Privacy Policy
Last updated: July 16, 2026
This Privacy Policy describes how the SIF Poland Association processes the personal data of visitors to the polsif.org website and users of the forms available on it. We have prepared this document based on Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Act of 12 July 2024 on Electronic Communications.
1. Who is the controller of your data
The data controller is:
SIF Poland Association (also using the abbreviated name "POLSIF" and the name "SIF Polska")
Nowy Świat 33/13, 00-029 Warsaw
National Court Register (KRS) number: 0001062118
Tax ID (NIP): 5252975330
Registration court: District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register
For all matters concerning personal data protection, you can contact us at: biuro@polsif.org or in writing at the Association's registered office address.
The controller has not appointed a data protection officer. This means that you should direct any requests or questions regarding personal data directly to us at the email address provided above.
2. What data we collect, for what purpose, and on what basis
We only collect data that you provide to us yourself via the forms available on the website, as well as basic technical data generated automatically while using the site.
2.1. Contact form
Data scope: first and last name, email address, and optionally, organization name, phone number, and the content of the message.
Purpose: to respond to your inquiry and conduct further correspondence on the matter.
Legal basis: Article 6(1)(f) of the GDPR – our legitimate interest in handling inquiries directed to us and maintaining contact with individuals interested in the Association's activities.
Retention period: for the time necessary to handle the matter, and subsequently for up to 3 years after the correspondence has ended, in order to demonstrate how it was handled and for potential defense against claims.
2.2. Newsletter subscription
Data scope: email address, and optionally, first name.
Purpose: to send information about the Association's activities, publications, events, and regulatory changes regarding sustainable investment and finance.
Legal basis: Article 6(1)(a) of the GDPR – your consent, provided at the time of subscription. Commercial information is also sent based on the consent referred to in Article 398 of the Electronic Communications Law.
Retention period: until you withdraw your consent or unsubscribe. After consent is withdrawn, we will retain the record of your consent and its withdrawal for up to 3 years, solely for the purpose of demonstrating compliance with regulations.
You may withdraw your consent at any time by clicking the unsubscribe link in the footer of any email or by writing to biuro@polsif.org. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.3. Application form and event registration
Data scope: first and last name, email address, organization name and job title, and any additional information required by the event organizer.
Purpose: handling your registration, confirming participation, organizational communication, and preparing the attendee list.
Legal basis: Article 6(1)(b) of the GDPR – taking steps at your request prior to entering into a contract and the performance of an event participation agreement; and for accounting and documentation purposes – Article 6(1)(c) of the GDPR, i.e., compliance with a legal obligation.
Retention period: for the duration of the event organization and execution, and subsequently for up to 3 years (the statute of limitations for claims). If participation involved payment, we store accounting documents for 5 years, counting from the end of the calendar year in which the tax payment deadline expired.
2.4. Automatically collected data
Scope of data: IP address, browser type and version, operating system, device type, approximate location, date and time of visit, pages visited, and referral source.
Purpose: ensuring the proper operation and security of the website (technically necessary data) and analyzing traffic statistics, if you provide your consent.
Legal basis: for technically necessary data – Article 6(1)(f) of the GDPR (our legitimate interest in ensuring the operation and security of the website). For analytics – Article 6(1)(a) of the GDPR, i.e., your consent provided via the consent banner.
Retention period: in accordance with the periods indicated in the section regarding cookies.
3. Is providing data mandatory
Providing data is voluntary but necessary to use specific features of the website. Without providing an email address, we will not be able to respond to your inquiry, sign you up for our newsletter, or register your participation in an event.
4. Who we share data with
Personal data may be shared with entities that process it on our behalf and strictly in accordance with our instructions, based on data processing agreements (Article 28 of the GDPR). These are:
Webflow, Inc. – website hosting and the handling and storage of data submitted via forms. Processing takes place in the United States.
Enzuzo Inc. – consent management platform (cookie banner), recording and storing your consent choices. Processing takes place in Canada.
Google Ireland Limited – website visit statistics (Google Analytics 4), only after you have provided your consent. Processing takes place in Ireland, with the possibility of transfer to the United States.
Furthermore, data may be shared with entities providing accounting, legal, or IT services to us, as well as with public authorities if required by law. We do not sell personal data, nor do we transfer it to third parties for their own marketing purposes.
5. Transfer of data outside the European Economic Area
Because we use tools from providers outside the European Economic Area, your data may be transferred to third countries. This is done exclusively by applying the safeguards provided for in Chapter V of the GDPR:
Webflow, Inc. (USA) – The company is certified under the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/participant/6365), for which the European Commission issued an adequacy decision on July 10, 2023. Additionally, the data processing agreement concluded with Webflow includes the standard contractual clauses adopted by the European Commission.
Enzuzo Inc. (Canada) – The European Commission has issued an adequacy decision for Canada (Decision 2002/2/EC), covering organizations subject to the Canadian PIPEDA act.
Google Ireland Limited – the data controller in the EEA is an Irish entity; any transfers to the United States are based on the EU-U.S. Data Privacy Framework and standard contractual clauses.
You can obtain a copy of the security measures implemented by writing to biuro@polsif.org.
6. Cookies and similar technologies
The polsif.org website uses cookies, which are small text files stored on your end device. In accordance with Article 399 of the Electronic Communications Law, storing information or accessing information already stored on your device requires your prior consent. The exception is cookies necessary to provide a service requested by you – these function without consent.
We manage consents using the Enzuzo platform. The consent banner appears during your first visit to the website and allows you to accept or reject individual cookie categories. Consent is voluntary, and rejecting it does not block access to the website's content.
6.1. Cookie categories
Essential cookies – these ensure the basic operation of the website, security, form handling, and remembering your choices in the consent banner. They do not require consent.
Analytical cookies – these allow us to count visits and understand which content is useful. We use Google Analytics 4 for this purpose. They require your consent.
6.2. How to change or withdraw consent
You can change your choices at any time by reopening the consent settings panel available on the website. You can also delete or block cookies in your browser settings. Instructions for the most popular browsers can be found here:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
Please note that blocking essential cookies may hinder the use of certain website features, including forms.
6.3. Google Analytics 4
If you consent to analytical cookies, we use Google Analytics 4, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). This tool collects information about how you use the website, including pages visited and referral sources. IP addresses are not stored in Google Analytics 4. For more information, please see Google's privacy policy (https://policies.google.com/privacy?hl=en) and their documentation on data collection (https://support.google.com/analytics/answer/11593727?hl=en). You can also opt out of Google Analytics data collection by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
7. Your rights
In connection with the processing of your data, you have the following rights:
Right of access (Article 15 GDPR) – you can find out what data we process about you and receive a copy of it.
Right to rectification (Art. 16 GDPR) – you may request the correction of incorrect data or the completion of incomplete data.
Right to erasure (Art. 17 GDPR), known as the right to be forgotten.
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR) – applies to data processed based on consent or a contract, in an automated manner.
Right to object (Art. 21 GDPR) – you may object at any time to processing based on our legitimate interests, for reasons related to your particular situation.
Right to withdraw consent (Art. 7(3) GDPR) – at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please write to biuro@polsif.org. We will respond without undue delay, no later than one month after receiving your request. In justified cases, this period may be extended by a further two months, of which we will inform you.
Right to lodge a complaint
If you believe that we are processing your data unlawfully, you have the right to lodge a complaint with the supervisory authority:
President of the Personal Data Protection Office
ul. Stawki 2, 00-193 Warsaw
https://uodo.gov.pl/
8. Data security
We apply technical and organizational measures appropriate to the risk to protect your data from unauthorized access, loss, or disclosure. The website uses an encrypted HTTPS connection, and access to data from forms is restricted to authorized personnel on our side. We only work with providers who offer adequate data protection guarantees.
9. Automated decision-making
Your data is not used for automated decision-making, including profiling that produces legal effects concerning you or similarly significantly affects you.
10. Links to external sites
The website may contain links to sites operated by other entities, including the Association's partners. We are not responsible for their privacy policies or how these entities process data. We encourage you to review the policies applicable to those sites.
11. Changes to the Privacy Policy
We may update this Policy, for example, due to changes in regulations or the tools we use. The current version is always available here, with the date of the last update indicated at the beginning of the document. We will notify you of any significant changes in a visible manner on the website.
12. Legal basis and sources
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
Act of 12 July 2024 - Electronic Communications Law (Journal of Laws 2024, item 1221): https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20240001221
Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000): https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180001000
Webflow - Privacy FAQs (information on data storage location and DPF certification): https://webflow.com/legal/privacy-faqs
Webflow - Data Processing Addendum: https://webflow.com/legal/dpa
Webflow - list of subprocessors: https://webflow.com/legal/subprocessors
EU-U.S. Data Privacy Framework - Webflow, Inc. entry: https://www.dataprivacyframework.gov/participant/6365
European Commission - adequacy decisions: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
Google - privacy policy: https://policies.google.com/privacy?hl=en
Enzuzo - privacy policy: https://www.enzuzo.com/privacy-policy
Personal Data Protection Office: https://uodo.gov.pl/

.webp)





