INFORMATION SECURITY AND PRIVACY POLICY

Legal basis

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation) effective in Poland from May 25, 2018. Act of May 10, 2018 on the protection of personal data (Journal of Laws 2018, item 1000)

Administration of the data

The administrator, i.e. the entity processing your personal data is the Silesian University of Technology with headquarters in Gliwice (44-100) at ul. Akademicka 2A, represented by the Rector, hereinafter referred to as the University.

The Rector has appointed a Data Protection Officer whom you may contact by the e-mail: iod@polsl.pl or via traditional mail to the the following address: Politechnika Śląska 44-100 Gliwice ul. Akademicka 2A.

The Data Protection Office (DPO) sets the purposes and methods of personal data processing, and is also obliged – taking into account the nature, scope, context and purposes of processing as well as the risk of violation of the rights or freedoms of persons of various probability and severity of threat – to implement appropriate technical and organizational measures to process personal data in accordance with the GDPR.

Purposes of the processing

We will process your personal data for purposes as follows:

Conducting communication with you via e-mail or telephone, if you have initiated such communication – art. 6 par. 1(c) of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC – General Data Protection Regulation, Official Journal of the EU L 119 of 04./05/2016, page 1, as amended). The processing is deemed necessary to fulfil the legal obligation incumbent on the Controller (the legal obligation, in particular, gives rise from, either, the Act of July 20, 2018 – Law on Higher Education and Science; the Act of July 16, 2016 – Telecommunications Law, the Act of February 17, 2005, on the computerisation of the activities of entities performing public tasks);

Improving the quality of services; the Controller processes statistical information regarding the use of the website – art. 6 par. 1(f) of the GDPR (the legitimate interest of the Controller consisting in facilitating the use of the site, improving both the quality and functionality of the services rendered);

Sending the newsletter – art. 6 par. 1(a) of the GDPR (based on the consent of the data subject);

Joining the media mailing list – art. 6 par. 1(a) of the GDPR (based on the consent of the data subject);

You may withdraw your consent to personal data processing at any time through sending an e-mail at iod@polsl.pl.

We want to remind you, simultaneously, that your withdrawal of consent does not affect the lawfulness of the processing which has been carried out based on your consent before its withdrawal.

We may also process your personal data to perform a task in the public interest (Art. 6 par. 1(e) of the GDPR), as well as in justified cases we will process your personal data for purposes resulting from legitimate interests pursued by the Controller (Art. 6 par. 1(f) of the GDPR).

Personal data recipients

Access to your personal data will be granted to both authorised employees of the Silesian University of Technology who must process your data as regards the task being carried out.

Recipients of data may also be entities whom the DPO will instruct the performance of certain activities, which involves the need to process personal data.

In order to ensure proper protection of personal data, a contract on entrusting personal data processing has been signed with these recipients.

Personal data retention period

We will process your personal data until the purpose for which the data has been collected is satisfied, and subsequently, in cases which require it for the period indicated in the Act of July 14, 1983, on the national archival resource and archives (Journal of Laws of 2018 item 217, as amended), as well as in the provisions of the Telecommunications Law.

Rights related to data processing

We guarantee you  all of your rights on the terms laid down by the GDPR, i.e., the right to: access to data and receive a copy thereof, correct your personal data, limit personal data processing, delete personal data (subject to Art. 17 par. 3 of the GDPR); lodge a complaint with the President of the Office for Data Protection, if you believe that personal data processing violates the law on the protection of personal data.