GDPR Information Clause

Last updated: 26.04.2026

1. Data Controller

The controller of your personal data is Stowarzyszenie Tęczowy Tarnów, with its registered office at Kręta 10, 33-100 Tarnów, Poland, registered in KRS under number 0001117461, NIP: 8733282659, REGON: 520547010.

2. Contact details

You can contact the Controller by email: kontakt@teczowytarnow.pl or by phone: +48 500 705 140.

No Data Protection Officer has been appointed.

3. Purpose and legal basis of processing

Your personal data may be processed for the following purposes:

• email or phone contact and handling direct inquiries - Article 6(1)(f) GDPR (legitimate interest of the Controller);
• processing online donations - Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(c) GDPR (legal obligations, especially accounting obligations);
• website analytics (e.g. GA4 and statistical cookies) - Article 6(1)(a) GDPR (consent given in the cookie banner).

The Controller does not process website users' data for its own direct marketing.

4. Data retention period

Data is stored only for the period necessary to fulfill the processing purpose, and then deleted, unless further storage is required by applicable law (e.g. accounting records).

5. Data recipients

Your data may be shared with entities supporting website operations, in particular:

• hosting and infrastructure provider (Cloudflare Pages);
• analytics provider (Google Analytics 4);
• embedded platform providers (Meta/Facebook, Instagram, TikTok), in accordance with their own policies;
• payment and accounting service providers handling online donations.

6. Your rights

You have the right to:

• access your data;
• rectify your data;
• erase your data;
• restrict processing;
• data portability;
• object to processing;
• withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

7. Right to lodge a complaint

You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe that your data processing violates GDPR.

8. Voluntary provision of data

Providing personal data is voluntary, but it may be necessary to use selected website functions (e.g. email/phone contact or handling an online donation).