Hive Mind Privacy Policy


1. Definitions.

Controller – TechSoup Foundation, Bracka 25, 00-028 Warsaw, Poland, entered into the Register of Associations, other Social and Professional Organisations, Foundations and Public Health Care Facilities kept by the District Court for the Capital City of Warsaw, Commercial Division under the KRS (National Court Register) number 000032733, NIP (Tax ID): 7010177399 and REGON (Business ID): 141792374.
 
Personal data – all information about a natural person identified or identifiable by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of a device, location data, online identifier and information collected through cookies and other similar technology.
 
Controller’s Partner(s) – organisations which, as part of cooperation with the Controller, organise Events and are responsible for building, within individual regions, the Hive Mind community.
 
Processing an operation or set of operations performed on personal data inside or outside the IT system, e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
 
Policy – this Privacy Policy.
 
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
 
Website – the Hive Mind website maintained by the Controller at https://hive-mind.community.
 
User – any natural person visiting the Website or using one or more functions of the Website described in the Policy.
 
Events – courses, trainings, online events organised as part of the Website in accordance with the Website Terms of Use.
 
Website Terms of Use – Terms of Use concerning the https://hive-mind.community website, specifying the terms and conditions of using the services provided via the website.
 
 
2. Controller contact details.
 
1)    The Controller’s contact details are as follows:
 
TechSoup Foundation,
ul. Bracka 25,
00-028 Warsaw
Poland
e-mail: privacy@techsoup.org
 
3. Data processing in connection with the use of the Website.
 
In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide particular services offered, as well as information on the User’s activity on the Website.
 
Detailed rules and purposes of processing personal data collected during the use of the Website are described below:
 
1)    Persons using the Website.
 
Personal data of all persons using the Website (including the IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
 
a)    to provide services by electronic means in accordance with the Website Terms of Use – then the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR).
b)    for technical and administrative purposes, in order to ensure the security of the IT system and its management, as well as for analytical and statistical purposes (e.g. by registering in the so-called server logs) – in this respect, the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of the Users' activity and their preferences in order to improve the functions used and content provided.
c)    to determine and pursue claims or defend against claims – then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) consisting in the protection of the Controller’s rights.
 
2)    Registered Website Users.
 
a)    The Website has functionalities available only for registered Users.
b)    Persons registering on the Website are asked to provide the data necessary to create and operate an account. Providing data marked as mandatory is required in order to create and operate an account, and failure to provide such data results in inability to create an account. When creating an account, the User provides their first name/last name/pseudonym and e-mail address. The User may also provide their phone number as optional data. Once the account is created, the registered User can modify their profile and, depending on their user status, add additional data about them.
c)    Users signing up for particular Events are requested to fill in the registration form and provide data necessary to participate in a given Event or, in specific cases, data necessary to participate in the recruitment for a given Event. The provision of data marked as mandatory is necessary to sign up for the Event or, as appropriate, to participate in the recruitment for this Event. The scope of data may vary depending on the type of Event in which the User intends to participate. The User can also provide optional data. In connection with participation in a given Event, the User may, in accordance with the Website Terms of Use, receive e-mail correspondence concerning that Event.
d)    Personal data of registered Users are processed in order to perform the contract in accordance with the approved Website Terms of Use – the legal basis is the necessity to conclude and perform the contract (Article 6(1)(b) of the GDPR).
e)    In the scope of optional data – personal data of registered Users are also processed on the basis of a consent given by the User (Article 6(1)(a) of the GDPR).
f)     Personal data of registered Website Users are also processed for the purpose of possible establishment, exercise or defence of claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting in the protection of its rights.
g)    Personal data of registered Website Users participating in specific Events may also be processed for documentation or reporting purposes, in particular if the Event is financed from the funds of a donor/sponsor. In such a case, the legal basis for the processing of data is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the necessity to account for the funds provided to it by the donor/sponsor.
h)    If the User places on the Website any Personal Data of other persons (including their first and last name, address, telephone number or e-mail address), they may do so only provided that the provisions of law and personal rights of such persons are not infringed.
 
4. Contact form.
 
1)    The Controller makes it possible to contact it using the electronic contact form available on the Website at: https://hive-mind.community/contact.
2)    Using the form requires providing personal data necessary to contact the User and respond to the request. The User can also provide other data in order to facilitate contact or handle a request. Providing data is voluntary, but failure to provide data such as first and last name and e-mail address results in inability to handle a request.
3)    Personal data are processed in order to identify the sender and answer a question included in the contact form – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), in particular communication with the Website Users concerning the functioning of the Website and organisation of particular Events.

5. Newsletter.
 
1)    The Controller makes it possible to subscribe to the newsletter concerning Hive Mind and the community created around it for the Users who provide their e-mail address for this purpose. Sending takes place according to the rules specified in the Website Terms of Use. Providing data is voluntary, but necessary in order to receive mailing. Failure to provide data is connected with the impossibility to send mailing.
2)    The legal basis for the processing of personal data for the purpose of sending the newsletter is a contract (Article 6(1)(b) of the GDPR). Personal data are also processed in order to defend against potential claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
3)    If marketing content is sent to the User as part of the newsletter sent – the legal basis for the processing of personal data is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), in connection with the consent to send commercial information.
 
6. Social Media.
 
1)    The Controller processes the personal data of the Users visiting the profiles maintained by the Controller in social media (Facebook, LinkedIn, YouTube, Spotify, Anchor.fm).
2)    Data processing takes place when the User, via social media, undertakes activity on one of the profiles, e.g. by liking the profile, observing the profile, sending messages via the profile or commenting on the posts published by the Controller.
3)    These data are processed only in connection with the profile, including in order to inform the Users about the Controller’s activity and to promote its activity within the scope of Hive Mind and the community created around it.
4)    The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in informing about its own activity and promoting it.
5)    Social networks have their own privacy policies, regulations and data processing rules that bind their users and which the Controller is also obliged to comply with. If you are a User of such a portal, the processing of your personal data is also subject to such rules and policies and you can exercise your rights under them. Detailed information on this subject can be found in the Privacy Policies on particular portals used by the User.
 
 7. Cookies and similar technologies.
 
1)    The Website uses cookies. Cookies are IT data, in particular text files, which are stored on the User’s end device to enable or facilitate the use of the Website.
2)    We do not use cookies to store information that directly identifies a specific person (such as first and last name). However, some information collected by cookies is treated as personal data within the meaning of GDPR.
3)    The Controller uses the following cookies: essential, functional and analytical.
4)    The Controller uses essential cookies primarily to enable the User to use the services and features of the Website. Essential cookies can only be installed by the Controller through the Website. The legal basis for processing of data in connection with the use of essential cookies is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR).
5)    Functional cookies are used to remember user preferences so that the Website can be customised for the User, also in terms of language preferences. Functional cookies can be installed by the Controller and its partners through the Website.
6)    Analytical cookies are used to determine the number of visits to the Website as well as where that traffic originates. They are used to understand how the User interacts with the Website as well as to generate statistics and reports about the Website performance. Information collected by these cookies is not intended to identify the User. Analytical cookies can be installed by the Controller and its partners through the Website.
7)    The legal basis for the processing of personal data in connection with the Controller’s use of functional and analytical cookies is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in the provision of highest-quality services on the Website.
 
8. Managing the cookie settings.
 
1)      In principle, cookies may not be used to collect data, including to obtain access to data stored on the User’s device, without the User’s consent. The cookie banner on the Website is used to obtain the User’s consent. This consent may be withdrawn at any time.
2)    The User’s consent is not required for essential cookies as they are necessary for the provision of telecommunications services within the Website (data transmission to display content).
3)    You can withdraw your consent to the use of cookies using a cookie banner or browser settings.
4)    To manage your cookie settings, select the web browser (operating system) from the list below and follow the instructions:
a)    Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookie
b)    Mozilla Firefox: https://support.mozilla.org/pl/kb/ciasteczka
c)     Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
d)    Opera: https://help.opera.com/Windows/12.10/pl/cookie.html
e)    Safari: https://support.apple.com/kb/PH5042?locale=en-GB
5)    Restrictions on the use of cookies may affect some of the functionalities available on the Website's pages.

9. Data recipients.
 
1)    The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the applicable law.
2)    Entities responsible for the operation of IT systems, including providers of hosting services and a system for creating and sending newsletters, have access to personal data processed as part of the Website.
3)    Personal data will also be made available to entities conducting particular Events, i.e. the Controller’s Partners listed here: https://hive-mind.community/terms_of_use, in order to enable them to conduct particular Events, including contacting the User in connection with their course. At each Event, the Controller places information on the organiser of a given event. The Controller’s Partners are separate personal data controllers.

10. User Rights.
 
1)    The User has the right to: access the content of the data and request their rectification, erasure, restriction of processing, the right to data portability and the right to object to data processing. 
2)    To the extent that the User's data are processed based on a consent, this consent may be withdrawn at any time by contacting the Controller. The withdrawal of consent does not affect the lawfulness of the processing of personal data before its withdrawal.
3)    The scope of the User's rights depends on the purpose and legal basis of personal data processing. Please, contact the Controller in order to exercise any of the rights specified above using email: privacy@techsoup.org
4)    At any time, the User has the right to lodge a complaint with the local supervisory authority, which in Poland is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
5)    We encourage you to contact us first by sending an e-mail to the following address: contact@hive-mind.communityor using the contact form available on the Website to solve any problems or doubts.


11. Period of storage of personal data.
 
The period of data processing by the Controller depends on the purpose of the processing. As a rule, data are processed until the consent is withdrawn or an effective objection is raised against data processing in cases where the legal basis for data processing is the legitimate interest of the Controller. If the User uses the contact form, their data will be processed no longer than necessary to provide an answer. Personal data of the registered User will be stored for the duration of the User's account, and after this period they may be stored for the period of limitation of possible claims to the necessary extent or in specific cases for documentation or reporting purposes, for the period during which the entity supporting the Event may request their presentation.
 
12. Transmission of data outside the European Economic Area.
 
1)    The Controller will transfer personal data to third countries, i.e. countries outside the European Economic Area.
2)    The User’s personal data are transferred to the Controller’s Partners who are responsible for organising the Events.
3)    Personal data is stored on servers located in the United States by TechSoup Global with its registered office at 435 Brannan Street, Suite 100, San Francisco, CA 94107, USA.
4)    The personal data of the newsletter subscribers are transferred to MailChimp (The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA) – the newsletter provider that stores data on servers in the United States.
5)    At each Event, the Controller places information on the organiser of a given event, i.e. the Controller’s Partner.
6)    The User's personal data may be transferred to third countries or entities for which an adequate level of data protection has been determined by the European Commission.
7)    In the absence of a decision of the European Commission stating an adequate level of protection specified in Article 45(3) of the GDPR, personal data of the User may be transferred to a third country only on the basis of standard data protection clauses adopted by the European Commission (Article 46 of the GDPR).
8)    In the absence of a decision of the European Commission stating an adequate level of protection referred to in Article 45(3) of the GDPR or failure to include standard data protection clauses adopted by the European Commission (Article 46 of the GDPR), we will request the User to express explicit consent for such transfer to a third country, informing the User of the prior risk related to such transfer pursuant to Article 49(1)(a) of the GDPR.
9)    In connection with the transfer of data outside the EEA, the User may request information about the safeguards applied in this respect, obtain a copy of these safeguards or information about the place where they are made available by contacting us at the address indicated in point 2.

13. Risk related to transferring data to third countries in the absence of a decision of the European Commission stating an adequate level of protection specified in Article 45(3) of the GDPR or lack of appropriate safeguards specified in Article 46 of the GDPR, including standard contractual clauses adopted by the European Commission.
 
1)    In connection with the User's participation in a specific Event, the User's personal data may be transferred to the Controller's Partner having its registered office in a third country, which does not ensure an adequate level of data protection resulting from generally applicable regulations in Poland, in particular from the provisions of the GDPR.
2)    In connection with the impossibility to conclude standard contractual clauses with the Controller’s Partner (data recipient), we would like to inform you that there is a risk of insufficient protection of the User’s personal data, in particular such data may be processed without observing the rules resulting from the GDPR. For example, this may mean that the legal systems of such third countries may, for example, not provide an independent supervisory authority competent to deal with data subjects' complaints, not provide the possibility to exercise the rights described in point 10, or not contain provisions limiting the interference of state authorities with the fundamental rights and freedoms of data subjects.
 In such a situation, the basis entitling us to transfer personal data of the User to the Controller’s Partner is the User’s explicit consent to such transfer.
 
14. Privacy Policy Amendment.
 
1)    The Policy is reviewed on an ongoing basis and updated as necessary.
2)    The Policy has been published in the Polish and English language versions. The Policy may also be published in the languages of the countries where the Controller’s Partners are established. In case of language differences, the English version prevails.
3)    Any changes to the Privacy Policy will be published on the Website and will enter into force when the amended Privacy Policy is posted on the website.
4)    The current version of the Policy has been adopted and has been in force since December 21, 2022.