Privacy Policy

PRIVACY POLICY

 

This Privacy Policy sets out the rules for processing personal data obtained via the website www.brainingproject.com (hereinafter referred to as the “Website”).

 

The owner of the Website and the data controller is Jagiellonian University, based in Kraków (31-007), ul. Gołębia 24, with VAT number NIP: 6750002236, REGON: 000001270, hereinafter referred to as the UNIVERSITY.

 

The personal data collected by the UNIVERSITY through the Website is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

 

The UNIVERSITY pays special attention to respecting the privacy of Users visiting the Website.

 

1. Type of data processed, purposes and legal basis

 

The UNIVERSITY collects information concerning natural persons performing legal transactions not directly related to their business activities, natural persons conducting business or professional activities on their own behalf, and natural persons representing legal persons or organizational units without legal personality, who are granted legal capacity by law, hereinafter collectively referred to as Users.

 

Personal data of Users is collected in the following cases:

 

  • using the contact form service on the Website to perform an electronically provided service. Legal basis: necessity for the performance of a contract for the provision of the contact form service (Article 6(1)(b) GDPR);
  • using the registration form service on the Website to perform an electronically provided service. Legal basis: necessity for the performance of a contract for the provision of the contact form service (Article 6(1)(b) GDPR);

 

In the case of using the above services, the User provides the following data:

 

  • email address;
  • full name;
  • citizenship (optional).

 

Information on citizenship is collected on the basis of consent (Article 6 (1) (a) of the GDPR) and may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

During the use of the Website, additional information may be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and type of operating system.

 

Navigation data may also be collected from Users, including information about links and references they decide to click or other activities taken on the Website. Legal basis: legitimate interest (Article 6(1)(f) GDPR), consisting in facilitating the use of electronically provided services and improving the functionality of these services.

 

For the purpose of determining, pursuing, and enforcing claims, some personal data provided by the User in connection with the use of functionalities on the Website such as: name, surname, data regarding the use of services, if the claims result from the manner in which the User uses the services, other data necessary to prove the existence of a claim, including the extent of the damage suffered. Legal basis: legitimate interest (Article 6(1)(f) GDPR), consisting in establishing, pursuing, and enforcing claims and defending against claims in proceedings before courts and other state authorities.

 

Providing personal data to the UNIVERSITY is voluntary.

 

2. To whom data is disclosed or entrusted and for how long it is stored

 

The User’s personal data is transferred to service providers used by the UNIVERSITY in operating the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the UNIVERSITY’s instructions as to the purposes and means of data processing (processors) or define the purposes and means of processing on their own (controllers).

 

Processors. The UNIVERSITY uses providers who process personal data solely on the UNIVERSITY’s instruction. These include, among others, providers offering hosting services, accounting services, marketing system providers, systems for traffic analysis on the Website, systems for analyzing the effectiveness of marketing campaigns;

 

Controllers. The UNIVERSITY uses providers who do not act solely on instruction and set the purposes and means of using Users’ personal data on their own.

 

Location. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA). Some of the providers are based outside the EEA. In connection with the transfer of data outside the EEA, the UNIVERSITY has ensured that the providers guarantee a high level of personal data protection and apply appropriate safeguards for data transfer in accordance with GDPR.

 

Users’ personal data is stored:

 

If the basis for data processing is consent, the User’s personal data is processed by the UNIVERSITY until the consent is withdrawn, and after the withdrawal of consent, for a period corresponding to the limitation period for claims that the UNIVERSITY may raise and that may be raised against it. Unless a special provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.

 

Navigation data may be used to provide Users with better service, analyze statistical data, adjust the Website to User preferences, and administer the Website.

 

At the request of the UNIVERSITY, personal data may be disclosed to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

 

3. Cookies mechanism, IP address

 

The Website uses small files called cookies. They are saved by the UNIVERSITY on the device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain it originates from, its “expiry time,” and an individual, randomly selected number identifying this file. The information collected using files of this type helps to adjust the products offered by the UNIVERSITY to the individual preferences and actual needs of people visiting the Website. They also provide the opportunity to compile general statistics of visits to the presented products on the Website.

 

The UNIVERSITY uses two types of cookies:

 

  • Session cookies: after the end of a session of a given browser or turning off the computer, the saved information is deleted from the device memory. The mechanism of session cookies does not allow for the collection of any personal data or any confidential information from the Users’ computers.
  • Persistent cookies: they are stored in the memory of the User’s device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow for the collection of any personal data or any confidential information from the User’s computer.

 

The UNIVERSITY uses its own cookies for:

 

  • User authentication in the Website and ensuring the User’s session on the Website (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
  • analyses, research, and audience audit, in particular, to create anonymous statistics that help to understand how Users use the Website, which allows for improving its structure and content.

 

The UNIVERSITY uses external cookies for:

 

  • presenting on the Website pages a map indicating the location of the UNIVERSITY office via the maps.google.com website (administrator of external cookies: Google Inc based in the USA);
  • collecting general and anonymous static data via analytical tools, such as Google Analytics (administrator of external cookies: Google Inc based in Ireland);
  • promoting the Website using the Instagram.com social networking service (administrator of external cookies: Instagram LLC based in the USA);
  • presenting multimedia content on the Website, which is downloaded from external www.youtube.com or vimeo.com services (administrator of external cookies: Google Inc based in the USA);

 

The cookies mechanism is safe for the computers of the Website Users. In particular, it is not possible for viruses or other unwanted or malicious software to infiltrate Users’ computers this way. However, Users have the option to limit or disable cookies access to their computers in their browsers. In case of using this option, the use of the Website will be possible, except for functions which, by their nature, require cookies.

 

Below are instructions for changing settings in popular web browsers regarding the use of cookies:

 

Chrome i Chrome Mobile;

Facebook in-app Browser;

Internet Explorer;

Microsoft EDGE;

Mozilla Firefox;

Opera;

Safari i Safari Mobile;

Samsung Browser.

 

The UNIVERSITY may collect IP addresses of Users. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e., it changes with each connection to the Internet. The IP address is used by the UNIVERSITY to diagnose technical problems with the server, create statistical analyses (e.g., determining from which regions we have the most visits), as information useful in managing and improving the Website, as well as for security purposes and possible identification of unwanted automatic programs for viewing Website content.

 

The Website contains links and references to other websites. The UNIVERSITY is not responsible for the privacy policies applicable to them.

 

4. Rights of Data Subjects

 

Right to withdraw consent – legal basis: Article 7(3) GDPR.

 

The User has the right to withdraw any consent given to the UNIVERSITY.

 

The withdrawal of consent takes effect from the moment of withdrawal.

 

The withdrawal of consent does not affect the processing carried out by the UNIVERSITY in accordance with the law before its withdrawal.

 

The withdrawal of consent does not entail any negative consequences for the User, but it may prevent further use of services or functionalities that the UNIVERSITY can legally provide only with consent.

 

Right to object to data processing – legal basis: Article 21 GDPR.

 

The User has the right, at any time, to object – for reasons related to their particular situation – to the processing of their personal data, including profiling, if the UNIVERSITY processes their data based on a legitimate interest, e.g., marketing of the UNIVERSITY’s products and services, statistics on the use of specific functionalities of the Website, or user satisfaction surveys.

 

An email-based opt-out from receiving marketing communications regarding products or services will be considered an objection to the processing of personal data, including profiling, for these purposes.

 

If the User’s objection is justified and the UNIVERSITY has no other legal basis for processing personal data, the User’s personal data will be deleted in relation to which the User has objected.

 

Right to data deletion (“right to be forgotten”) – legal basis: Article 17 GDPR.

 

The User has the right to request the deletion of all or some personal data.

 

The User has the right to request the deletion of personal data if:

 

  • the personal data is no longer necessary for the purposes for which it was collected or processed;
  • they have withdrawn specific consent, to the extent that the personal data was processed based on their consent;
  • they have objected to the use of their data for marketing purposes;
  • the personal data is being processed unlawfully;
  • the personal data must be deleted to fulfill a legal obligation under Union law or the law of a Member State to which the UNIVERSITY is subject;
  • the personal data has been collected in connection with the offering of information society services.

 

Despite the request for deletion of personal data, in connection with an objection or withdrawal of consent, the UNIVERSITY may retain certain personal data to the extent that processing is necessary to establish, pursue, or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the UNIVERSITY is subject. This particularly applies to personal data including: name, surname, email address, which is retained for the purpose of handling complaints and claims related to the use of the UNIVERSITY’s services.

 

Right to restrict data processing – legal basis: Article 18 GDPR.

 

The User has the right to request the restriction of the processing of their personal data. Submission of a request prevents the use of specific functionalities or services, the use of which involves the processing of the data covered by the request, until the request is resolved. The UNIVERSITY will not send any communications, including marketing ones.

 

The User has the right to request the restriction of the use of personal data in the following cases:

 

  • when they question the accuracy of their personal data – in which case the UNIVERSITY limits its use for the time needed to verify the accuracy of the data, no longer than 7 days;
  • when data processing is unlawful, and instead of deleting the data, the User requests the restriction of its use;
  • when the personal data is no longer necessary for the purposes for which it was collected or used, but it is needed by the User to establish, pursue, or defend claims;
  • when they have objected to the use of their data – in which case the restriction applies for the time needed to consider whether, due to the User’s particular situation, the protection of the User’s interests, rights, and freedoms overrides the interests pursued by the Administrator by processing the User’s personal data.

 

Right to access data – legal basis: Article 15 GDPR.

 

The User has the right to obtain from the Administrator confirmation of whether their personal data is being processed, and if so, the User has the right to:

 

  • access their personal data;
  • obtain information on the purposes of processing, categories of processed personal data, recipients or categories of recipients of the data, planned storage period of the User’s data or criteria for determining this period (if specifying the planned processing period is not possible), rights granted to the User under GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and safeguards applied in connection with data transfer outside the European Union;
  • receive a copy of their personal data.

 

Right to data rectification – legal basis: Article 16 GDPR.

 

The User has the right to request the Administrator to promptly rectify their incorrect personal data. Considering the purposes of processing, the User, whose data relates to them, has the right to request the completion of incomplete personal data, including by submitting an additional statement, by sending a request to the email address as per §6 of the Privacy Policy.

 

Right to data portability – legal basis: Article 20 GDPR.

 

The User has the right to receive their personal data, which they provided to the Administrator, and then transmit it to another personal data administrator chosen by them. The User also has the right to request that personal data be sent by the Administrator directly to such an administrator, if technically feasible. In this case, the Administrator will send the User’s personal data in a csv file format, which is a commonly used, machine-readable format, allowing the data to be transferred to another data administrator.

 

If the User exercises any rights arising from the above-mentioned rights, the UNIVERSITY will comply with the request or refuse it immediately, but no later than within one month of receiving it. However, if – due to the complexity of the request or the number of requests – the UNIVERSITY is unable to fulfill the request within one month, it will fulfill it within the next two months, informing the User in advance within one month of receiving the request – of the intended extension of the deadline and the reasons for it.

 

The User may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights, e.g., to the email address iod@uj.edu.pl or the correspondence address: Jagiellonian University, ul. Gołębia 24, 31-007 Kraków, with the note Data Protection Officer.

 

The User has the right to request the UNIVERSITY to provide a copy of the standard contractual clauses by directing a query in the manner indicated in §6 of the Privacy Policy.

 

The User has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of their personal data protection rights or other rights granted under GDPR.

 

5. Security Management – Password

 

The UNIVERSITY provides Users with a secure and encrypted connection during the transmission of personal data and during logging into the User Account on the Website.

 

The UNIVERSITY uses an SSL certificate issued by one of the leading global companies in the field of data transmission security and encryption.

 

The UNIVERSITY never sends any correspondence, including electronic correspondence, requesting login data, especially the User’s account password.

 

6. Changes to the Privacy Policy

 

The Privacy Policy may change, and the UNIVERSITY will inform Users 7 days in advance.

 

Questions related to the Privacy Policy should be directed to: iod@uj.edu.pl

 

Date of last modification: November 18, 2024

Let's connect