Privacy policy of the Rakiety Oncological Foundation

Transparency is one of the most important principles for us, which is why we want to inform you about the purposes for which we collect your personal data, how we process it and what rights you have in this regard.

The technical and organizational solutions we have implemented ensure a high standard of personal data protection. This privacy policy explains our approach and practices to protecting your privacy. As part of our business, we undertake to comply with this policy, as well as the requirements of applicable law regarding the processing of personal data.

I. Basic principles of data processing

1. We process personal data of Donors, Beneficiaries, Volunteers and Users on the basis of the General Data Protection Regulation of April 27, 2016 ("GDPR") and the Personal Data Protection Act of May 10, 2018, in line with it.

2. The administrator of personal data is the Rakiety Oncological Foundation with its registered office in Warsaw, Aleja Rzeczypospolitej 2/U-2, 02-972 Warsaw, identified by the following numbers: NIP 5213628570, REGON 146040727, KRS 0000414091.

3. The Data Protection Inspector is Katarzyna Kąkol, who supports the Foundation as the administrator of personal data and works to process data in accordance with the provisions on their protection.

II. Collection of personal data

1. We collect personal data through the following forms: subscription to the newsletter, registration for volunteers, petition signature, contact and payment forms, and application for admission to the group of the Foundation's beneficiaries, available on the websites and

2. We also collect personal data based on data from bank transfers and data from the Ministry of Finance (in the case of taxpayers who provide us with 1% and share their personal data with our organization).

3. In the case of direct debits and declarations of transfer of employee contributions (payroll), we process data obtained on the basis of completed forms or data provided with the consent of donors by their employers.

III. Types of data processed

1. We process data such as: names, surnames, gender, e-mail, address (street, postal code, city, country), telephone number, bank account number and place of work (in the case of transferring an employee contribution), date of birth, PESEL , data of legal guardians (in relation to the Charges).

2. In the case of Clients, we also process information about their health condition and image, based on the consent given in the application form and the signed Agreement.

3. We analyze the openness and effectiveness of electronic and paper correspondence sent to Donors and other Recipients in order to best match subsequent shipments to their preferences.

IV. Purposes and principles of personal data processing

1. Personal data is processed by us in order to:

  • process Donors' financial donations made via the website, traditional bank transfers, employee contributions, direct debits, as well as 1% tax deductions;
  • handle donated goods and services;
  • thank donors for their support;
  • report activities to donors and newsletter recipients;
  • respond to messages sent via contact forms on the websites and;
  • cooperate with Volunteers;
  • implement the provisions of the Agreement signed with the Clients;
  • inform about the current needs of the beneficiaries and encourage them to join this assistance through material, service and activist support;
  • be able to keep a history of donations and assistance provided;
  • contact all Recipients in their preferred manner;
  • create correspondence tailored to the interests and preferences of recipients;
  • invite you to events we organize;
  • fulfill legal obligations, including accounting and tax obligations.

2. In the case of donors who have not consented to us sending them correspondence, we process their personal data for the period necessary for us to fulfill our obligations under generally applicable law, including the tax ordinance.

3. If the Donor, Beneficiary, Volunteer or other persons have consented to the processing of data, we will process their data until they withdraw such consent or until they object to the processing of their data by us.

4. Making donations on is possible thanks to cooperation with payment operators:

Przelewy24, PayPro Spółka Akcyjna based in Poznań at ul. Kanclerska 15, 60-327 Poznań, entered into the Register of Entrepreneurs under KRS number 0000347935, NIP number 7792369887, REGON number: 301345068


PayU Spółka Akcyjna based in Poznań at ul. Grunwaldzka 186, 60-166 Poznań, entered into the Register of Entrepreneurs under KRS number 0000274399, NIP number 779-23-08-495, REGON: 300523444.

Thanks to this, donors can donate to us in a quick, easy and safe way. In order to process donations through these operators, our Foundation transfers personal data to their websites. Personal data is used only for activities necessary for the electronic payment process.

5. Advertising agencies help us prepare printed correspondence. In the case of cooperation with these service providers, data is entrusted on the basis of a concluded contract and personal data is not used for purposes other than sending correspondence to recipients. The entrusted data includes: names, surnames, postal address, gender.

6. The company helps us prepare electronic correspondence FreshMail Sp. z o. o based in Krakow at al. 29 Listopada 155 c, 31-406 Kraków, identified by NIP numbers: 6751496393, REGON: 123040091.

FreshMail provides us with a professional tool for creating and sending newsletters, as well as analyzing message opening rates. It also allows for personalization and scheduling automatic periodic messages.

In the case of cooperation with this service provider, data is entrusted on the basis of a concluded contract, and the recipients' data are used only for our correspondence with recipients and analysis of whether the content is interesting for them. The data entrusted to FreshMail is: names, surnames, e-mail, telephone number.

V. Rights regarding personal data

1. The right to access data - everyone has the right to obtain information from us whether we are processing their personal data, to obtain access to them and information about the purposes of their processing, pursuant to Art. 15 GDPR.

2. The right to request rectification of data - everyone has the right to request us to immediately rectify their personal data if they are incorrect or incomplete, pursuant to Art. 16 GDPR.

3. The right to delete data ("right to be forgotten") - everyone has the right to request us to immediately delete their personal data, and we are obliged to delete it without undue delay, unless the law requires us to further process it, pursuant to Art. . 17 GDPR.

4. The right to limit data processing - everyone has the right to request that we not process their data in any other way than storing them for the duration of our consideration of another request regarding personal data, pursuant to Art. 18 GDPR.

5. The right to transfer and inspect data - everyone has the right to receive from us all personal data processed by us in a structured, commonly used format, as well as the right to transfer it to another administrator, pursuant to Art. 20 GDPR.

6. The right to object - everyone has the right to object to our processing of their data, pursuant to Art. 21 GDPR.

7. The right to withdraw consent - everyone has the right to withdraw the consent based on which we process their data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, pursuant to Art. 7 section 3 GDPR.

VI. Contact regarding personal data protection

1. In order to exercise the above rights, provide us with any reservations or to obtain additional information on data processing, please contact us at [email protected], by calling 22 299 29 28 or by sending correspondence to the following address: Fundacja Onkologiczna Rakiety, aleja Rzeczypospolitej 2/U2, 02-972 Warszawa.

2. Objections may be reported to our Data Protection Inspector at: [email protected]

3. At the same time, we would like to inform you that everyone has the right to lodge a complaint with the supervisory authority responsible for the protection of personal data, i.e. the President of the Personal Data Protection Office, pursuant to Art. 77 GDPR.