This policy applies to both the website and the mobile application of Glory Church.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
I. Identification of the Personal Data Controller
The controller of your personal data is Glory Church in Warsaw, ul. Skibicka 5, 02-269 Warsaw, entered into the Register of Churches and Other Religious Associations in Section A under item 157 on 10 October 2003.
Glory Church has also appointed a Data Protection Officer in connection with the processing of special categories of personal data revealing the religious beliefs of its members and former members.
Requests regarding the exercise of rights arising under the GDPR may be sent to: office@kosciolchwaly.pl. The Controller shall respond without undue delay, no later than within 1 month.
II. Purposes and Legal Basis for the Processing of Your Personal Data
Glory Church processes your personal data for the purposes of taking actions at your request aimed at establishing membership, or where such processing is necessary for the performance of that membership relationship pursuant to Article 9(2)(d) of the GDPR, and where it is necessary for the performance of other statutory tasks of the Church, provided that this concerns members, former members, or persons maintaining regular contact with the Church in connection with its activities, and appropriate safeguards for the protection of processed data are ensured.
Data revealing religious beliefs, religious activity, or affiliation with a religious community are processed on the basis of Article 9(2)(d) of the GDPR, i.e., within the framework of the legitimate activities of the Church with respect to its members, former members, or persons maintaining regular contact with the Church in connection with its purposes.
A specific provision of another law permits the processing of such data without the consent of the data subject and provides full guarantees for their protection. Furthermore, in certain situations it may be necessary to process your data (excluding special categories of data) due to the legitimate interests pursued by Glory Church (Article 6(1)(f) of the GDPR), in particular for the purposes of marketing the products and religious activities of Glory Church, monitoring and improving the quality of services provided. In other cases, your personal data will be processed solely on the basis of previously granted consent, within the scope and for the purpose specified in the consent.
III. Obligation to Provide Personal Data to Glory Church
Providing your personal data is a condition for obtaining membership status in the Church, results from obligations imposed by the above-mentioned legal provisions, or is necessary for the implementation of purposes arising from the Church’s statutory tasks. Failure to provide all required personal data will constitute an obstacle to entering into a membership relationship and exercising the rights of a Church member.
To the extent that personal data are collected on the basis of consent, providing such data is voluntary.
In the case of persons under 18 years of age, data may only be processed with the consent of a parent or legal guardian if required by applicable law.
IV. Information About Recipients of Personal Data
Your personal data may be disclosed to the following recipients or categories of recipients:
a.) where processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR;
b.) entities affiliated with Glory Church in Warsaw on the basis of consent.
V. Data Retention Period
Your personal data will be processed for the period necessary to fulfill the purposes indicated in Section II; in the case of membership, for the duration of the membership relationship, and thereafter for the period and to the extent required by law or necessary for the implementation of the legitimate interests of the data controller as described above, and in the event that you consent to processing after the termination or expiration of the agreement, until such consent is withdrawn, including:
user account data — until the account is deleted and for the limitation period of claims,
accounting/donation data — in accordance with tax regulations,
technical logs — for 12 months,
submissions and complaints — for the limitation period of claims.
VI. Automated Decision-Making
The Controller does not base decisions producing legal effects solely on automated decision-making or profiling (Article 22 GDPR).
VII. Rights of the Data Subject
Glory Church wishes to ensure that you are entitled to the following rights under the GDPR:
the right of access to data, including the right to obtain a copy,
the right to rectification where data are inaccurate or incomplete,
the right to erasure where data are no longer necessary for the purposes for which they were collected or otherwise processed — the so-called “right to be forgotten,”
the right to restriction of processing,
the right to object to processing resulting in the right to be forgotten,
the right to data portability,
the right to lodge a complaint with a supervisory authority,
the right to withdraw consent where processing is based on consent.
VIII. Right to Withdraw Consent for the Processing of Personal Data
To the extent that you have granted consent to the processing of personal data, you have the right to withdraw such consent. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
IX. Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
X. Transfer of Data to Entities Outside the European Economic Area or International Organizations
Glory Church does not disclose your personal data to entities established outside the European Economic Area or to international organizations.
XI. Use of the Mobile Application
In connection with the use of the Glory Church mobile application (“Application”), the Controller may process additional personal data of users.
The scope of data includes in particular:
user account data (e.g., name, email, phone number),
data entered by the user (e.g., prayer requests, testimonies, event registrations),
donation and pledge data,
technical data (IP address, device identifier, operating system, logs).
These data are processed for the purpose of:
enabling the use of the Application’s functionalities,
communicating with the user,
organizing events,
ensuring system security,
improving the operation of the Application.
Publication of a testimony or prayer request in the public part of the Application takes place solely following the conscious action of the user (consent to publication).
XII. Push Notifications
The Application may send push notifications concerning:
events,
announcements,
community content.
Push notifications and electronic communications are sent only after obtaining the appropriate user consent where required by law.
The user may disable notifications at any time.
XIII. Service Providers and Data Processing (IT)
In connection with the operation of the website and Application, the Controller uses services provided by third parties, such as:
hosting and IT infrastructure providers,
analytics system providers,
communication service providers,
payment operators.
These entities process data on the basis of data processing agreements and in accordance with the GDPR.
XIV. Analytical Tools and External Technologies
The Controller may use tools and technologies of third parties supporting the operation of the website and Application, particularly in the areas of:
statistical analysis,
error monitoring,
push notification services,
electronic payments,
system security and performance.
In connection with the use of these services, technical user data may be processed, such as:
IP address,
device identifier,
advertising identifiers,
information about the operating system and application version,
application activity data,
diagnostic data and information about application errors.
The Controller may in particular use the following services:
Google Analytics or Firebase Analytics — for statistical and analytical purposes,
Firebase Crashlytics — for diagnosing errors and improving application stability,
OneSignal or similar tools — for handling push notifications,
Stripe — for payment and donation processing.
These entities may process data outside the European Economic Area in accordance with their own privacy policies and using mechanisms compliant with the GDPR, in particular standard contractual clauses approved by the European Commission.
XV. Transfer of Data Outside the European Economic Area
In connection with the use of technological services (e.g., cloud services, analytical tools), data may be transferred outside the EEA.
In such cases, the Controller ensures appropriate safeguards, in particular:
standard contractual clauses approved by the European Commission,
cooperation with entities ensuring an adequate level of data protection.
XVI. Data Security
The Controller applies technical and organizational measures ensuring the protection of personal data, in particular:
security measures for IT systems,
access control to data,
encryption of data transmission.
XVII. Reporting Violations and Content (DSA)
The user may report content that:
violates the law,
infringes personal rights,
constitutes spam or abuse.
Reports may be submitted to: office@kosciolchwaly.pl
The Controller takes actions to verify reports and, where appropriate, remove content.
XVIII. Application and Payment Data
In the case of donations or purchasing access to digital products:
payment data are not stored by the Controller,
processing is carried out by external payment operators.
We and some chosen third parties use cookies and the like technologies for technical purposes and – on your consent – for other purposes defined in the Cookie Policy. Rejection may cause some functions to become unavailable.
To consent click Accept. To go on without accepting click Reject or close this tab.