Pursuant to the stipulations of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), the Contracting Authority informs that:
PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER
Łukasiewicz Research Network – Poznań Institute of Technology (hereinafter “Łukasiewicz – PIT”) is the controller of your personal data. Łukasiewicz – PIT can be contacted as follows:
- By post: ul. Ewarysta Estkowskiego 6, 61-755 Poznań
- By phone: +48 61 850 48 90
- By e-mail: office@pit.lukasiewicz.gov.pl
We have appointed the Data Protection Officer. This is the person you can contact regarding the processing of your personal data and the exercise of your rights related to such processing. You can contact the inspector by e-mail: iod@pit.lukasiewicz.gov.pl
PURPOSE OF PERSONAL DATA PROCESSING
The purpose of processing of your data includes the receipt and processing of your application for patronage by Łukasiewicz – PIT.
LEGAL BASIS FOR PERSONAL DATA PROCESSING
The legal basis for the processing of your personal data is:
- Article 6(1)(b) GDPR – in connection with the conclusion and performance of a contract, as regards the data of a natural person;
- Article 6(1)(c) GDPR – in connection with the requirement to comply with legal obligations of the controller (including tax, insurance, accounting, archiving obligations), with regard to the data of natural persons, persons authorised to represent legal persons (including proxies, representatives), and employees and sub-contractors of these entities designated as contact persons and responsible for the execution of the patronage provisions;
- Article 6(1)(f) GDPR – in connection with the need to process personal data for purposes arising from the legitimate interests pursued by the controller with regard to the data of natural persons, persons authorised to represent legal persons (including proxies, representatives) and their employees and sub-contractors designated as contact persons and responsible for the execution of the patronage provisions. If we process personal data for purposes arising from the legitimate interests pursued by the controller, these interests may be the conduct of our own business, assertion and enforcement of claims, direct marketing and other forms of marketing, advertising or the provision of security (e.g. using monitoring), IT and network security.
SCOPE OF DATA PROCESSING
The scope of processed personal data of individuals, persons authorised to represent legal persons (including proxies, representatives) and their employees and sub-contractors designated as contact persons and responsible for the execution of the granted patronage provisions includes, inter alia: name, surname, position and place of work, business telephone number, business email address.
SOURCE OF THE PERSONAL DATA
The processed personal data was obtained:
- in the case of natural persons, persons authorised to represent the Contractor (including proxies, representatives) – directly from such persons or from publicly available sources (official registers, the Internet, etc.);
- in the case of employees and sub-contractors of the entities listed under p. 1 designated as contact persons and those responsible for the implementation of the patronage provisions – directly from these persons, from other entities or from publicly available sources (official registers, the Internet, etc.).
INFORMATION ON RECIPIENTS OF PERSONAL DATA
We sometimes transfer your personal data to other recipients in certain situations. This may be the case when the service we use requires it (e.g. IT, financial, insurance, auditing, courier and postal services, destruction and archiving of records, legal services). Whenever your personal data is shared with a recipient, this takes place in accordance with the provisions of the GDPR.
TRANSFERRING PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
As a standard, we do not transfer your personal data to a third country or international organisations. However, if such a transfer does take place, it always takes place in accordance with the provisions of the GDPR. Łukasiewicz-PIT uses Microsoft Office 365, which may result in the transfer of your personal data to a third country. The terms and conditions for the use of the MS Office 365 Online Services and the obligations with regard to the processing and safeguarding of user data and personal data by the Online Services are set out in Microsoft documentation.
THE PERIOD FOR WHICH THE PERSONAL DATA WILL BE KEPT
We retain your personal data until we have fulfilled the purpose for which this data processing is carried out. The processing period is also dictated by legislation.
YOUR RIGHTS
The persons, the data of whom we process, have the right to request from Łukasiewicz-PIT access to their personal data, its rectification, erasure or restriction of processing or to object against the processing, as well as the right to data portability (if the processing is based on Article 6(1)(b) of the GDPR). Contact us to exercise your rights. You should know that the GDPR provides detailed regulations specifying when you can exercise your rights. As a data controller, we always analyse whether there are grounds enabling you to exercise your rights.
COMPLAINT TO THE PRESIDENT OF THE PERSONAL DATA PROTECTION OFFICE
The data subject has the right to lodge a complaint relating to the processing of his/her personal data with the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw).
OBLIGATION TO PROVIDE PERSONAL DATA
The provision of personal data is required to obtain patronage. Failure to provide data will result in the inability to grant patronage.
AUTOMATED DECISION-MAKING, INCLUDING PROFILING
As a data controller, we do not process personal data by automated decision-making, including profiling.
