Main page > Privacy Policy

Privacy Policy

  1. This Privacy Policy sets forth the rules for the processing of personal data obtained through the www.seeephi.eu website and all subdomains listed on www.seeephi.eu (hereinafter referred to as the “Website”).
  2. The owner of the Website and, at the same time, the data administrator is JAGIELLONIAN UNIVERSITY with its registered office in Kraków (31-007), 24 Gołębia Street, having NIP number: 6750002236, REGON: 000001270, hereinafter referred to as “UNIVERSITY”.
  3. Personal data collected by UNIVERSITY through the Website shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
  4. UNIVERSITY shall take special care to respect the privacy of Users visiting the Website

§ 1 Type of data processed, purposes, and legal basis

  1. UNIVERSITY collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their behalf, and natural persons representing legal persons or organizational units that are not legal persons, which are granted legal capacity by the law, hereinafter collectively referred to as Users.
  2. Users’ personal data are collected in the following case:
    • a. use of the contact form service on the Website to perform the contract provided electronically. Legal basis: necessary to perform the contract for the provision of the contact form service (Article 6(1)(b) GDPR);
    • b. use of the Student service on the Website to perform the contract provided electronically. Legal basis: necessary to perform the contract for the service of the Search for an Employee form (Article 6(1)(b) GDPR);
    • c. use of the PH Professional service on the Website to perform the contract provided electronically. Legal basis: necessary for the performance of the contract for the service of the Search for an Employee form (Article 6(1)(b) GDPR);
    • d. use of the Program Directors/ Universities service on the Website to perform the contract provided electronically. Legal basis: necessary for the performance of the contract for the service of the Employee Search form (Article 6(1)(b) GDPR);
    • e. use of the Institutions/Employers service on the Website to perform a contract provided electronically. Legal basis: necessary for the performance of the contract for the service of the Search for an Employee form (Article 6(1)(b) of the GDPR);
  3. When using the contact form service, the User shall provide the following data:
    • a. email address;
    • b. first name.
  4. When using the Student service, the User shall provide the following data:
    • a. email address;
    • b. first and last name;
    • c. date of birth;
    • d. country of residence;
    • e. name of the school/university in which user is studying/studied;
    • f. name of degree programme and year of graduation;
    • g. name, the email address of the director of the degree programme (if the programme is not listed).
  5. When using the PH Professional service, the User shall provide the following data:
    • a. email address;
    • b. first and last name;
    • c. date of birth;
    • d. country of residence;
    • e. name of the school/university in which he/she is studying/studied;
    • f. name of degree programme and year of graduation;
    • g. name, the e-mail address of the director of the degree programme (if the programme is not listed);
    • h. the name of the employer (possibility of more than one), job positions, and competencies of the position.
  6. When using the Program Directors/ Universities service, the User shall provide the following data:
    • a. email address;
    • b. first and last name;
    • c. the name of the school/university;
    • d. URL of the school/university’s website;
    • e. Name of the coordinated degree programme, duration, and competencies acquired in the course;
    • f. name, year, URL, telephone number, description, and competencies to be disposed of in the course.
  7. When using the Institutions/Employers service, the User shall provide the following data:
    • a. email address;
    • b. name of the institution;
    • c. the URL of the institution’s website;
    • d. city of residence;
    • e. job title and required competencies;
    • f. name, description, required competencies, location of the job offer, email address, and phone number.
  8. When using the Website of the Service, additional information may be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, and type of operating system.
  9. Navigation data may also be collected from Users, including information about the links and references they choose to click on or other actions taken on the Website. Legal basis – a legitimate interest (Article 6(1)(f) GDPR) to facilitate the use of electronically provided services and to improve the functionality of such services.
  10. To establish, investigate, and enforce claims, certain personal data provided by the User as part of the use of functionality on the Website may be processed, such as name, surname, and data on the use of services, if the claims arise from the way the User uses the services, and other data necessary to prove the existence of the claim, including the extent of the damage, suffered. Legal basis – a legitimate interest (Article 6(1)(f) of the GDPR), consisting in the establishment, investigation, and enforcement of claims and defense against claims in proceedings before courts and other state authorities.
  11. Submission of personal data to UNIVERSITY is voluntary.

§ 2 To who are the data shared or entrusted and how long are they stored?

  1. The User’s personal data are transferred to the service providers used by UNIVERSITY in the operation of the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to UNIVERSITY’s instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).
    • a. Processors. UNIVERSITY uses vendors who process personal data only in UNIVERSITY’s direction. These include, but are not limited to, providers of hosting services, accounting services, providers of marketing systems, systems for analyzing Website traffic, systems for analyzing the effectiveness of marketing campaigns;
    • b. Administrators. UNIVERSITY uses providers that do not act solely on instructions and determine for themselves the purposes and uses of Users’ personal data.
  2. Location. The Providers are primarily based in Poland and other countries in the European Economic Area (EEA). Some of the providers are located outside the EEA. In connection with the transfer of data outside the EEA, the Administrator has ensured that the providers provide guarantees of a high level of protection of personal data and applies to them appropriate security measures for the transfer of data in accordance with the findings of the GDPR.
  3. User personal data is stored:
    • a. If the basis for the processing of personal data is consent, then the User’s personal data shall be processed by UNIVERSITY for as long as the consent is not revoked, and after revocation of the consent for a period of time corresponding to the period of limitation of claims that UNIVERSITY may raise and that may be raised against it. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
    • b. If the basis of data processing is the performance of a contract, then the User’s personal data shall be processed by the UNIVERSITY for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a specific provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
  4. Navigation data may be used to provide Users with better service, analyze statistical data and customize the Website to Users’ preferences, as well as administer the Website.
  5. If a request is made, UNIVERSITY shall make personal data available to authorized state authorities, in particular, organizational units of the Prosecutor’s Office, the Police, the President of the Office of Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Mechanism of cookies, IP address

  1. The Website uses small files, called cookies. These are stored by UNIVERSITY on the end device of a visitor to the Website, if the Internet browser allows it. A cookie usually contains the name of the domain from which it originated, its “expiration time” and an individual random number identifying the cookie. The information collected through cookies of this type helps tailor the products offered by UNIVERSITY to the individual preferences and actual needs of visitors to the Website. They also give the possibility to develop general statistics of visits to the presented products on the Website.
  2. UNIVERSITY uses two types of cookies:
    • a. Session cookies: when the session of a particular browser ends or the computer is turned off, the stored information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from Users’ computers.
    • b. Persistent cookies: they are stored in the memory of the User’s terminal device and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or any confidential information to be collected from the Users’ computer.
  3. UNIVERSITY uses proprietary cookies for:
    • a. authentication of the User on the Website and providing the User’s session on the Website (after logging in), thanks to which the User does not have to re-enter his/her login and password on each sub-page of the Website;
    • b. analysis and research, as well as audience auditing, and in particular to create anonymous statistics that help to understand how Users use the Website of the Service, which allows to improve its structure and content.
  4. UNIVERSITY uses external cookies for:
    • a. presentation on the Service’s information pages of a map indicating the location of the UNIVERSITY office, by means of the maps.google.com website (external cookie administrator: Google Inc. based in the USA);
    • b. popularization of the Service with the help of Instagram (administrator of external cookies: Instagram LLC.based in the USA);
    • c. popularization of the Service by means of the social network Facebook.com (external cookie administrator: Facebook Inc with its registered office in the USA or Facebook Ireland with its registered office in Ireland);
  5. The mechanism of cookies is safe for the computers of Users of the Website. In particular, by this means it is not possible for viruses or other unwanted software or malware to enter the Users’ computers. However, in their browsers, Users have the option to limit or disable access of cookies to their computers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookies.
  6. Here’s how you can change the settings of popular web browsers regarding the use of cookies:
    • a. Chrome and Chrome Mobile browser;
    • b. Facebook in-app Browser;
    • c. Internet Explorer browser;
    • d. Microsoft EDGE browser;
    • e. Mozilla Firefox browser;
    • f. Opera browser;
    • g. Safari and Safari Mobile browser;
    • h. Samsung Browser.
  7. UNIVERSITY may collect IP addresses of Users. An IP address is a number assigned to the computer of a person visiting the Website by an Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes each time you connect to the Internet. The IP address is used by UNIVERSITY to diagnose technical problems with the server, to create statistical analysis (e.g. determining from which regions we record the most visits), as information useful for administration and improvement of the Website, as well as for security purposes and possible identification of unwanted automatic browsing programs overloading the server.
  8. The Website contains links and references to other websites. UNIVERSITY is not responsible for the privacy policies on them.

§ 4 Rights of data subjects

  1. The right to withdraw consent – legal basis: Article 7(3) of the GDPR.
    • a. You have the right to revoke any consent you have given to UNIVERSITY.
    • b. Withdrawal of consent has effect from the moment of withdrawal of consent.
    • c. Withdrawal of consent shall not affect the processing performed by the UNIVERSITY in accordance with the law before its withdrawal.
    • d. Withdrawal of consent does not entail any negative consequences for the User, but may prevent further use of services or functionalities that UNIVERSITY can legally provide only with consent.
  2. The right to object to the processing of data – legal basis: Article 21 GDPR.
    • a. The user has the right to object at any time – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if UNIVERSITY processes his/her data based on a legitimate interest, such as marketing UNIVERSITY products and services, keeping statistics on the use of particular functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
    • b. Opting out in the form of an e-mail from receiving marketing communications regarding products or services will imply the User’s objection to the processing of his/her personal data, including profiling for these purposes.
    • c. If the User’s objection proves to be valid and the UNIVERSITY has no other legal basis for processing personal data, the User’s personal data will be deleted, against the processing of which, the User has objected.
  3. The right to erasure of data (“right to be forgotten”) – legal basis: article 17 of the GDPR.
    • a. You have the right to request the deletion of all or some of your personal data.
    • b. You have the right to request deletion of your personal data if:
      • i. Personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
      • ii. has withdrawn specific consent, to the extent that personal data was processed based on his or her consent;
      • iii. has objected to the use of his/her data for marketing purposes;
      • iv. personal data is processed illegally;
      • v. personal data must be deleted in order to comply with a legal obligation provided for in the law of the Union or the law of the Member State to which the UNIVERSITY is subject;
      • vi. personal data was collected in connection with offering information society services.
    • c. Despite the request for deletion of personal data, due to the filing of an objection or withdrawal of consent, UNIVERSITY may retain certain personal data to the extent that the processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which UNIVERSITY is subject. This applies in particular to personal data including: first name, last name, e-mail address, which data are retained for the purpose of processing complaints and claims related to the use of UNIVERSITY’s services, or, additionally, residence address/correspondence address, order number, which data are retained for the purpose of processing complaints and claims related to concluded sales contracts or provision of services.
  4. The right to restrict data processing – legal basis: article 18 GDPR.
    • a. You have the right to request restriction of the processing of your personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The UNIVERSITY will also not send any communications, including marketing communications.
    • b. You have the right to request a restriction on the use of your personal data in the following cases:
      • i. when he or she questions the accuracy of his or her personal data, in which case the UNIVERSITY shall restrict its use for the time necessary to verify the accuracy of the data, but no longer than for 7 days;
      • ii. when the processing of the data is unlawful, and instead of deleting the data, the User requests the restriction of its use;
      • iii. when the personal data is no longer necessary for the purposes for which it was collected or used but is needed by the User to establish, assert or defend claims;
      • iv. when he or she has objected to the use of his or her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the interests, rights and freedoms of the User outweighs the interests pursued by the Administrator in processing the User’s personal data.
  5. The right of access to data – legal basis: article 15 GDPR.
    • You have the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if it is, you have the right:
      • i. gain access to your personal information;
      • ii. obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the User’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the User’s rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
      • iii. obtain a copy of your personal data.
  6. The right to rectify data – legal basis: article 16 of GDPR.
    • The User has the right to request from the Administrator the immediate rectification of personal data concerning him/her that is incorrect. Taking into account the purposes of the processing, the User to whom the data pertains has the right to request the completion of incomplete personal data, including by providing an additional statement, by addressing the request to the e-mail address in accordance with §6 of the Privacy Policy.
  7. The right to data portability – legal basis: article 20 GDPR.
    • You have the right to receive your personal data that you have provided to the Administrator and then send it to another personal data controller of your choice. The User also has the right to request that the personal data be sent by the Administrator directly to such an administrator, if technically possible. In such a case, the Administrator will send the User’s personal data in the form of a file in csv format, which is a commonly used, machine-readable format that allows sending the received data to another personal data controller.
  8. In a situation where the User has asserted an entitlement under the above rights, UNIVERSITY shall either fulfill the request or refuse to do so immediately, but no later than within one month after receiving the request. However, if – due to the complicated nature of the request or the number of requests – UNIVERSITY is not able to fulfill the request within one month, it will fulfill it within another two months informing the User in advance – within one month of receiving the request – of the intended extension of the deadline and the reasons for it.
  9. The User may report complaints, inquiries and requests to the Administrator regarding the processing of his/her personal data and the exercise of his/her rights, e.g. to the e-mail address iod@uj.edu.pl or to the mailing address: Jagiellonian University, 24 Gołębia St., 31-007 Kraków with the annotation Data Protection Inspector.
  10. You have the right to request that UNIVERSITY provide you with a copy of the standard contractual clauses by directing your request in the manner indicated in §6 of the Privacy Policy.
  11. You have the right to lodge a complaint with the President of the Office for Personal Data Protection, with respect to violation of your data protection rights or other rights granted under the GDPR.

§ 5 Security management – password

  1. UNIVERSITY shall provide Users with a secure and encrypted connection when transmitting personal data and when logging into the User’s Account on the Website. UNIVERSITY uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted over the Internet.
  2. UNIVERSITY shall never send any correspondence, including electronic correspondence, requesting login credentials, in particular the password to access the User’s account.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy is subject to change, of which UNIVERSITY will inform Users 7 days in advance.
  2. Questions related to the Privacy Policy should be directed to: iod@uj.edu.pl