Skip to main content

Privacy Policy

Privacy policy for Congruence Foundation website and services

Last Updated:

The Congruence Foundation (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites congruence.ngo and congruence.pl, use our services, or interact with us.

Information We Collect

Information You Provide to Us

We collect information you provide directly to us, such as when you:

  • Make a donation
  • Contact us via email or contact forms
  • Register for events or programs
  • Apply for volunteer positions

This information may include:

  • Name and contact information (email address, phone number, mailing address)
  • Payment information (processed securely through third-party payment processors)
  • Communication preferences
  • Any other information you choose to provide

Information Collected Automatically

Our website hosting and security services may automatically collect certain technical information for security and performance purposes, including:

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Country of origin
  • Date and time of visit

Important: We do not use third-party tracking or analytics tools that identify individual users. We do not track your browsing behavior across our website or create user profiles.

Website Hosting and Security

We use third-party services to host, protect, and optimize our website. These services may process certain data as part of providing:

  • Security: Protection from malicious traffic and attacks
  • Performance: Content caching to improve website loading times
  • Analytics: Aggregated, anonymized website statistics (total visitors, page views by country) that cannot identify individual users

How We Use Your Information

We use the information we collect to:

  • Process donations and send tax receipts
  • Respond to your inquiries and provide support
  • Improve our website and services
  • Comply with legal obligations
  • Protect against fraudulent or illegal activity

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Contract: For processing donations and providing services
  • Legal obligations: For tax reporting and compliance
  • Legitimate interests: For website security and basic analytics

Cookies

Our website uses only essential cookies required for basic functionality and security. We do not use:

  • Marketing or advertising cookies
  • Third-party tracking cookies
  • Analytics cookies that identify individual users

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information with:

  • Hosting and security providers: For website operation and protection
  • Payment processors: For processing donations
  • Legal authorities: When required by law
  • Professional advisors: Lawyers and accountants bound by confidentiality

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

  • Donation records: 7 years (tax and financial reporting requirements)
  • Contact inquiries: 2 years or until resolved
  • Event registrations: 2 years after the event
  • Volunteer applications: 3 years after last activity
  • Grant applications: 5 years (reporting requirements)
  • Server logs: According to our hosting provider’s retention policies

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, please contact us.

Exceptions to Erasure Requests

We may need to retain certain data despite a deletion request when:

  • Legal obligations require retention (e.g., tax records)
  • The data is needed for legal claims
  • There is an overriding legitimate interest
  • The data is necessary for archiving in the public interest

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for all data transmission
  • DDoS protection and Web Application Firewall
  • Limited access to personal data
  • Regular security assessments

Children’s Privacy

Our website and services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will promptly delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than Poland through our service providers. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date.

Contact Us & Complaints

For questions about this Privacy Policy, to exercise your data protection rights, or to file a complaint about how we handle your personal data, please visit our Contact page.

If you are not satisfied with our response, you have the right to lodge a complaint with the Polish Data Protection Authority (UODO):

Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warszawa
Poland