1. BASIC PRINCIPLES

1.1 Main Principle

The National Foundation for Environmental Protection and Biodiversity collects only the essential minimum data needed to operate the www.ecomiasto.uk portal and provide information services in the field of sustainable urban development and urban ecology.

1.2 Legal Basis

• Art. 6 para. 1 lit. a GDPR (consent) – newsletter, comments
• Art. 6 para. 1 lit. f GDPR (legitimate interest) – contact, events, analytics
• Art. 6 para. 1 lit. b GDPR (contract performance) – orders, invoices

1.3 What We DON’T Collect

The portal categorically does not collect:

• Last names (only first names in forms)
• Private home addresses
• Private phone numbers
• Sensitive data (political views, religious, health)
• Photos from events without consent
• Detailed payment data (handled by payment operator)

2. WHAT WE COLLECT AND WHY

2.1 Contact Form

We collect:

• Email address (to respond)
• Message content (to know what you’re asking about)

Optional:

• First name (to know how to address you)
• Company/organization name (to tailor response)
• Industry/field of activity (to better match content)

Storage: 2 years, then automatically deleted

2.2 Newsletter

We collect:

• Email address (to send newsletter)

Optional:

• First name (to personalize message)
• Area of interest (to match content about sustainable urban development)

Storage: Until unsubscription

2.3 Events (webinars, urban conferences)

We collect:

• Email address (to send link/notifications)
• Number of people (to prepare event)

Optional:

• First name (for better contact)
• Company/organization name (for participation certificates)
• Position (to tailor content)

Storage: 1 year after event

2.4 Website Comments

We collect:

• Email address (for reply notifications)
• First name or pseudonym (to display with comment)
• Comment content

Storage: 3 years or until comment deletion

2.5 Website Analytics

We collect automatically:

• IP address (anonymized)
• Browser type and device
• Visited pages
• Visit duration

Storage: 14 months (according to Google Analytics settings)

3. SIMPLIFIED SECURITY

3.1 Technical

• HTTPS encryption on entire site
• Secure passwords for systems
• Automatic deletion of old data
• Secure backups
• WordPress system updates

3.2 Organizational

• Only 2-3 team members have data access
• Regular password changes
• No data sharing with external parties
• Data review every 6 months

4. YOUR RIGHTS

You have the right to:

• Check what data we have about you
• Correct incorrect data
• Delete your data
• Withdraw consent at any time
• Transfer data to another service

Contact: office@nfosib.org.pl

5. SIMPLE PROCEDURES

5.1 If you want to delete your data

Write us an email: „Please delete my data” – we’ll delete it within 7 days.

5.2 If you want to check your data

Write us an email: „Please provide information about my data” – we’ll respond within 14 days.

5.3 If you want to unsubscribe from newsletter

Click „Unsubscribe” link in any newsletter or write to us.

6. PRACTICAL EXAMPLES

6.1 Contact Form

• Email: [required]
• Message: [required]
• First name: [optional]
• Company/organization: [optional]
• Industry: [optional]
• ☑ I agree to data processing for response purposes

6.2 Newsletter Registration

• Email: [required]
• First name: [optional]
• Area of interest: [optional]
• ☑ I agree to receive EcoMiasto newsletter

6.3 Event Registration

• Email: [required]
• Number of people: [required]
• First name: [optional]
• Company/organization: [optional]
• Position: [optional]
• ☑ I agree to data processing for event organization

7. ALTERNATIVE CONTACT METHODS

7.1 Without Providing Data

• Comments under social media posts
• Participation in open events without registration
• Using website without logging in
• Reading articles without registration

7.2 Anonymous Feedback

• Surveys without personal data
• Suggestion box at events
• Anonymous feedback forms

8. WHAT WE DO IN CASE OF PROBLEMS

8.1 If someone breaks into our systems

• Immediately change passwords
• Check if data was stolen
• Inform everyone who might be affected
• Report to appropriate authorities

8.2 If we make a mistake

• Fix it immediately
• Inform affected individuals
• Implement procedures to prevent repetition

9. COOPERATION WITH OTHER ORGANIZATIONS

9.1 Rules

• We don’t share mailing lists
• We don’t sell data
• We cooperate without exchanging personal data
• We only share statistics (without personal data)

9.2 Examples of Safe Cooperation

• „We have 5000 newsletter subscribers” ✓
• „Here’s our subscriber list” ✗
• „We jointly organize webinar” ✓
• „We send your promotion to our list” ✗

10. MONITORING AND IMPROVEMENT

10.1 What we check monthly

• Whether we delete old data
• Whether systems are secure
• Whether we follow our rules

10.2 What we do every six months

• Review entire policy
• Check if we can collect even less data
• Update procedures

11. KEY RULES FOR TEAM

11.1 For all employees

• Don’t ask for unnecessary data
• Don’t share data with external parties
• Regularly delete old data
• Ask when in doubt

11.2 For data protection officer

• Monthly system check
• Respond to access/deletion requests
• Maintain security
• Update policy

12. TECHNICAL DETAILS (FOR ADMINISTRATOR)

12.1 Storage periods

• Contact form: 24 months
• Newsletter: until unsubscription
• Events: 12 months
• Comments: 36 months
• System logs: 30 days
• Analytics: 14 months

12.2 Automatic deletion

• Script runs every 30 days
• Data deletion after term expiration
• Backup before deletion (for 90 days)
• Log all operations

12.3 Security

• Database encryption
• Automatic backups
• Access only from authorized devices
• Two-factor authentication

13. DATA CONTACT

Person responsible for personal data:

 

We respond to:

• Questions about our practices
• Data access requests
• Data deletion requests
• Privacy complaints

14. IF THERE ARE QUESTIONS

14.1 Do I have to provide my data?

No. Most of our content is available without registration. We collect data only when you want to:

• Get an answer to a question
• Receive newsletter
• Register for an event
• Comment on an article

14.2 Do you sell data?

No. We never sell, rent, or share personal data.

14.3 Can I change my mind?

Yes. You can withdraw consent or request data deletion at any time.

14.4 Am I safe?

Yes. We use standard security measures and collect minimum data.

SUMMARY

Main principles of EcoMiasto portal:

• We collect only what’s really needed
• We store only as long as necessary
• We protect data from unauthorized access
• We don’t share data with anyone
• We respect your rights and choices

If you have questions, just write to us.