Privacy Policy
Last updated: 2025‑10‑15Applies to: https://fmtlab.org/
I. Who we are (Controller)
Controller: Klub Krótkofalowców przy Praskim Oddziale Terenowym PZK w Warszawie (PZK).
The project is operated on behalf of the club by the project coordinator,
Konstantin Lisitsyn [email protected]
Contact (data requests): [email protected]
Location: ul. Kordeckiego 66, 04-355 Warsaw, Poland (EU). We comply with the General Data Protection Regulation (GDPR) and applicable Polish law.
A Data Protection Officer (DPO) is not appointed, as processing is limited in scope and does not involve large‑scale monitoring or special categories of data.
II. Definitions
- Personal Data means any information relating to an identified or identifiable natural person (for example, callsign when linked to a person, name, e‑mail, IP address). Fully anonymised data is not Personal Data.
- Non‑Personal Data is information that cannot identify an individual on its own or has been irreversibly anonymised. If combined with Personal Data and becomes identifiable, we treat the whole set as Personal Data.
- Receiver/Recipient means any natural or legal person to whom Personal Data is disclosed. Government authorities acting under a lawful request are not considered recipients.
- Third Party means anyone other than you (the data subject), us (the controller), or persons authorised to process data under our direct authority.
-
Consent means a freely given, specific, informed and unambiguous indication of the data subject’s wishes, signified by a clear affirmative action.
We do not intentionally collect special categories of data (e.g. health, religion, biometrics) and we do not knowingly target or profile children.
III. What we do (Project scope)
FMT Lab is a non-commercial project operated by the Klub Krótkofalowców przy Praskim Oddziale Terenowym PZK w Warszawie.
The project runs periodic Frequency Measuring Tests and publishes competition tables. Participation is voluntary.
The web application at fmtlab.org provides registration, submission of measurements, scoring, and optional publication of results.
IV. Principles for processing
We process Personal Data only when necessary to:
- provide registration, authentication and participation in FMT tours/seasons;
- evaluate submissions and compute scores;
- publish competition tables if you consent;
- operate, secure and improve the website and infrastructure;
- meet legal obligations.
We rely on the following legal bases (Art. 6 GDPR): consent, contract/steps prior to a contract, and legitimate interests. Details are in Section VII.
V. Data we collect
1) Account/Profile (User, Participant)
- Username, e‑mail address
- Callsign (may be public in ham radio registries), country/QTH
- Optional: equipment and short bio
- Links to public profiles (e.g., QRZ)
- Notification settings and visibility flags (e.g., show_email_public)
- Declared class (PRO/Hobbyist), has_gpsdo flag
- Equipment snapshot and brief method summary
- Metric submissions (FREQ/PULSE/PPS): measured values, declared uncertainty (U), raw_present flag
- Computed statistics: errors, per‑metric scores, bonuses, multipliers, ranks, totals
- Callsign, country/region, points, positions, cups/categories.
Published only with explicit consent (separate checkbox).
- IP address, user‑agent, timestamps and URLs in access/error logs
- Cookies necessary for sessions and security
- Analytics events and cookies (only if consented; see Cookies & Analytics)
VI. Sources of data
- Directly from you during registration and submission.
- Generated by the system (logs, session IDs).
We do not buy data or harvest it from third‑party sources.
VII. Purposes and legal bases
| Purpose | Examples of data | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Registration and account servicing | e‑mail, username, callsign, settings | Contract/steps prior (6(1)(b)); Legitimate interest for security (6(1)(f)) |
| Participation in tours/seasons; evaluation of submissions | submissions, metrics, equipment snapshot | Consent (6(1)(a)) |
| Publication of results in public tables | callsign, country, scores/positions | Separate consent (6(1)(a)); revocable |
| Operational communications (deadlines, technical notices) | e‑mail | Legitimate interest (6(1)(f)); opt‑out possible for non‑essential mail |
| Website security and troubleshooting | IP, UA, logs, anti‑abuse signals | Legitimate interest (6(1)(f)) |
| Web analytics | GA4 cookies/identifiers, events | Consent (6(1)(a)); disabled until accepted |
VIII. Cookies and Analytics
We use necessary cookies for sessions and security.
For analytics we use Google Analytics 4 (GA4) only after you give consent via the cookie banner (Consent Mode). Before consent, no analytics scripts are loaded. GA4 is configured with IP anonymisation and minimal retention. You can change your choice at any time using the "Manage cookies" link in the footer.
IX. Disclosures and processors
We share data only with service providers acting as processors under a Data Processing Agreement (DPA) and only as needed. We keep an internal register of processors and sub‑processors and update this section when providers change.
Current processors (FMT site):
- Hosting & infrastructure: Hetzner Online GmbH (EU, Germany). Purpose: hosting of application servers, databases, and storage; security and availability. Mailjet processes data as a processor under a Data Processing Agreement (DPA) and stores data on EU-based infrastructure. Privacy: https://www.hetzner.com/legal/privacy-policy/
- E‑mail delivery: Sinch Email (Mailjet SAS). Purpose: transactional e-mails (account, confirmations, technical notifications) and, for subscribers, informational updates and newsletters. DPA available from provider. Privacy: https://www.mailjet.com/legal/privacy-policy/
- Web analytics (consent‑based): Google Analytics 4. Purpose: aggregated usage statistics, activated only after consent (Consent Mode). Privacy: https://policies.google.com/privacy?hl=en. Transfers may occur outside the EEA; safeguards include SCC and participation in the EU‑US Data Privacy Framework by Google; IP anonymisation enabled; advertising features disabled.
- Error monitoring/telemetry: Sentry. Purpose: diagnose crashes without storing full PII. Privacy: https://sentry.io/security/
X. Retention
- Submissions, measurements and competition records: preserved for the project’s archival purposes to maintain the integrity of FMT history. Public display depends on your publication consent; if withdrawn, your callsign in public tables will be replaced by a pseudonym while the non‑public archival record remains. We periodically review archives and restrict internal access.
- Public tables: kept until consent is withdrawn; upon withdrawal we update public views accordingly.
- Security/access logs: 30–90 days.
- Backups: encrypted; rotation 30–60 days.
XI. Your rights
You have the right to access, rectify, erase, restrict, and port your data;
to object to processing based on legitimate interests; and to withdraw consent at any time.
Requests: [email protected].
You may optionally copy the project coordinator at
[email protected] for faster handling.
We respond within one month and may request e-mail ownership confirmation.
You may lodge a complaint with the Polish Data Protection Authority (UODO) or your local EU authority.
XII. Security
- TLS (HTTPS/HSTS), CSRF protection, conservative CORS
- Minimal PII in logs; rate‑limits and anti‑abuse
- Role‑based admin access and audit logging
- Encrypted backups and key rotation
XIII. Automated decision‑making
We do not make decisions producing legal effects solely by automated means. Rankings and points are algorithmic calculations based on published rules.
XIV. Third‑party links and social media
Our site may link to third‑party resources. Their privacy practices apply when you visit them. Social media interactions follow the respective platforms’ policies.
XV. Changes to this Policy
We may update this Policy. The current version and effective date are shown at the top. Material changes will be announced on the site.
XVI. Contact
Controller: Klub Krótkofalowców przy Praskim Oddziale Terenowym PZK w Warszawie (PZK)
E‑mail: [email protected]
Project coordinator: Konstantin Lisitsyn [email protected]
Site: https://fmtlab.org/