Privacy Policy

I. INTRODUCTION

  1. This Privacy Policy informs you about the ways in which personal data is processed and protected within the Service registered at the electronic address wsei.pl
  2. The administrator of the personal data is WSEI University in Lublin Projektowa 4, 20-209 Lublin, entered in the Register of Non-Public Higher Education Institutions kept by the Ministry of Education and Science under number 196, NIP 712-26-52-693, REGON: 432260703 (hereinafter: Administrator)
  3. Any questions or concerns, in particular regarding the processing of personal data Users may address to:
    1. by mail – to the Administrator’s registered office address;
    2. via e-mail to: iod@wsei.pl
    3. via the website:  https://www.wsei.pl/en/contact/
  4. The Administrator shall ensure that the personal data entrusted to him/her are processed in compliance with the requirements of generally applicable law, in particular Ordinance 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU.L.2016.119.1) – hereinafter referred to as GDPR
  5. The Administrator’s primary goal is to ensure that the privacy of Users using the Website is protected at a level at least equivalent to the requirements of applicable laws, in particular the GDPR.
  6. Any person using the Website in any way accepts all the rules contained in this Privacy Policy.
  7. The Administrator reserves the right to make changes to the Privacy Policy if required by law or changes made to the functionality of the Website.
  8. The Administrator will notify all its Users of the relevant changes and their effective date, in particular by posting an appropriate announcement on the Website.

II. BASIC TERMS

  • User – any individual whose personal data is processed by the Administrator,
  • Personal data – all information about an individual identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, as well as device IP, location data, Internet ID and information collected through cookies and other similar technology.
  • GDPR – Ordinance 2016/679 of the European Parliament and of the Council (EU) of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  • Website – an organized IT solution located at the wsei.pl Internet address and possibly other Internet addresses, as well as in applications and other IT tools, comprising a set of cooperating computer programs, databases and accompanying elements (e.g. graphics), combined into a single ICT system;
  • Processing of personal data – any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing, and deleting, especially those performed on computer systems;
  • Data protection violations – security breach leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to personal data transmitted, stored or otherwise processed;

III. PURPOSES, LEGAL BASIS, SCOPE OF DATA PROCESSING AND INFORMATION ON APPLICATION FORMS

  1. The Administrator processes personal data only if at least one of the following conditions is met:
    • when the Service User consents to it in the forms posted on the Service, in order to take the actions to which the forms relate (Article 6(1)(a) GDPR);
    • when the processing is necessary for the performance of a contract to which the Service User is a party (Article 6(1)(b) GDPR);
    • in order to handle complaints – the legal basis of the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR);
    • in order to fulfill a legal obligation incumbent on the Administrator (Article 6(1)(c)),
    • in order to possibly establish and assert or defend against claims – the legal basis for processing is the Administrator’s legitimate interest in protecting your rights (Article 6(1)(f) GDPR);
    • for the Administrator’s marketing purposes, consisting of informing the User about the current offer and new functionalities of the Service – the legal basis for processing is consent (Article 6(1)(a) GDPR).
  2. The Administrator processes Service User’s personal data to the extent necessary for the purposes specified in Section 1 above for the period necessary to achieve those purposes or until Service User withdraws consent. Failure to provide data by a Service User may, in certain situations, result in the inability to fulfill the purposes for which the data is necessary.
  3. The data provided in the forms posted on the Website are processed for the purposes resulting from the function of the specific form; in addition, they may also be used by the Administrator for archival and statistical purposes. The consent of the data subject is given by unchecking the appropriate box on the form.

IV. DATA SECURITY

  1. The Administrator conducts a risk analysis on an ongoing basis to identify risks to secure data processing and implements appropriate technical and organizational measures to ensure the protection of processed personal data.
  2. The Administrator shall ensure that only authorized persons have access to personal data and only to the extent that it is necessary due to the tasks they perform.
  3. The Administrator shall keep records of persons authorized to process personal data. These persons are obliged to maintain strict secrecy of personal data and ways of securing them.

V. DATA RECIPIENTS

  1. Recipients of Users’ personal data may be entities to which the Administrator outsources the performance of activities related to the necessity of processing such data, in particular in the field of e-mail handling, ICT services, hosting, IT services, administrative, legal or consulting services.
  2. A third party with access to personal data processes them only on the basis of a personal data processing entrustment agreement and only at the Administrator’s direction.
  3. Recipients of Users’ personal data may also be entities and authorities entitled to receive such data – only in justified cases and on the basis of generally applicable legal regulations.

VI. RECEIPT OF COMMERCIAL INFORMATION

  1. The Service User, where the Website provides for it, may consent to receive commercial information by means of electronic communication.
  2. If a Service User has consented to receive commercial information by means of electronic communication, he/she has the right to revoke such consent at any time.
  3. The right to revoke consent to receive commercial information is exercised by sending an appropriate request to the Administrator’s e-mail address, together with the Service User’s name.

VII. USERS' RIGHTS

  1. Each person whose data is processed has the following rights:
    • the right to access data and to be informed about the processing of personal data (Article 15 GDPR) – to the person making such a request, the Administrator shall provide access to his/her data, as well as information about the processing of personal data, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned deadline for their deletion;
    • the right to obtain a copy of the data (Article 15 GDPR) – the Administrator shall provide a copy of the processed data, concerning the person making the request, as long as this is possible and does not violate the rights of third parties;
    • right of rectification (Article 16 GDPR)– The user has the right to request the removal of inconsistencies or errors regarding the processed personal data, and to complete or update it if it is incomplete or has changed;
    • right to erasure of data (Article 17 GDPR)– The user may request the deletion of data the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
    • right to restrict processing (Article 18 GDPR) – on this basis, the Administrator may cease performing operations on personal data, with the exception of operations consented to by the data subject and their storage, in accordance with the adopted retention rules, or until the reasons for restricting data processing cease to exist (e.g., a decision of a supervisory authority authorizing further data processing is issued);
    • right to data portability (Article 20 GDPR) – on this basis, to the extent that the data is processed in connection with a concluded contract or given consent, the Administrator may release the data provided by the data subject;
    • the right to object to other purposes of data processing (Article 21 GDPR)  – the data subject may object to the processing of personal data at any time. The objection in this regard should contain a justification and is subject to the Administrator’s assessment;
    • the right to object to the processing of data for marketing purposes (Article 21(2) GDPR) – the data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;
    • right to withdraw consent (Article 7(3) GDPR) – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out before the withdrawal of that consent;
    • right to complain (Article 77 GDPR)  – if the processing of personal data is deemed to be in violation of GDPR or other data protection laws, the data subject may file a complaint with the supervisory authority – the President of the Office for Personal Data Protection (https://uodo.gov.pl/pl/p/kontakt ).
  2. A request for the exercise of the rights of data subjects can be made:
    • In writing to the Administrator’s registered address;
    • at the e-mail address: iod@wsei.pl
  3. The application will be responded to within one month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant of the reasons for such extension.
  4. The response will be provided to the e-mail address from which the application was sent, and in the case of applications sent by letter, by registered mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in this case, the e-mail address must be provided).

VIII. COOKIES AND SIMILAR TECHNOLOGY

  1. The Website uses cookies.
  2. Cookies are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the Service’s websites. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
  1. The entity placing cookies on the terminal equipment of the Service User and accessing them is the Administrator.
  2. Cookies are used for, among other purposes:
    • creation of statistics, which help to understand how the Users of the Website use the websites;
    • maintaining a session of the website user (after logging in), thanks to which the User does not have to re-enter his/her login and password on each sub-page of the website;
    • determining the profile of the User in order to display him/her customized materials in advertising networks, in particular Google networks.
  3. The Service uses two main types of cookies: “session” (session cookies) and ‘permanent’ (persistent cookies). “Session” cookies are temporary files that are stored on the User’s terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the parameters of the cookies or until they are deleted by the User.
  4. Web browsing software (Internet browser) usually allows the storage of cookies on the User’s terminal device by default. Users of the Website may change their settings in this regard. The Internet browser makes it possible to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the Internet browser.
  5. The Administrator uses the services of third parties, the list of which is constantly changing, and which may use cookies for the following purposes, among others:
    • monitoring traffic on the Administrator’s websites;
    • collecting anonymous, aggregate statistics to understand how Users use the Administrator’s website,
    • controlling how often selected content is shown to users;
    • controlling how often users select a particular service;
    • examining subscriptions to newsletters;
    • using the communication tool;
    • integration with a community portal.
  6. You may manage the cookies used by the Administrator or by any third-party providers by changing your browser settings. For further information, please refer to the COOKIES POLICY document available on the Website.
  7. Restrictions on the use of cookies may affect some of the functionality available on the Website.
  8. The Administrator may use the Google Analytics product to collect statistics. In this case, the data of the User visiting the Website will be received by Google, 1600 Amphitheatre Parkway Mountain View, CA 94043 United States. The User may block Google Analytics access to his/her data by installing a plug-in located at the following web address:  https://tools.google.com/dlpage/gaoptout/
  9. The Administrator encourages you to read the detailed explanations related to the processing of data within Google Analytics, prepared by Google and located at the following web address: https://policies.google.com/privacy?hl=pl.
  10. The Administrator may also use marketing tools available on the Facebook social network belonging to Meta Platforms. Within the framework of these tools, Facebook ads may be targeted. Activities in this regard are carried out based on the Administrator’s legitimate interest in marketing its own products or services (Article 6(1)(a) GDPR).
  11. In order to target ads personalized to the behavior of Users visiting the Website, a Pixel Meta may be implemented on the Website, which automatically collects information about the use of the Website. The information collected in this way may be transmitted to the Facebook social network server in the United States and stored there.
  12. The information collected within the Meta Pixel is anonymous, i.e. it does not identify the User. The Administrator is only informed of what actions the User has taken within its site. However, Meta Platform may combine this information with other information about the User collected through the User’s use of Facebook and use it for its own purposes, including marketing. Such activities of Facebook are no longer under the Administrator’s control, and information about them is described in Facebook’s privacy policy: https: //www.facebook.com/privacy/explanation . From your Facebook account, you can also manage your privacy settings. Meta Platforms is headquartered in the U.S. and uses technical infrastructure located in, among other places, the U.S.

IX. SOCIAL MEDIA

  1. The Administrator processes personal data of Users visiting the Administrator’s profiles maintained on social media (e.g. Facebook, Instagram, YouTube).
  1. This data is processed for the purpose of informing Users about the Administrator’s activities, offering services, as well as for the purpose of communicating with Users through tools available on social media. The legal basis for processing personal data for this purpose is the Administrator’s legitimate interest (Article 6(1)(f) GDPR) in promoting its own brand and services offered, as well as building and maintaining a community associated with the brand. For further information, please see FACEBOOK FANPAGE INFORMATION CLAUSE and  YOUTUBE INFORMATION CLAUSE.
  2. The website contains links to the Administrator’s social media profiles, which have separate privacy policies and the content of which can be accessed by accessing the individual page using the link marked with the appropriate icon.
  3. With respect to any websites linked to the Service that are not owned or controlled by the Administrator, the Administrator assumes no responsibility for their content, nor for the confidentiality protection rules applicable to Users. When displaying a web page containing such a link, the User’s browser will establish a direct connection to the servers of the administrators of the social networks (service providers). The content of the plug-in is transmitted by the respective service provider directly to the User’s browser and integrated into the page. Thanks to this integration, service providers receive information that the User’s browser has displayed the Administrator’s page, even if the User does not have a profile with the given service provider or is not logged in with it. Such information (along with the IP address) is sent by the User’s browser directly to the server of the given service provider (some servers are located in the USA) and stored there. If the User has logged into one of the social networks, this service provider will be able to directly attribute the visit to the Administrator’s site to the User’s profile on the given social network. If the User uses a given plug-in, for example, by clicking on the “Like” or “Share” button, the corresponding information will also be sent directly to the server of the given service provider and stored there. In addition, the information will be published in the given social network and will appear to the people added as contacts of the User. 
  4. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contacting them and the User’s rights in this regard and the possibility of making settings to ensure privacy protection are described in the privacy policies of individual service providers. The Administrator encourages you to familiarize yourself with their content.
  5. If the User does not want social networks to attribute data collected during visits to the Administrator’s website directly to the User’s profile on a particular website, the User should log out of that website before visiting it.
  6. Users can also completely prevent plug-ins from loading on the site by using the appropriate extensions for their browser, such as blocking scripts.

X. WEB SERVER LOGS

  1. Use of the Service’s website involves sending queries to the server on which it is stored. Each query directed to the server is recorded in the server logs.
  2. The logs include, among other things, the User’s IP address, the date and time of the server, information about the Internet browser and the operating system the User is using. Logs are saved and stored on the server.
  3. The data recorded in the server logs are not associated with specific individuals using the site and are not used by the Administrator to identify the User.
  4. Server logs are only support material for managing the Website, and their contents are not disclosed to anyone except those authorized to administer the server.

XI. TRANSFER OF DATA OUTSIDE THE EEA

  1. The Administrator may transfer Users’ personal data to third countries, i.e. countries outside the European Economic Area. Your data may be transferred only to third countries or entities for which an adequate level of data protection has been established by a decision of the European Commission.
  2. The list of countries for which the European Commission has issued a decision confirming that the third country provides an adequate level of protection can be found at the following web address https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#relatedlinks.
  3. In the absence of a decision by the European Commission stating an adequate level of protection as defined in Article 45(3) GDPR, Users’ personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 GDPR).
  4. In the absence of a decision by the European Commission finding an adequate level of protection as defined in Article 45(3) of the GDPR or the absence of adequate safeguards as defined in Article 46 of the GDPR, including binding corporate rules, the Administrator will request the User’s explicit consent to such transfer to a third country or international organization, informing the User in advance of the risks involved in such transfer pursuant to Article 49(1)(a) of the GDPR.
  5. In connection with the transfer of data outside the EEA, Users may request from the Administrator information on the relevant security safeguards in this regard, obtain a copy of these safeguards or information on where they are available.

XII. INFORMATION ON AUTOMATED DECISION-MAKING

  1. As part of the Website, the Administrator may automatically tailor certain content to the User’s needs, i.e. perform profiling, using the personal data provided by the User. This profiling consists primarily in automatic assessment of what products the User may be interested in, based on the User’s past activities on the Internet, including within the Administrator’s websites, and the display of product advertisements profiled in this way.
  2. Profiling, carried out by the Administrator, does not result in decisions that produce negative legal consequences for the User or affect the User in any other significant way.

The current version of the Privacy Policy is effective as of 01.01.2024

Skip to content