Personal data protection

Personal data protection

Information on the processing of personal data under the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46 /EC (hereinafter referred to as "GDPR")

 

1. Personal data controller

The controller of personal data is the Poznań University of Technology located in Poznan, at 5 M. Skłodowska-Curie Square, e-mail: biuro.rektora@put.poznan.pl, phone number +48 61 665 36 39.

 

2. Data Protection Officer (DPO)

The controller has appointed the Data Protection Officer - Mr Piotr Otomański, who supervises the correctness of personal data processing at the Poznań University of Technology.

You can contact the DPO by sending a message to the following address: iod@put.poznan.pl.

 

3. Purposes of processing

The personal data is processed for:

• fulfilment of legal obligations incumbent on the controller - art. 6 sec. 1 lit. c GDPR (e.g. recruitment for studies, recruitment of employees, support for the education process)

• performance of the contract - art. 6 sec. 1 lit. b GDPR (e.g. concluding civil law contracts, cooperation with contractors, organizing conferences);

• protection of interests of the data subject - Art. 6 sec. 1 lit. d GDPR;

• performance of tasks carried out in the public interest as part of the exercise of public authority entrusted to the controller - art. 6 sec. 1 lit. e GDPR (e.g. ensuring the safety of people and property);

• legitimate interests pursued by the controller - art. 6 sec. 1 lit. f GDPR (e.g. investigation and defence against claims).

In other cases, personal data are processed based on the consent granted for processing to the extent and for the purpose specified in the consent - the basis for processing is art. 6 sec. 1 lit. a GDPR.

 

4. Recipients of data

The recipients of your data may be:

• public bodies and state offices or other entities authorized by law or performing tasks carried out in the public interest or the exercise of public authority;

• other entities which, on the basis of relevant contracts signed with the Poznań University of Technology, process personal data for which the controller is the Poznań University of Technology (in particular entities providing IT services).

 

5. Data storage period

The personal data will be processed for the period necessary to achieve the aims referred to in point. 3, in particular for the time specified in the provisions of applicable law or for the duration of the contract (including mutual settlements and for the period necessary to establish and pursue own claims or defend against reported claims and for the period of archiving the documentation) or in the case of data processing on the basis of consent granted by you - until the consent is valid or the consent to the processing of your personal data is withdrawn.

 

6. Rights of data subjects

In connection with the processing of your personal data, you have the following rights:

The right of access - the data subject is entitled to obtain from the controller confirmation whether his/her personal data is being processed, and if this is the case, he/she is entitled to access them in the form of copies of the processed data, as well as information regarding  eg. the purpose of processing and the period of data storage;

The right to be forgotten - consisting in

• the possibility for the data subject to request the deletion of personal data by the data controller;

• the possibility of requesting that the data controller informs other data controllers to whom it has disclosed the personal data that the data subject requires these controllers to remove any links to these data or copies thereof;

This law does not always apply - for example, an employee may not require the employer to delete personal data, because the processing of the employee's personal data by the employer is provided for by the provisions of the Labor Law. Each case must be considered individually in the context of the premises set out by the GDPR;

The right to data portability - this is the right to

• obtain by the data subject, in a structured, commonly used and machine-readable format, personal data concerning, which he/she provided to the controller;

• the right of the data subject to send personal data concerning him, which he has provided to the controller, another controller, without any obstacles on the part of the data controller.

The right to data portability may be exercised only if:

• data processing is based on consent or for the performance of a contract and

• data processing is carried out in an automated manner;

The right to restrict processing - this right consists in the need to limit the processing of data only to their storage - if it turns out that the request for limitation was unfounded, it is possible to further process personal data.

The right to rectify - a person has the right to request the controller to immediately rectify his / her personal data that is incorrect. Taking into account the purposes of processing, a person has the right to request supplementing incomplete personal data, including by providing an additional statement;

The right to object - a person whose personal data is processed on the basis of, among others, for the legitimate interest of the controller (e.g. direct marketing) may request the cessation of the processing of his data;

The right to complain - every person has the right to make a complaint to the President of the Personal Data Protection Office.

 

7. Obligation to provide data and consequences of failure to provide

Providing personal data is voluntary, but failure to provide it may constitute an obstacle to the fulfillment of obligations imposed on the controller resulting directly from the provisions of law, or the performance of the contract or other obligations belonging to the Poznan University of Technology.

PL