PRIVACY POLICY

Karatedo Doshinkan Tradition and Culture Association

Version date: April 25, 2026

§ 1. General Provisions

1. This Privacy Policy sets out the rules for the processing and protection of personal data of users of the website operated by the Karatedo Doshinkan Tradition and Culture Association (hereinafter: the Association or the Administrator).

2. The Personal Data Administrator is:

Karatedo Doshinkan Tradition and Culture Association

Tax Identification Number (NIP): 5222892987

(hereinafter: the Administrator)

3. The Administrator processes personal data in accordance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR),
The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000, as amended),
Other applicable legal provisions concerning the protection of personal data.

Contact with the Administrator regarding personal data protection is possible via email or at the registered office address of the Association.

§ 2. Scope and Purpose of Personal Data Processing

1. The Administrator processes users' personal data for the following purposes and on the following legal bases:

a) Contact via the contact form or e-mail:

Purpose: responding to inquiries, establishing contact;
Legal basis: Art. 6(1)(f) GDPR (the Administrator's legitimate interest in responding to messages);
Scope of data: first name, last name, e-mail address, content of the message.

b) Registration and management of Association membership:

Purpose: conclusion and performance of the membership agreement, management of the membership list;
Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract), Art. 6(1)(c) GDPR (legal obligation);
Scope of data: first name, last name, date of birth, residential address, phone number, e-mail address.

c) Organization of classes, courses, and sporting events:

Purpose: implementation of the Association's statutory activities;
Legal basis: Art. 6(1)(b) or (f) GDPR;
Scope of data: first name, last name, contact details, and potentially health information (subject to separate consent – Art. 9(2)(a) GDPR).

d) Website operation and analytics:

Purpose: ensuring the proper functioning of the website, traffic analysis, improving the quality of services;
Legal basis: Art. 6(1)(f) GDPR (the Administrator's legitimate interest);
Scope of data: IP address, cookies, browser technical data.

e) Fulfillment of legal obligations (accounting, tax):

Purpose: compliance with obligations arising from legal provisions;
Legal basis: Art. 6(1)(c) GDPR.

§ 3. RIGHTS OF DATA SUBJECTS

Every individual whose data is processed by the Administrator has the right to:

access their personal data (Art. 15 GDPR),
rectify incorrect data or supplement incomplete data (Art. 16 GDPR),
erase personal data ("right to be forgotten") (Art. 17 GDPR), provided there are legal grounds for doing so,
restrict data processing (Art. 18 GDPR),
data portability to another controller (Art. 20 GDPR),
object to the processing of data based on a legitimate interest (Art. 21 GDPR),
withdraw consent at any time, if processing is based on consent – without affecting the lawfulness of processing based on consent before its withdrawal,
lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.

To exercise the above rights, please contact the Administrator using the contact details provided in § 1 of this Policy.

§ 4. Data Retention Period

Personal data is stored for the period necessary to achieve the purposes for which it was collected, and thereafter for the period required by law or until the statute of limitations for potential claims has expired:

Association members' data – for the entire duration of the membership, and after its termination, for the period resulting from legal provisions and the Association's legitimate interest (no longer than 10 years),
Correspondence data – for the period necessary to handle the matter and for 3 years from its conclusion for the purpose of potential claims,
Data for accounting and tax purposes – for 5 years from the end of the tax year to which the data relates,
Cookie data – in accordance with the browser settings or until consent is withdrawn.

§ 5. Recipients of Personal Data

Personal data may be transferred to the following categories of recipients:

IT and hosting service providers (data processors acting on the basis of data processing agreements),
postal and courier service providers,
law firms and advisors,
public authorities (courts, law enforcement agencies, tax offices) – only to the extent required by legal provisions.

The Administrator does not transfer personal data to third countries (outside the European Economic Area) or to international organizations, unless required to do so by law.

§ 6. Cookies and Tracking Technologies

The Association's website may use cookies – small text files stored on the user's terminal device.
The Administrator uses the following types of cookies:

essential – necessary for the proper functioning of the website.

The user can manage cookies through their web browser settings. Restricting the use of cookies may affect the functionality of the website.
The website may use analytical tools, such as Google Analytics. Detailed information on data processing by Google is available in the Google Privacy Policy.

§ 7. Data Security

The Administrator applies appropriate technical and organizational measures to ensure the security of the processed personal data, in particular protecting the data against unauthorized access, loss, or destruction.
Access to personal data is granted only to authorized persons who are bound by confidentiality obligations.
Data transmission on the website is carried out using SSL/TLS encryption protocols.

§ 8. Children’s Personal Data

As part of its activities, the Association may process the personal data of children (persons under 16 years of age) only with the consent of their parents or legal guardians, to the extent necessary for the implementation of sporting classes and statutory activities.
The Administrator does not knowingly collect personal data from children without the consent of their parents or legal guardians. If information is received regarding such processing, the data will be deleted immediately.

§ 9. Automated Decision-Making and Profiling

The Administrator does not use automated decision-making, including profiling, that would produce legal effects concerning the data subjects or similarly significantly affect them.

§ 10. Links to External Websites

The Association's website may contain links to external websites. The Administrator is not responsible for the privacy policies applied by these websites. We recommend that you read the privacy policies of each website you visit.

§ 11. Changes to the Privacy Policy

The Administrator reserves the right to make changes to this Privacy Policy.
Users will be informed of any significant changes by posting an appropriate announcement on the Association's website.
The update date of the policy is indicated at the beginning each time.
Use of the website after the introduction of changes is equivalent to acceptance of the new version of the Privacy Policy.

§ 12. Final Provisions

In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish law regarding personal data protection shall apply.
This Privacy Policy enters into force on the date of its publication on the Association's website.

Association of Tradition and Culture of Karatedo Doshinkan

Tax Identification Number (NIP): 5222892987 | Date: 25.04.2026