GDPR - Federacja naukowa Uniwersytet VIZJA

INFORMATION CLAUSE

In connection with the applicable provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 2016.119.1 of 4 May 2016) (the ‘Regulation’ or “GDPR”), having regard to Article 13(1) and (2) of the Regulation, we would like to provide you with some information regarding the processing of your personal data (‘Personal Data’ or ‘Data’):

Who is the controller of personal data?

The joint controllers of Personal Data will be:

Andrzej Frycz Modrzewski University in Krakow, with its registered office in Krakow (30-705) at ul. Gustawa Herlinga-Grudzińskiego 1, e-mail address: iodo@uafm.edu.pl,
VIZJA University with its registered office in Warsaw (01-043) at ul. Okopowa 59, e-mail address: zgloszenia@vizja.pl,
VIZJA University Scientific Federation with its registered office in Warsaw (01 – 043) at ul. Okopowa 59, e-mail address: federacja@vizja.pl, comprising the above-mentioned entities,
– hereinafter referred to as ‘Administrators’

What is the purpose and legal basis for processing personal data?

Personal data will be processed for marketing purposes, including direct marketing, remarketing, as well as directing data to a customer list and processing it within the resulting customer list (e.g. using Customer Match).

The marketing purposes referred to above may include sending you commercial information about products, services, promotions and events related to each of the Controllers to the e-mail address or telephone number you have provided.

In addition, your Personal Data, including the e-mail address you provided, will be used to create a customer list, which, after prior encryption of the data contained therein, will be analysed using Google Ads tools, including Customer Match.

The legal basis for the processing of Personal Data in the above scope, including in connection with
your consent to receive marketing communications from each of the Controllers, is:

Article 6(1)(f) of the GDPR – the legitimate interest of each of the Controllers in marketing their own services, including the use of the e-mail address provided by you by placing it on a customer list which, after encryption, is analysed using Google Ads tools (Customer Match);
Article 6(1)(a) of the GDPR and Article 398 of the Act of 12 July 2024 on Electronic Communications Law (Journal of Laws 2024.1221 of 09.08.2024) – Your voluntary consent to the processing of Personal Data for marketing purposes, including direct marketing and remarketing carried out using electronic means of communication.

Do you have to provide us with your personal data for marketing purposes?

Providing personal data for marketing purposes is voluntary, but failure to do so may prevent you from receiving marketing information and offers.

What are the categories of recipients?

The anticipated categories of recipients of Personal Data are employees and associates authorised by each of the Data Controllers, as well as other entities authorised on the basis of agreements concluded by each of the Controllers or provisions of law.

The Personal Data provided may be transferred to entities with which each of the Controllers cooperates in connection with their business activities, entities providing analytical, marketing or IT services, as well as entities intermediating or supporting marketing activities undertaken by the Controllers.

What are your rights?

You have the right to access your Personal Data and obtain a copy of it, as well as the right to correct it, delete it, request restriction of processing, object to processing, and the right to transfer Data and withdraw consent at any time. Consent may be withdrawn in writing or electronically sent to the respective Controller.

Can you lodge a complaint regarding data processing, and if so, where?

You have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your Personal Data violates the provisions of the Regulation.

How long will your data be processed and stored?

Personal data is processed and stored for the period necessary to achieve the above-mentioned purposes or until the consent is withdrawn.

Will the data be transferred to third countries?

The personal data entrusted to us may be transferred to third countries outside the
the European Economic Area. Nowadays, many entities – even those located within the European Union – have server bases around the world, including in countries with legal systems that provide for a narrower scope of personal data protection, which in itself may result in a greater likelihood of security breaches. Controllers strive to ensure the widest possible protection of personal data by entrusting data to entities that use model contractual clauses, among other things.

Will the data be processed in an automated manner?

Personal data may be processed in an automated manner, including profiling, and the processing of the Data will be used, among other things, to evaluate the information that each of the Controllers has or will have in their possession.