I. General information
This Policy has been issued by the International Institute of Molecular and Cell Biology in Warsaw (4 Księcia Trojdena Street, 02-109 Warsaw), and it is addressed to all users (hereinafter: “Users”) of the www.iimcb.gov.pl website (hereinafter: “Website”). The definitions used in this Policy are defined in section XI below.
The Controller of Personal Data is the International Institute of Molecular and Cell Biology in Warsaw. Controller’s contact data have been provided in section X below.
This Policy may be amended or updated from time to time, in order to reflect changes in practices related to the Processing of Personal Data by the Controller or changes in the generally applicable laws. Please, read this Policy carefully and consult it regularly from time to time in order to verify changes that may be introduced by the Controller in line with the provisions hereof.
II. Processing of Personal Data of Users
Acquisition of Personal Data: The Controller may from time to time collect Personal Data of Users, such as: given name and surname, address and contact data, including email address and phone number, as well as job position and the data of the company. The Controller may collect Personal Data of Users, in particular, in the event of acquiring Users or asking Users to provide their Personal Data during visits on the Controller’s websites or when they use any functionalities or resources accessible through the Website. Every time Users visit the Website, User’s devices and browsers may automatically provide certain information (such as the type of device, type of browser, browser settings, IP address, language settings, dates and times of connecting to the Website and other technical information concerning communication), where some of that information may represent Personal Data. During the visit at the Website no User’s Personal Data will be stored by the Controller without prior explicit consent of the User. However, temporary storage of journal and cookie files will facilitate the use of our Website. For that reason Users are asked to consent to that on our Website. The consent is entirely optional and has no impact on the possibility to use the Website. In some cases when the consent is denied, the possibility to use our Website may be reduced to some degree.
The legal basis for Personal Data Processing: When performing the Processing of Personal Data of Users for the purposes indicated in this Policy, the Controller may refer to one or more of the following legal grounds, depending on the circumstances:
• Processing takes place on the basis of prior voluntary, specific, informed and unequivocal consent provided by the User, allowing the Processing;
• Processing is necessary for the performance of a contract the User entered into or intends to enter into with the Controller;
• Processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject;
• Processing of Personal Data is necessary for the protection of vital interests of the Data Subject (a physical person);
• Processing of Personal Data is necessary for the purpose of managing, carrying out and promoting the business of the Controller and it causes no harm to the interests nor fundamental rights and freedoms of the User.
Purposes of Personal Data Processing: The Controller may process the Personal Data of the Users for the following purposes:
• The Controller’s Website: maintenance and management of our Website, presenting its content, publishing advertisements and other promotional and marketing information; communication and contacts with customers and suppliers, as well as with potential employees and collaborators through our Website.
• Offering to Users products and services of the Controller: presentation of our Website and other services; delivery of promotional materials at the request of Users; communication related to the Controller’s services.
• Marketing communication: any presentation by whatever means (including e-mail, phone, text message, social media, mail and personal contact) of news and other information that may be of interest to Users, including the distribution of a newsletter and other commercial information, after obtaining from Users prior consent for sending the information in appropriate way, based on generally applicable regulations of law.
• Communication and IT operations: managing communication systems, actions for the purposes of IT security and IT security audits.
• Finance management: sales, finance, audit and sales management.
• Research: engaging Users in order to obtain information concerning Users’ opinions about Controller’s products and services.
• Improving our products and services: identification of problems with existing products and services; planning for improvements to existing products and services and development of new products and services.
III. Making Personal Data available to third parties
The Controller may make the Personal Data of the Users available to:
• Administration authorities or courts, at their request, in order to provide information on the actual or suspected violations of the applicable law;
• Any entity, enforcement authority or court, to the extent necessary for the establishment, exercise or defence of legal claims;
• Any entity competent for the prevention, investigation, detection or prosecution of criminal offences or undertaking penal measures, including safeguarding against and preventing threats to public security.
At the moment we use the links to the following social media: Facebook and YouTube.
If we engage a third party to whom we will outsource the processing of Personal Data of Users then, in accordance with the data processing outsourcing agreement entered into with that entity (the Processor), the processor will be obligated to: (i) process only the Personal Data indicated in Controller’s prior written requests; and (ii) use all measures of protecting confidentiality and safety of Personal Data and ensure compliance with all other requirements of the generally applicable law.
IV. International transfer of Personal Data
At the present time the Controller does not and does not intend to transfer any Personal Data to third countries outside the European Union nor to international organizations. Should such necessity arise, this policy will be amended and the transfer of Personal Data of Users will only be possible under standard contract clauses the Controller will implement before making any transfer of the Personal Data of this kind. Should that be the case, Users will have the right to request copies of standard contractual provisions implemented by the Controller, using the contact data indicated in section X below.
V. Data Protection
The Controller informs that they have implemented appropriate technical and organizational protection measures in order to protect the Personal Data, including, specifically, protection against accidental or unlawful destruction, loss, change, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with the applicable law.
The Controller bears no responsibility for the actions or omissions of Users. The Users are responsible for ensuring that all Personal Data are send to the Controller in a safe manner.
VI. Accuracy of Data
The Controller takes all adequate measures to make sure that:
• The Personal Data of the Users, being processed by the Controller, are accurate and, if need be, up-to-date; and
• All Personal Data of Users which are Processed by the Controller and which contain errors (from the point of view of the purpose of their Processing) shall be removed or rectified without undue delay.
Administrator may, at any time, ask the Users about the accuracy of the Personal Data Processed.
VII. Minimization of the scope of Data
The Controller shall take all adequate measures to make sure that the scope of the Personal Data they Process is limited to the Personal Data adequately required for the purposes indicated in this Policy.
VIII. Rights of the Users
Pursuant to the provisions of the General Regulation on the Protection of Personal Data, Users shall have the following rights concerning their Personal Data that are being Processed by the Controller:
• right of access to Personal Data;
• right to rectification of Personal Data;
• right to erasure of Personal Data;
• right to restriction of Personal Data Processing;
• right to Personal Data portability;
• right to object to Personal Data Processing;
• right to be excluded from automated individual decision-making;
If the Processing of Personal Data takes place on the basis of consent expressed by the Users, the users shall have the right to withdraw consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal,
In the case of any irregularities in the Processing of your Personal Data, Users shall have the right to lodge a complaint to the supervisory authority, i.e. to the President of the Office of the Personal Data Protection [PUODO].
The aforementioned shall be without prejudice to the rights of the Users that arise under acts of Parliament or other generally applicable laws.
To exercise one of more of your rights or to inquire about these rights or any other provisions of this Policy or about Personal Data Processing, please contact us at the address indicated in section X below.
X. Contact Data
Should you have any questions, doubts or comments concerning the information provided in this Policy or other issues related to the Processing by the Controller of the Personal Data of Users, including the exercise of rights specified in section IX hereof, please contact:
International Institute of Molecular and Cell Biology in Warsaw
4 Księcia Trojdena Street
The Data Protection Officer:
Ms. Karolina Sybilska
• The Controller means the entity which decides how and for what purposes Personal Data are Processed. The Controller is the party responsible for the compliance of Processing with the existing Data Protection laws.
• Personal Data mean any information concerning any identified natural person or a natural person who is possible to be identified. Examples of Personal Data that may be Processed by the Controller have been mentioned in section II above.
• Process, Processing or Processed means all and any actions related to Personal Data, whether carried out by automated means or not, such as: collecting, recording, organising, structuring, storing, adapting or amending, retrieving, consulting, using, making available through transmission, broadcasting or making
available in any other way, ordering or combining, restricting, deleting or erasure.
• Processor means any person or entity which Processes Personal Data on behalf of the Controller (other than the Controller’s employee).