Privacy policy

Privacy and cookie policy on  Candela Foundation websites

The Candela Foundation (NIP/VAT-EU: PL1133028363) is deeply committed to respecting privacy of visitors of websites in the * domain. The Candela Foundation  uses cookies in order to provide the highest quality of services[1]. By using our website you agree for cookies to be placed on your device. You may change your browser settings any time: uses the following cookies:

  • performance cookies – collecting information about the way the website is used by the visitors;
  • functional (recording user settings, e.g. language, granted consents etc.), such as:
  • cookies – used for statistical purposes for;
  • cookies – used to verify “clicks” 
    and automatic tagging of URLs;
  • – used to verify the time, date and location where the text was displayed and how many times you visited the website

More about cookies from Google can be found at:

Cookies other than those mentioned above may be used by any external websites to which links. shall not be liable for privacy policies on other websites. Please read the privacy policy of other websites after being redirected to them.

Changing cookie settings may affect some functionalities available at

Data collection stores http queries sent to our server. The resources are identified by their URL addresses. The www server log files contain the following information:

  • public IP of the computer from which the query originated,
  • name of the client workstation,
  • the number of bites sent by the server,
  • URL address of the previous website visited by the user,
  • information about the user’s browser,
  • information on errors in http transaction execution,

The information does not contain data identifying the users, but in combination with other information may constitute personal data, and thus the administrator covers them by full protection of the personal data protection regulations.

Use of data

The collected logs are stored for indefinite period of time to assist in website administration. The information they contain is not disclosed to anyone except persons authorized as administrators of the website. Log files may be used to generated statistics useful in administration.

Information relating to personal data processing

Data Controller

The Candela Foundation, ul. Grochowska 357/513, 03-822 Warszawa, is the Controller of your processed personal data.

You can contact the Controller:

  • via mail: Candela Foundation, ul. Grochowska 357/513, 03-822 Warszawa,
  • by email:
  • by phone: +48 531 968 850

Purposes of and basis for processing

We will process your personal data to:

  • contact you by e-mail or phone, if you initiate such communication – Article 6(1)(c) of the GDPR[2](processing is necessary to comply with a legal obligation imposed on the Controller[3]);
  • improve the quality of services; the Controller processes website use statistics – Article 6(1)(f) of the GDPR (Controller’s legitimate interest consisting in facilitating the use of the website, improving the quality and functionality of the services provided);
  • send newsletter – Article 6(1)(a) of the GDPR (based on data subject’s consent);

You may withdraw your consents for personal data processing at any time by sending an e-mail to the following address:

Please also be reminded that withdrawal of your consent shall not affect 
the lawfulness of processing based on your consent before its withdrawal.

We may also process your personal data to perform tasks in public interest (Article 6(1)(e) of the GDPR) and in justified cases we will process your personal data for the purposes resulting from legitimate interest pursued by the Data Controller (Article 6(1)(f) of the GDPR).

Personal data recipients

Access to your personal data shall also be granted to authorized employees, associates from the Candela Foundation who must process your data in connection with the executed task.

Entities that the Controller commissioned to perform certain activities entailing the necessity to process personal data may also be data recipients. In order to ensure appropriate protection of personal data, we signed data processing agreements with such recipients.

Personal data retention period

We will process your personal data until the purpose of its collection is achieved and then in justified cases for the period set forth in the National Archive Resource and Archives Act of 14 July 1983 (Polish Journal of Laws of 2018, item 217 as amended) and the provisions of the Telecommunications Law Act.

Rights connected with data processing

We guarantee you the ability to exercise all your rights according to the principles specified by the GDPR, i.e. the right to:

  • access the data and receive a copy;
  • rectify (correct) your personal data;
  • restrict personal data processing;
  • erase personal data (subject to Article 17(3) of the GDPR);
  • lodge a complaint with the President of the Personal Data Protection Office if you believe that the personal data processing violates the personal data protection laws.

Obligation to provide data and consequences of failure to provide data

Providing the data processed in connection with fulfilment of a legal obligation is compulsory; if the data are processed based on consent for processing personal data, providing them is voluntary. Failure to provide data may prevent the possibility to achieve the aforementioned objectives.

The Privacy Policy can be amended or updated in accordance to current needs of the Data Controller to ensure current and reliable information for users concerning their personal data and information about it. Any changes to the privacy policy shall be introduced on this page.


[2]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 4 May 2016, p. 1 as amended).

[3]The legal obligation results in particular from:

  • the Higher Education and Science Act of 20 July 2018;
  • the Telecommunications Law Act of 16 July 2016;
  • the Act on Informatization of Operations of Entities Performing Public Tasks of 17 February 2005.