Centrum Badań Kosmicznych PAN

tel. (+48) 224-966-200
Menu
Menu

Privacy policy

Privacy Policy of the Centrum Badań Kosmicznych Polskiej Akademii Nauk

Personal data controller

The Controller of your personal data is the Centrum Badań Kosmicznych Polskiej Akademii Nauk with its registered office in Warsaw at Bartycka 18a (00-716 Warsaw), entered into the register of institutes of the Polish Academy of Sciences under the number RIN-III-53/98, NIP 5250009499, REGON 000675488.

Contact with the Controller is possible at the phone number +48 22 49 66 200.

Data Protection Officer

The Controller has appointed a Data Protection Officer. Contact with the Inspector is possible at the phone number +48 22 49 66 279 and e-mail address iod@cbk.waw.pl

Data processing by the Centrum Badań Kosmicznych Polskiej Akademii Nauk (CBK PAN)                                                 

In connection with its activities, CBK PAN collects and processes personal data in accordance with the regulations, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: GDPR).

Purpose of processing

Legal basis

Processing period

Compliance with legal obligations in connection with the performance of a the contract, in particular on the basis of archival, accounting and tax regulations.

Art. 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract)

Article 6(1)(c) GDPR(processing is necessary to comply with a legal obligation incumbent on thecontroller).

Personal data are processed for the period of performance of the contract and after its termination for a period of 5 years from the end of the year in which the tax obligation occurred and for the period resulting from

from archival regulations.

Enabling communication between the parties.

Article 6(1)(a) GDPR (consent by explicit affirmative action)

Article 6(1)(f) GDPR (processing is necessary for the purposes resulting from

from the legitimate interests pursued by the Controller) .

Personal data is processed for the duration of the consent.

Personal data are processed for the period necessary to perform the service expressed in the inquiry.

Pursuing and defense against claims.

Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller).

The period of pursuing claims, no longer than until they are time-barred.

CATEGORIES OF DATA RECIPIENTS

The recipients of personal data may be entities with which the Controller has concluded a cooperation agreement in order to perform the contract, in particular entities providing accounting, legal, postal, courier and IT services.

DATA TRANSFER

Personal data is not transferred to a country outside the European Economic Area.

YOUR RIGHTS

You have the right to:

a)      request access to personal data (Article 15 of the GDPR) – the right to obtain confirmation from the Controller whether your personal data are being processed, and if this is the case – to gain access to them. The Controller shall provide you with one copy of the personal data undergoing processing free of charge;  

b)      rectification of personal data (Article 16 of the GDPR) – taking into account the purpose of processing, you have the right to rectify your personal data that are incorrect and to request the completion of incomplete personal data;

c)      erasure of personal data (Article 17 of the GDPR) – the right to request the immediate erasure of your personal data. In this situation, the Controller is obliged to erase your personal data provided that one of the following conditions is met: (i) the personal data are no longer necessary for the purposes for which they were collected, (ii) the consent on which the processing is based has been withdrawn and the Controller has no other legal basis for processing, (iii) the personal data have been processed unlawfully, (iv) the personal data must be erased in order to comply with a legal obligation. It is not possible to exercise the right to delete personal data if the Controller is obliged by law to further process personal data to the extent specified by applicable law or for purposes necessary to establish, exercise or defend claims;

d)      restriction of the processing of personal data (Article 18 of the GDPR) – the right to request the restriction of the processing of personal data in the following cases when: (i) you question the accuracy of personal data processed by the controller, (ii) the processing of your personal data is unlawful and the deletion of your personal data has been objected to, (iii) the Controller no longer needs your personal data, but they are needed to determine, pursuing or defending claims. In the case of exercising the right to limit the processing of personal data, the Controller may process your personal data, except for their storage, only with your consent or for the establishment, exercise or defense of claims or to protect the rights of another natural or legal person or for important reasons of public interest;

e)      transfer of personal data (Article 20 of the GDPR) – the right to receive in a structured, commonly used, machine-readable format your personal data processed by the Controller and to send them to another entity;

f)       objection (Article 21 of the GDPR) – the right to object to the processing of data based on the legitimate interest of the Controller (i.e. on the basis of Article 6(1)(f) of the GDPR). In such a situation, the Controller will not be able to further process the data for these purposes, unless there are valid legitimate grounds or the data are needed to pursue claims. The right to object to the processing of data does not apply if: (i) the processing of personal data is based on consent – in such a situation, however, you can withdraw your consent, (ii) data processing is necessary for the performance of the contract to which you are a party, (iii) processing is necessary for the Controller to fulfill a legal obligation;

g)      lodge a complaint with the supervisory body dealing with the protection of personal data in the event that the processing of personal data violates the provisions of the GDPR;

h)      withdrawal of consent (in the case of processing of personal data on the basis of Article 6(1)(a) of the GDPR) – the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent will not affect the lawfulness of processing based on your consent before its withdrawal.

CATEGORIES OF DATA

We process the personal data provided to us, which are necessary to achieve the purposes indicated above, including in particular:

a)      data to confirm identity: name and surname;

b)      contact details, such as: telephone number, e-mail address, address of residence;

c)      data provided in e-mails;

d)      IP address;

AUTOMATEDE   DECISION-MAKING, INCLUDING E PROFILING

We do not use an automatedsystemto  make  decisions, including profilinga.

Cookie Policy

What are cookies?

“Cookies” should be understood as IT data, in particular text files, stored in users’ end devices intended for using websites. These files allow to recognize the user’s device and properly display the website tailored to his individual preferences. “Cookies” usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.

What do we use “cookies” for?

“Cookies” are used to optimize the content of websites to the user’s preferences. They are also used to create anonymous, aggregated statistics that help to understand how the user uses the websites, which allows improving their structure and content, excluding the personal identification of the user.

What cookies do we use?

Two types of “cookies” are used – “session” and “permanent”. The first of these are temporary files that remain on the user’s device until logging out of the website or disabling the software (web browser). “Permanent” files remain on the user’s device for the time specified in the parameters of “cookies” or until they are manually deleted by the user.

Do “cookies” contain personal data?

Personal data collected using “cookies” may be collected only for the purpose of performing certain functions for the user. Such data is encrypted in a way that prevents unauthorized access to it.

Deleting cookies

By default, the software used to browse websites allows the placement of “cookies” on the end device by default. These settings can be changed in such a way as to block the automatic handling of “cookies” in the web browser settings or to inform about their each transmission to the user’s device. Detailed information about the possibilities and ways of handling “cookies” are available in the software (web browser) settings. Restricting the use of “cookies” may affect some of the functionalities available on the website.

Scroll to Top