Privacy Policy

Introduction

This privacy policy (this “Privacy Policy”) is provided to explain the  Tech To The Rescue Foundation’ practices with personal data (“TTTR,” “us” or “we”)  at our website https://www.techtotherescue.org (“Website”) and who we are, how we obtain information and what we do with that information in our business, marketing and contact relationship with you. If anything is not clear to you or if you have any concerns, please contact us.

The Website was created to implement the Tech To The Rescue initiative to unite technology companies to share their resources to support non-profit and non-governmental organizations (“Initiative“).

‍We are Tech To The Rescue Foundation with its registered office, at Hoża 86/410, 00-682 Warsaw, Poland, entered into the Register of Entrepreneurs and the Register of Associations and the Foundation of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0000937683, NIP number: 5272981322. TTTR is the Data Controller of your personal data within the meaning of the General Data Protections Regulations (“GDPR”).

You can contact us via the contact email address: [email protected].

We use your Personal Data only in accordance with the following principles and in compliance with applicable data protection laws, including the GDPR.

The official language of this Privacy Policy shall be in the English language except as required by local law. Any translations of this Privacy Policy shall be for reference purposes only. The terms of this Privacy Policy in the English language shall prevail over any terms of any translations hereof in the event any dispute arises regarding any conflicting terms.

Please read this policy carefully so that you understand your rights in relation to your Personal Data, and how we will collect, use and process your Personal Data.

If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website. 

This Privacy Policy is effective as of the effective date listed above and is subject to change as set forth below in “Changes to the TTTR Privacy Policy.”

INFORMATION WE COLLECT

The Website  servers collect standard internet log information during user visits to the Website. This information is used to assist with troubleshooting issues with the Site including performance and security related functions.

 In addition to server logs, the Website also uses the Google Analytics service to help us assess how users access and utilize the Website by collecting bits of information such as statistical usage and telemetry information including an anonymized version of your IP address. This information is used to create aggregate statistics about the operation and use of the Website, such as when the Website is accessed, the pages which refer visitors to the Website, and other information that helps us understand how the Website is used and how it might be improved in the future.

Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our Website. This information is used to compile reports and to help us improve our Website. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our Website – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout .

In general, when you visit the Website, we only incidentally collect information such as your IP address and/or information about your browser or computing device that enables us to provide you with access to the Website and appropriate content.

On the Website, it is necessary for you to provide additional Personal Data in order to join our Initiative, register in the database of entities operating within the Initiative, contact you in connection with the Initiative, receive notifications about news and updates about the Foundation’s activities and our partners via newsletter, or conduct other transactions via the Website.

HOW WE USE THE PERSONAL DATA WE COLLECT?

The legal basis for processing your personal data depends on the purpose of using your Personal Data:

• If you use our services and join the Initiative (you conclude an agreement with us) we process your Personal Data for the purpose of entering into and performing that agreement e.g. publishing your Personal Data in the database of companies supporting non-governmental
  organizations or in the database of non-profit and non-governmental organizations seeking support within the Initiative, contacting you within the Initiative, providing the requested information about the Initiative – the legal basis is to perform the contract (Article 6(1)(b) of the GDPR), as well as for the purpose of investigating any complaints or claims relating to the contract in question.
• if you contact us at our email address or contact us by phone – the legal basis will be our legitimate interest as a controller (arising from the purposes identified above; Article 6(1)(f) of the GDPR).
• if you consent to receive marketing information from us – the legal basis will be our legitimate interest in marketing its services (Article 6(1)(f) RODO) in connection with the User’s consent expressed in accordance with the Act on Providing Services by Electronic Means and the Telecommunications Law.
• if you download our e-book – the legal basis for the processing of your data is the contract for the provision of digital content, which you concluded with us by sending the download form Article 6 item 1 letter b of the GDPR) in connection with the User’s consent given by the Act on Provision of Electronic Services and the Telecommunications Law.  
• if your inquiry is aimed at entering into an agreement, or is in relation to an agreement already entered into other than for the provision of our electronic services – the legal basis will be “taking action at the request of the data subject prior to entering into a contract” or the necessity to perform the contract (Article 6(1)(b) of the GDPR).
• If you are to participate in activities related to programs or events implemented by us (i.e. hackathons, mentoring sessions, demo days, other):
  • If you sign up for activities/events notifications – the legal basis is to perform the contract for the provision of electronic services (Article 6(1)(b) of the GDPR). We collect and process the following personal data provided through the registration form: first name, last name, e-mail address, country, name of the company you represent, information if you are a part of the AWS Partner Network, the primary language of communication.
  • If you sign up to the activities/events as a participant:

• • • for purpose to enable you to participate – the legal basis will be the necessity of processing to perform the agreement ( shall constitute the legal grounds for processing (Article 6 (1)(b) of the GDPR). We collect and process the following personal data provided through the form: first name and surname, e-mail address, telephone number, company name;
    • for promoting the activities/events – the legal basis will be the Controller’s substantiated interest (Article 6 (1)(f) of the GDPR) in providing information about the activities, events, participants, teams and their members on our social media. We collect and process the following information: first name, company name;
    • to inform about the next editions of the activities/events within the programs driven by Tech to The Rescue –  the legal basis will be the Controller’s substantiated interest (Article 6 (1)(f) of the GDPR) for promoting the TTTR activities/events. We collect and process the following information: first name, surname, e-mail address, company name.
  • If you sign up to the activities/events as a mentor – the legal basis will be  the necessity of processing to perform the agreement shall constitute the legal grounds for processing (Article 6 (1)(b) of the GDPR). We collect and process the following personal data provided through the form: first name and surname, company name, job title, expertise, e-mail address, telephone number, images,  short biography and availability during hackathon days.
  • If you are acting on behalf of the non-profit organization and you submitted a challenge for Hackahton – the legal basis will be  the necessity of processing to perform the agreement shall constitute the legal grounds for processing (Article 6 (1)(b) of the GDPR). We collect and process the following personal data: nonprofit name and website, contact person (name, email, phone number).
  • During the events (carried out stationary or in electronic form), an image of the all attendees is captured, which is processed by the Controller on the basis of the Controller’s substantiated interest (Article 6 (1)(f) of the GDPR) for publishing coverage of the activities on the Controller’s social media and on the Controller’s website.
• If you interact with us via our social networking profiles, we process your Personal Data for the purpose of administering Controller’s profile in social networks by replying to messages, comments, and reactions as well as for statistical and advertising purposes by means of tools provided by those social networks – the legal basis for the processing of your personal data for this purpose will be our legitimate interest (Article 6(1)(f) of the GDPR) – which is business communication with the users of ours social networking services, marketing of the our services and products by providing information content about the Controller, our services and products as well as building the Controller’s brand.
• If you have not provided us with your data on your own behalf, i.e., for example, you are acting on behalf of another entity, we process your data in order to carry out the contact, in the context in which you are acting on behalf of the third party, as well as to conclude or perform a contract with the third party or to carry out a joint venture. The legal basis for the processing of your personal data for this purpose will be our legitimate interest (Article 6(1)(f) of the GDPR) – building and maintaining relations with the third party on whose behalf you act, including the conclusion and performance of relevant agreements with him.
• if you visit our Website will use the Personal Data we collect, including cookies technology, to improve the Website and to ensure the Website’s content is presented in the most effective manner for you and your device; administer the  Website, and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes, or to keep the Website safe and secure. Some cookies also allow us to market our products and services, both within our Website. The legal basis for the use of cookies and similar technologies is your consent, except where their use is necessary for the operation of our website, in which case we rely on a legal provision (Article 173(3)(2) of the Polish Telecommunications Act) and, respectively, our legitimate interests (Article 6(1)(f) of the GDPR).
• We may also process your personal data in order to:
  • defend against potential claims or to direct our own claims –
  • publishing information about projects implemented within the Initiative on the Website and in the Initiative’s and our social media.

Our legitimate interest will be the legal basis for processing your personal data for this purpose (Article 6(1)(f) of the GDPR).

The personal data you provide is not subject to automated decision-making or profiling.

IS IT MANDATORY TO PROVIDE DATA BY YOU?

Providing your personal data is voluntary, however it is necessary in order to respond to your inquiry, to conduct correspondence or to join the Initiative. 

If you want to conclude an agreement with us, providing your personal data is always voluntary but necessary to conclude and perform a contract with us. If you do not provide the required data, we will not be able to deliver the newsletter or ebook to you.

If you want to participate in activities/events, the provision of your personal data is always voluntary, but providing the date marks as “required” is necessary to enable you to participate. If you do not provide the required data, we will not be able to participate in the activities or events carried out by the TTTR.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will retain your Personal Data as follows:

• technical data (e.g., IP address, device information) incidentally collected when you visit the Site will be retained for 90 days;
• if you join as part of the Initiative, we will keep your data as part of the
  Initiative until its completion or ending or your withdrawal from the Initiative,
• contact details used to send information within the Initiative, we will keep them until
  the Initiative completed or ends or you withdraw from the Initiative of limitations for claims that may arise therefrom,
• your Personal Data processed on the basis of the agreement concluded with us – your data will be processed for the duration of the agreement until the statute of limitations for claims under the agreement,
• your Personal Data processed on the basis of our legitimate interest will be processed until you object or the purpose for which it was processed has been fulfilled,
• your Personal Data collected solely in connection with your current contact, if you don’t join the Initiative will be processed for a maximum of 2 years (more detailed inquiries and conversations that may be relevant to our contact in the future), depending on the category of the individual information,
• your personal Data processed on the basis of your consent until you withdraw your consent, if any, or until the purpose for which consent was given has been fulfilled,
• your Personal Data processed through social networks will be processed for the duration of the legitimate interest of the Controller, the social network data or your account in the social network.

At the end of the retention period we may store your information in an aggregated and anonymized format to help us understand historical behaviors and to enhance the Website.

Your Personal Data will be retained for longer if required by law or a court order and/or as needed to defend or pursue legal claims.

HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES

If you joined the Initiative your Personal Data will be shared to members of the Initiative for the purpose of providing the services you request.

We share your Personal Data with our Service Providers so that they can perform services on our behalf: entities that support us in providing services, based on appropriate agreements to entrust personal data for processing, such as email marketing platforms, providers of contact tools (instant messaging), providers of legal, consulting, marketing and accounting services, hosting providers, couriers, and our co-workers, and also social media operators Facebook, LinkedIn and Twitter.

We require our Service Providers to take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft and unauthorized use, access, or modification.

‍Our agreements with these entities require that they keep your Personal Data confidential and only use your Personal Data to the extent necessary to perform their functions and not for any other purpose. 

Except as provided herein, we will not sell any Personal Data that you provide through the Website without your prior  consent.

We will share your information with law enforcement agencies, public authorities, or other organizations if legally required to do so.

DO WE TRANSFER YOUR DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

TTTR associates entities and works with individuals from around the world. Your Personal Data may be shared to members of the Initiative (if you joined to the Initiative) or our’s co-workers, located in jurisdictions other than your residence jurisdiction, in particular the United States or Ukraine, for the purpose of providing the services you request.

For the aforementioned reason, the TTTR shall transfer personal data outside the EEA only when this is necessary and assuring a relevant level of protection, in particular by means of:

• cooperation with personal data processing entities in countries with respect to which a relevant decision of the European Commission was issued;
• the application of standard contractual clauses issued by the European Commission;
• the application of binding corporate rules approved by a competent supervision body.

The Foundation is also entitled to transfer data outside the EEA of entities that have joined the Initiative, as it is necessary to perform the agreement between the Foundation and this entity.

If you would like up-to-date information about entities outside the EEA that may receive your data and information about the legal basis for such a transfer, please write to us at: [email protected]. If the data transfer is based on standard contractual clauses, you may also receive a copy from us via the above-mentioned email.

In order to provide services, We use tools provided by entities that are located outside the European Economic Area (“EEA”), and some of the suppliers may transfer data outside the aforementioned territory:

• Google LLC with its registered office in California, USA – the provider of the following tools: Google Analytics, Google Workspace and Google Tag Manager.
  
  For more information about Google Analytics privacy practices, see their Privacy Policy.

Google has stated that it has implemented new standard contract clauses, which you can read about here, here and here.

• Airtable is Formagrid, Inc., with its registered office in San Francisco, USA – the provider of the tool for improving the collection and processing of data of organizations and companies. For more information on Airtable’s privacy practices, see their Privacy Policy. 
• The Rocket Science Group LLC, with its registered office in Atlanta, USA –provides a tool for sending e-mail messages (Mailchimp). For more information:Privacy Policy. 
• Formstack LLC, with its registered office at 11671 Lantern Rd, Suite 300 Fishers, IN 46038 USA – provides form and survey building tools and allows for collection of responses from users. For more information on Formstack’s privacy practices, see their Legal subpage. 
• Tilda Publishing is a Russian company that provides a tool for building and hosting websites (Tilda).  For more information on Formstack’s privacy practices, see their Privacy Policy.

In order to organize the Hackathons, we use tools provided by entities that are located outside the European Economic Area (“EEA”), and some of the suppliers may transfer data outside the aforementioned territory:

• Zoom Video Communications Inc., with its registered office in San Jose, USA – is the provider of the Zoom platform for real-time online communication. The company implemented standard contractual clauses.
  
• Discord Inc. with its registered office in San Francisco, USA – provider of the Discord platform for real-time online communication. The company implemented standard contractual clauses, and Privacy Policy. 

We will take reasonable steps to ensure that these Service Providers keep your
Personal Data confidential and only use your Personal Data to the extent necessary to perform their functions and not for any other purpose.

The social network operators who are recipients of your personal data work with partners and entities worldwide. For this reason, your personal data may be transferred outside the European Economic Area, including to the USA. The operators declare that they base such transfers on standard contractual clauses issued by the European Commission or decisions of the European Commission finding an adequate level of protection with regard to specific countries. You can find more information in the privacy policies of these operators:

• Facebook
• LinkedIn 
• Twitter 

COOKIES AND OTHER TRACKING TECHNOLOGIES

Tracking technologies, for simplicity referred to here as cookies, are designed to collect and store small pieces of information about your browsing activity and are generally used to enable a range of functionalities including session management, multimedia playback, and performance monitoring. When you visit the Website, cookies are set, by us or Service Providers, on your browser to log information about your preferences and Website viewing patterns. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/ . 

We use cookies for such purposes as:

• Providing you with relevant content;
• Enabling multimedia playback and social media integration;
• Providing session management and security features;
• Improving Site performance and content relevance

For more information about the types of cookies that we use on the Website and how to control them, please consult our Cookie Policy, which can be found at the following link and is part of this Privacy Policy.

LINKED SITES

For your convenience, hyperlinks may be posted on the Site that links to other websites (“Linked Sites”). We are not responsible for Linked Sites, and this Privacy Policy does not apply to the privacy practices of any Linked Sites or of any companies that we do not own or control. 

Linked Sites may collect information in addition to that which we collect on the
Site. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy policy of any Linked Site that you visit to understand how the information that is collected about you is used and protected.

CHILDREN

The Website is not intended for use by children under the age of 13, and we do not knowingly collect Personal Data from such children. If we become aware that we have unknowingly collected Personal Data from a child under the age of 13, we will make all reasonable efforts to delete such information from our Website, records, and database. If you become aware that we have unknowingly collected Personal Data from a child under the age of 13, please contact us immediately at [email protected].

TTTR will make reasonably good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties such as search engines and others that TTTR does not control may have republished or archived such content.

SECURITY

The security of your Personal Data is important to us. We use appropriate technical and organizational measures to safeguard your Personal Data against loss, theft, and unauthorized use, access or modification. We encrypt information submitted to and presented by the Website using Transport Layer Security (TLS) technology. 

By encrypting this data, TLS attempts to prevent anyone from reading it as it travels across the Internet. Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. 

Once we have received your information, we will take appropriate technical and organizational measures to safeguard your Personal Data against loss, theft and unauthorized use, access or modification.

YOUR RIGHTS

You have the right to access the Personal Data that we hold about you. To the extent permitted by applicable law, you also have the right to request the correction or
deletion of your Personal Data, to require us to stop processing the Personal Data except for storage purposes in certain circumstances and to obtain a copy of your
Personal Data in a commonly used, machine-readable format. 

You can exercise your rights by contacting us at [email protected]. 

We may refuse your request for correction or deletion of your Personal Data where its retention is necessary, for example, in the context of a legal dispute or as required by law. 

If you have provided your consent for us to process your personal data, you can withdraw your consent at any time by contacting us at [email protected]. The withdrawal of consent to the processing of personal data does not affect the lawfulness of the processing carried out before its withdrawal.

At any time you have the right to object to our processing of Personal Data for direct marketing purposes, including profiling, if the processing is based on the legitimate interest of the Controller. 

In addition, you have the right to object at any time to the processing of your Personal Data on grounds relating to your particular situation in cases where the legal basis for the processing is the legitimate interest of the Controller. If we conclude that there are compelling legitimate grounds for processing overriding your interests, rights and freedoms, or grounds for establishing, asserting or defending claims, we will continue to process your objected data. If you do not agree with this assessment of the situation, you can exercise your right to lodge a complaint with a supervisory authority.

With regard to the jointly controlled personal data processed in the context of social networks , you may exercise your rights against the operator of that social network in accordance with the rules laid down by those operators:

• Facebook
• LinkedIn 
• Twitter 

The main supervisory authority for joint processing with social networking sites is the Irish Data Protection Commission.

COMPLAINTS

In the event that you wish to make a complaint about how we process your Personal Data, please contact us in the first instance at [email protected] and we will endeavor to deal with your request as soon as possible. 

This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.

CO-ADMINISTRATION

The co-controllers of your data are also:

• Meta Platforms Ireland Limited,  4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (poprzednio Facebooka Ireland Limited).
• LinkedIn Ireland Unlimited Company, address: Legal Dept., Wilton Place, Dublin 2, Ireland,
• Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 941 03, USA;

in connection with the Controller’s use of social networking sites (Facebook, Twitter, and LinkedIn) and the posting of social plug-ins on the Service directed to the Controller’s profiles on these social networking sites.

Co-administration includes the aggregate analysis of data for the purpose of displaying statistics on the activity of users of the Controller’s social media profiles and advertising activities through the tools available on these social networks. The Controller shall only be liable to the extent of personal data that it processes for its own purposes. For the rest, the responsibility lies with the provider of the respective social network.

We are responsible to you for: i) having a legal basis for processing your Personal Data for the purposes established by us, ii) complying with the obligations to provide information, which is done in this Policy. The provider of the social networking service is responsible for i) having a legal basis for the processing of your Personal Data for the purposes specified by the provider, ii) ensuring that you are able to exercise your rights, iii) reporting violations to the supervisory authority and notifying you of such violations; iv) ensuring appropriate technical and organizational measures to ensure the security of your data.

You can find more information on the privacy policies of these operators:

• Facebook
• LinkedIn 
• Twitter 

CHANGES TO THIS TTTR PRIVACY POLICY

We will revise this Privacy Policy from time to time. If we do so, we will post the new policy on our Website and change the effective date, so we encourage you to review it frequently. Your continued use of the Website after changes in this Privacy Policy will mean that you accept such changes except as otherwise required by local law.

CONTACT US

If you have any questions, concerns, or complaints about our use of your Personal Data or would like to request access to, correction, or deletion of, your Personal Data, please address them to:

Tech To The Rescue Foundation with its registered office in Warsaw Hoża 86/410, 00-682 Warsaw, Poland

You may also reach out to our data privacy team via email at [email protected].