GDPR clause regarding the processing of personal data of donors making payments via the PZHKA website
Pursuant to Art. 13 section 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Regulation on data protection), we inform you that:
DATA ADMINISTRATOR
The controller of personal data is the Polish Arabian Horse Breeders’ Association (hereinafter PAHBA) with its registered office: Wygoda 3, 21-505 Janów Podlaski, NIP (VAT number): 537-19-53-524.
DATA PROTECTION OFFICER
In matters related to the processing of personal data, you can contact the President of PAHBA at the following e-mail address: .
PURPOSE AND LEGAL BASIS
Your personal data such as name and e-mail address will be processed in order to handle the donation process, which takes place via stripe.com, an online payment aggregator.
Data processing takes place for the purpose of concluding and implementing the donation contract, including technical handling of your payments (Article 6(1)(b) of the GDPR). Personal data is also processed in order to fulfill the legal obligations of PAHBA resulting from, among others: from accounting regulations (Article 6(1)(c) of the GDPR).
Your personal data in the form of e-mail address and name will also be processed in order to send you a one-time thank you for your support. Data processing in this scope and purpose takes place on the basis of the legitimate interest of PAHBA, which is the management of relationships established with our donors (Article 6(1)(f) of the GDPR).
SELECTED DATA PROTECTION METHODS USED BY THE ADMINISTRATOR
As the Administrator of your personal data, we undertake to keep personal data confidential and properly secure it. For this purpose, we have introduced the following safeguards related to the protection of personal data:
- Places for logging in and entering personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login details entered on the website are encrypted on the user’s computer and can only be read on the target server.
- Personal data stored in the database are encrypted in such a way that only the Administrator with the key can read them. Thanks to this, the data is protected in case the database is stolen from the server.
- User passwords are stored in hashed form. The hash function works in one direction – it is impossible to reverse its operation, which is currently the modern standard for storing user passwords.
- The administrator periodically changes his or her administrative passwords.
- In order to minimize the risk of unauthorized access to data, the Administrator uses complex passwords containing lower and upper case letters, numbers and special characters, not shorter than 8 characters.
DATA RECIPIENTS
- hosting company on an entrusted basis,
- Payment aggregator Stripe,
- authorized employees who use the data to implement the donation agreement.
RETENTION
You provide the above. data is voluntary, but necessary to make a donation to us. Your personal data, i.e. e-mail and name, will be stored for the period resulting from accounting regulations, i.e. for a period of 5 years from the beginning of the year following the year of receipt of personal data.
RIGHTS AND OBLIGATIONS
You have the right to:
- access to your data and receiving a copy thereof,
- correct your personal data,
- restrictions on the processing of personal data,
- deletion of personal data,
- submit a complaint to the supervisory authority in connection with data processing.