Processing of Personal Data

The scope, goals and methods of personal data processing for these purposes belong to the discretion of the Data Controller – Wrocław University of Science and Technology.

The Data Controller’s seat is located in Wrocław at Wybrzeże Wyspiańskiego 27, and is represented by the Rector and persons duly authorized by the Rector. Contact with the Data Controller is possible by e-mail or by filling the form available on the following website: www.pwr.edu.pl/kontakt. In this way, you can also turn to the Data Controller in order to exercise the rights that natural persons have on the basis of the GDPR.

The Data Controller has appointed the Data Protection Inspector (DPI). This is a person that you can contact in any matter regarding the processing of your personal data by the Data Controller. The seat of the DPI is the same as the seat of the Data Controller. The DPI can be contacted via the following e-mail address: IOD@pwr.edu.pl.

We intend to process your personal data in connection with the performance of contracts concluded with the participation of Wrocław University of Science and Technology. This data processing may be related to the contract you are the Party to (article 6 paragraph 1 letter b of GDPR), but it may also be related to a contract which contains your personal data (e.g. as representatives of an entrepreneur, contact person, etc.).

This data is intended to maintain contact with you, may indicate your participation in the contract and may be needed when preparing the contract.

We usually receive such data from entities with which WUST intends to enter into a contract and when it is linked to you by a proper legal or other relationship that allows to pass your data on to WUST.

WUST may also be entitled to process your data to the extent necessary to/for:

• fulfill the legal obligation imposed on WUST (Article 6 (1) (c) of the GDPR);
• perform the task carried out in the public interest (Article 6 (1) (e) of the GDPR);
• the purposes of the legitimate interests pursued by WUST – except where your interests, rights or freedoms that require protection of your data override WUST interests (Article 6 (1) (f) of the GDPR). This will usually apply to data processed in order to ensure physical, organizational, legal or financial security regarding WUST activities.

The Data Controller acting as a public university is additionally subject to various duties related to documenting, archiving, reporting and even public disclosure of certain information.

WUST activity is monitored, subject to audits and inspections of authorized institutions, and it is often based on disclosure of information to such institutions (including personal data).

Your data will be processed at the University by persons (employees) authorized by the Administrator to the necessary extent specified in the internal regulations of the University. We try to limit the scope of the data we need as much as possible. This includes situations where precise identification of individuals’ identities is required. Therefore, we will process such of your data as first and last name, address or e-mail address, telephone number or date of birth and PESEL registration number, and possibly the data necessary to assert claims arising from 4obligations or agreements (and only if you are a Party to them). We will process your data for the period necessary for the execution and settlement of the Agreement. Thereafter, they will be stored for the period necessary to document activities with your participation. When you are a Party to the Agreement, the period of data processing will be extended by the time resulting from tax regulations, the statute of limitations on claims and also – from the contractual obligation of confidentiality (if we are bound by such an obligation or agreement). When the purpose of processing changes, we will try to inform you of such changes and, in justified cases, we will ask for your consent to data processing. We will therefore make your personal data available primarily to our employees authorized to process them – and only for business purposes. Your personal data can only be, in justified cases, made available to our co-workers and subcontractors and their employees (law firms, advisors and auditors as well as debt collection and IT companies). This may happen when they provide the University with services that require access to your data.

Particularly in the case of online communications (e-mail, video conferencing, voice calls, “cloud” for storing and sharing files), data may be shared with providers of such services – including those outside the European Economic Area. Not only the e-mail address or participant ID and data about the user’s online activity (cookies) can be transferred, but also the content of the communication and even the content of the documents sent.

As of July 10, 2023, the transfer of data from the EU to organizations in the U.S. that are listed in the “Data Privacy Framework List” is based on an adequacy decision (Data Privacy Framework). The list of entities covered by this agreement can be found at: https://www.dataprivacyframework.gov/s/participant-search. Accordingly, we recommend that our employees use providers mentioned in this list when communicating with you.

We suggest using addresses and identifiers that do not reveal your identity, and we recommend encrypting attachments (which is especially important if you need to keep their contents confidential).

We do not provide for the sharing of personal data to third countries or international organizations.

We ensure a number of rights related to your data. These rights related to the processing of personal data include:

• the right to object to the data processing, due to some special situation, where you found yourself (and if the data we process due to the legitimate interest of WUST);
• the right to transfer the data and the right to request the deletion of personal data (the so-called “right to be forgotten”) if we processed data only on the basis of your consent – even then it did not affect the legality of processing that WUST has already performed;
• the right to limit the processing of personal data – unless the appropriate law allows us – despite the request – to continue to process data;
• the right of access to your personal data, updating or correcting them, the right to data transfer – in any case.

To use the abovementioned rights, you must contact the Data controller using the contact details indicated at the beginning of this information clause (in WHO WILL PROCESS YOUR PERSONAL DATA? part).

The identity of the person submitting such application may be verified before exercising these rights. We have to make sure that the authorized person exercises his/her rights.

You also have the right to file a complaint with a supervisory body dealing with the protection of personal data in the Member State of your place of residence, place of work or place of perpetration of an alleged violation. In Poland, this body is: Office of the President of the Office for Personal Data Protection (PUODO), at Stawki 2, 00-193 Warsaw, telephone number: +48 22 860 70 86.

As a result of the data processing related to drafting, execution and archiving of contracts, no decisions will be made automatically by the Data Controller (i.e. without human intervention). If the data is processed by the browsers or information systems provided by WUST, we use ‘cookies’ on our website. They serve us for statistical purposes, the use of social networking services and improving their accessibility and quality of website content.

On websites that require login, ‘cookies’ are used to maintain the user’s session. We use personal data collected in this way only for our own purposes. They may be transferred to other entities for statistical purposes or for the functioning of social networking tools.

However, providing us with personal data via contact or registration forms on our websites is voluntary, but may be necessary, for example, to answer a question you have asked or to register your participation in an event organized by us. We will not disclose such data to other entities. They will not be processed for purposes other than those resulting directly from the circumstances of the said examples.