As part of our website, we use cookies to provide you with the highest level of service, including services tailored to your individual needs. By continuing to use the website without changing your cookie settings, you agree to the placement of cookies on your device as described in our Privacy Policy. You can change your cookie settings in your web browser at any time. Acceptance of essential cookies is required for the proper functioning of the website. For more detailed information, please refer to our PRIVACY POLICY.

Personal data

Personal data

Personal Data Controller
The controller of the personal data covered by this information is the Łukasiewicz Research Network – ITECH Institute of Innovation and Technology, with its registered office in Warsaw (00-879), at 87 Żelazna Street, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, 13th Commercial Division of the National Court Register, under number 0000098349 (“Controller”). In matters concerning the processing of personal data, you can contact the Controller at the address indicated above or by email at rodo@itech.lukasiewicz.gov.pl.
You can also contact the Data Protection Supervisor designated by the Controller at this address.

This information sets out the principles for the processing of the following personal data by the Controller:
a) personal data of individuals who contact the Controller by telephone, email, or traditional mail regarding any matter, and who are not candidates for employment or cooperation, clients, contractors of the Controller, or their contact persons;
b) personal data of candidates for employment or cooperation with the Controller participating in recruitment processes or submitting applications regardless of the recruitment process;
c) personal data provided to the Controller during meetings and conferences (e.g., in the form of business cards);
d) personal data of employees and individuals representing the Controller’s contractors and clients.
The Administrator collects and processes personal data in connection with its business activities and processes them in accordance with the provisions of the law, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”).

The principles of personal data processing by the Controller in connection with concluded contracts are communicated to data subjects separately when concluding the contract.
Purposes and legal basis for data processing:
1. The personal data of persons who contact the Controller by telephone, email, or traditional correspondence, provided during a telephone conversation or included in such correspondence, and who are not candidates for employment or cooperation, clients, contractors of the Controller, or their contact persons, are processed solely for the purpose of conducting such a conversation or correspondence and resolving the matter that is the subject of the conversation or correspondence, or, respectively, for the purpose of establishing or maintaining cooperation and relationships within the scope of business operations, which constitutes the Controller’s legitimate interest and the legal basis for such processing (Article 6, paragraph 1, letter f, GDPR).
2. The personal data of candidates for employment or collaboration with the Controller participating in recruitment processes or submitting their applications to the Controller, regardless of the recruitment process, are processed for the purpose of conducting the recruitment process, assessing candidates, their abilities and qualifications, and selecting a candidate or candidates for employment or collaboration. If a given candidate provides separate consent, the data will also be processed for the purpose of inviting such candidate to participate in future recruitment processes and conducting such processes with their participation. Detailed information on the processing of personal data of job candidates is provided to candidates during the recruitment process.
3. Personal data provided to the Controller during meetings and conferences (e.g. in the form of business cards) are processed for the purpose of building a network of business and professional contacts and the possibility of staying in touch with the data subject, which constitutes the legitimate interest of the Controller and the legal basis for such processing (Article 6 paragraph 1 letter f of the GDPR).
4. The personal data of employees or persons representing the Controller’s contractors and clients are processed for the purpose of contacting contractors and clients through them in connection with current matters concerning, among other things, the performance of contracts between the Controller and the contractor or client, the implementation of cooperation, receiving and placing orders, and answering inquiries, which constitutes the Controller’s legitimate interest and the legal basis for this processing (Article 6 paragraph 1 letter f of the GDPR), as well as being necessary for the conclusion and implementation of a contract under Article 6 paragraph 1 letter b of the GDPR. 5. The personal data of individuals participating in specific projects implemented by the Controller are processed for the purpose of implementing these projects, which constitutes the Controller’s legitimate interest (Article 6 paragraph 1 letter f of the GDPR), which may also be carried out within the public interest specified in the Łukasiewicz Network Act, in accordance with Article 6 paragraph 1 letter e of the GDPR.

Any consent to the processing of data by the Administrator may be withdrawn at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent.

Recipients of Personal Data
1. Recipients of personal data will only be institutions and bodies authorized to obtain data under applicable law. Furthermore, personal data processed by the Controller may be disclosed to external entities providing services to the Controller based on contracts concluded with it. These may include, among others: entities providing accounting, legal, or IT services, marketing agencies, insurers, couriers, or suppliers of software used by the Controller in its day-to-day operations.
2. Personal data processed by the Controller may, exceptionally, and only to the extent necessary, be transferred to the Controller’s partners processing them outside the European Economic Area, for example, in connection with the provision of IT services to the Controller by these entities, including cloud services. The security of personal data is ensured by appropriate safeguards implemented by the Controller, including standard contractual clauses approved by the European Commission.
3. Decisions will not be made based on automated personal data processing.

Personal Data Processing Period
1. Personal data processed by the Controller in connection with data subjects contacting the Controller by telephone, email, or traditional correspondence on any matter are processed for the duration of the Controller’s legitimate interest, i.e., until the matter to which the telephone conversation or correspondence relates is resolved, or for the duration of the cooperation.
2. Personal data provided to the Controller during meetings and conferences (e.g. in the form of business cards) are processed for the duration of the Controller’s legitimate interest that is the basis for such processing.
3. Personal data of employees and persons representing contractors and clients of the Controller transferred to the Controller are processed for the duration of the Controller’s legitimate interest constituting the basis for such processing (e.g. for the duration of the contract the performance of which involves the processing of such personal data) and then until the expiry of the limitation period for claims related to the contract to which the processing of such data is related.
4. In the case of personal data processed on the basis of consent, the Administrator will also cease processing them if the data subject withdraws the consent to their processing.
5. Personal data processed on the basis of the Controller’s legitimate interest will cease to be processed after the data subject objects to the processing, if permitted by law or if the Controller’s interest does not override the interest of the person expressing the objection.

Rights of data subjects:
1. Data subjects whose personal data are processed by the Controller have the following rights:
a. the right to receive information about the personal data being processed, access to it, and obtain a copy thereof;
b. the right to request rectification of personal data that is inaccurate or incomplete;
c. the right to request deletion of data, e.g., if it is no longer necessary for the purposes for which it was collected or if the data subject withdraws consent to processing;
d. the right to request restriction of processing, e.g., if the accuracy of the data is contested, for a period enabling the Controller to verify its accuracy;
e. the right to object at any time to the processing of data by the Controller pursuant to Article 6(1)(f) or (e) of the GDPR;
f. the right to data portability, i.e., to receive the personal data in a structured, commonly used, and machine-readable format and to request that the personal data be transmitted to another controller, where technically feasible; This right applies only to data processed based on consent or a contract, and only to the extent that such data is processed in a fully automated manner;

Source of personal data:
1. The Controller most often receives personal data directly from the data subject.
2. In the case of certain data subjects, such as employees or individuals representing the Controller’s contractors and clients, personal data was obtained directly from these individuals or from the entities they represent, such as their employers, entities for which they provide services, or with whom they otherwise cooperate. This data most often includes first name, last name, telephone number, email address, position, place of work, and information about the scope of responsibilities or activities performed for the contractor or client.

Information on the voluntary or mandatory provision of data
Providing the personal data referred to in this information is voluntary, however, its provision and processing is necessary to achieve the purposes for which the data is processed. Failure to provide data may result in the Controller being unable to undertake certain actions on behalf of the data subject. Providing personal data processed on the basis of consent is always voluntary, and failure to provide it will not result in any negative consequences.

Changes and Updates to Information
This information is constantly reviewed and updated by the Administrator. Any changes will be published on the Administrator’s website: itech.lukasiewicz.gov.pl

This will close in 0 seconds