General information clause at Łukasiewicz Research Network – Poznań Institute of Technology (collection of data from the data subject) in the “plain language” standard

Document update date: Pursuant to Article 13(1) and (2) in relation to Article 12(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”, we would like to inform you that:

PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER

The controller of your personal data is the Łukasiewicz Research Network – Poznań Institute of Technology (hereinafter “Łukasiewicz – PIT”).

Łukasiewicz – PIT can be contacted as follows:

  1. By post: ul. Ewarysta Estkowskiego 6, 61-755 Poznań
  2. By phone:  +48 61 850 48 90
  3. By e-mail: office@pit.lukasiewicz.gov.pl

We have appointed the Data Protection Officer. This is the person you can contact in matters concerning the processing of your personal data and the exercise of your rights. You can contact the inspector by e-mail: iod@pit.lukasiewicz.gov.pl

WHY WE PROCESS YOUR PERSONAL DATA

The purposes for which we process your data may vary. For example:

  1. if you contact us, we use your data to provide you with a response;
  2. if you conclude a contract with us, your data will be used to prepare and perform the contract;
  3. if you are a participant of our training courses, we need your data in order to be able to conduct such training courses properly;
  4. if we process your data in connection with the implementation of EU projects, we do so to fulfil the obligations of the beneficiary of such a project;
  5. if you are our employee – we use your data to fulfil our obligations as an employer.

 

REGULATIONS ON THE BASIS OF WHICH WE PROCESS YOUR PERSONAL DATA

As a data controller, we always process personal data based on the legal grounds under the GDPR. These may include:

  1. consent of the data subject;
  2. the performance of a contract, where the data subject is a party to it, or when acting at the request of such a person even before the conclusion of the contract;
  3. fulfilment of an obligation of the controller;
  4. protection of the vital interests of the data subject (or other natural persons);
  5. performance of the task entrusted to the task controller under:
    1. public interest,
    2. public authority,
  6. pursuing other purposes which arise from legitimate interests, such as:
    1. investigation and enforcement of claims,
    2. direct marketing and other forms of marketing or advertising,
    3. provision of security (e.g. using surveillance/CCTV), IT and network security.

 

INFORMATION ON RECIPIENTS OF PERSONAL DATA

We sometimes transfer your personal data to other recipients in certain situations. This may be the case when the service we use requires it (e.g. IT, financial, insurance, auditing, courier and postal services, destruction and archiving of records, legal services). Whenever your personal data is shared with a recipient, this takes place in accordance with the provisions of the GDPR.

TRANSFERRING PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

As a standard, we do not transfer your personal data to a third country or international organisations. However, if such a transfer does take place, it always takes place in accordance with the provisions of the GDPR.

We use Microsoft Office 365, which may result in the transfer of your personal data to a third country. The terms and conditions for the use of the MS Office 365 Online Services and the obligations with regard to the processing and safeguarding of user data and personal data by the Online Services are set out in Microsoft documentation.

THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE KEPT

We retain your personal data until we have fulfilled the purpose for which this data processing is carried out. Sometimes the processing period is also dictated by legislation.

YOUR RIGHTS

Since we process your personal data, you have the right to:

  1. requests us to provide access, correct, erase or restrict the processing of your personal data;
  2. object to processing;
  3. transfer your data;

Contact us to exercise your rights. The GDPR specifies in detail when you can exercise your rights. As a data controller, we always analyse whether you can exercise your rights.

WITHDRAWAL OF CONSENT

If we process personal data on the basis of your consent, remember that you have the right to withdraw said consent. However, the withdrawal of the consent is not retroactive – we were able to use your data throughout the entire duration of your consent.

COMPLAINT TO THE PRESIDENT OF THE FOR PERSONAL DATA PROTECTION OFFICE

The person whose personal data is processed has the right to lodge a complaint related to the processing of his/her data with the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw).

OBLIGATION TO PROVIDE PERSONAL DATA

Your obligation to provide this data may be:

  1. a statutory requirement,
  2. a contractual requirement,
  3. a condition for the conclusion of the contract.

Remember that you may be breaking the law if you do not provide your personal data in certain situations. Failure to provide data may also result in us being unable to fulfil the purpose for which the processing is to be carried out.

AUTOMATED DECISION-MAKING, INCLUDING PROFILING

As a data controller, we do not process personal data by automated decision-making, including profiling.