Terms & Policies

Privacy Policy

Effective day 8 December 2021

While using our Platform you share with us your personal data, information about your business activity and other content that is valuable to you. And you have the right to know how we treat your data and how we process them.

In this Privacy Policy we want to provide you with a detailed guide on the scope of information we collect, why we do it, how we process them and what happens when you decide to remove your data from our Platform.

FundingBox acts with respect for the right of any person to protect its privacy. We respect your right to choose what you want to share. We don’t use small print. We believe you deserve full transparency. If you want to know more about our Privacy Policy – we are ready for your questions, just drop us an e-mail at privacy@fundingbox.com

What is covered by this Privacy Policy and when it applies

This Privacy Policy is an integral part of the General Terms of Services provided by FundingBox Accelerator Sp. z o.o. and applies every time you use the FundingBox Platform. These two documents supplement each other and form a whole. If you don’t agree with this Privacy Policy, please refrain from using the Platform.

In the matters not covered by this Policy, General Terms of Services apply.

In this Policy we describe what kind of data we process, what happens with your data collected and processed within the Platform, how you can find out what we know about you, and how you can delete your data.

Specific, more complex rules apply to each of the FundingBox Services. To find out more about them, please check our library.

This Privacy Policy applies when you use FundingBox Services. Our Platform allows Users to share information and make contacts, so the Platform may contain references and links to other websites, which are not controlled by FundingBox and to which separate rules apply. We can’t take any liability for the consequences of using such references and external links by Users.

In all matters regarding personal data, you can contact us at privacy@fundingbox.com.

GDPR

Much has been said about GDPR, so not to bore you, we will point out the most important facts to have a common understanding:

To sum up, you – as the User of the Platform – are the data subject, we – FundingBox – are the data controller, and each operation on your data is data processing.

Your rights

As the Platform and data controller, we respect your rights to:

• object to the processing of your data – it means that in some cases you can say:stop processing my data; a detailed procedure on how to do it is available below;
• access your data and obtain a copy of your data – it means that you can ask us what information about you FundingBox has and request a copy of your data;
• data portability – it means that you have right to receive your personal data in a machine-readable format and you can ask us to send it to another controller;
• correct your data – it means that if we process your inaccurate or incomplete personal data, we have to correct them upon your request;
• erase your data, it means that you can request to delete your data when it’s no longer needed or if processing it is unlawful;
• restrict processing of your data, it means that in some cases you can ask us to limit processing your data only to store it and not processing it for other purposes;
• obtain human intervention on the part of the controller, to express your point of view and to contest the solely automated decision – it means that you have the right in this case to express your point of view and to contest automated decisions (operations that are performed automatically by our system);
• lodge a complaint with your local Data Protection Authority. Full list is available here: https://edpb.europa.eu/about-edpb/board/members_en

We process all claims and requests with regard to the applicable provisions of the law and this Policy. You must be aware that in some cases we may still process your data, even if you have requested to delete them, for example to determine, pursue or defend claims (for the time necessary to fulfil these purposes).

You can easily export all data related to your Account using the User Panel.

See more about your rights here

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en

How you can exercise your rights and contact us

To exercise your rights please contact us via e-mail privacy@fundingbox.com. In the e-mail, please specify your request and provide information that will allow us to identify you. Providing contact data is voluntary but it is not possible to manage your request without that.

We will deal with your request without undue delay and in any event within one month of receipt of the request. In exceptional circumstances, that period may be extended by two further months (for example in case of the complexity of your request or great number of requests).

If you have other questions or comments regarding processing of your data you can reach us by e-mail privacy@fundingbox.com.

Cookies

To learn more about how we process cookies and how we implement our Cookie Policy please check here.

What kind of data we collect and how we process them

Depending on which Service you use or whether you have registered an Account, we collect different data. Here we describe which data we collect to keep and run your Account and to provide you with basic access to the FundingBox Platform (if you wish to browse our Platform without registration).

For each Service, we prepared a specific section adjusted to its nature and possibilities it gives you:

• for Spaces – what happens with the data within the communities, who manages those data, licences, IPR rights etc.;
• for Open Calls – how we treat information collected within open calls, how we secure them, how we make sure that data collected there remains confidential, when we delete the data, etc.;
• for Meetings – how we secure confidentiality and what we do to keep absolutely minimum information.

Below you will find detailed information on how we process personal data every time you use our Platform. To make it more transparent, we describe each process separately.

Registration – data necessary to set up the Contract

The first step is the conclusion of the Contract with FundingBox. It happens when you register on our Platform. To make a Contract, we must collect some basic information about you. When you register on the Platform and set up an Account, we ask for your name and surname, username, e-mail address and password.

Of course, you don’t have to provide those data, as having an Account on our Platform is voluntary, but without them you can’t set up an Account and enjoy the full range of FundingBox Services (without registering you can use, with no limitations, only FundingBox Meetings app).

Setting up an Account

You have already registered. We have your basic data and Contract, you have an Account. Now you can set up your Account and personalise it. You can include information about your business activity, professional experience, interests, etc. You are free to choose if and which information you want to include on your profile and share with others. We never ask for sensitive information. You do not have to provide additional information; such information, of course, helps you to get more out of our Platform, but you decide whether to provide it and we respect your decision. You can delete such additional information at any time without removing your Account. You decide what and when you want to remove.

By using your Account, you are free to choose which Services you use and to what extent.

Authentication through other platforms

To make your life easier, we enable you to set up an Account and gain access to our Platform using an authentication mechanism through external authentication services (e.g. Facebook Connect, LinkedIn). Briefly speaking, you can access the FundingBox Platform using your third-party (application e.g. Facebook Connect, LinkedIn) account. In such a case, we will download data necessary for registration from your account on the social network. And only those data, nothing more, unless you allow us to access or download the data that might be useful when using the Account’s functionality on the Platform. You can do it by individually changing the plug-in settings.

While using authentication via third party services, we will use cookies following our Cookie Policy.

Activity on the Platform – information on what you do within the FundingBox Platform

FundingBox collects information about your activity within the Platform. We store and process information about your participation in the Communities, posts you publish, interactions with other Users, participation in Open Calls etc. We do it to enable you to use the Platform smoothly. If we stop doing this, you wouldn’t be able to see posts you published, conversations you had, applications you submitted within Open Calls, communities you joined etc.

Your activity on the Platform is recorded in system logs (a chronological record containing information about events and activities regarding the IT system used to provide services by FundingBox). We use that information to provide the best quality of our Services and constantly develop them. We use information about Users’ activity on the Platform for technical and administrative purposes – such as ensuring the security of the IT system and system management, as well as for analytical and statistical purposes.

Network and communication

The goal of our Platform is to help your business grow. To put this idea into practice, we allow Users to connect and communicate with each other, set up and join communities, run conversations. To do so, you can “connect” with the professionals you choose, and who also wish to “connect” with you. Depending on your settings, different interactions are possible. FundingBox might use the data provided in your Profile to help others find your profile, suggest connections and activities, inform you about news, events and ideas regarding professional topics you might be interested in.

The FundingBox Platform also allows to explore business and funding opportunities and to set up business relations.

Marketing and newsletter

We send newsletters. We won’t send you information about promotion in the nearest supermarket or release of the latest model of your favourite car. What we can send you is information about upcoming or ongoing open calls and funding opportunities, webinars, training and opportunities for your business. We might send you information about FundingBox projects. We can also send you information about third parties’ projects and their activities that might be in the field of your professional interest.

We send newsletters only if you agreed on them while setting up your Account. You can change your settings at any time in the Notification settings tab (https://accounts.fundingbox.com).

We don’t sell your data nor collect them with such a purpose.

To sum up, FundingBox processes Users’ personal data in order to carry out marketing activities which consist of direct e-mail notifications about interesting projects, offers or content, which in some cases contain commercial information (newsletter service). We send a newsletter based on your consent. You can change your settings at any time here

To provide you with the most suitable content, we analyse your location and interests related to the communities and topics, and we use profiling in some cases. Profiling means that due to the automatic processing of data, FundingBox evaluates selected factors concerning natural persons in order to analyse their behavior or to create a forecast for the future.

How we get the data

As a rule, we obtain data directly from you. Exceptionally, we can receive your data from a third party – for example if one of the Users invites you to join the Platform, we will get your e-mail address only.

You have the freedom to provide your data. As a rule, only obligatory data are provided during registration. Obligatory data are always marked. If you express consent for processing your data, providing the data is always voluntary.

Automated decisions

The decision to conclude a contract is completely automated (without human intervention) based on Article 22 of GDPR. It means that the process of registration and conclusion of the contract takes place automatically but during such a process we do not make any preliminary assessment whether to conclude a contract or not (e.g. verification of data in public authorities).

Other data operations made on the Fundingbox Platform are not automated decisions within the meaning of Article 22 of GDPR, which means that each process takes place with the participation of a human being, or has no legal effect or similarly significant effect on you.

Grounds for processing- justification for the processing of personal data

We process personal data only when we have grounds to do so (so called – lawful basis). Grounds for processing the data are precisely described in GDPR and we strictly follow those rules. Formally speaking, they are called “goals and grounds”. They are divided into three groups:

• contract – where processing is necessary for the performance of a contract with you, to deliver the services you have requested,
• consent – if you have given consent for such processing,
• “legitimate interests of the controller” – described in art. 6. 1 (f) of GDPR, and
• complying with the legal obligations e.g. concerning taxes, our obligations towards Funding Authorities, described in art. 6.1( c) of GDPR.

If you post on the Platform any personal data of other people (including their name, address, telephone number or e-mail address), you may do so only if you do not violate the applicable law and personal rights of such persons.

The detailed principles and purposes of processing personal data are described below.

Performance of the contract

This happens when personal data are processed to conclude and perform the Contract (you conclude a contract for the provision of electronic services when you register on the Platform, and we perform it providing the Services). Legal grounds for this is Article 6.1 (b) of GDPR.

Contract performance includes processing connected with:

• registration and confirmation of the Account (conclusion of the Contract);
• using the Account on the website and/or mobile app;
• browsing the site’s pages as a Registered User (including User profiles and contributions);
• conducting conversations, groups, communities;
• making entries;
• taking part in open calls;
• inviting other Users;
• deleting the Account and Contract termination.

Consents

This happens when you give us your consent to process your data. If the processing of personal data is performed based on your consent, you may withdraw it at any time. The withdrawal of the consent does not affect the legitimacy of the processing performed on the basis of the consent prior to its withdrawal. The consent may be given only by an adult with full legal capacity. The consent is always voluntary.

We collect separate consent for each activity (if necessary). The above list is for information only.

You can withdraw your consent at any time via e-mail privacy@fundingbox.com, or (if you are a Registered User) on your Account in the Notification settings tab.

After you withdraw the consent, your personal data will no longer be processed and they will be deleted or anonymised, except for the scope necessary for documenting the proper performance of our obligations related to data processing (e.g. proper documentation of consent withdrawal) and to defend against claims (Article 6.1(f) of GDPR).

In the case of open calls – if the Open Call Organiser is not FundingBox, please contact the Open Call Organiser. Contact details are indicated on the page of the given open call.

Legitimate interest of FundingBox

This happens when FundingBox needs to process your personal data in order to carry out tasks related to our business activities. The processing of personal data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with you. In such cases, processing of personal data is justified on grounds of legitimate interest and covers the following cases:

• ensuring safety, improving quality, removing errors, as well as monitoring the service provided electronically (Article 6.1 (f) of GDPR);
• pursuing or defending against claims (Article 6.1 (f) of GDPR), when such claims arise in connection with the provision of the Service;
• sharing data with the entities belonging to the FundingBox capital group in connection with administrative, accounting and project execution purposes;
• sharing your user name with the Open Call Organiser;
• processing of the data of the persons invited to the Platform (including via meetings) but not registered (Article 6.1 (f) of GDPR);
• sending legal information via e-mail including changes in privacy rules (Article 6.1 (f) of GDPR).

We ensure that the pursuit of our legitimate interests does not seriously affect your rights and freedoms.

Who has access to your personal data

We strictly limit with whom we share your personal data and who can access them. We never share personal data for commercial purposes. It is the golden rule and philosophy behind our Platform.

We don’t share your data with anyone outside FundingBox Accelerator, with the exception of:

• operations that are necessary to provide you with the Services and keep the Platform working – external hosting providers, IT service providers, tools that help us manage newsletters, tools we use for analytics, entities belonging to the FundingBox capital group.

We only use trusted persons and service providers. They only process the data.

• your consent – by providing non-obligatory data on your Account and setting up your Account, you decide what data you want to share within the Platform and with whom you want to share it. This applies also to the data that you voluntarily publish within the communities and spaces;

• legal reasons – if we are obliged to provide information about you or your activity within the Platform to the court or other national authorities or law enforcement authorities.

Within FundingBox, only authorised persons can access your data, following our internal procedures. We strictly limit access to the data collected through the Platform to the authorised individuals within our organisation (e.g. employees), acting under the instructions, who need access to the data to execute their work..

For specific rules that apply to cookies, Spaces, open calls and meetings, check our library. It might happen that we share some sets of data with third parties – in each case we inform you about it in a dedicated information clause (it will apply for example to the open calls organised by FundingBox).

We may share anonymised information with our partners and customers. For example, we share information about the general use of our Services, open calls impact, and communities range.

Servers location and data transfer outside the EU

Our servers are located in the EU. We use only trusted service providers who are obliged to comply with the GDPR rules.

For some functionalities and processes we use the services of providers such as Google, Sendgrid, Mixpanel and Intercom. You can find more information under the link.

Deleting Account and other data shared on the Platform

As a rule, the data connected to and on your Account are processed as long as your Account is active. If you decide to close your Account, your personal data will stop being visible to others on our Platform within 7 days. We generally delete closed Account information within 30 days of Account closure, except as noted below.

We might retain your personal data even after you have closed your Account, if it is reasonably necessary to comply with FundingBox’s legal obligations, meet regulatory requirements, resolve disputes, prevent fraud and abuse, enforce our User Contract, or implement contracts for co-financing for the period provided for in these agreements (usually it is 6 years).

Information you have shared with others might remain visible after you have erased your Account or deleted this information from your Profile.

How long your data will be processed

General information

The period of data processing by FundingBox depends on the type of service provided and the purpose of the processing.

As a rule, the data connected to your Account are processed as long as your Account is active or until your consent is withdrawn, or an effective statement of opposition to the data processing is filed.

If you decide to close your Account, your personal data will stop being visible to others on our Platform within 7 days. As a rule, we delete information from a closed Account within 30 days of the Account closure. As there is an exception to every rule, we might retain your personal data even after you have closed your Account if that is reasonably necessary to:

• comply with FundingBox’s legal obligations (such as execution of H2020 projects, execution of obligations towards third parties etc.);
• meet regulatory requirements;
• resolve disputes or protect our rights;
• prevent fraud and abuse;
• complete/execute a User’s Contract;
• implement agreements for co-financing for the period provided for in those agreements (usually 6 years).

Information you have shared with others might remain visible after you have erased your Account or deleted this information from your Profile (this is a strictly limited number of cases – for example if you applied in an open call and its Organiser must keep appropriate records).

Detailed information

We implemented the following retention periods for specific situation:

Security of the data

We apply technological and organisational means to secure your personal data. We implement security safeguards corresponding to the threats and category of data to be secured. In particular, FundingBox secures data against being published to unauthorised persons, being taken over by an unauthorised person, processed in violation of the law and changed, lost, damaged or destroyed. Among others, the SSL (Secure Socket Layer) certificates shall be applied. Your personal data are collected and stored on a secured server. Moreover, the data is secured by internal procedures of FundingBox related to processing of the personal data and information security policy.

In order to log in to the Account, you have to provide relevant username and password. In order to ensure an appropriate level of security, the password for the Account exists on the Platform only in a coded form. Furthermore, registration and logging into the Platform takes place under secure https connection. Communication between the User’s device and servers is encoded using the SSL protocol.

Please remember that using the Internet and services provided by electronic means may pose a threat of malware breaking into the user’s IT system and device, as well as any other unauthorised access to your data, including personal details, by third parties. In order to minimise such threats, you should use appropriate technical security means, e.g. using updated antivirus programs or programs that secure user identification on the Internet. In order to obtain detailed and professional information related to the Internet security, FundingBox recommends taking advice from entities specialising in relevant IT services.

FundingBox undertakes all necessary actions, so that our subcontractors and service providers guarantee appropriate security measures whenever they process personal data at the request of FundingBox.

FundingBox Spaces and Communities – specific rules

Summary

In addition to the above rules, some specific rules related to FundingBox Spaces apply.

Rules that govern FundingBox Spaces are described in detail in the FundingBox Spaces and Communities Specific Terms of Use.

FundingBox Spaces is a place where you can share information, news and other content upon your discretion. Everything that you share or post may be seen by other Users (in case of open communities – by undefined number of Internet users, in case of private communities – by its members).

You are free to choose who can see this content to the extent that appropriate settings are available. In the case of open Communities, all Users will see what you share. Specific Terms of particular Services set out the detailed rules on how we may use the content you provided.

Who manages the Community data

Each Community has its owner (administrator if you prefer). It means that within the FundingBox Platform – managed and administered by FundingBox, smaller parts exist – Communities that are managed by the person or entity that created them.

It might be Fundingbox – but it doesn’t have to. The Community owner is responsible for providing you with information about its identity and management of the data within the given community. The Community owner is fully responsible for providing Community Users with updates in the Community rules (for example in case of change of the Community status from private to public).

Visibility of the Community and its content

As described in the FundingBox Spaces and Communities Specific Terms of Use, there are two types of communities:

• open Communities – they are visible to all Users – both Registered and Unregistered, regardless of whether they are members of such a Community; each user of the Internet can see its content; the Community owner defines whether a given Community will be open or private while setting it up; the Community owner can change visibility of the Community during its lifetime;
• and
• private Communities – such a community is visible only to the Registered Users who are members of this community. The Community owner defines that its Community will be private while setting it up. The Community owner can change visibility of the Community during its lifetime.

You can easily check the status of the Community you are interested in in the User Panel.

Visibility of the Space and its content

There are two types of Spaces:

• public Spaces – they are visible to all Users – both Registered and Unregistered, regardless of whether they are Spaces members; each user of the Internet can see its content.; only Registered Users can join the conversation; if a Community is public, Spaces are public as well; the Community manager may decide to create private Spaces for specific purposes, for example to coordinate the management of the Community in itself among the different people or organisations involved;
• private Spaces – all DM messages and DM Groups are visible only to the ones who participate in them.

Your duties when you are the Community owner

The Community owner is responsible for providing you with information about its identity and management of the data within the given community. The Community owner is fully responsible for providing Community Users with updates in the Community rules (for example in case of change of the Community status from private to public).

As a Community owner, you are the controller of the data within this Community. You decide what kind of data you process, for how long and who will have access to them. You also decide how long those data will be preserved. You also have to inform all Community Users who you are and how you process the data.

You are fully responsible for providing Community Users with the Community privacy rules and all updates in those rules (for example if you change the Community status from private to public, or the Community owner has changed).

When you leave the Community

You can always decide to leave the Community. Your contribution to the Community will stay there, unless you remove it by yourself. You might also be removed from the Community by its owner.

End of the Community – what happens with the data?

Some Communities are closed. When it happens, the data gathered in this closed Community will be removed together with the whole Community. The Community owner might export the data before closing the Community.

FundingBox Enterprise – special rules

Organiser – who is behind the open call

Each open call has an Organiser who is responsible for it: decides how a given open call is designed, how long it lasts, to whom it is addressed, what kind of questions are included in the application form, how long data will be stored, etc.

It might be FundingBox – but it doesn’t have to. The Call Organiser is the controller of the data collected within it. It is also responsible for providing you with information about its identity and management of the data within the given open call. If you have any doubt about who is the Call Organiser, please contact us on support@fundingbox.com

When you apply

When you apply to the open call you entrust your data to the Call Organiser. It is not only personal data but also information about your company, business, or project. It is important to know what might happen with this data and how they are processed. So:

• application form and all the data included in this form are stored within fundingbox.com cloud infrastructure; we use Amazon services to provide the highest security standards. Servers are located in Europe and comply with GDPR regulation;
• access to the application form is limited – only authorised, limited number of people can access it, they must be Registered Users.

When FundingBox is the Call Organiser

FundingBox is a European leader in the organisation and management of open calls. We specialise in organisation of the competitive open calls for cascade funding from public funds.

We know that a good application must include a lot of data. And you have to share with us data that might be confidential for you and are important for your business and/or project.

We protect data collected within open call with the highest professional standards.

So:

• we don’t use data included in the application form for any other purposes than management of that open call (including evaluation of the application and winners selection);
• we store application data for compliance reasons for the time required by the Authority that entrusted us public money that we distribute (usually it is 5 years after project final payment);
• we provide access to the application form only to a limited number of people who have to gain access to it to execute the open call (like a limited number of FundingBox’s staff, Project managers, IT, evaluators, project partners);
• a person who accesses the application form is informed about its confidential nature and obliged to maintain confidentiality;
• access to the applications is granted for a limited time period;
• we don’t share application content with the third parties not engaged in the project that is related to the given open call (except for compliance or project requirements reasons, and only in relation to the non-confidential information);
• each open call has its information clause with specific details related to the processing of the personal data.

In the case that FundingBox is the Call Organiser, FundingBox is also the controller of the data.

Our obligations towards Funding Authorities

Great part of grants distributed within our open calls are financed with public money, mainly from the European Commission programmes but also from national funds.

For sake of clarity – FundingBox is not a European Commission agency nor its representative.

Because this is public money, we have to comply with specific reporting and compliance requirements. It means that in some cases we will have to provide the data included in the application form to such Funding Authorities or auditors representing a Funding Authority.

Our obligation towards Funding Authorities also covers informing about grants that we distribute. Because of that, we will publish information about you, your company and project if we provide you with the grant. Don’t worry – it will be the only general information that everyone can get. We will share neither confidential information nor the content of your application.

Other use of FundingBox Enterprise

FundingBox Enterprise tool might be also used to create forms and collect information through them – for example:

• to create a challenge;
• to subscribe for an event;
• to collect opinions.

Depending on the purpose of such action, we will inform you about the processing of your data within that particular form.

When FundingBox is not the Call Organiser

FundingBox also provides open call management service to third parties. It means that:

• athird party (for example Company XYZ or public body) orders such a service from FundingBox;
• we manage the technical part of this open call, including data storage, but we don’t organise it. Such a third party is the Call Organiser and controller of the data. FundingBox is only a data processor.
• In the case that a Call Organiser failed to provide you with the information about processing of your data, or you have any doubts about it, please contact us on privacy@fundingbox.com

Your duties when you are the Call Organiser

You can be a Call Organiser! As a Call Organiser, you are the controller of the data within this open call. You decide what kind of data you process, for how long and who will have access to them. You also decide how long those data will be preserved. You also have to inform all participants of the open call who you are and how you process the data.

We will remove the data collected within an open call upon your request or according to the contract we conclude for providing such a service. We will also ask your permission to delete the application form of the User that asked us to delete their Account.

When the open call is over – what happens with the data?

When the open call is over, your application form will be stored within our cloud infrastructure. Period of the data storage depends on the call character, and may be:

• for calls in which we select recipients of grants funded with public resources – for the period reserved by the Funding Authority to run an audit and check; usually it is 5 years after project final settlement; We have to prove to the Funding Authority that we executed our project in accordance with the agreement;
• for other calls/forms – depending on their nature and reasons – we don’t store that data longer than necessary; in each call/form, we inform you about data storage periods.