Privacy Policy - Helping Hand - Mental Health Programme

Privacy Policy

This Privacy Policy is a related document to the Terms and Conditions of the Helping Hand Platform (the “Terms and Conditions”). Capitalized terms used in the Policy have the meaning given to them in the Regulations.

This policy is for informational purposes and fulfills the information obligations imposed on the data controller by law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (the “General Data Protection Regulation”) (“RODO”). Terms used in the Policy relating to the processing of personal data not separately defined have the meaning given to them in the RODO.

  1. PERSONAL DATA CONTROLLER
    1. The administrator of your personal data collected as part of your use of the Helping Hand Platform is HH24 Spółka z ograniczoną odpowiedzialnością, based in Warsaw (04-361), ul. Tadeusza Czackiego 15/17, with KRS number: 0000812056, NIP: 5213881441, with share capital of PLN 108,676.00 (“HH24”).
    2. Contact with the Administrator of personal data is possible via email to the email address hello@hh24.pl.
    3. The controller has also appointed a Data Protection Officer, whom you can contact by writing to: iod@hh24.pl
  1. DATA PROCESSING – SCOPE, PURPOSE, BASIS, PERIOD
    1. The purpose and scope of the personal data processed is determined by the scope of the consents you have given and the data you provided when creating an Account on the Platform.
    2. The processing of your personal data by HH24 as a controller concerns:
      1. In terms of ordinary data: nickname, ID, email address, phone number;
      2. In terms of special categories of data: data about your addictions and health status.
    3. Your personal data, other than those specified in paragraph. 2.2.2. above, are processed for the following purposes on the indicated grounds:
      1. in order to implement obligations under the law, including accounting and tax regulations – on the basis of Art. 6 paragraph. 1(c) RODO – to fulfill a legal obligation incumbent on the controller;
      2. in order to perform the Services provided electronically through the Platform, including undertaking contact, pursuant to Art. 6 paragraph. 1(b) RODO – to perform a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract;
      3. in order to undertake promotional and commercial activities conducted by HH24, pursuant to Art. 6 paragraph. 1(a) of the DPA – your voluntary consent, or on the basis of Art. 6 paragraph. 1(f) RODO – the legitimate interest of HH24 to inform about the services provided;
      4. For the purpose of defending against claims, based on Art. 6 paragraph. 1(f) RODO – the legitimate interest of HH24.
    4. Your personal data specified in paragraph. 2.2.2. above, are processed for the following purposes on the indicated grounds:
      1. In order to perform the Services provided through the Platform, pursuant to Art. 9 paragraph. 2(a) RODO – your voluntary consent
      2. For the purpose of defending against claims, based on Art. 9 paragraph. 2(f) RODO
    5. Provision of personal data is voluntary, however, failure to provide data indicated as mandatory will prevent HH24 from performing the Services and your use of certain Platform functionalities.
    6. Your personal data will be processed for a period of time:
      1. for the purpose of exercising rights and obligations arising from the provision of the Services – until the expiration of claims thereunder;
      2. for accounting purposes – until the date of approval of the financial statements for the fiscal year, but no less than the date of settlement of persons entrusted with retail assets;
      3. for tax purposes – no longer than for a period of 5 years from the end of the calendar year in which the tax liability arose;
      4. appropriate for HH24 to demonstrate proper performance of its obligations, with such time corresponding to the length of the statute of limitations for claims, unless HH24 is required to keep records containing personal data for a longer period of time under generally applicable law.
      5. in the case of marketing activities, until you object to further processing of your personal data for marketing purposes or revoke your consent to sending messages with marketing content.
    7. After the indicated in paragraph 2.6. periods personal data will be deleted, unless the processing is justified on other legal grounds.
    8. HH24 does not transfer your personal data to third countries (i.e. outside the European Economic Area – “EEA”). If you intend to transfer personal data outside the EEA, HH24 will inform you of this, as well as ensure that the recipient ensures the security and integrity of the personal data, enter into contracts with the recipient based on approved standard contractual clauses, and verify that the recipient country ensures respect for the rights and freedoms of data subjects.
  1. PROFESSIONALS
    1. Please note that your personal data entered into the Platform will be processed by Professionals who provide Professional Services to you.
    2. Each Professional that processes your personal data on the Platform is a data controller separate from HH24, and HH24 is merely a processor that has entered into the legally required entrustment agreement with the Professional for the processing of personal data.
    3. The scope of the categories of your personal data that are processed by a given Professional may be variable – as we cannot predict what data you will provide to a Professional in the course of the Professional’s provision of Professional Services to you. However, if you do not use the Platform anonymously, and the Professional is required to keep records as part of the Professional’s ongoing Services, it is possible that the Professional will process your personal data at least to the following extent: name, surname, date of birth, gender, place of residence, PESEL number, type and number of identity document, health status.
    4. Each of the Professionals processes your data:
      1. in order to perform the contract connecting you, the subject of which is Professional Services, pursuant to Art. 6 paragraph. 1(b) RODO (the legal basis for processing is the performance of a contract to which the data subject is a party or taking action at the request of the data subject prior to entering into a contract);
      2. in order to fulfill its obligations under the law, based on Art. 6 paragraph. 1(c) of the DPA (the legal basis for processing is to fulfill a legal obligation incumbent on the controller);
      3. in order to take action, at times when, according to professional ethics, he is obliged to notify the relevant services, i.e. based on art. 6 paragraph. 1 lit. (d) and Art. 9 paragraph. 2 lit. (c) RODO (the legal basis for processing is the protection of the vital interests of the data subject);
      4. for the purpose of providing the Professional Services to you, after you have consented to the processing of special categories of data in the field of health, i.e. based on art. 9 paragraph. 2(a) RODO (the legal basis for processing is the consent you have given);
    5. Remember that the consent referred to in paragraph. 3.4.4. above is voluntary, however, failure to do so in some cases will prevent the Professional Services from being provided to you.
    6. Remember that each Professional must fulfill the information obligation to you by means of the relevant functionalities of the Platform or by other means chosen by him/her. You will then find out exactly how the Professional processes personal data, including how it secures personal data, as well as the scope of the data it processes.
  1. RECIPIENTS OF PERSONAL DATA
    1. HH24 may entrust the processing of your personal data to third parties in order to perform the activities indicated in the Terms and Conditions, in particular to ensure the operation of the Platform, as well as to carry out its rights or obligations related to the processing. Then the recipients of your personal data may be: a web host, an email provider, a company that technically supports HH24, an accounting office, a law firm. In this case, HH24 will enter into an appropriate data processing entrustment agreement with the third party so as to protect your interests and rights regarding your personal data to the fullest extent possible.
    2. Personal data collected by HH24 may also be made available to the relevant state authorities at their request under the relevant provisions of law, or to other persons and entities – in cases provided for by law.
    3. Each entity to which HH24 entrusts your personal data for processing, based on a personal data processing entrustment agreement (hereinafter “Entrustment Agreement”) guarantees an appropriate level in terms of security and confidentiality of personal data processing. The entity processing your personal data based on the Entrustment Agreement may process your personal data through another entity only with the prior consent of HH24.
    4. Sharing of your personal information with unauthorized parties according to this Privacy Policy, can only be done with your prior consent.
  1. RIGHTS OF THE DATA SUBJECT
    1. In connection with the processing of your personal data, you have the right to: (a) delete personal data collected about you both from the system owned by HH24 and from the databases of entities with which HH24 cooperates or has cooperated, (b) restriction of data processing, (c) portability of personal data collected by HH24 about you, including to receive it in a structured form, (d) request from HH24 access to and rectification of your personal data, (e) to object to the processing, (f) revoke consent to the processing of personal data at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its revocation; (g) lodge a complaint against HH24 with a supervisory authority (the President of the Office for the Protection of Personal Data) if you consider that the processing of your personal data violates the provisions of the RODO.
  1. COOKIES AND OTHER DATA
    1. The Platform may store http requests, and therefore some information may be stored in the server log files, including cookies and the rules of their use by HH24, as well as the IP address of the device from which the request came, the name of the User’s station – identification carried out by the http protocol, if possible, the date and system time of registration on the Platform of the arrival of the request, the number of bytes sent by the server, the URL of the page previously visited by you, if you entered through a link, information about the User’s browser, information about errors that occurred during the execution of the http transaction. Logs can be collected as material for the proper administration of the Platform. Only those authorized to administer the information system have access to the information. Log files may be analyzed to compile statistics on Platform traffic and errors that occur. A summary of such information does not identify the user, but it does identify the user’s activities.
    2. The Administrator’s websites (including the Platform) may use the following cookies:
      1. Session cookies – files placed and read from the User’s device by the Administrator’s websites during a single session of a given device. When the session ends, the files are deleted from the User’s terminal device.
      2. Persistent cookies – files posted and read from the User’s device until they are manually deleted. The files are not deleted automatically when the Device session ends, unless the configuration of the User’s device is set to automatically delete cookies when the Device session ends
      3. Internal cookies – files placed and read from the User’s device by the Administrator’s websites.
      4. External cookies – files placed and read from the User’s device by the ICT systems of external partners. The scripts of third-party partners that may place cookies on the User’s devices have been knowingly placed on the Administrator’s websites.
    3. Cookies are used by the Administrator for the following purposes:
      1. Maintain the Platform user’s session (after login).
      2. Facilitating access to the Platform (e.g., setting the language version).
      3. Keeping statistics (e.g. number of visits, sub-page views, type of User’s device).
      4. Marketing, remarketing in external services.
      5. Serving multimedia services.
    4. In the case of internal cookies, the files used by the Administrator are safe for the Users’ terminal devices and do not contain scripts, content or information that may compromise the security of personal data or the security of the devices used by the User.
    5. In the case of external cookies, the Administrator takes all possible measures to verify and select partners in the context of User security. The administrator selects well-known partners with global public trust for cooperation. However, it does not have full control over the content of cookies from external partners. The Administrator is not responsible for the security of cookies, their content and their license-compliant use by the scripts installed in the Platform and websites, coming from external services, as far as the law allows. The current list of partners can be found at this link.
    6. You can change your settings for storing, deleting, and accessing stored cookie data yourself at any time from your browser settings or the dedicated page found at this link.
    7. You can delete any cookies you have saved so far at any time using your browser settings.
    8. Restricting the storage of and access to cookies may cause some features of the Platform and the Administrator’s websites to malfunction. The Administrator shall not be held responsible for malfunctioning functions of the Platform and the Administrator’s websites in case the User restricts the ability to save and read cookies.
    9. We use the cux.io tool provided by CUX Research Sp. z o.o, ul Robotnicza 42A, 53-608 Wrocław entered in the KRS 0000792391. We carry out activities in this regard based on our legitimate interest in creating statistics and analyzing them in order to optimize our websites.cux.io registers users of our website and allows us to play a video recording of its movement on our website, as well as generate so-called “traffic”. heat maps. cux.io does not share any information with us that identifies you because your data is encrypted at the browser level and is not sent to cux.io’s servers.The information we have access to within cux.io is, in particular:
      1. information about the operating system and web browser you are using,
      2. time spent on our site and on its subpages, the subpages you view within our site,
      3. transitions between different sub-pages within our website,
      4. The source from which you go to our service,
      5. The places you click your mouse on our pages.

      In order to use the above data, we implemented the monitoring code cux.io in the source code of our website. It uses the cookies of the cux.io tool.

      If you would like to learn more about cux.io’s data processing policy, we encourage you to take a look at cux .io‘s privacy policy https://cux.io/legal/privacy-policy/

  1. SECURITY
    1. HH24 uses technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data protected, and in particular, technically and organizationally protects the data from being accessed by unauthorized persons, from being taken by an unauthorized person, from being processed in violation of the law (including RODO), and from being altered, lost, damaged or destroyed. The collection of collected personal data of Users is stored on a secured server and the data is also protected by our internal procedures on personal data processing and information security policy.
    2. We have also implemented appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to give processing the necessary safeguards to meet the requirements of the RODO and protect the rights of data subjects.
    3. At the same time, we would like to point out that the use of the Internet and electronically provided services may be at risk of malicious software (malware) getting into your ICT system and device, as well as unauthorized access to your data, including personal data, by third parties. In order to minimize these risks, you should use appropriate technical safeguards, for example, using up-to-date antivirus or Internet identification protection software. In order to obtain detailed and professional information regarding the preservation of Internet security, HH24 recommends seeking it from entities specializing in such IT services.
  1. FINAL PROVISIONS
    1. The Administrator reserves the right to change the Privacy Policy, of which you will be informed by a notice posted through the Platform, at least 14 (fourteen) days before the planned change takes effect.
    2. The Administrator is not responsible for links placed on the Platform that direct and enable Users to go directly to websites outside the Platform. Accordingly, the data subject should read the privacy provisions on the referenced websites.
    3. The services are aimed at people over the age of 18. In the event that, through a false statement made by the User as to his or her age, personal data is obtained, without the consent of a parent or legal guardian, from a person who does not meet the age criterion specified in the preceding sentence, HH24 undertakes to delete such personal data as soon as it becomes aware that personal data of a person under the age of 18 has been obtained without the consent of a parent or legal guardian.
    4. This Privacy Policy is effective as of 31.05.2021. (updated March 2023)