Information on the Processing of Personal Data
LASTHUMAN Foundation — in accordance with GDPR and RODO
Version: 2.0 | Effective date: 1 January 2026 | Next scheduled review: 30 June 2026
This Privacy Policy (hereinafter: "Policy") sets out the rules for the processing of personal data collected by LASTHUMAN Foundation (hereinafter: "Foundation", "we", "us") through the website lasthuman.today and all associated sub-pages, as well as through direct communication with the Foundation.
The Policy has been drawn up in accordance with:
The controller of your personal data within the meaning of Article 4(7) GDPR is:
LASTHUMAN Foundation
(Fundacja LASTHUMAN)
Aleja Prymasa Tysiąclecia 83
01-242 Warszawa, Poland
KRS: 0001228457
NIP: 5273209718
Contact: hello@lasthuman.today
Website: lasthuman.today
Inquiries, requests and notifications concerning personal data shall be submitted to the e-mail address: hello@lasthuman.today or in writing to the postal address indicated above.
When you access the Website, the following data may be automatically recorded:
We process personal data that you provide directly to us, in particular:
Scope: Name, e-mail address, message content.
Purpose: Handling your inquiry and correspondence with the Foundation.
Legal basis: Article 6(1)(b) GDPR — processing necessary to take steps at your request prior to entering into an agreement, or Article 6(1)(f) GDPR — legitimate interest (handling correspondence). (Art. 6(1)(b)/(f) GDPR)
Scope: E-mail address, optionally name.
Purpose: Sending commercial and informational communications about the Foundation's activities.
Legal basis: Article 6(1)(a) GDPR — explicit consent. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal. (Art. 6(1)(a) GDPR)
Scope: Name, e-mail address, professional affiliation, and other data as specified in the relevant registration form.
Purpose: Organisation and execution of the Foundation's statutory activities.
Legal basis: Article 6(1)(b) GDPR — performance of a contract or Article 6(1)(a) GDPR — consent. (Art. 6(1)(a)/(b) GDPR)
The Website uses cookies — small text files stored on your end device. The use of cookies requires your prior consent, except for technically necessary cookies.
The following cookies are placed without consent on the basis of Article 6(1)(f) GDPR (legitimate interest in ensuring the basic functionality of the Website):
lang_preference — Language PreferenceStores your selected language version of the Website.
Retention period: 12 months | Type: Persistent, first-party
cookie_consent — Consent StatusRecords whether you have provided or withdrawn consent to non-essential cookies.
Retention period: 12 months | Type: Persistent, first-party
Subject to your consent, we use Google Analytics 4 to analyse aggregate website traffic. Google Analytics places cookies on your device that may transfer data to Google LLC servers in the United States. This transfer is covered by Standard Contractual Clauses approved by the European Commission. (Art. 46(2)(c) GDPR)
You may withdraw consent to analytical cookies at any time through the cookie preference panel accessible from the site footer.
The Foundation does not sell, rent, exchange or otherwise make personal data available to third parties for commercial purposes. Data is shared only to the extent strictly necessary for the operation of the Website and fulfilment of the Foundation's statutory objectives.
Personal data may be entrusted for processing, pursuant to Article 28 GDPR, to entities providing the following services to the Foundation:
All data processors have been verified for GDPR compliance and are bound by data processing agreements that oblige them to apply appropriate technical and organisational security measures and to process data solely on documented instructions of the Foundation.
Personal data may be disclosed to authorised public authorities (including law enforcement, courts, supervisory authorities) exclusively in circumstances provided for by mandatory provisions of law, to the extent strictly required by law. The Foundation will, where legally permissible, notify affected data subjects of any such disclosure and will challenge requests that are overly broad or disproportionate.
Personal data may be shared with third parties where you have provided your prior, explicit, specific and informed consent, in accordance with Article 6(1)(a) and Article 7 GDPR. Such consent may be withdrawn at any time.
Personal data shall be stored for no longer than is necessary for the purpose for which it was collected, in accordance with the principle of storage limitation set out in Article 5(1)(e) GDPR.
For the duration of handling the inquiry and, thereafter, for the period of limitation of potential claims — no longer than 3 years from the date of the final response. (Art. 118 Civil Code)
Until withdrawal of consent to receiving commercial communications or until the Foundation ceases to send the newsletter, whichever occurs first.
Aggregate statistical data: up to 26 months in line with Google Analytics standard retention settings. Raw server logs: up to 90 days, thereafter anonymised or deleted.
In accordance with Article 74 of the Accounting Act — 5 years from the end of the financial year in which the transaction occurred. (Art. 74 Accounting Act)
In accordance with Articles 15–22 GDPR, you have the following rights in relation to your personal data:
You have the right to obtain confirmation as to whether the Foundation processes your personal data and, if so, to receive a copy of that data together with information on: the purposes of processing, categories of data, recipients, planned retention period, and the origin of the data.
You have the right to request the immediate rectification of inaccurate personal data and the completion of incomplete personal data, including by means of a supplementary statement.
You have the right to request the erasure of your personal data without undue delay where: the data are no longer necessary for the purposes for which they were collected; you withdraw consent and no other legal basis exists; you object and no overriding legitimate grounds exist; or the data have been unlawfully processed. The right does not apply where processing is required by law or for the establishment, exercise or defence of legal claims.
You have the right to request restriction of processing where: the accuracy of the data is contested by you (for a period enabling the Foundation to verify accuracy); the processing is unlawful but you oppose erasure; the Foundation no longer needs the data but you require it for legal claims; or you have objected to processing pending verification of overriding grounds.
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and to transmit it to another controller without hindrance.
Where processing is based on the legitimate interests of the Foundation (Article 6(1)(f) GDPR), you have the right to object at any time to such processing on grounds relating to your particular situation. The Foundation shall cease processing unless it demonstrates compelling legitimate grounds that override your interests, rights and freedoms, or that processing is necessary for the establishment, exercise or defence of legal claims.
Where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent to marketing communications, in particular, shall have no effect on your access to information and materials published by the Foundation.
How to exercise your rights:
E-mail: hello@lasthuman.today
Post: LASTHUMAN Foundation, Aleja Prymasa Tysiąclecia 83, 01-242 Warszawa, Poland
Response deadline: 30 days from receipt of the request (Article 12(3) GDPR); may be extended by a further two months in complex cases, with prior notification
Fee: Free of charge as a rule; a reasonable administrative fee may be charged for manifestly unfounded or excessive requests (Article 12(5) GDPR)
The Foundation applies appropriate technical and organisational measures, in accordance with Article 32 GDPR, to ensure a level of security appropriate to the risk associated with the processing of personal data. These measures include, in particular:
All communication between the User's browser and the Foundation's servers is encrypted using TLS (Transport Layer Security). The Website operates exclusively over HTTPS.
Access to personal data is restricted to authorised Foundation personnel who require it for the performance of their duties. All access instances are logged and subject to periodic review.
The Foundation conducts periodic reviews of security measures, including quarterly internal audits and annual vulnerability assessments, to verify the adequacy and effectiveness of the protections applied.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the Foundation shall notify the President of the Personal Data Protection Office (UODO) within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, you will be informed directly without undue delay (Article 34 GDPR).
Limitation of liability: Despite applying all reasonable technical and organisational measures, the Foundation acknowledges that no information system can guarantee absolute security. In the event of an incident affecting your data, the Foundation undertakes to act without undue delay, in accordance with applicable law, and to communicate transparently with affected data subjects.
The Website and the Foundation's activities are directed exclusively at adults (persons aged 18 years and over) and at legal entities and their representatives. The Foundation does not knowingly collect or process personal data of persons under the age of 13.
If it comes to the Foundation's attention that personal data of a person under 13 has been collected without verifiable parental or guardian consent, such data will be deleted immediately.
If you are a parent or guardian and have reason to believe that your child has provided personal data to the Foundation, please contact us without delay at: hello@lasthuman.today. We will take immediate action to verify and, where confirmed, permanently delete the relevant data within 48 hours of receiving the notification.
LASTHUMAN Foundation is registered and operates in the Republic of Poland, which is a Member State of the European Union. Personal data are processed primarily within the European Economic Area (EEA).
In connection with the use of Google Analytics services provided by Google LLC (a company incorporated in the United States), personal data may be transferred to a third country. Such transfers take place exclusively on the basis of adequate safeguards provided for in Article 46 GDPR, in particular:
Regardless of the country from which you access the Website, your rights as a data subject remain unaffected and are exercisable in full.
The Website may contain links to external websites, including academic publications, policy documents, open-source projects and the websites of partner organisations. Such links are provided solely for informational purposes.
The Foundation has no control over the content or privacy practices of external websites and bears no responsibility for the processing of personal data by third-party operators. Before providing your personal data on any external website, we recommend reviewing the privacy policy applicable to that site.
The Foundation reserves the right to amend this Policy, in particular in response to: changes in applicable law, issuance of decisions or guidelines by the President of UODO or the European Data Protection Board (EDPB), changes in the technical infrastructure of the Website, or the introduction of new processing activities.
In the event of material amendments affecting your rights or the scope of data processing, the Foundation will:
Continued use of the Website after the effective date of amendments constitutes acknowledgement of the updated Policy. Where the amendments require renewed consent, appropriate consent mechanisms will be displayed.
This Policy is reviewed at minimum every 6 months. Next scheduled review: 30 June 2026.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a competent supervisory authority, in accordance with Article 77 GDPR, if you consider that the processing of your personal data infringes GDPR provisions.
The competent supervisory authority for the Foundation is:
Urząd Ochrony Danych Osobowych (UODO)
(President of the Personal Data Protection Office)
ul. Stawki 2, 00-193 Warszawa, Poland
Tel.: +48 22 531 03 00
Website: uodo.gov.pl
E-mail: kancelaria@uodo.gov.pl
If you are located in another EU Member State, you may also lodge a complaint with the supervisory authority competent for your place of habitual residence or place of work.
Prior to lodging a complaint with a supervisory authority, we encourage you to contact the Foundation directly at hello@lasthuman.today, as we are committed to resolving any data protection concerns promptly and amicably.
For all matters relating to the processing of personal data, including the exercise of rights under Chapter III GDPR, please contact the Foundation:
LASTHUMAN Foundation
Aleja Prymasa Tysiąclecia 83, 01-242 Warszawa, Poland
E-mail: hello@lasthuman.today
Website: lasthuman.today
Response time: Ordinarily within 48 business hours; legally mandated deadline — 30 days from receipt of request
Supervisory Authority:
Urząd Ochrony Danych Osobowych (UODO) — uodo.gov.pl
This Policy constitutes a binding commitment by LASTHUMAN Foundation to the protection of the personal data of all persons who interact with the Foundation and its digital presence.
The Foundation's mission — ensuring that artificial intelligence serves humanity — begins with how we treat the data entrusted to us. Every data protection obligation set out herein reflects not merely a legal requirement, but a fundamental value: that the right to privacy is inseparable from human dignity.
— LASTHUMAN Foundation, Warszawa