Data Lake

Privacy Policy

Privacy Policy

Effective Date: 30.04.2024


Data Controller – DPO

The data controller for the processing of the personal data referred to herein is DATA LAKE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (hereinafter: “Data Lake”) with its registered seat in Poland at Kuzawa 2B (17-240 Kuzawa), entered into the Register of Entrepreneurs under the number KRS: 0000825343, NIP: 7162828483.


Data Lake has appointed a Data Protection Officer who can be contacted at the following address: IOD@data-lake.co or by sending a letter to the address for correspondence indicated above.


Preamble

This privacy policy, implemented by Data Lake, is intended to provide the Users with a summary and overview of the processing of personal data carried out when you visit our website and use the services we provide.

Data Lake assigns particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”).


Definitions:

Personal data: any information relating to an identified or identifiable natural person, that is, a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.

Processing of personal data: any operation or any set of operations relating to personal data, whatever the process used, and in particular the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasure, or destruction.

Cookie: A cookie is a piece of information that is placed on a User’s device when visiting a Website. It contains several pieces of data: the name of the server that installed it, an identifier in the form of a unique number and possibly an expiry date. This information is sometimes stored on the device in a text file, which the server can access in order to read and save bits of information. This Policy also applies to technologies similar to cookie.

User: the natural person whose data we process according to the principles described in this policy, in particular a person using the Website

Website: the websites run by the Data Lake, available at https://data-lake.cohttps://donateyourdata.io  and https://app.data-lake.co/


Data Collection Policy

Data Lake collects data from users in order to provide the best web experience on our websites (https://data-lake.co, https://donateyourdata.io and https://app.data-lake.co/), to provide services, and in order to improve our service and understanding of our visitors and customers.


Purposes

The personal data collected by Data Lake during the provision of the services is necessary for the performance of our website and services, or to allow Data Lake to pursue its legitimate interests while respecting the rights of the users. Certain data may also be processed based on the users’ consent.
Data Lake processes data for the following purposes:

  • conclusion and performance of a contract with the user (legal basis Article 6(b)(f) RODO); 

  • realization of a legitimate interest (legal basis Article 6(1)(f) RODO): 

  • conclusion and performance of contract with contractors; 

  • operating and improving our website and services; 

  • targeting commercial offerings; 

  • creating a database of entities potentially interested in cooperation;

  • providing security, detecting malicious behaviour (fraud, phishing, spam, etc.); 

  • responding to inquiries (including product and service offerings); 

  • for purposes for which you have given your consent (legal basis Article 6(1)(a) of the RODO and Article 9(2)(a) of the RODO); 

  • for the purpose of fulfilling legal obligations (legal basis Article 6(1)(c) RODO in connection with particular legal regulations, e.g. the Act of July 18, 2002 on the provision of electronic services).

Provision of personal data for the purpose of entering into or performing a contract is required by law and contract. Provision of personal data in other respects is voluntary. Failure to provide data may result in the inability to conclude a contract, use the website or individual services or functionalities. 

The mandatory or optional nature of the data collected is indicated at the time of collection. For example, in our cookie notice or in the form on the website. Optional cookies (hereafter referred to as ” optional cookies”) are disabled by default, unless you give us express permission to collect this data.

In addition, some necessary data is collected automatically as a result of your actions on the site (see paragraph on cookies).

Data Lake does not transfer data to international organisations.

Data Lake may transfer personal data to third countries, i.e. not belonging to the European Economic Area. In this case, the transfer shall take place insofar as necessary and with an adequate level of protection on the basis of: cooperation with processors of personal data in countries for which a relevant adequacy decision of the European Commission or standard contractual clauses issued by the European Commission have been issued.

Data Lake does not use data for profiling or automated decision-making.

Data Lake processes personal data of users who visit profiles maintained by Data Lake on social media and platforms. The data is processed for the purpose of informing users about Data Lake’s activities, promoting various services and products, which is a legitimate interest (legal basis of Article 6(1)(f) of the DPA).

Data Lake has no influence on the ways and purposes of data processing by the entities managing the various social media platforms. Before using social media platforms, the user should read the privacy policy of the respective platform.


Links to the privacy policies for each platform are indicated below:

VeraSafe Ireland Ltd.
https://policy.medium.com/medium-privacy-policy-f03bf92035c9

LinkedIn Ireland Unlimited
https://pl.linkedin.com/legal/privacy-policy?trk=d_org_guest_company_overview_footer-privacy-policy

Twitter International Unlimited Company

https://twitter.com/en/privacy#chapter7

Telegram UK Holdings Ltd
https://telegram.org/privacy


What personal data we collect and why we collect it

Contact Form

If you use the contact form on the site, we collect the data shown in the contact form (name, email address, phone number and content of the message), as well as your IP address and browser user agent string to help spam detection. We will not use this information for any other purpose than contacting you at your request – it will not be stored or used for marketing purposes.

Newsletter Signup Form

If you sign up for our newsletter using the form on our site, we collect the data shown in the form (name, email address), as well as your IP address and browser user agent string to help spam detection. We will not use this information for any other purpose than sending you the communication (i.e. newsletter) that you have specifically signed up for.

Services 

In order to use particular services, you may need to register and create an account. In this case, we collect data necessary for the conclusion of the contract and its performance, such as: name, surname, e-mail address, phone number, PESEL number. We also collect information about your use of our services.

Processing of data of persons potentially interested in cooperation

As part of our activities, we create a database of doctors, nurses and others potentially interested in cooperating in conducting clinical trials. Then we process identification data, address and contact data, information about specialization, information about affiliation. 

We obtain personal data directly from these individuals (in which case we process them on the basis of their consent) or we obtain them from publicly available sources (e.g. CEIDG) – we then act on the basis of our legitimate interest.

We may contact selected individuals to ask about the possibility of presenting a proposal for cooperation. 


Cookies

Necessary Cookies

Necessary cookies are essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. We also use essential cookies to store your choice in terms of consent or rejection of non-essential cookies (e.g. Marketing or Analytics Cookies). Our site uses the following necessary cookies:

Functional cookies – their storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service requested by a subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Additional Cookies

In addition to necessary cookies, we also use additional cookies (termed “unnecessary cookies”) for website analytics, performance and marketing purposes. These cookies are optional and disabled by default until you explicitly accept them. The cookies above are 1st Party cookies (set/created on our website), however the data they contain may be transferred to a 3rd party such as in the case of website analytics. Any transferral of data will be done in a GDPR-compliant way, and your data will not leave the European Union, nor be sold to any other party, nor shared with any other party that those described in this policy.


Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Links to the privacy and cookie policies of the 3rd-party embedded content services we use will appear in this section when put into effect on our site.


Analytics

When you use our website AND accept the use of non-essential cookies, our Analytics tool (Matomo) will by default track the following information:

  • User IP address

  • Optional User ID

  • Random unique visitor ID

  • Date and time of the request in UTC format

  • Title of the page being viewed (Page Title)

  • URL of the page being viewed (Page URL)

  • URL of the page that was viewed prior to the current page (Referrer URL)

  • Screen resolution being used

  • Time in local user’s timezone

  • Time of the first visit for this user

  • Time of the previous visit for this user

  • Number of visits for this user

  • Files that were clicked and downloaded (Download)

  • Links to an outside domain that were clicked (Outlink)

  • Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed)

  • Location of the user: country, region, city, approximate latitude and longitude (Geolocation)

  • Main Language of the browser being used (Accept-Language header)

  • User Agent of the browser being used (User-Agent header)

From the User-Agent and screen resolution, Matomo uses a Universal Device Detection library to detect the browser, operating system, device used (desktop, tablet, mobile, tv, cars, console, etc.), brand and model.


How long we retain your data

Data Lake retains data for no longer than necessary for the purposes for which it was collected.

In the case of personal data processed in connection with the conclusion and performance of a contract (concluded with you or with the entity you represent), personal data will be kept for the duration of the contract. Thereafter, personal data will be kept for the period required by law and the period necessary to establish and assert claims or defend against claims (no later than the expiration of the statute of limitations or the end of the proceedings).

If you use our contact form, your data and the content of your message will be kept for the time necessary to process the request, not longer than one  year, unless the content of the message is of a nature that legally requires us to keep it longer (e.g., for the purpose of investigating or defending against claims, we keep the data until the expiration of the statute of limitations or the end of the proceedings). The duration of cookie data retention has been outlined in the above sections explaining which cookies are in use on out site.

We will process data processed on the basis of consent for the time necessary to fulfill the purpose to which the consent relates, or until the consent is withdrawn. To the necessary extent, data may also be stored for the period necessary to establish and assert claims or defend against claims (no later than the expiration of the statute of limitations or the conclusion of the proceedings). 

We will process data processed on the basis of our legitimate interest for the time necessary to fulfill the purpose for which it was processed, or until you raise an objection. To the extent necessary, data may additionally be stored for the period necessary to establish and assert claims or defend against claims (no later than the expiration of the statute of limitations or termination of proceedings). 

We will process data processed for the purpose of fulfilling legal obligations for the time required by the relevant regulations.

The duration of data storage in cookies is specified in the sections above explaining which cookies are used on our site.

You may request that we delete your data at any time, and we will comply with your request in a timely manner (unless we are prevented from doing so by law) – see the “Users’ Rights” section of this policy for more details.


To whom we share data

Data Lake shares data with individuals and companies that provide services to Data Lake (e.g. IT support, hosting, analytics services, marketing services, legal advice).

Data may be shared with contractors if necessary to perform a contract with you.

The data may be forwarded to competent institutions (e.g. police authorities, courts) in the event of proceedings, based on the provisions of the law.


Users Rights 

In accordance with applicable rules, the users have the right to access and rectify their personal data, which enables them to rectify, complete, update, or delete data that is inaccurate, incomplete, ambiguous, or outdated, or whose collection, use, communication, or storage is prohibited.

The users also have the right to request the limitation of the processing, and to oppose on legitimate grounds the processing of their personal data.

Where applicable, the user may request the portability of their personal data.

Where the legal basis for processing is consent, withdraw your consent at any time, which will not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

Where the legal basis for processing is our legitimate interest, you may raise an objection to the processing of your data. 

The users may exercise their rights by sending an email to IOD@data-lake.co or a letter to:
Data Lake, Kuzawa 2B (17-240 Kuzawa), Poland

These requests shall be processed within a maximum period of 30 days.
The users may also at any time modify the data pertaining to them by contacting us at IOD@data-lake.co.

The users may access detailed information on the use of their personal data, in particular concerning the purposes of the processing, the legal bases enabling Data Lake to process the data, its storage period and its recipients, as well as the related compliance guarantees put in place for such transfers. To do so, the User can send their request by email to IOD@data-lake.co.
The user has the right to lodge a complaint to the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw/Poland).


Security

Data Lake has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorised third parties, distorted, or damaged.
These measures include but are not limited to the following:

  • Multi-level firewall.

  • Proven solutions for anti-virus protection and detection of intrusion attempts.

  • Encrypted data transmission using SSL/https technology.

  • Strong passwords that are stored in a secure manner (Salting & Hashing)

  • 2FA (two-factor authentication)

In addition, access to processing data on behalf of Data Lake by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed. It is our policy to also use 2FA whenever available from our partners.


Any questions about the security of the Data Lake website can be answered by emailing IOD@data-lake.co


Skip to content