Privacy Policy

Introduction and responsible body

As part of the ICF Movement, we make every effort to ensure that your data is handled with due care and respect.

This privacy policy explains what personal data we process on our website, for what purposes and what rights you have in relation to it.

This applies to the domain https://icf.church/bydgoszcz in all its language versions, as well as all legal entities listed below and future companies operating under the ICF (International Christian Fellowship) brand or in which one of the above-mentioned organizations is involved.

  • Ruch ICF (Stowarzyszenie)
  • ICF Movement Germany eV (Association)

In this privacy policy, wherever we refer to “ICF” or “we”, we mean one or more of these organisations, as the context requires.

Website Operator

Centrum Chrześcijańskie „Nowa Fala” – ICF Bydgoszcz

ul. Fordońska 160

85-752 Bydgoszcz

NIP: 9581319698, Regon: 191203700

Responsible for the content and processing of data

Centrum Chrześcijańskie „Nowa Fala” – ICF Bydgoszcz

ul. Fordońska 160

85-752 Bydgoszcz

NIP: 9581319698, Regon: 191203700

What is the ICF Movement?

ICF is a Christian church founded on biblical principles. We were born from the dream of creating a church that is dynamic, relevant, and contemporary for people.

The ICF movement is an organization that promotes church planting, primarily in Europe and to a lesser extent in the rest of the world, with the goal of helping people become more like Jesus Christ, live fearlessly, and positively impact their communities. We understand church planting as a mission, a fundamental part of our DNA.

In addition to planting ICF churches, the ICF Movement is committed to renewing and strengthening the existing church landscape in Europe and beyond. To this end, it offers resources, conferences, training courses (ICF College), leadership development, and coaching.

Together, we believe that Europe and the world can awaken thanks to healthy and socially relevant local churches. We are deeply convinced that the local Church is the hope of the world!

Find out more at https://icf.church/movement

Legal basis

The information you provide for each tool in this privacy policy will be used solely for the purpose of processing your request. For more information, please see the “Legal basis for data processing” section.

Data processing principles

We process personal data for a clearly defined purpose and only to the extent necessary. We adhere to the following principles:

✅ Clarity

We want you to always know what happens to your data. That’s why in this statement we openly describe which tools we use and why.

🎯 Intended purpose

We collect and use personal data for the intended purpose – for example, to contact you, subscribe to our newsletter, analyze website usage, or process donations.

➖ Data minimization

We collect and process only as much data as necessary. Where anonymous or pseudonymous use is possible, we utilize this option.

🔐 Security

Your data is protected by us. We implement technical and organizational measures to protect it against loss, misuse, and unauthorized access.

🕐 Memory limit

We retain personal data for as long as necessary to fulfill a given purpose or for as long as there are legal retention obligations.

🌍 Legality

Our data processing is based on a valid legal basis: your consent, legitimate interest, or legal obligation. We do not make decisions with legal effect or similar significance solely by automated means (no “profiling” within the meaning of Article 22 of the GDPR).

Note: For certain higher-risk data processing operations (e.g. processing of sensitive data), we carry out a Data Protection Impact Assessment (DPIA) in accordance with Article 35 of the GDPR, where required.

Collection and use of personal data

We collect personal data when you actively provide it to us (e.g. via a form) or when it is technically necessary – for example via a form, your IP address when visiting a page, making a donation, or using our website.

Here you can find out when this happens and how we use this data:

📬 Contact and forms

For example, if you write to us using a contact form or register for an event, we process the data you provide (e.g. name, email address, request, etc.) to respond to your request or provide the requested service.

💳 Donations

Payment processing is handled by a third-party provider, Przelewy24. After clicking the link, you will be redirected to their platform. Their respective privacy policies will apply to further processing.

We process the data you provide (e.g., name, email address, amount) to process your donation and for documentation purposes (e.g., issuing donation receipts). Donations to religious organizations may, in certain circumstances, allow for inferences about your religious beliefs (special categories of personal data – considered particularly sensitive within the meaning of Art. 9 GDPR). This processing takes place only with your explicit consent or when permitted by law.

📈 Website Use and Tracking

When you visit our website, certain technical information is automatically processed, such as:

  • IP address (shortened/pseudonymized)
  • Browser type and version
  • operating system
  • Date and time of access
  • Pages visited / Time spent on the page

This data helps us maintain the stable operation of our website and continuously improve it.

💻 Server Logs and IT Security

When you visit our website, our hosting provider automatically processes server log files (e.g., IP address, date/time, requested URL, referrer, user agent). This is for the purpose of ensuring technical and IT security.

Use of cookies and tracking technologies

Our website uses cookies and similar technologies to – with your consent – ​​provide user-friendly content, analyse performance and provide certain features (e.g. forms or videos).

🍪 What are cookies?

Cookies are small text files that your browser automatically creates and stores on your device. They don’t contain malware, but they help us do things like:

  • for the technical operation of the website (essential cookies)
  • to create visit statistics
  • to evaluate marketing campaigns

🍪 Consent management (CookieHub)

Our website uses CookieHub to manage consent for cookies and third-party services. The tool displays a consent banner when you visit the site and stores your consent or refusal via a technically necessary cookie.

⚙️ Consent-based cookies

Not all cookies are necessary. Cookies are only used for statistical or marketing purposes, with your explicit consent.

Therefore, when you first visit our website, we will display a cookie banner, allowing you to decide which cookies you accept. You can change your selection at any time via the cookie banner.

We use the following categories of cookies:

  • Essential cookies: necessary for technical operation.
  • Functional cookies: they increase user-friendliness.
  • Analytical cookies: help us improve the website.
  • Marketing cookies: support targeted advertising.

🛠 Managed via Google Tag Manager

We use Google Tag Manager to manage certain services in a privacy-compliant and efficient manner—for example, Google Analytics, Facebook Pixel, and other analytics tools. Tag Manager itself does not store any personal data; it only loads configurable scripts.

Tools used and external suppliers

We use selected third-party providers to ensure our website is user-friendly, secure, and modern. Below, we explain which tools we use, what data is processed, and why.

📈 Analysis and performance tools:

Google Analytics

We use this to understand how visitors use our website. The collected data (e.g., number of page views, time spent on the site, device used) is analyzed anonymously.

Google Tag Manager

It’s used to manage tracking tags and cookies. Tag Manager itself doesn’t store any personal data.

Meta pixel

We use it to measure the effectiveness of marketing campaigns and display relevant content.

Google Ads

Used for campaign tracking and conversion measurement to analyze the effectiveness of our advertising.

Microsoft Clarity

Used to analyze user behavior (e.g., click paths, heat maps). Data is analyzed anonymously.

Gleap

We use Gleap as a support and communication platform. It is used to process service requests, display support information (e.g., help articles), evaluate user feedback, and display targeted chat messages, notifications, or banners.

Pulsetic

Monitors website availability and performance. Does not store any personal data.

Sentry

Logs error messages (bugs) and technical data to enhance stability.

📋 Forms, newsletters and communications

MailGun

We use MailGun as an SMTP service to reliably deliver emails (e.g. confirmations, newsletters).

Google reCAPTCHA

To protect our forms from abuse and spam, we use Google reCAPTCHA (versions 2 and 3). This service checks whether data entered is by a human or a bot. Information such as IP address, time spent on the page, and mouse movements are analyzed and sent to Google.

Salesforce Account Engagement (Pardot)

Our marketing automation platform, which we use to manage newsletters and campaigns, uses Pardot to identify content relevant to you and send you tailored information.

🎥 Media integration

YouTube

YouTube videos are embedded on our website. These providers may set cookies and collect usage data (e.g., which videos are viewed).

Spotify

Audio and video files from Spotify are embedded on our website. Spotify may set cookies and collect usage data (e.g., which podcasts are listened to).

ICF Hub

Sermons, offers, church services and certain organizational data such as social media links, addresses or contact details are transferred from our internal ICF platform to the website via API and are technically necessary for the operation of basic functions.

⚙️ More tools

  • Google Maps: Interactive maps on the website
  • Algolia: For internal search functionality for offers, sermons, and locations
  • Shortpixel: image optimization
  • Zapier: Automation (e.g. transferring data between tools).
  • WPML (Translation): Manages multilingual content presentation

Your rights

Protecting your personal data is important to us. You have the right to know what happens to your data, and we will transparently explain your options. Here’s an overview of your rights:

📋 Right to information

You can ask at any time whether and what personal data we store about you.

✏️ Right to rectification

If something is (already) incorrect, you can request that your data be corrected.

❌ Right to erasure

You have the right to have your data deleted – for example, if it is no longer necessary to achieve the original purpose or if you have withdrawn your consent.

🧯 The right to limit

You can request that we process your data only to a limited extent – ​​e.g. during an inspection or in the event of an objection.

🚫 The right to object

You can request that we process your data only to a limited extent – ​​e.g. during an inspection or in the event of an objection.

📤 The right to data portability

You can request that we process your data only to a limited extent – ​​e.g. during an inspection or in the event of an objection.

🛑 The right to withdraw consent

You can request that we process your data only to a limited extent – ​​e.g. during an inspection or in the event of an objection.

🧑‍⚖️The right to lodge a complaint with the supervisory authority

If you believe that your data protection concerns have not been sufficiently addressed, you have the right to contact the competent supervisory authority.

The person responsible is:

  • Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.

Data transfer and order processing

Generally, we do not share your personal information with third parties unless:

  • required to achieve a purpose that you know and want to achieve (e.g. processing donations),
  • legally required
  • covered by valid consent,
  • or takes place as part of commissioned data processing.

🤝 Cooperation with service providers (data processing)

We work with selected service providers for certain technical, administrative, and communication processes. These so-called “data processors” act on our behalf and in accordance with our instructions, for example:

  • Website hosting and maintenance (np. DigitalOcean, Xano, Imgix)
  • Sending emails (np. MailGun, Salesforce Account Engagement)
  • Analysis and tracking tools (np. Google Analytics, Clarity, Sentry)
  • Forms (np. gravity forms)

We have entered into data protection compliant agreements with all data processors to ensure that your data is protected and not used for our own purposes.

🌍 Transfer to third countries

Some of our service providers are based outside of Poland or the European Union (e.g., the USA). In such cases, we ensure an adequate level of data protection – for example, by:

  • European Commission standard contractual clauses,
  • Adequacy decisions (in countries like Poland),
  • or additional technical protective measures

Storage time

We retain personal data for as long as necessary to achieve a given purpose – or as long as required by law.

🔄 General rules

  • Contact requests are stored for a maximum of 2 years (for internal monitoring and analysis purposes), unless a request to delete the data is received, there is a legitimate interest in deleting the data or there are no legal obligations to store the data.
  • We store your newsletter data until you unsubscribe or withdraw your consent.
  • Donor data is subject to data retention requirements under Polish and EU tax regulations (typically 10 years).
  • Tracking data (e.g. via Google Analytics) is collected and anonymously stored to track long-term trends and improve the ICF website.

📌 What does this mean for you?

We comply with legal deadlines and regularly check which data can be deleted or anonymized.

International data transmission

Some of the services we use (e.g. hosting, newsletters, analyses) are located or process data in countries outside Poland – especially in the USA.

🌍 What exactly does this mean?

When personal data is transferred to countries that do not have the same level of data protection as in Poland or the EU, we ensure that your data is still well protected.

We achieve this, for example, by:

  • EU Standard Contractual Clauses (SCCs) of the European Commission
  • Adequacy decisions (including the EU/PL-US Data Privacy Framework)

Additional technical/organizational measures such as encryption or strict access restrictions

🇺🇸 Example: USA

Some of our service providers (e.g., Google, Meta, MailGun, Vimeo) are headquartered in the U.S. Some of them have joined the Data Privacy Framework (DPF), which aims to ensure a comparable level of data protection between the EU/Poland and the U.S.

Otherwise, the legal basis is the EU standard contractual clauses.

Security

Protecting your data is important to us. Therefore, we implement comprehensive security measures to effectively protect it against loss, misuse, or unauthorized access.

🔐 Technical and organizational measures

We implement technical and organizational security measures to protect your data against loss, misuse, unauthorized access, or disclosure. These include:

  • careful selection and monitoring of service providers
  • Connection encryption (SSL/TLS), recognizable by “https://” in the browser address bar.
  • Restrictions on access to our systems
  • regular security and software updates
  • Principles of secure use of passwords and two-factor authentication (internal)

🛡️ What you should know

No digital system is 100% secure. However, we make every effort to ensure a high level of protection – and we respond immediately if there is cause for concern. If you notice anything unusual, please contact us. We take your feedback seriously. Despite careful technical and organizational measures, residual risks can never be completely eliminated when transmitting data over the internet (e.g., when using third-party services).

Legal basis for data processing and scope

This privacy policy is based on the requirements of the General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act.

Our data processing is based on applicable law. Depending on the country in which you use our services, different laws apply.

🇪🇺 European Union

Data processing is carried out on the basis of the relevant legal bases of the GDPR, in particular:

  • Article 6 1a GDPR – Consent
  • Article 6 1b GDPR – Performance of a contract or implementation of pre-contractual measures
  • Article 6 1 c GDPR – Legal obligation
  • Article 6 1 f GDPR – Legitimate interests (e.g. our interest in analysing user behaviour to improve our website or ensure IT security)
  • Article 9 2 GDPR – Processing of special categories of personal data (e.g. in the context of donations)

The relevant legal basis is set out in the relevant sections where necessary or depends on the specific purpose of processing.

Users outside these jurisdictions—e.g., the United States (CCPA), Brazil (LGPD), the United Kingdom—may be subject to additional rights. If you are accessing our services from another country, we recommend that you review your local data protection laws.

Please contact us with any questions regarding data protection.

If you have any questions about data protection or wish to exercise your rights (e.g. access, deletion or revocation of data), please contact us.

Contact:

ICF Bydgoszcz Office
ul. Fordońska 160
85-752 Bydgoszcz

Telefon +48 696 810 706
[email protected]

We will respond to your inquiry as quickly as possible – and in any case within the timeframe required by law (reporting and notification obligations pursuant to Art. 33/34 GDPR)

Changes

We regularly review our privacy policy and adapt it, if necessary, to new legal requirements (e.g. rulings of the European Court of Justice, new regulations such as the Artificial Intelligence Act) or technical changes. You can always find the latest version on our website.