INFORMATION OBLIGATION REGARDING THE PROTECTION OF PERSONAL DATA
In fulfillment of the obligation arising from Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR) – we present below information regarding the processing of your personal data by the Data Controller:
I. PERSONAL DATA CONTROLLER
The personal data controller is
University of Warsaw
ul. Krakowskie Przedmieście 26/28
You can contact the Controller via email:
II. PROCESSED PERSONAL DATA
Data is processed in accordance with currently applicable regulations, especially in accordance with the provisions of the General Data Protection Regulation (GDPR). We process data that you have provided to us through various communication channels, including in writing, by email, or by phone. The data may have been provided to us in various situations, for example, in the course of our cooperation in the implementation of sales agreements for blinds or curtains from our assortment, or services provided by us. Your data may also have been obtained from other sources, e.g., from your contractors, with whom we also cooperate as our clients. Your personal data will be processed based on Article 6(1)(a) – (c) of the GDPR for the purpose of establishing cooperation, concluding and performing sales agreements or providing services, responding to any inquiries or requests directed to us, conducting further correspondence in this regard, marketing and contacting for other information and services, as well as fulfilling our legal obligations, establishing, defending, and enforcing claims, handling complaints, financial settlements, including the issuance of accounting documents. The entities to whom the data pertains are our customers and contractors, potential contractors, as well as their employees, representatives, and persons cooperating with them. In connection with business relationships and contacts, we may process the following data: identification data, address data, data regarding job position and professional qualifications, and other data provided to us in connection with cooperation or contact.
III. METHOD OF DATA PROCESSING
Our internal procedures ensure that collected data is: processed lawfully, fairly, and in a transparent manner to the data subject; collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes; adequate, relevant, and limited to what is necessary for the purposes for which they are processed; accurate and, where necessary, kept up to date; kept in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
IV. ORIGIN OF PERSONAL DATA
The processed personal data is provided to us directly by the individuals to whom the data pertains or from other data controllers with whom we cooperate or from publicly available sources.
V. RECIPIENTS OF PERSONAL DATA
We may transfer processed personal data to entities cooperating with us for the proper performance of the Agreement concluded with you and related additional services. Your data may be transferred to entities cooperating with us based on a data processing agreement. This applies, for example, to entities providing advisory services, legal, tax, accounting, freight and transport services, postal and courier services on our behalf.
VI. DATA RETENTION PERIOD
Personal data will be processed by us for no longer than is necessary to achieve the processing purposes specified above, and this is determined by applicable law, in particular the deadlines specified in tax regulations and limitation periods for claims arising from the Civil Code. After the expiration of the Agreement, the Controller will process your personal data if there are grounds for further processing, for the period specified by legal provisions or granted by your consent.
VII. AUTOMATED DECISION-MAKING
We do not make decisions based solely on automated processing, including profiling, of personal data.
VIII. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
Your data does not go beyond the European Economic Area, and if in the future there is to be a transfer to a location outside the EEA, we will take appropriate steps to ensure the protection of the data, in particular by applying specific contractual clauses called “standard contractual clauses,” approved by the European Commission, or by transferring to countries for which the European Commission has issued a decision determining an adequate level of protection. In such a case, you have the right to obtain a copy of the relevant safeguards.
IX. RIGHTS RELATED TO DATA PROCESSING
Under the scope and rules specified in the GDPR, you have the right to: access your data, including the right to obtain copies of them; request their correction, deletion, or limitation of processing; object to processing; and transfer them to another controller (to the extent that the basis for their processing is the necessity to perform the contract or your consent). If the processing of data is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out based on consent before its withdrawal. To exercise any of the above rights, please send a request indicating the scope of data covered by the request to the email address or by post to the addresses indicated above. You also have the right to lodge a complaint with the President of the Office for Personal Data Protection.