DRAFT · VERSION 0.1 · 14 JULY 2026
Application Privacy Notice
1. Who controls your information
The controller is [Findit legal entity, registered address and registration details]. Privacy contact: [privacy email and postal address].
2. Information we collect
Identity and contact details; business, role, city, industry and stage information; application answers; verification evidence or links; interview notes; declarations and policy acceptance; membership activity; and safety or incident information when relevant.
3. Why we use it
- Assess eligibility and community fit.
- Verify the stated business or pre-launch activity.
- Contact applicants and communicate decisions.
- Administer membership, activities, introductions and events.
- Enforce rules, investigate reports and protect member safety.
- Measure and improve the pilot.
- Send optional marketing only where an appropriate permission or other lawful basis exists.
4. Lawful bases
[Specify the GDPR lawful basis for each purpose. Do not label every activity as consent. Record any legitimate-interest assessment and separate optional marketing permission.]
5. Who receives the information
Authorised Findit staff and approved processors for hosting, Netlify form handling, communications, storage, analytics and verification. Joining WhatsApp is voluntary and subject to Meta/WhatsApp terms. List processors and transfer safeguards here: [processor list and safeguards].
6. International transfers
[Identify transfers outside the EEA and the applicable adequacy decision, standard contractual clauses or other safeguard.]
7. Retention
[Insert precise periods for drafts, declined, waitlisted, withdrawn and accepted applications, raw verification evidence, membership records and incidents.] Raw evidence should be deleted as soon as the approved purpose and legal requirements allow.
8. Your choices and rights
Depending on the lawful basis and circumstances, you may request access, correction, deletion, restriction, portability or object to processing. You may withdraw consent where consent is used and complain to the Polish data protection authority. Contact [privacy contact].
9. Automated decisions
No admission decision should be made solely by automated processing during the pilot.
10. Security and uploads
Do not upload unredacted identity documents, bank details, health data, criminal records or unrelated confidential documents. Findit must use encryption, access controls, multifactor authentication, audit logs and approved deletion procedures.
11. Updates
The current notice version and effective date will appear here. Material changes will be communicated where required.