This policy explains what data is processed by the EltenLink website and portal, for what purposes, and what rights users have.
The Polish version of this document is the binding version. This English version is provided for information.
Data controller
The data controller is Fundacja Prowadnica, ul. Ignacego Krasickiego 5, 84-239 Bolszewo, Poland.
Foundation details:
- National Court Register (KRS): 0000893029
- VAT/NIP: PL 5882467405
- REGON: 388594504
- E-mail: fundacja@prowadnica.org
For personal data protection matters, contact the Data Protection Officer at iod@prowadnica.org.
For technical and account-related EltenLink matters, contact support@elten.link.
Data we process
Website technical data
When the website is used, basic technical data may be processed, in particular IP address, request date and time, visited URL, browser information, operating system, language, error information and session identifiers.
The website uses cookies and similar mechanisms only where needed to operate the service, maintain sessions, remember the client identifier and handle the cookie notice. The browser may use localStorage to remember that the cookie notice has been closed.
The website uses external frontend resources such as Google Fonts and Bootstrap delivered by jsDelivr. Loading these resources may disclose technical connection data to those providers, such as IP address and browser information.
We do not use advertising trackers or external marketing analytics.
EltenLink account data
Creating an account requires a login, password and e-mail address. The password is processed for authentication and is not disclosed to other users. The e-mail address is used for registration, account activation, access recovery and important administrative notifications.
Users may voluntarily complete their profile, including display name, description, languages, location, birth date, status, signature and other account settings. The visibility of some data depends on account settings and the nature of the feature.
User content
The portal processes content published or submitted by users, including forum posts, blogs, comments, private messages, notes, polls, attachments, reports and settings related to these features.
Public content, especially public forums and blogs, may be visible to people who are not signed in and may be indexed by search engines. Private content, such as messages and notes, is not routinely moderated or reviewed, but may be technically processed to provide the service, protect security, handle user requests, respond to abuse or comply with legal obligations.
Security and authentication
To protect accounts and the portal, we process data related to logins, sessions, device activity, IP addresses, access attempts, client identifiers and security events.
Users may voluntarily enable SMS two-factor authentication. In that case, the phone number needed to send the code is processed. Amazon SNS may be used to send SMS messages.
Backups and logs
Technical logs and backups are created as part of service maintenance. They are used to diagnose issues, protect the portal, restore service after failures and maintain accountability of administrative actions. Backups may contain data existing in the system at the time they were created and are stored until technical rotation.
Purposes and legal bases
We process data for the following purposes:
- creating and maintaining accounts,
- providing portal features, including forums, blogs, messages, notes, polls and attachments,
- authentication, session maintenance and account protection,
- account activation, access recovery and important administrative communication,
- moderation, report handling, spam and abuse prevention,
- issue diagnosis, infrastructure maintenance and backups,
- compliance with legal obligations and protection of the rights of the Foundation, users and third parties.
The legal bases include performance of a service provided to the user, the controller's legitimate interest in securing, maintaining and protecting the portal, consent or the user's voluntary action for optional features, and legal obligations.
Recipients of data
Data may be disclosed to entities supporting the operation of the portal, such as hosting, e-mail, SMS, security, backup and infrastructure maintenance providers. Data may also be disclosed to public authorities where required by law or necessary to protect rights.
We do not sell user data and do not disclose it for behavioral advertising.
Transfers outside the European Economic Area
Some technical services, especially global cloud, SMS, CDN or frontend resource providers, may involve transfers of data outside the European Economic Area. In such cases, we rely on mechanisms provided by law, in particular standard contractual clauses or other appropriate safeguards used by providers.
Account archiving and deletion
Users may archive their account in settings. Archiving disables the account and limits further use, but does not automatically delete all data.
After archiving, data may still be stored where needed for portal operation, security, accountability, moderation, abuse handling, legal obligations and continuity of public discussions. This includes in particular the login, public posts, technical information, logs, reports and data temporarily present in backups.
Users may edit or delete some data from their account, and may contact the administration where assistance is needed.
Retention period
Data is stored for as long as needed to operate the account and portal, provide features, ensure security, moderation and accountability, and comply with legal obligations. Public content may remain available for as long as needed for continuity of discussions and in accordance with the Terms and Conditions. Logs and backups are stored for the period technically required for security and service maintenance.
User rights
Users have the right to request access to their data, rectification, erasure, restriction of processing, data portability and objection, within the limits provided by law. Where processing is based on consent, consent may be withdrawn without affecting processing carried out before withdrawal.
Users have the right to lodge a complaint with the President of the Polish Personal Data Protection Office.
Changes to this policy
This policy may be updated if the portal, legal requirements or the services used by the portal change. Users will be informed about material changes in a manner appropriate to the nature of the change.