Please read our Polityka prywatności
May 25, 2018, new data protection regulations will come into force.
These rules are set in Regulation (EU) 2016/679 of the European
Parliament and of theEuropean Council of 27 April 2016 on the
protection of individuals with regard to the processing of personal
data and on the free movement of such data and repealing Directive
95/46/EC (known as the R0DO - Personal Data Protection Regulation or
GDPR - General Data Protection Regulation). This Regulation
introduces a uniform law on personal data protection in all Member
States of the European Union and thus also in Poland.
The new regulations are to increase the personal data protection of data subjects through, among others:
The right to be forgotten - in a situation in which a person does not want his/her data to be processed and there is no basis for such processing. As the European Commission points out, this tool is supposed to protect the privacy of individuals, not necessarily allow for removing information from the past or restricting press freedom.
Easier access to data - data subjects will have access to a wider range of information about the processing of their data and this information should be available in a clear and understandable form. In addition, the right to data portability is to allow data subjects to transfer data between Internet service providers.
Data breach notification obligation - Controllers are required to notify the supervisory authority and, where appropriate, the data subject of a data breach.
Need to implement data protection mechanisms in the design phase and data protection by default - this means, for example, that the protection of personal data is to be taken into account already at the stage of the creation of an online service and that default data protection settings ensuring the minimization of processed data should become the standard, for example on social networking sites.
Stronger children's rights protection - according to the regulation, children's personal data deserve special protection because they may be less aware of the risks, consequences, guarantees and their rights in relation to the processing of personal data. In the context of information society services offered directly to children, the Regulation provides that the consent to the processing of data of a child under the age of 16 must be given or approved by the person having parental authority or custody of the child and only to the extent of the consent. It is also worth noting that Member States may lower the age limit indicated above and set a lower limit, which must be at least 13 years old.
Better compliance with the applicable regulations - the Polish data protection authority will be able to impose administrative fines of up to €20 million or up to 4% of total annual global turnover.
The administrator of personal data processed at Czestochowa University of Technology is Czestochowa University of Technology, represented by his Magnificence Rector, with its registered office in ul. Dabrowskiego 69, 42-201 Czestochowa
Processing of personal data is compliant with the legal requirements when:
the data subject has given consent to the processing of his/her personal data for one or more specific purposes;
processing is necessary to perform a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
processing is necessary to fulfil the legal obligation to which the administrator is subject;
processing is necessary for the protection of the vital interests of the data subject or of other natural persons;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the administrator;
processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular when the data subject is a child.
Any processing of personal data undertaken at Czestochowa University of Technology is related to:
educational activity (student enrolment, educating students of 1st, 2nd and 3rd cycle studies, training of academic staff),
human resources management,
scientific and research activities,
financial and accounting services,
other areas (e.g. library, promotional activity, correspondence, etc.).
Personal data processed at Czestochowa University of Technology is that of:
employees and their families,
persons with whom civil law contracts are concluded,
candidates for studies, work, etc.,
students (all cycles),
Main Library users
persons from outside the University conducting proceedings at the University for obtaining the academic degree of doctor or habilitated doctor,
persons from outside the University conducting proceedings at the University for obtaining the academic title of professor,
participants in postgraduate studies, courses and trainings,
persons awarded an honorary doctorate or other degrees and honorary titles by the University.
foreigners undertaking studies and participating in scientific research,
participants in competition procedures,
participants in conferences, projects, seminars,
former university staff.