Privacy policy

Version of 12 June 2026. This is a convenience translation; in the event of any discrepancy, the Polish version prevails.

§ 1. Data controller

The controller of personal data processed in connection with the use of the website available at algoomni.com (the “Website”) is ALGOOMNI P.S.A. with its registered office in Warsaw, ul. Hoża 86/410, 00-682 Warsaw, Poland, entered in the register of entrepreneurs of the National Court Register (KRS) under number 0001187628, NIP (tax ID) 7011272266, REGON 542417810 (the “Controller”).

Contact regarding personal data: e-mail biuro@algoomni.com, phone +48 515 269 955, or in writing to the registered office address.

§ 2. Scope and source of data

The Controller processes only data provided voluntarily by users in the Website’s forms (in particular: first name, e-mail address, telephone number, town/region, content of the message or submission, description of skills and availability) and data collected automatically in server logs (IP address, browser identifier, date and time of the request). The data comes directly from the data subject.

§ 3. Purposes and legal bases of processing

• Waiting list (newsletter): sending information about the ALGOOMNI project after confirmation of sign-up (double opt-in) - basis: consent (Art. 6(1)(a) GDPR). Consent may be withdrawn at any time via the unsubscribe link in every message or by contacting the Controller.
• Contact form: handling correspondence and replying - basis: the Controller’s legitimate interest in conducting communication (Art. 6(1)(f) GDPR).
• Citizen submissions (proposals for the New Civic Constitution and the New Party programme): receiving, cataloguing and editorial processing of the submission - basis: consent (Art. 6(1)(a) GDPR); any publication of a proposal only in anonymised form and only upon separate, voluntary consent.
• Team applications (recruitment): assessing the application and contacting the applicant - basis: consent (Art. 6(1)(a) GDPR) and steps taken at the data subject’s request prior to entering into cooperation (Art. 6(1)(b) GDPR).
• User account (if created): provision of the account service - basis: necessity for the performance of a contract for electronic services (Art. 6(1)(b) GDPR).
• Website security: server logs, abuse limitation (rate-limiting), anti-spam filters - basis: the Controller’s legitimate interest in ensuring the security and integrity of the services (Art. 6(1)(f) GDPR).
• Establishment, exercise or defence of legal claims - basis: the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
• Compliance with legal obligations incumbent on the Controller - basis: Art. 6(1)(c) GDPR.

§ 4. Recipients of data

Data may be entrusted only to entities processing it on the Controller’s behalf and to the extent necessary to provide the services:

• server infrastructure (hosting) provider - OVH, with servers located in the European Union;
• e-mail delivery service provider - Resend, Inc. (USA) - solely to the extent necessary to deliver system messages and sign-up confirmations.

Data may be disclosed to public authorities only where such an obligation arises from mandatory provisions of law. The Controller does not sell personal data and does not share it with third parties for marketing purposes.

§ 5. Transfers outside the European Economic Area

In connection with the e-mail delivery service (Resend, Inc.), data in the form of the e-mail address and the content of system messages may be transferred to the United States. The transfer takes place on the basis of the European Commission’s adequacy decision (EU–US Data Privacy Framework) or, in its absence, on the basis of standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR).

§ 6. Data retention periods

• waiting-list data - until consent is withdrawn or the list is discontinued;
• contact-form correspondence - for the period necessary to handle the matter, no longer than 3 years from the last contact;
• citizen submissions - for the duration of work on the New Civic Constitution and the programme, no longer than until consent is withdrawn;
• team applications - until the structures in the given area are formed, no longer than 2 years from submission or until consent is withdrawn;
• user account data - until the account is deleted;
• server logs - up to 12 months;
• in each case the retention period may be extended by the limitation period for claims where processing is necessary to establish, exercise or defend them.

§ 7. Rights of data subjects

Every person has the right of access to their data and to obtain a copy of it (Art. 15 GDPR), to rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), to object to processing based on legitimate interest (Art. 21), and to withdraw consent at any time - without affecting the lawfulness of processing carried out before its withdrawal. Requests may be submitted to biuro@algoomni.com; the Controller responds without undue delay, no later than within one month.

§ 8. Right to lodge a complaint

Data subjects have the right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland (uodo.gov.pl).

§ 9. Voluntary provision of data

Providing data is voluntary but necessary to use a given service (e.g. joining the waiting list or sending a submission). Failure to provide data makes it impossible to use the service.

§ 10. Automated decision-making

The Controller does not take decisions concerning users based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect them.

§ 11. Cookies

The rules for the use of cookies and similar technologies are set out in the separate Cookies Policy available on the Website.

§ 12. Changes to this policy

The Controller may update this policy in the event of changes to the law or to the Website’s functions. The current version, with its date, is always available on the Website.