectives; in the case of Adobe Sign, additionally Article 6(1)(b) of the GDPR – performance of an electronic signature contract).
           The register of signatories is kept internally.
           
           
      4. Recipients of personal data
         Personal data may only be transferred to entities processing data on behalf of the controller, on the basis of personal data processing agreements (categories of recipients: providers of IT services, electronic signature tools, website hosting, e-mail, electronic communication, and accounting and legal services, if used).
         
         In addition, personal data may be disclosed to public authorities (e.g. tax authorities) only in cases provided for by applicable law.
         
         

      5. Okres przechowywania danych osobowych
         

         Personal data is stored for the period necessary to achieve the purposes of processing, including:

         • • comments and their metadata – indefinitely (for the purpose of automatic recognition and approval of subsequent comments),
         • • data related to donations – 5 years (due to tax obligations),
         • • data of persons involved in the Foundation’s activities – until the end of cooperation and for an additional period resulting from applicable law (e.g. limitation period for claims or HR obligations),
             
             
           • data of signatories to the Declaration – for the duration of their status as Signatories and longer for the purpose of documenting their history of involvement in the implementation of the Foundation’s statutory objectives.

      6. Rights of the data subject
         

         The data subject has the following rights: access to personal data, rectification of data, erasure of data (right to be forgotten), restriction of processing, data portability, objection to processing and lodging a complaint with the President of the Personal Data Protection Office (https://uodo.gov.pl).

         If you have an account on the website or have added comments, you may request to receive a file with your personal data exported or to have this data deleted (except for data required for administrative, legal or security reasons).

      7. Providing personal data
         Providing personal data is voluntary, but necessary to achieve a specific purpose (e.g. leaving a comment, accepting a donation or registering as a signatory to the Declaration). Failure to provide data may result in the inability to achieve this purpose.

      8. Other information
         The administrator does not use profiling or automated decision-making that leads to legal consequences for the data subject.

         Personal data is not transferred outside the European Economic Area without appropriate safeguards.

         User comments may be checked using an automatic spam detection service.

If you have any questions, please contact us at: ado@publicvalue.pl.