Personal Data Protection

Information regarding the processing of personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) 

1. Personal Data Controller

The controller of personal data is Poznan University of Technology, with its registered office at ul. Jacka Rychlewskiego 1, e-mail: biuro.rektora@put.poznan.pl , phone: +48 61 665 36 39. 

2. Data Protection Officer (DPO)

The Controller has appointed a Data Protection Officer – Mr. Piotr Otomański – who supervises the proper processing of personal data at Poznan University of Technology. The DPO can be contacted by email at: iod@put.poznan.pl. 

3. Purposes and Legal Bases for Processing

Your personal data is processed for the following purposes:

  • Fulfilment of legal obligations imposed on the controller – Article 6(1)(c) GDPR (e.g. student recruitment, employee recruitment, granting benefits (scholarships), handling the educational process, maintaining accounting and tax records);
  • Performance of a contract or taking steps at the request of the data subject prior to entering into a contract – Article 6(1)(b) GDPR (e.g. concluding civil law contracts, cooperation with contractors, organization of conferences);
  • Protection of vital interests of the data subject – Article 6(1)(d) GDPR;
  • Performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller – Article 6(1)(e) GDPR (e.g. ensuring the safety of persons and property);
  • Legitimate interests pursued by the controller – Article 6(1)(f) GDPR (e.g. establishing, pursuing, and defending against claims).

In other cases, personal data are processed on the basis of consent granted for processing within the scope and purpose specified in the consent – pursuant to Article 6(1)(a) GDPR. 

4. Data Recipients

Recipients of your personal data may include:

  • Public authorities and state offices or other entities authorized under the law or performing tasks in the public interest or within the exercise of public authority;
  • Other entities which, on the basis of appropriate agreements concluded with Poznan University of Technology, process personal data for which Poznan University of Technology is the controller (in particular entities providing IT services). 

5. Data Retention Period

Your personal data will be processed for the period necessary to achieve the purposes referred to in section 3, in particular for the time specified by applicable law or for the duration of the contract (including mutual settlements and the period necessary to establish and pursue claims or defend against claims, as well as for the period of document archiving), or – in the case of data processed based on consent – until the consent expires or is withdrawn. 

6. Rights of Data Subjects

In connection with the processing of your personal data, you are entitled (under the conditions set out in the GDPR) to the following rights:

Right of access – the data subject has the right to obtain from the controller confirmation as to whether personal data concerning them is being processed and, if so, access to such data in the form of a copy, as well as information including the purpose of processing and the data retention period;

Right to be forgotten – consisting of:

  • the possibility for the data subject to request deletion of their personal data by the controller;
  • the possibility to request that the controller inform other controllers to whom the personal data have been made public that the data subject requests the deletion of any links to, or copies of, those data;

This right does not always apply – for example, an employee cannot request the employer to delete their personal data where the processing is provided for under the Labour Code. Each case must be considered individually in the context of the GDPR requirements.

Right to data portability – the right to:

  • receive personal data concerning them, which they have provided to the controller, in a structured, commonly used and machine-readable format;
  • transmit those personal data to another controller without hindrance from the original controller.

The right to data portability applies only where:

  • processing is based on consent or on a contract, and
  • processing is carried out by automated means;

Right to restriction of processing – this right requires that processing be limited solely to storage; if it turns out that the request for restriction was unjustified, further processing may continue;

Right to rectification – the individual has the right to request the controller to promptly correct inaccurate personal data. Taking into account the purposes of processing, the individual also has the right to have incomplete personal data completed, including by providing a supplementary statement;

Right to object – a person whose personal data are processed based, among other things, on the legitimate interest of the controller (e.g. direct marketing) may request cessation of processing of their data;

Right to withdraw consent at any time – where processing is based on consent, the data subject may withdraw it at any time, without affecting the lawfulness of processing carried out based on consent before its withdrawal;

Right to lodge a complaint with a supervisory authority – every individual has the right to lodge a complaint with the President of the Personal Data Protection Office. 

7. Obligation to Provide Data and Consequences of Failure to Provide Data

Providing personal data is voluntary; however, failure to provide them may constitute an obstacle to fulfilling obligations imposed on the controller directly by law, or to performing a contract or other obligations of Poznan University of Technology.

Data Protection Officer
Przepisy prawa
Obowiązki informacyjne