World 3.0 Foundation · KRS 0000579053

Privacy Policy

Effective date: 1 January 2025 Version: 1.0 Includes: Cookie Policy Governing law: GDPR / Republic of Poland

Contents

  1. Controller & Contact
  2. Scope & Purpose
  3. Legal Bases
  4. Data We Collect
  5. How We Use Data
  6. Data Retention
  7. Recipients & Transfers
  8. Your Rights
  9. Cookie Policy
  10. Third-Party Services
  11. Children’s Privacy
  12. Amendments
  13. Contact & Complaints

§ 01

Controller & Contact

The controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR) is:

World 3.0 Foundation 26 Bolesława Chrobrego Street
81-783 Sopot, Poland

KRS: 0000579053 · NIP: 5851472121 · REGON: 362694953

Email: office@world3zero.org
Website: https://world3zero.org

All data protection enquiries should be directed to the address above. The Foundation has not appointed a formal Data Protection Officer, as it does not meet the thresholds set out in Article 37 GDPR. Enquiries are handled directly by the Foundation’s management.

§ 02

Scope & Purpose

This Privacy Policy applies to all personal data processed by World 3.0 Foundation in connection with:

  • use of the website at https://world3zero.org and its subdomains;
  • submission of contact forms or email enquiries;
  • making donations via the Website or bank transfer;
  • subscribing to newsletters or event communications;
  • participation in Foundation projects, events, or partnerships.

This Policy does not cover third-party websites linked from our Website. We encourage you to review the privacy policies of any external services you visit.

§ 03

Legal Bases for Processing

We process personal data only where a valid legal basis exists under Article 6 GDPR:

  • Art. 6(1)(a) — Consent. Where you have given explicit consent, for example to receive newsletters. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
  • Art. 6(1)(b) — Contract. Where processing is necessary to carry out a transaction or respond to a pre-contractual request, including donation processing.
  • Art. 6(1)(c) — Legal obligation. Where processing is required to comply with Polish or EU law, including accounting and anti-money-laundering obligations.
  • Art. 6(1)(f) — Legitimate interests. Where processing is necessary for the Foundation’s legitimate interests — including Website security, fraud prevention, and statistical analysis of Website traffic — provided those interests are not overridden by your rights and freedoms.

§ 04

Data We Collect

We collect personal data only to the extent necessary for the purposes described in this Policy. Depending on how you interact with the Website, this may include:

  • Identity data: first name, last name, organisation name (where voluntarily provided).
  • Contact data: email address, telephone number (where voluntarily provided).
  • Financial data: donation amount, payment method, transaction reference. We do not store full payment card details — these are handled exclusively by our payment processors.
  • Technical data: IP address, browser type and version, operating system, referring URL, pages visited, session duration. Collected automatically via server logs and analytics tools.
  • Communications data: content of messages sent via contact forms or email.
  • Cookie data: identifiers and preferences stored in your browser. See § 09 for full details.

We do not process special categories of data (Article 9 GDPR) and do not engage in automated decision-making or profiling with legal or similarly significant effects (Article 22 GDPR).

§ 05

How We Use Your Data

  • Responding to enquiries — to answer questions submitted via contact forms or email (legal basis: Art. 6(1)(b) or 6(1)(f)).
  • Processing donations — to record, acknowledge, and account for financial contributions; to issue confirmation to donors (legal basis: Art. 6(1)(b) and 6(1)(c)).
  • Newsletter and communications — to send updates about Foundation activities, publications, and events, where you have subscribed (legal basis: Art. 6(1)(a)).
  • Website operation and security — to maintain the technical functionality of the Website, prevent abuse, and diagnose errors (legal basis: Art. 6(1)(f)).
  • Analytics — to understand how visitors use the Website and improve its content and structure (legal basis: Art. 6(1)(f) or 6(1)(a) depending on tool configuration).
  • Legal compliance — to fulfil obligations under Polish tax law, accounting regulations, and applicable EU legislation (legal basis: Art. 6(1)(c)).

§ 06

Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. In practice:

  • Donation records are retained for 5 years from the end of the financial year in which the donation was received, pursuant to Article 74 of the Polish Accounting Act.
  • Contact form and email correspondence is retained for up to 3 years, sufficient to address any subsequent enquiries or disputes.
  • Newsletter subscriber data is retained until you unsubscribe or withdraw consent, after which it is deleted within 30 days.
  • Server log data (including IP addresses) is retained for up to 12 months for security and diagnostic purposes.
  • Cookie data is retained in accordance with the individual cookie lifetimes set out in § 09.

After the applicable retention period, data is deleted or anonymised in a manner that prevents re-identification.

§ 07

Recipients & International Transfers

We do not sell, rent, or trade personal data. Data may be shared with the following categories of recipients, strictly to the extent necessary:

  • Hosting and infrastructure providers — companies providing server, cloud storage, and technical support services.
  • Payment processors — third-party services handling online donation transactions (e.g. Stripe, PayPal or equivalent). These processors operate under their own privacy policies and are subject to PCI-DSS standards.
  • Email service providers — platforms used to send transactional and newsletter communications.
  • Analytics providers — services measuring Website traffic (see § 09 and § 10).
  • Public authorities — where disclosure is required by applicable law or a binding decision of a competent authority.

Where any of the above recipients are located outside the European Economic Area, data transfers are protected by one of the mechanisms under Chapter V GDPR — Standard Contractual Clauses adopted by the European Commission, an adequacy decision, or equivalent safeguards. You may request details of the specific safeguards in place by contacting us at office@world3zero.org.

§ 08

Your Rights

Under Articles 15–22 GDPR, you have the following rights in relation to your personal data:

Right
What it means in practice
Access (Art. 15)
Obtain confirmation of whether we process your data and receive a copy of it.
Rectification (Art. 16)
Have inaccurate or incomplete data corrected without undue delay.
Erasure (Art. 17)
Request deletion of your data where it is no longer necessary or where you withdraw consent — subject to legal retention obligations.
Restriction (Art. 18)
Restrict processing while a dispute about accuracy or lawfulness is pending.
Portability (Art. 20)
Receive data you provided to us in a structured, machine-readable format, where processing is based on consent or contract.
Objection (Art. 21)
Object to processing based on legitimate interests, including direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds.
Withdraw consent (Art. 7)
Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at office@world3zero.org. We will respond within one month of receiving your request, as required by Article 12(3) GDPR. Where requests are complex or numerous, this period may be extended by a further two months — we will notify you if this applies.

You also have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland. https://uodo.gov.pl

§ 09

Cookie Policy

This section fulfils the information obligation under Article 13 GDPR and Article 5(3) of Directive 2002/58/EC (as amended by Directive 2009/136/EC) in relation to cookies and similar tracking technologies.

What cookies are. Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your browser on subsequent visits and store limited information about your preferences or session.

Categories of cookies we use.

CategoryPurposeLegal basisRetention
Strictly necessaryEnable core Website functions: session management, security, load balancing. The Website cannot function properly without these.Legitimate interest (Art. 6(1)(f)); no consent required under Directive 2009/136/ECSession or up to 12 months
FunctionalRemember your preferences (e.g. language, cookie consent choice) to improve your experience on return visits.Consent (Art. 6(1)(a))Up to 12 months
AnalyticsMeasure and analyse how visitors use the Website (pages visited, session duration, traffic source). Data is aggregated and anonymised where possible.Consent (Art. 6(1)(a))Up to 26 months
MarketingTrack visits across websites to deliver relevant advertising. Currently not used by the Foundation.Not applicableNot applicable

Managing cookies. You may withdraw consent or adjust cookie preferences at any time via the cookie settings panel on our Website. You may also configure your browser to block or delete cookies. Instructions for common browsers:

Blocking strictly necessary cookies may impair the functionality of the Website. Blocking analytics cookies does not affect your ability to use the Website.

§ 10

Third-Party Services

The Website may use the following third-party services, each of which operates under its own privacy policy:

  • Google Analytics — website traffic analysis. Data may be transferred to the United States under Standard Contractual Clauses. You may opt out via Google Analytics Opt-out Browser Add-on. Google Privacy Policy: policies.google.com/privacy.
  • Google Fonts — typeface delivery. When fonts are loaded, your IP address is transmitted to Google servers. We use this service under Art. 6(1)(f) GDPR. Where technically feasible, fonts are served locally to minimise data transfer.
  • YouTube / Vimeo — embedded video content (if applicable). Embedding activates third-party cookies. Videos are embedded in privacy-enhanced mode where available.

We review third-party integrations periodically and update this section when services change. If you have questions about a specific integration, contact office@world3zero.org.

§ 11

Children’s Privacy

The Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, contact us at office@world3zero.org and we will delete the data promptly.

§ 12

Amendments

We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or regulatory guidance. The current version is always available at https://world3zero.org with the effective date clearly indicated.

Where changes materially affect your rights or how we process your data, we will notify subscribers by email at least 14 days before the changes take effect.

§ 13

Contact & Complaints

For any questions about this Policy or to exercise your rights under § 08, contact us at:

World 3.0 Foundation 26 Bolesława Chrobrego Street, 81-783 Sopot, Poland
Email: office@world3zero.org
Website: https://world3zero.org

If you are not satisfied with our response, you have the right to lodge a complaint with the Polish supervisory authority:

President of the Personal Data Protection Office ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
https://uodo.gov.pl

EU residents may also use the Online Dispute Resolution platform operated by the European Commission: https://ec.europa.eu/consumers/odr.