Privacy policy
Last updated: 26 May 2026 · version 1.0
Biosecurity Poland is an independent initiative based in Warsaw. This privacy policy explains how we process the personal data we collect from you when you use our site — in practice: when you subscribe to our newsletter.
The controller of your personal data under the GDPR1 is Fundacja Efektywny Altruizm (Effective Altruism Foundation; KRS 0000726237, NIP 5252746902, REGON 369951399), registered at Plac Bankowy 2, 00-095 Warsaw, Poland, email: kontakt@efektywnyaltruizm.org — the foundation under which the Biosecurity Poland initiative operates.
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR).
Topics
- What data do we collect?
- How do we collect your data?
- Why do we process it?
- Where and how long do we store it?
- Transfer outside the European Economic Area
- What are your data protection rights?
- Cookies and analytics
- Privacy policies of other websites
- Changes to this privacy policy
- How to contact us
- How to contact the supervisory authority
What data do we collect?
We collect only the email address you submit through the newsletter form.
When you confirm your subscription by clicking the link in the verification email, our newsletter provider additionally records:
- the moment of confirmation;
- the IP address you confirm from (as evidence of double opt-in, for compliance with the GDPR and the Polish Act on Electronic Services).
How do we collect your data?
You provide the data to us directly. We collect and process it when you:
- subscribe to our newsletter through the form on our website.
That is all. We do not collect data via cookies and do not use any other sources.
Why do we process it?
Only to send you the Biosecurity Poland newsletter — updates on our work, events, and topics related to biological security.
Legal basis:
- Your consent (GDPR Art. 6(1)(a)) — given by submitting your address and confirming the subscription via the verification email.
- The newsletter qualifies as commercial information under Article 10 of the Polish Act of 18 July 2002 on Electronic Services (UŚUDE), which requires a separate consent for such communication — covered by the same submission act.
You can withdraw consent at any time — via the "Unsubscribe" link in the footer of every email, or by writing to info@biosecurity.org.pl.
We do not share your email address with anyone else — no partners, sponsors, advertisers, or analytics providers. We do not sell data. We do not profile.
Where and how long do we store it?
Your data is stored by Buttondown, Inc. — our newsletter provider — under a data-processing agreement (Buttondown DPA).
Buttondown uses 11 sub-processors (including Cloudflare, Postmark, Mailgun, Sentry, and Stripe) — the full and up-to-date list is at Buttondown subprocessors. Each sub-processor is bound by the same security and transfer obligations that apply to Buttondown.
Your address stays on the active list as long as you remain subscribed. After you unsubscribe, your address is removed from the active list within 30 days. Buttondown may retain a record of the unsubscribe request itself — solely so that we do not contact you again after you have asked us not to.
Transfer outside the European Economic Area
Buttondown is a U.S. company. Your email address is transferred to the U.S. The legal basis for the transfer: Standard Contractual Clauses (SCC) issued by the European Commission (Implementing Decision 2021/914) — incorporated by default in Buttondown's DPA.
Most of the other sub-processors are also U.S. companies — transfers to them rely on the same legal basis (SCCs).
What are your data protection rights?
We want to make sure you are fully aware of all of your data protection rights under the GDPR. You are entitled to:
The right to access — request a copy of your personal data (Art. 15 GDPR).
The right to rectification — request that we correct any information you believe is inaccurate (Art. 16).
The right to erasure — request that we erase your personal data ("right to be forgotten", Art. 17).
The right to restrict processing — request that we restrict the processing of your personal data (Art. 18).
The right to object to processing — object to our processing of your personal data (Art. 21).
The right to data portability — request that we transfer the data we have collected to another organization, or directly to you, in a machine-readable format (Art. 20).
The right to withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).
If you make a request, we have one month to respond. To exercise any of these rights, please contact us (see § How to contact us).
Cookies and analytics
This site does not use marketing or tracking cookies. We do not use Google Analytics or any other analytics system as of this policy's publication. The server records standard logs (IP address, user-agent, time of request) only for security and diagnostic purposes — for no longer than 30 days.
When you click "Subscribe" in the newsletter form, a Buttondown pop-up window opens — that is a Buttondown subdomain and is then governed by their privacy policy.
Privacy policies of other websites
The Biosecurity Poland website contains links to other websites. Our privacy policy applies only to our site — when you click on a link to another website, you should read their privacy policy.
Changes to this privacy policy
We keep this privacy policy under regular review and post any updates on this page. This privacy policy was last updated on 26 May 2026 (version 1.0).
How to contact us
If you have any questions about this policy, the data we hold on you, or you would like to exercise one of your data protection rights — write to us.
Email: info@biosecurity.org.pl.
How to contact the supervisory authority
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO — the Polish supervisory authority):
Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warsaw, Poland
uodo.gov.pl
Adapted from the gdpr.eu Privacy Notice template, via the laymonage/gdpr-privacy-policy repository (Unlicense / public-domain dedication). This adaptation is also released into the public domain (CC0 1.0). Data controller: Fundacja Efektywny Altruizm (Effective Altruism Foundation, KRS 0000726237) — the foundation under which the Biosecurity Poland initiative operates.