Terms & Policies
Joint Controllers Agreements
What is the difference between a controller, processor, and joint controller?
Controllers are the main decision-makers – they exercise overall control over the purposes and means of processing personal data. In our case, every entity from the FundingBox capital group is a separate data controller.
If two or more controllers jointly determine the purposes and means of processing the same personal data, they are joint controllers. However, they are not joint controllers if they are processing the same data for different purposes:
Processors act on behalf of, and only on the instructions of, the particular controller.
Processors do not bear the same level of compliance responsibility as controllers. But they do carry responsibility for some compliance in their own rights, such as security, data breach notification, and accountability.
Joint controllers – to jointly control the data – are not required to enter a legal contract, but they must have a transparent arrangement that sets out their agreed roles and responsibilities for complying with the GDPR. The essence of this arrangement should be made available to anyone interested.
THE ESSENCE OF THE ARRANGEMENTS BETWEEN FUNDINGBOX JOINT CONTROLLERS
Project – an economic undertaking, regardless of whether it is commercial in nature and whether it is financed from public funds or not, and whether it is or will be implemented with the participation of one or more Joint controllers.
(1) FundingBox Accelerator sp. z o.o. Warsaw, Poland, VAT-UE PL 7010366812 (FBA)
(2) The FundingBox Group S.L. Madrid, Spain, VAT-UE ES B86586047 (TFBG)
(3) FundingBox Communities S.L. 5, Madrid, Spain, VAT-UE ES B87857256 (FBC)
(4) ECONET S.L. Madrid, Spain, VAT-UE ES B80141211
(5) FundingBox Nordic ApS Odense Denmark, VAT-UE DK35820930i (FBN)
(6) FundingBox Research ApS Odense Denmark, VAT-UE DK 39245957 (FBR)
(7) Econet Openfunding sp. z o.o. Warsaw, Poland, VAT-UE PL 1181905939
3. Common purposes for the processing of personal data
3.1. The Joint Controllers set this common main purpose for the processing of personal data which is acquiring and implementing Projects financed by the European Union or other public or private funds and the developing of the fundingbox.com Platform and acquiring new users.
3.2. The Joint Controllers set the following common specific purposes for the processing of personal data:
(1) acquiring the new Projects co-financed by European Union funds or other public or privates funds,
(2) promotion of the Projects implemented by individual companies from the FundingBox capital group,
(3) promotion of the Projects implemented with the participation of individual companies from the FundingBox capital group,
(4) ensuring transparency of implemented projects financed from public funds,
(5) promotion of undertakings or products resulting from the implementation of Projects,
(6) promotion of entities or partners participating in the Projects,
(7) recruiting people with appropriate qualifications necessary to submit applications for the implementation of the Project or necessary for the implementation of the Project,
(8) sending newsletters,
(9) promotion of the brand and the FundingBox capital group,
(10) recruiting collaborators (e.g. evaluators, experts, employees),
(11) organizing informative events related to the activities of the FundingBox capital group,
(12) acquiring new users of the Platform,
(13) development of new services and products of Joint controllers,
(14) improving the quality of Joint controllers’ services and online services via Platform,
(15) implementation of new services,
(16) conducting development works,
(17) analysis of collected data.
4. Common contact point
The common contact point with which the data subject may contact regarding the protection of his personal data is available at the e-mail address email@example.com. The FundingBox Accelerator sp. z o.o. Warsaw, Poland is responsible for handling this email address.
5. Responsibilities for compliance with the obligations
obligation under GDPR
|Art. 6 Requirement of the legal basis||FBA|
|Art. 12 Transparent information, communication and modalities for the exercise of the rights of the data subject||Each Joint controller is responsible for the preparation of the content of messages or correspondence. Communications should be drafted in a concise, transparent, intelligible, and easily accessible form, in clear and plain language.|
|Art. 13-14 Providing information on Joint Processing of Personal Data||FBA is responsible to prepare the content of messages related to the GDPR in Polish and English. In the case of correspondence in other languages, the other Joint controllers shall assist the FBA in preparing the content of the communication.|
|Art. 26 (2) Making available the essence of this Joint controlling agreement||FBA|
|Art. 15-22 Rights of the data subject with regard to the Personal Data processed by Joint controllers||
FBA – is responsible for receiving each data subject request, registering, verifying, and providing feedback/response to the request.
TFBG FBC, FBR, and FBN – are responsible for the execution of the request: e.g. deletion of the data, blocking of the account, and preparation of a copy of the data for the data subject.
|Art. 30 Records of processing activities||FBA|
|Art. 32 Security of processing||TFBG, FBC, FBR, FBN, FBA|
|Art. 33-34 Notification of a personal data breach to the supervisory authority and to the data subject||FBA|
In all matters related to your privacy you can contact us quickly and efficiently by e-mail: firstname.lastname@example.org.