Institute of Fundamental Technological Research of the Polish Academy of Sciences respects the right to privacy of people whose personal data we store, in particular using appropriate technological solutions and legislative measures that prevent unauthorized entities from intruding on their privacy.
The Policy contains information about what you can expect when we contact you or you contact us, or you cooperate with us.
By reading the following content you will learn about:
- why do we process your personal data
- why do we do it
- whether the provision of data is mandatory
- how long do we have to store data
- are there other recipients of your personal data
- what rights do you have
Our activities related to storing and processing of all data aim to guarantee you a sense of complete security and lawful processing at a level appropriate to the data protection law applicable in Poland, including Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - called GDPR.
Personal Data Controller
The entity deciding on the purposes and methods of using your personal data (meaning their controller according to GDPR) is Institute of Fundamental Technological Research Polish Academy of Sciences.
You can contact us in many ways, using:
- phone +48 22 826 12 81
- e-mail firstname.lastname@example.org or email@example.com
- mail: Institute of Fundamental Technological Research Polish Academy of Sciences, Pawińskiego 5B , 02-106 Warsaw
- contact form
More details here.
Data Protection Officer
Bearing in mind the security and transparency of the processing of personal data in Institute of Fundamental Technological Research Polish Academy of Sciences and the need for their constant control, we have appointed a Data Protection Officer (DPO).
With the appointed DPO you can contact by using firstname.lastname@example.org or via our postal address (with notation "Data Protection Officer")
We conscientiously approach the protection of data concerning you and constantly develop our systems and security processes. The security measures we use include:
- limited physical access to our buildings and user access to our systems - only for those who are entitled
- control mechanisms such as firewall, user verification, strong data encryption and separation of roles, systems and data
- proactive monitoring
We also use the highest standards in the industry to support the maintenance of a solid information security management system.
What data do we process?
Most of the personal data processed by Institute of Fundamental Technological Research Polish Academy of Sciences is passed directly to us due to one of the following reasons:
- You cooperate with us, or your data has been provided to us by your employer or partner
- we obtained it directly from you or from a third party authorized to provide us with your information
- You have filed a complaint or inquiry
- You have asked us for information
- You took part in the event organized by us
- You represent your organization
The basis for the processing
In any case, when we process your personal data, we must have so-called "Legal basis". The legal bases result directly from the law (GDPR), below are those on which we most often rely:
- Consent: You have indicated to us that you agree to the processing of your data for a specific purpose
- Legitimate interests: only if processing is necessary for us to conduct our business and it does not interfere with the right to respect your privacy
- Performance of the contract: we must process your personal data in order to be able to provide you with one of our services
- Legal claims: when data processing is necessary to establish, enforce or defend our legal claims
- Legal obligation: when we are obliged under law to process your personal data
Who might we share your personal information with?
In addition to us, access to your data may have a number of entities. They may be service providers with whom we cooperate, and who help us in delivering products and services that you expect from us or support us in your business. These entities process personal data on our behalf and must meet high security standards. We only share information that allows them to provide us services or facilitate their provision to you.
In some circumstances, we may also be legally obliged to disclose information about you - for example, by court order, law or public authority decision. In any case, we make sure that we have a legal basis to share information about you and document our decisions.
International transfers of personal data
For the purposes of the processing purposes described in this policy, we may transfer your personal information to our suppliers, partners or service providers located outside the European Economic Area (EEA). In any case, if your data can be found outside the EEA, we will inform you about it.
At the same time taking care of the security of your data we strictly follow the rules of their transfer resulting directly from the GDPR and provide data only where the degree of security is guaranteed in accordance with the decisions of the European Commission (eg. to the USA only to entities located on the so-called Privacy Shield list).
How long we keep your personal data?
Is there an obligation to provide personal data?
As a rule, providing your personal data is completely voluntary, however, it may be necessary for the implementation of specific services or your requests, eg. in terms of contact, conclusion of a contract, execution of your processing rights, etc. Providing data may also be necessary due to the applicable law.
In accordance with the provisions of the law on the protection of personal data, you have specific rights depending on the basis for processing your data.
Right to access personal data
You have the right to know if and how we use or store your personal data - the so-called right to access personal data. By using this right, you can also ask us for a copy of your data.
Right to correct personal data
You may question the accuracy of the data we process and ask us to correct it. This is the so-called "right to correct personal data". If your data is incomplete, you can also ask us to complete it, eg. by adding new information.
Right to erasure
You can ask us to delete your data and in some circumstances we must do so. This entitlement is also known as so-called "The right to erasure". This right is not absolute and applies, among others in the following circumstances when:
- we do not require your data anymore
- you initially agreed to the processing, but now you have withdrawn it
- you opposed the use of your data
- We processed your data unlawfully
We may deny you the right to "erasure" in the following circumstances:
- when we are legally obliged to store your data
- data storage is necessary to establish, enforce or defend legal claims
Right to restrict use of your data
You have the authority to limit the way we use your data, especially if you are concerned about the accuracy of the data or how it is used. If necessary, you can also submit a request to delete certain information about you. This right is closely related to your rights to question the accuracy of your data and the ability to object to their use.
The right to export the data
You have a right to gain the access to your personal data in a version which can be open on the computer, e.g. csv file. You can also ask the company for sending your personal data to the other economic subject. We can do this only if, as it was said in GDPR, it will be technically possible. It concerns only the information given for us on your own and the export goes in electronic format.
The right to withdraw the consent
If the processing of personal data is based on the sign consent, you can withdraw the permission at any moment. However, it doesn’t involve the data processed earlier.
The right to make a complaint to supervisory authority
The processing of personal data in our company covers the highest standards of security.
If you have some questions or doubts, please contact with us and we answer.
If you still be unpleased by the given answer or the execution of your privileges, you can make a complaint to the supervisory authority (in Poland to President of the Personal Data Protection Office) about the way how we process your personal data.
The execution of your rights
You can ask for the execution of your privileges in a written or oral form. If your request will be in oral for, we advise you to send us also a written form or e-mail message to provide us with the correspondence trace. The correspondence gives us a clear evidence of your action and helps with answering according to your expectations as soon as possible.
The execution of your rights is free of charges and we answer no longer that a month after the request. In case of possible delays, you will be informed immediately.
Our website may use the cookies files, which are the IT data, especially text files, which are stored on the Data Terminal Equipment (DTE). In general, cookie files contain the www address of the page from which they came from, the time of storing in DTE and the unique number.
The subjects, who can insert information in the form of cookies files in the device which you use to browse the website and who can get the access to them is Institute of Fundamental Technological Research Polish Academy of Sciences and its Partners who for instance provide analytical services, advertisers or applications providers.
The cookies files are used to:
- provide service;
- make browsing the website in an easy way;
- identify the device, on which the files were already downloaded, in case of reconnecting with the website;
- create the statistics, which help in understanding how the users browse the website or what can make the structure and content of the website better;
- adjust the content of website to the specific preferences and optimize browsing the web pages, all adjusted to the individual needs of users;
- exchange information with our business partners in order to broker in supplying their services while using the website.
The types of cookies files
We can use the following types of the cookie files on our website:
- “sessional”- they are stored on the DTE till the user leaves the page or closes the browser;
- “permanent”- they are stored on users DTE for the time which is determined in their parameters or to the deleting them by the user;
- “performance testing”- they record the information how the web pages are used;
- “functional”- they make possible to remember settings chosen by the user and the personalization of the interface;
- “internal”- provided by the website;
- “external”- sourced on the other site than our website.
The website settings management
The software to browse the website, i.e. web browser, usually by default allows storing the cookies files on DTE. You can change those settings.
The web browser allows delaying the cookies files. You can also automatically block the cookies. More detailed information about the case might be found in “help” option or in the records of your browser.