Wróć do strony logowania

Privacy Policy and GDPR Clause for the Congregation Planner Web Application

The privacy policy describes our principles for processing information about you, including personal data and cookies.

  1. General Information
    • This policy applies to the Web Service operating at the url: congregationplanner.pl
    • The service operator and Personal Data Administrator is Maciej Kuta residing at ul. Obrońców Pokoju 30B/30 in Głogów
    • The operator's contact email address: [email protected]
    • The operator is the Administrator of your personal data in relation to data voluntarily provided in the Service.
    • The service uses personal data for the following purposes:
      • Presentation of meeting plan
      • Presentation of ministry meeting plan
      • Presentation of cart schedule plan
      • Presentation of audio-video and attendants plan
      • Presentation of preachers and ministry group list in admin account
    • The service obtains information about users and their behavior in the following ways:
      • Through data voluntarily entered in forms, which are then sent to the Operator's systems.
      • By saving cookie files (so-called "cookies") on end devices.
  2. Selected data protection methods used by the Operator:
    • Login locations and places for entering personal data are protected in the transmission layer (SSL certificate). As a result, personal data and login data entered on the site are encrypted on the user's computer and can only be read on the destination server.
    • Access to the database and the service itself is secured by two-factor verification. Moreover, only people trusted by the administrator can register for the application. This is possible thanks to a special registration link that is available only in the instruction document managed by the Administrator.
    • User passwords are stored in a hashed form. The hash function works one-way - it is not possible to reverse its operation, which is currently a modern standard for storing user passwords.
    • An important element of data protection is the regular update of all software used by the Operator to process personal data, which in particular means regular updates of programming components.
  3. Hosting
    • The service is hosted (technically maintained) on the servers of the operator: Railway.
  4. Your rights and additional information on how data is used
    • In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to such groups of recipients:
      • persons authorized by us, employees and co-workers who must have access to personal data in order to perform their duties,
      • hosting company,
      • companies handling mailings,
      • companies handling SMS messages,
      • companies with which the Administrator cooperates in the field of own marketing,
      • couriers,
      • insurers,
      • law firms and debt collectors,
      • banks,
      • payment operators,
      • public authorities.
    • Your personal data processed by the Administrator will not be stored longer than necessary to perform the related activities specified by separate regulations (e.g. on accounting). For marketing data, the data will not be processed for longer than 3 years.
    • You have the right to request from the Administrator:
      • access to personal data concerning you,
      • their rectification,
      • deletion,
      • processing restrictions,
      • and data portability.
    • You have the right to object to the processing indicated in point 3.3 c) regarding the processing of personal data for the purpose of carrying out legally justified interests pursued by the Administrator, including profiling, however, the right to object cannot be exercised if there are valid legally justified grounds for processing, overriding your interests, rights and freedoms, in particular the establishment, exercise or defense of claims.
    • Actions of the Administrator are subject to complaint to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
    • Providing personal data is voluntary, but necessary to operate the Service.
    • Personal data is not transferred to third countries within the meaning of personal data protection regulations. This means that we do not send them outside the European Union.
  5. Information in forms
    • The service collects information provided voluntarily by the user, including personal data.
    • The data provided in the form is processed for the purpose resulting from the function of a specific form. Each time the context and description of the form clearly informs what it is used for.
  6. Administrator's logs
    • Information about user behavior on the website may be subject to logging. This data is used for administration of the website and to search for errors in the code.
  7. Information about cookies
    • The service uses cookies.
    • Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the Service User's end device and are intended for using the Service's websites. Cookies usually contain the name of the website they come from, the storage time on the end device, and a unique number.
    • The entity placing cookies on the Service User's end device and accessing them is the Service operator.
    • Cookies are used for the following purposes:
      • maintaining the Service user's session (after logging in), thanks to which the user does not have to re-enter the login and password on every subpage of the Service
      • implementation of the purposes specified above in the "Important marketing techniques" section;
    • Two main types of cookies are used within the Service: "session" cookies and "persistent" cookies. "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser). "Persistent" cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
    • Web browsing software (web browser) usually allows cookies to be stored on the User's end device by default. Service Users can change settings in this regard. The Internet browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the Internet browser.
    • Restrictions on the use of cookies may affect some of the functionalities available on the Service's websites.
    • Cookies placed on the Service User's end device may also be used by entities cooperating with the Service operator, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
  8. Managing cookies – how to express and withdraw consent in practice?

GDPR Clause

The following information is a concise, understandable, and transparent summary of the information contained in Privacy Polic regarding the Data Administrator, the purpose and method of processing personal data, and your rights in connection with this processing, in the form required to meet the GDPR information obligation. Details on the method of processing and entities participating in this process are available in the indicated policy.

Who is the data administrator?

The Personal Data Administrator (hereinafter referred to as the Administrator) is the natural person "Maciej Kuta" residing in Głogów, providing services electronically through the Service.

How can you contact the data administrator?

You can contact the Administrator in one of the following ways:

Has the Administrator appointed a Data Protection Officer?

Based on Art. 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Administrator directly.

Where do we obtain personal data from and what are their sources?

Data is obtained from the following sources:

  • from the persons to whom the data relates

What is the scope of personal data processed by us?

The service processes ordinary personal data, provided voluntarily by the persons concerned (E.g., name and surname, login, email address, phone, IP address, etc.)

The detailed scope of processed data is available in the Privacy Policy.

What are our purposes for processing data?

Personal data voluntarily provided by Users is processed for one of the following purposes:

  • Implementation of electronic services:
    • User registration and maintenance services in the Service and related functionalities
  • Administrator's communication with Users in matters related to the Service and data protection
  • Ensuring the Administrator's legally justified interest

What are the legal bases for data processing?

The service collects and processes User data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • art. 6 par. 1 lit. a the data subject has given consent to the processing of his or her personal data for one or more specific purposes
    • art. 6 par. 1 lit. b processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
    • art. 6 par. 1 lit. f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
  • Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
  • Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
  • Act of 4 February 1994 on copyright and related rights (Journal of Laws 1994 No. 24, item 83)

What is the legally justified interest pursued by the Administrator?

  • In order to possibly establish, investigate or defend against claims - the legal basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR) consisting in protecting our rights, including, among others:
  • To assess the risk of potential customers
  • To evaluate planned marketing campaigns
  • To implement direct marketing

For how long do we process personal data?

As a rule, the indicated personal data is stored only for the period of providing the service within the Service run by the Administrator. They are deleted or anonymized within 30 days from the moment of termination of services (e.g., deletion of a registered user account, unsubscribing from the Newsletter list, etc.)

In exceptional situations, in order to secure the legally justified interest pursued by the Administrator, this period may be extended. In such a situation, the Administrator will store the indicated data, from the time of requesting their deletion by the User, for no longer than 3 years in case of violation or suspected violation of the Service regulations by the person to whom the data relates.

Who is the recipient of the data, including personal data?

As a rule, the only recipient of the data is the Administrator.

However, data processing may be entrusted to other entities providing services to the Administrator in order to maintain the Service's operations.

Such entities may include, among others:
  • Hosting companies providing hosting or related services to the Administrator

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless they have been published as a result of individual User action (e.g., entering a comment or post), which will make the data available to anyone visiting the service.

Will personal data be the basis for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have regarding the processing of personal data?

  • Right of access to personal data
    Users have the right to access their personal data, implemented through the user panel available after logging in and tools enabling account access in case of a forgotten password.

  • Right to rectification of personal data
    Users have the right to request the Administrator to immediately rectify personal data that is incorrect and/or complete incomplete personal data, implemented at the request submitted to the Administrator.

  • Right to erasure of personal data
    Users have the right to request the Administrator to immediately delete personal data, implemented at the request submitted to the Administrator.

    For user accounts, data deletion consists of anonymizing data that allows User identification.

    For the Newsletter service, the User has the ability to independently delete their personal data using the link placed in each sent e-mail message.

  • Right to restrict processing of personal data
    Users have the right to restrict the processing of personal data in cases indicated in art. 18 GDPR, including questioning the correctness of personal data, implemented at the request submitted to the Administrator.

  • Right to data portability
    Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used machine-readable format, implemented at the request submitted to the Administrator

  • Right to object to the processing of personal data
    Users have the right to object to the processing of their personal data in cases specified in art. 21 GDPR, implemented at the request submitted to the Administrator.

  • Right to lodge a complaint
    Users have the right to lodge a complaint with the supervisory authority dealing with personal data protection.