Data Protection

Privacy Policy

Last updated: April 2026

This Privacy Statement explains how Fundacja TechSoup ("TechSoup") processes personal data in connection with the Meet and Code programme, including the registration of organizations, submission and administration of funding applications, participation in the Meet and Code Awards, and related communications. For information about cookies and similar technologies used on the Meet and Code website, please also refer to the Cookie Policy available on the website.

The Meet and Code project is organized by Fundacja TechSoup ("TechSoup"). Further, detailed information on data processing in connection with visits to the website: www.meet-and-code.org can be found here: https://www.techsoup.pl/terms-and-conditions#PrivacyPolicy. Please note that this Privacy Statement applies to processing related to the Meet and Code programme. Website-level processing (including cookies and analytics) may be described in additional notices available via the links above and on the website.

With this data privacy statement, we (Fundacja TechSoup) would like to inform you which personal data we collect in connection with the organization of the Meet and Code project and your visit to our website and for what purposes this data is used. Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behavior. In this way, we inform you about our processing operations and comply with legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR) and the Polish Personal Data Protection Act.

I. Data Controller and Contact Details

Fundacja TechSoup
Czackiego 15/17, 00-043 Warszawa, Poland
NIP: 7010177399
KRS: 0000327333
Telephone: 0048 22 102 21 35
E-mail: privacy@techsoup.org
Data Protection Officer: privacy@techsoup.org

You can contact our DPO for any questions related to data protection.

To exercise your rights, please contact us at privacy@techsoup.org. We may request information necessary to verify your identity before responding.

II. Storage duration

We only store personal data for as long as is necessary to achieve the respective purposes. Further details can be found in the following sections.

We may have to comply with retention periods prescribed by law. The legal basis for the associated data processing is Art. 6 (1) (c) GDPR (fulfillment of legal obligations). In particular, we have to retain the following data:

In addition, we apply the following general criteria: (a) account and application data is kept for the duration of the programme relationship and for a reasonable period thereafter to handle audits, disputes, and reporting; (b) where an application results in funding, relevant documentation may be retained for the period required by applicable grant, accounting, and tax rules; (c) newsletter subscription data is stored until you withdraw your consent (unsubscribe) plus a short period to document compliance.

the content of our commercial and business correspondence for at least 6 years
accounting documents for at least 10 years.
These retention periods begin at the end of the calendar year in which the respective commercial or business correspondence was received or sent, or the accounting document was created.

III. Your Rights

Upon request, we will inform you whether and, if so, which data we have stored about you (Art. 15 GDPR). If the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), and/or restriction of processing (Art. 18 GDPR) of this data.

You also have the right to receive from us the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format; you may transmit this data or have it transmitted to other bodies (Art. 20 GDPR).

Where processing is based on your consent (Art. 6(1)(a) GDPR), you have the right to withdraw your consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

You also have the right to complain to a data protection supervisory authority about the processing of personal data by us. In Poland, the competent authority is the President of the Personal Data Protection Office (UODO). You can find current contact details at: https://uodo.gov.pl/.

III.1 Right to Object

You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR, including profiling based on these provisions. In this case, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes, including profiling related to such direct marketing. If you object, your personal data will no longer be processed for these purposes.

Upon receipt of an objection, we will assess it without undue delay and inform you of the outcome.

IV. Processing Activities (Programme Administration)

On this website, non-profit organizations interested in funding under the Meet & Code program can register/apply.

IV.1 Categories of Personal Data

IV.1.1 Special Categories of Data

We do not intend to collect special categories of personal data (e.g., health data) for the purposes of administering the Meet and Code programme. Please do not provide such data in free-text fields. If such data is nevertheless provided, we will process it only to the extent necessary to handle it appropriately and in accordance with applicable law.

Identification and contact data (e.g., name, e-mail address, telephone number) of the organisation’s contact person.

Organisation-related data (e.g., legal name, address, registration/verification data, non-profit status information, country of registration).

Application and event data (e.g., event title/description, planned activities, target group, location/online details, budget-related information necessary for administering the grant).

Communications data (e.g., correspondence with support, programme administration and follow-up).

Where applicable, content you submit for awards participation (e.g., reports and materials describing the funded event).

You may request further information about international transfers by contacting the DPO.

IV.2 Purposes and Legal Bases

We process personal data for the following purposes: (a) registration of organisations and user accounts, (b) processing and administering applications for event sponsorship (micro-grants), (c) administering participation in the Meet and CodeAwards (where applicable), (d) programme-related communication and support, (e) reporting and planning based on anonymised or aggregated information, and (f) compliance with legal obligations (e.g., retention obligations). Depending on the context, the legal basis is Art. 6(1)(b) GDPR (performance of a contract / steps at the request of the data subject prior to entering into a contract), Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(a) GDPR (consent, e.g., newsletter and certainpromotional uses, where applicable), or Art. 6(1)(f) GDPR (legitimate interests, e.g., ensuring IT security and preventing misuse), unless your interests or fundamental rights and freedoms override such interests. Where processing is based on legitimate interests (Art. 6(1)(f) GDPR), such interests include ensuring the integrity of the programme, preventing misuse, and meeting accountability and audit requirements.

IV.2.1 Requirement to Provide Data

Providing personal data is generally voluntary; however, providing the data marked as required in registration/application forms is necessary to create an account, submit an application, and administer the programme. If you do not providerequired data, we may be unable to process your registration or application.

IV.3 Sources of Personal Data

In principle, we receive personal data directly from you or your organisation when you register, submit an application, communicate with us, or participate in programme activities. We may also generate certain data as part of administering the programme (e.g., status information, correspondence logs). For the verification of non-profit status, relevant information may also be processed by the competent local TechSoup partner (see section IV.6 below).

IV.3.1 Participants (including Minors) and Media (Photos/Videos)

Meet and Code events may involve participants, including minors. As a rule, TechSoup processes personal data primarily in relation to participating organisations and their contact persons. The event organiser remains responsible for collecting and processing participants’ personal data (including obtaining any required consents/permissions for minors and for the use of photos or videos) in accordance with applicable law. Where participants’ personal data is shared with us(e.g., in reports or award materials), it should be limited to what is necessary.

If you apply with your organization for an event sponsorship and possible participation in the awards, TechSoup collects various data as part of the application process, which may mainly represent your organization but also at least partiallypersonal data (name, e-mail address, position in the organization, and the telephone number of the contact person). This data is processed for project management purposes:

for the purpose of providing you with access to event sponsorship

and possible participation in the awards.

IV.4 Recipients of Personal Data

Within TechSoup, access to personal data is limited to staff and service providers who require it to administer the programme, provide technical support, or meet legal obligations. We may also share data with third parties where this isnecessary for programme delivery (e.g., local TechSoup partners for eligibility verification, and sponsors in relation to funding decisions and awards participation), or where you have provided consent.

Some recipients act as our processors (service providers processing data on our behalf under Art. 28 GDPR, e.g., IT hosting, platform maintenance, and communication tools). Where sponsors or partners receive data for their own purposes, they may act as independent controllers and will provide their own privacy information.

Access to personal data is limited to individuals who require it on a needtoknow basis.

IV.5 Disclosure of Data to Sponsors

To process the application for event sponsorship and participation in the Meet and Code Awards, organizational data such as names and contact details of organizations or representatives of organizations and information about the event aretransmitted to the sponsors. The legal basis for this transfer is Art. 6 (1) (b) GDPR (contract initiation and performance). The legal basis for the transfer to sponsors for other purposes is Art. 6 (1) (a) GDPR (consent), insofar as such consenthas been granted. We share only the data necessary to support funding decisions and programme administration, in line with the data minimisation principle. You can find the privacy policy of our sponsors here:

IV.5.1 Scope of Data Shared with Sponsors

Data category shared	Examples	Purpose of sharing	Legal basis(TechSoup)	Role of the sponsor
Organisation data	Organisation name, address/country, registration/verification status (whererelevant)	Programme administration; eligibility and funding decision support; audit/report ingrelated to the sponsorship	Art. 6(1)(b) GDPR (contractinitiation/performance) and/or Art. 6(1)(f) GDPR (legitimateinterests in administering the programme and accountability), as applicable	Typically independent controller for their own purposes related to sponsorship and compliance
Contact person data	Name, e-mail, phone, role/position	Operational communication regarding sponsorship and event administration	Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR, as applicable	Typically independent controller
Event data	Event title, description, location/date, target group, outcomes, budget elementsnecessary for administering the grant	Funding decision support; programme quality assurance; reporting on sponsoredactivities	Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR, as applicable	Independent controller
Reports and photos	Event report materials and photossubmitted after the event (may includeparticipants and minors)	Demonstrating delivery/impact of sponsored events; awards participation administration; communications and reporting about the programme(where applicable)	Art. 6(1)(b) GDPR (where required for administering the programme/awards) and/or Art. 6(1)(a) GDPR (consent for specific uses, whereapplicable)	Independent controller for any further use (e.g., their own communications), unless agreed otherwise

If you submit reports and photos, please ensure you have the necessary legal basis to share them with us and the sponsors (including, where required, consent/permission for the use of images of participants and minors). Sponsors mayprocess the received data under their own responsibility and according to their own privacy notices.

As a rule, photos submitted by event organisers as part of event reports are used exclusively for internal programme purposes, including verification, reporting, accountability, and audit obligations. Such photos are not used for marketing, promotional, advertising, or commercial purposes and are not shared with sponsors or donors for such purposes.

An exception applies to photos and audiovisual materials created by TechSoup as part of dedicated photo or video sessions organised by TechSoup. In such cases, participants provide separate, explicit consents allowing the use of suchmaterials by TechSoup for external communication purposes, including publication on TechSoup and Meet and Code websites, reports, and social media channels.

Photos created by TechSoup are not routinely shared with sponsors or donors. Any potential use of such materials by a sponsor or donor for external communication purposes would require a separate verification of the legal basis and confirmation that the scope of consent obtained covers such use.

Sponsors and donors do not use photos or reports containing personal data for marketing, promotional, advertising, or commercial purposes. Any use beyond internal programme accountability would require a separate legal assessment and an appropriate legal basis.

Photos and audiovisual materials are not reused for purposes incompatible with those originally specified.

Retention by sponsors: sponsors determine their own retention periods as independent controllers. If you wish to learn more about how a sponsor stores or uses the data received from us, please consult the sponsor’s privacy policy (see linksabove) or contact the sponsor directly.

IV.6 Reporting and Planning (Anonymised/Aggregated Data)

We also use the anonymized data you provide in your application for reporting and planning purposes.

V. Newsletter

Fundacja TechSoup is responsible for newsletters regarding the Meet and Code project.

Our newsletters contain information about Fundacja TechSoup and its products, offers, campaigns, and news.

You can register to receive our e-mail newsletter on our website. This requires you to provide your e-mail address so that we can send you the newsletter. We will then send an e-mail to the e-mail address you have provided asking you to confirm your e-mail address. Only after you have clicked on the confirmation link in this e-mail will we send you our newsletter (double opt-in procedure). We will only use your e-mail address to send you the newsletter.

The legal basis for sending the newsletter, as well as for its analysis and evaluation, is Art. 6 (1) (a) GDPR in conjunction with your consent. You can withdraw your consent at any time and unsubscribe from receiving the newsletter, for example by clicking on the link provided in the newsletter.

VI. Validation of Non-profit Status with Local TechSoup Partners

Before you and your organization can apply for funding and, in the case of participation in the award, for Meet & Code, your organization must register and have its status as a non-profit organization validated. The validation is carried out by the respective TechSoup Europe network partner in the country of the applicant organization. A list of all TechSoup Europe partners can be found at: https://www.techsoupeurope.org/where-we-work/.

For validation, the data of your organization will be transmitted by TechSoup to a TechSoup Europe partner. The legal basis for this transfer is Art. 6 (1) (b) GDPR (contract initiation and fulfillment). Some of the TechSoup Europe partners arebased in a country outside the EU. TechSoup ensures an adequate level of data protection with recipients in these countries by concluding the standard contractual clauses of the EU Commission.

VI.1 International Data Transfers

Where a local TechSoup partner is located outside the European Economic Area (EEA), we use appropriate safeguards for international transfers, in particular the European Commission’s Standard Contractual Clauses, to help ensure anessentially equivalent level of protection for your personal data. You may request information about the safeguards used and, where applicable, obtain a copy of the relevant Standard Contractual Clauses (redacted as necessary to protectconfidential information).

The respective local TechSoup partner is responsible for data processing regarding this validation. Their data protection declarations and terms of use can be found in the respective country-specific section.

The respective local TechSoup partner is responsible for data processing with regard to this validation. The data protection declarations and terms of use can be found in the table below.

VII. Security Measures

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Such measures include accesscontrols, least-privilege principles, and measures to protect the confidentiality, integrity and availability of our systems. Please note that no system can guarantee absolute security.

We regularly review and update our security measures to reflect evolving risks.

VIII. Automated Decision-making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR in connection with the Meet and Codeprogramme.

IX. Cookies and Tracking Technologies

We use cookies and other tracking technologies to improve user experience. You can manage your cookie preferences via the cookie banner on our website. Where required, cookies are set based on your consent, which you can withdraw oradjust at any time via the cookie settings. Please refer to our Cookie Policy for more information.

X. Changes to This Privacy Statement

We may update this Privacy Statement from time to time, for example if our processing activities change or legal requirements are updated. The latest version will be made available on the Meet and Code website.

Where changes are material, we will provide a prominent notice.

Country of registration	Local TechSoup Partner	Privacy Policy	Terms of Use
Germany	Stifter-helfen	Read Privacy Policy	Read Terms & Conditions
Poland	TechSoup Poland	Read Privacy Policy	Read Terms & Conditions
Austria	Stifter-helfen	Read Privacy Policy	Read Terms & Conditions
France	Les Ateliers du Bocage	Read Privacy Policy	Read Terms & Conditions
Italy	TechSoup Italia	Read Privacy Policy	Read Terms &Conditions
Spain	TechSoup Spain	Read Privacy Policy	Read Terms & Conditions
United Kingdom	Digit<all>	Read Privacy Policy