Privacy policy

The controller of your personal data is the Tradition & Innovation Foundation (Fundacja Tradycji i Innowacji), with its registered office at Józefów 58A, 21-050 Piaski, entered into the Polish National Court Register (KRS) under number 0001049849 on 2023-07-28, NIP 7123459248, REGON 525955729.

The Foundation operates under the Polish Act on Foundations of 6 April 1984 (Journal of Laws of 2023, item 166 as amended) and its own statute. Representation: Krzysztof Paweł Czupryn — President of the Board, acting independently.

For matters relating to the processing of personal data, you may contact the controller in writing at the registered office address or electronically at: biuro@ftii.pl.

The Foundation is not required to appoint a Data Protection Officer within the meaning of art. 37 GDPR. Questions concerning data protection are addressed directly to the controller at the address provided above.

We process personal data for the following purposes:

1. Handling contact requests — responding to messages submitted via the form at /en/contact. Legal basis: art. 6(1)(f) GDPR (legitimate interest of the controller — providing a reply to an interested person).
2. Delivery of partnership — conducting correspondence, organising meetings and exchanging documents with Foundation partners. Legal basis: art. 6(1)(b) GDPR (necessity to take steps at the data subject's request prior to entering into a contract) or 6(1)(f) (legitimate interest).
3. Newsletter delivery — solely upon consent to receive the Foundation's communications. Legal basis: art. 6(1)(a) GDPR (consent of the data subject).
4. Application to the FTI Circle — handling applications under the strategic partner programme (Ritual of Seven Gates). Legal basis: art. 6(1)(f) GDPR.
5. Compliance with legal obligations — e.g. archiving of official correspondence, tax reconciliation. Legal basis: art. 6(1)(c) GDPR.

Where the legal basis is art. 6(1)(f) GDPR, the Foundation's legitimate interests are:

• responding to enquiries addressed to the Foundation,
• establishing and maintaining relations with programme partners and documenting those relations,
• ensuring the security of the Portal and its infrastructure — analysing technical logs, protection against abuse, mass-scale scraping and attacks,
• pursuing or defending potential legal claims,
• maintaining internal organisational documentation in accordance with the Foundation's statute.

In every case of processing on the basis of art. 6(1)(f) GDPR, the User has the right to object to the processing (art. 21 GDPR) — details in §8.

Depending on the form of contact we may process the following categories of data:

• first name and surname,
• name of the institution or organisation,
• e-mail address,
• telephone number (optional),
• the content of the message and any attachments,
• the session key generated in the Ritual of Seven Gates (technical identifier, contains no personal data),
• IP address and technical information relating to visits to the Portal (server logs).

We do not collect special-category data (art. 9 GDPR) or data relating to criminal convictions and offences.

The provision of personal data is voluntary, but necessary for the delivery of a specific purpose — e.g. replying to a contact request or entering into partnership.

Failure to provide the required data (primarily first name and e-mail address) will prevent the Foundation from replying to the message or processing the request. For the newsletter, provision of data is entirely voluntary and based on consent given, which may be withdrawn at any time — withdrawal does not affect the lawfulness of processing carried out before withdrawal (art. 7(3) GDPR).

The provision of data is not a statutory or contractual requirement, except in situations where the Foundation is required to obtain certain data under separate provisions (e.g. tax reconciliation, archiving of official correspondence).

• Contact requests: up to 24 months from the close of the correspondence.
• Newsletter: until withdrawal of consent (one-click unsubscribe at the foot of every message).
• Partner relations: for the duration of the partnership and additionally as required by law (reconciliation, archiving).
• Technical server logs: up to 90 days, solely for security purposes.

Data may be entrusted to the following categories of recipients solely to the extent necessary for the delivery of the processing purposes:

• the hosting and cloud infrastructure provider (based on a data processing agreement, art. 28 GDPR);
• the e-mail service provider operating the Foundation's mailboxes;
• entities providing legal, accounting or audit services — to the extent necessary;
• public authorities, where required by applicable law.

The Foundation does not sell data and does not share it with third parties for marketing purposes.

As a rule, data is processed within the European Economic Area (EEA). Where services of providers outside the EEA are used (e.g. US infrastructure providers), the transfer takes place solely to entities covered by an appropriate safeguarding mechanism within the meaning of Chapter V of the GDPR (standard contractual clauses, an adequacy decision of the European Commission).

In connection with the processing, you have the following rights:

• right of access (art. 15 GDPR),
• right to rectification (art. 16 GDPR),
• right to erasure (art. 17 GDPR),
• right to restriction of processing (art. 18 GDPR),
• right to data portability (art. 20 GDPR),
• right to object to processing (art. 21 GDPR), in particular where the basis is legitimate interest,
• right to withdraw consent at any time — this does not affect the lawfulness of processing carried out before the withdrawal of consent (art. 7(3) GDPR).

These rights may be exercised by contacting the controller at biuro@ftii.pl.

In addition to the above rights, you have the right to lodge a complaint with the supervisory authority — the President of the Polish Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa).

The Foundation does not take decisions about you that are based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect your situation (art. 22 GDPR).

The Portal does not use cookies for tracking or profiling. We use the browser's sessionStorage mechanism only to the extent necessary, which stores locally:

• the state of interactive manifesto elements (unsealed theses),
• the state of the Ritual of Seven Gates (your responses are never sent without your decision),
• whether the animated intro has already played in this session.

Data from sessionStorage is stored exclusively in your browser, is removed when the tab is closed, and is never transmitted to the Foundation's server.

We apply appropriate technical and organisational measures to ensure the security of personal data processing, including transmission encryption (HTTPS), restricted access to data, regular backups and internal security policies aligned with ISO/IEC 27001 and the Polish National Cybersecurity System.

This privacy policy may be updated — in particular in connection with changes in legislation or expansion of the Foundation's activities. The current version is always published at /en/privacy-policy. The date of the last update is shown in the document header.