Institute of Geodesy and Cartography
Facebook-f Linkedin-in Youtube

Privacy Policy

Homepage
Privacy Policy

Thank you for your interest in our services.

We make every effort to protect the personal data we collect in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as ‘GDPR’) (OJ EU L 119 of 04.05.2016) and national regulations.

We are making this Privacy Policy available so that every person with whom we enter into a relationship knows who is the controller of their personal data, to what extent, for what purposes and on what legal basis we process the data and to whom we disclose it, as well as what rights they have in relation to the processing of the data.

PERSONAL DATA CONTROLLER AND DATA PROTECTION OFFICER

The Website Operator and Personal Data Controller is the Institute of Geodesy and Cartography, with its registered office in Warsaw (02-657) at ul. Modzelewskiego 27, NIP: 5250009476.

The Administrator can be contacted:

  • by post, at the above correspondence address,
  • by phone: +48 22 329 19 00,
  • by e-mail: igik@igik.edu.pl and ePUAP mailbox: /IGiK/SkrytkaESP.

The Administrator has appointed a Data Protection Officer – Mr Paweł Maliszewski, who can be contacted in matters relating to the processing of personal data via e-mail: iod@perfectinfo.pl.

1.    DEFINITIONS

1.1. Personal data – information about an identified or identifiable natural person, including: device IP address, location data, internet identifier and information collected through cookies or other similar technology.

1.2. Policy – this Privacy Policy.

1.3 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.4 Website – the website operated at: https://www.igik.edu.pl/.

1.5 User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

2.    DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the services offered, as well as information about the User’s activity on the Website.

3. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE

Each time a web page is accessed, i.e. when you visit our website, the server automatically records only the so-called server logs, such as the name of the requested file, IP address, date and time of access, and the amount of data transferred, and also documents the page access.

The personal data of all persons using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) are processed by the Administrator for the purpose of providing electronic services in the scope of making the content collected on the Website available to Users – in which case the legal basis for processing is its necessity for the performance of the contract (Article 6(1)(b) of the GDPR) and for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing that system – in which case the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

E-MAIL AND CONTACT FORMS

The Controller provides the possibility to contact him by e-mail and contact forms.

The use of the indicated forms of contact requires the provision of personal data necessary to correspond with the User and respond to the inquiry sent. The User may also provide other data to facilitate the handling of the inquiry. Providing data is voluntary, and refusal to provide it will make it impossible to conduct correspondence. Personal data provided in an email/contact form will be processed for the purposes of conducting correspondence, providing information and responding to questions, which constitutes the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

OFFICE SPACE RENTAL

The Administrator provides the possibility of renting vacant office space located at the Institute’s headquarters.

The lease of space requires the conclusion of a contract and the provision of personal data necessary for its implementation. The provision of data is voluntary, and refusal to provide it will prevent you from taking advantage of the lease offer. Personal data will be processed for the purposes of performing the lease agreement and fulfilling the obligations and rights associated with the concluded agreement (Article 6(1)(b) of the GDPR) and the fulfilment of the legal obligations incumbent on the Controller (Article 6(1)(c) of the GDPR), resulting, inter alia, from the Act of 26 April 1964 – Civil Code and the Act of 29 September 1994 on Accounting. Personal data may also be processed for the purposes of maintaining telephone and e-mail contact in matters related to the lease of premises and pursuing or defending against possible claims, which constitutes the legitimate interests of the Controller (Article 6(1)(f) of the GDPR).

TRAINING

The Controller offers a variety of e-learning courses related to geodesy and cartography.

Participation in the training requires completing a registration form and providing the personal data necessary to participate in the event. Providing data is voluntary, and refusal to provide it will prevent participation in the training. Personal data will be processed on the basis of prior consent given for this purpose (Article 6(1)(a) of the GDPR) and for the purposes of performing the contract (Article 6(1)(b) of the GDPR). Personal data may also be processed for the purposes of pursuing or defending against possible claims, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

SCIENTIFIC SEMINARS

The Controller provides the opportunity to take advantage of scientific seminars in the field of geodesy and cartography.

This process requires filling in a registration form for participation in the organised seminar and providing the personal data necessary for registration. Providing the data is voluntary, but refusal to provide it will prevent participation in the seminar. Personal data will be processed as a task carried out in the public interest (Article 6(1)(e) of the GDPR), which is to disseminate and multiply the achievements of the Institute. Personal data will also be processed for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR), which is the efficient organisation of the seminar and the possibility of contacting its participants, as well as promoting the Institute’s activities through the publication of a broadcast of the seminar.

TELEPHONE CONTACT

The Administrator will only request personal data during a telephone conversation if it is necessary to achieve the purpose of the telephone conversation, including to confirm identity.

If the telephone conversation is recorded, you will be informed of this before the conversation with the Administrator’s representative begins. You may refuse to consent to the recording. If you do not consent to the recording, you should end the call. If telephone conversations are recorded, the purpose of the recording is to control the quality of the services provided by the Administrator and to defend against or pursue claims, which constitutes the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

The provision of personal data will, in principle, be voluntary, but may be required by the Administrator depending on the purpose for which it is provided.

SOCIAL MEDIA

The Website contains links to external websites – social media platforms Facebook, YouTube and LinkedIn, where the Administrator maintains its profiles (so-called ‘fan pages’). Personal data processed through these websites is administered by third parties. The processing of your personal data by these entities is governed by the laws to which the administrators of these websites are subject and their internal regulations (e.g. privacy policies). This Privacy Policy does not regulate the processing of personal data by these entities.

However, the controller may also be an independent controller of personal data processed as part of the operation of the fan page of the Institute of Geodesy and Cartography, processing personal data on the following terms. Personal data is processed by the Administrator on fan pages on social media for the following purposes:

  • carrying out marketing activities consisting in providing information about the Institute and its services via fan pages, including by sharing posts, which constitutes a legitimate interest pursued by the Administrator (Article 6(1)(f) of the GDPR);
  • responding to private messages sent using the functionality of social media portals; in this case, the basis for data processing is the legitimate interest of the Administrator, consisting in conducting correspondence (Article 6(1)(f) of the GDPR);
  • conducting discussions within posts placed on fan pages, within social media portals or on websites enabling discussion using accounts created on social media portals, which constitutes a legitimate interest pursued by the Administrator (Article 6(1)(f) of the GDPR);
  • obtaining statistical data – The Controller may obtain statistical data on fan pages from social media operators; these data are created on the basis of monitoring your activity on fan pages by the operators of these social media portals; in such a situation, the legitimate interest pursued by the Controller is the analysis of statistical data on fan pages (Article 6(1)(f) of the GDPR).

Providing personal data is voluntary. In the case of any form of communication with the Administrator via social media, the Administrator will automatically have access to your data specified in your account (first name, surname or nickname, as well as photo and other publicly available information). You may stop following the Administrator’s fan pages and delete your comments at any time.

CAREER

The Administrator conducts recruitment activities based on documents and information provided by the job candidate (in particular, CV and cover letter). Job applicants should provide the Administrator with personal data that does not exceed the scope specified in labour law regulations. If the applicant sends additional data to the Administrator, the legal basis for its processing is the consent of the job applicant (Article 6(1)(a) of the GDPR).

Depending on the content of the recruitment advertisement or the arrangements between the candidate and the Administrator, the candidate may be employed on the basis of an employment contract or a civil law contract. In the case of recruitment for the purpose of concluding an employment contract, the obligation to provide personal data results from legal provisions, including the Labour Code (in particular Article 221 of the Labour Code). Providing information about education, professional qualifications and previous employment history is required only if it is necessary to perform a specific type of work or a specific position. In the case of recruitment for the purpose of concluding a civil law contract, the provision of personal data is voluntary but required by the Controller.

Regardless of the type of contract concluded, refusal to provide the above-mentioned personal data may prevent participation in the recruitment process. Providing other personal data is voluntary, and refusal to provide it does not affect the possibility of participating in the recruitment process.

If you want your data to be processed by the Administrator for future recruitment purposes, you must give your consent in your correspondence with the Administrator or in your application documents. Failure to give such consent will result in the Administrator deleting your personal data after the end of the recruitment process for which you are applying, unless you are hired as a result of the recruitment process or the data is stored for the purpose of defending against claims.

Your personal data will be processed for the following purposes:

  • assessing your qualifications for the position you are applying for;
  • assessing the abilities and skills needed to work in the position you are applying for;
  • selecting the right candidate to work for the Administrator.

Personal data will therefore be processed:

  • in the case of employment under an employment contract – for the purpose of carrying out activities related to the recruitment process by the Controller – which is a legal obligation incumbent on the Controller (Article 6(1)(c) of the GDPR), resulting from Article 221 § 1 of the Labour Code; in the case of data other than first name(s) and surname, date of birth, contact details, education, professional qualifications and employment history, the basis for processing is the consent of the job candidate (Article 6(1)(a) of the GDPR in conjunction with Article 221a § 1 of the Labour Code);
  • in the case of employment under a civil law contract – for the purpose of conducting the recruitment process, which constitutes taking steps prior to entering into a contract at your request as data subjects (Article 6(1)(b) of the GDPR);
  • for the purpose of verifying the qualifications or skills of a job candidate, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR);
  • for the purpose of conducting future recruitment for vacant positions, if you have consented to the processing of your personal data for the purposes of future recruitment. The legal basis for the processing of personal data is then your consent (Article 6(1)(a) of the GDPR);
  • to establish claims or defend against claims, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

PUBLIC PROCUREMENT

Through the Website, the Controller may request offers for the performance of specific services.

Participation in a public procurement procedure requires the submission of relevant documentation, including personal data necessary for the performance of the contract, by e-mail to a designated employee of the Institute. The provision of data is a statutory requirement, and refusal to provide it will prevent participation in the procedure. Personal data will be processed for the purpose of fulfilling the legal obligations incumbent on the Administrator (Article 6(1)(c) of the GDPR), resulting from the Act of 11 September 2019 – Public Procurement Law, i.e. conducting a public procurement procedure and selecting the contractor with whom the contract will be concluded.

4. COOKIES

The Website uses cookies.

Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website, e.g. by remembering the User’s visits to the Website and the actions they perform. The entity placing cookies on the User’s end device and accessing them is the Website Operator.

The Administrator uses necessary cookies to ensure the safe and proper functioning of the website. Without them, the website cannot function.

The Administrator may also use cookies to compile anonymous statistics on how the Website is used and for marketing purposes, i.e. to study the behaviour of visitors to the Website through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, including when they visit other websites.

Restrictions on the use of cookies may affect some of the functionalities available on the Website.

Cookies placed on the Website User’s end device may also be used by entities cooperating with the Website operator, in particular: Google (Google, Inc. based in the USA), Facebook (Meta Platforms, Inc. based in the USA), X (Twitter, Inc. based in the USA).

If you do not want to receive cookies, you can change your web browser settings. Please note that disabling cookies necessary for authentication, security and maintaining your preferences may hinder, and in extreme cases may prevent, the use of the Website.

TECHNOLOGIES USED

Google Analytics

The Website uses Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Administrator carries out activities in this area based on a legitimate interest (Article 6(1)(f) of the GDPR), consisting in the creation of statistics and their analysis for the purpose of optimising websites.

Information about the User’s use of the Website is automatically collected by Google Analytics and stored on a Google server in the United States.

The User’s IP address is shortened before being forwarded. In certain situations, the User’s full IP address is forwarded to Google’s server in the United States and shortened there. The anonymised IP address provided by the User’s browser as part of Google Analytics is not, as a rule, combined with other Google data.

Google LLC, based in the United States, uses technical infrastructure located in the United States to ensure an adequate level of protection for the personal data processed, as accepted by the European Commission.

The User may prevent Google from recording data collected by cookies regarding the User’s use of the Website, as well as from processing this data, by installing a browser plug-in available at the following address: https://tools.google.com/dlpage/gaoptout.

Details regarding data processing within the Google Analytics service are available at: https://support.google.com/analytics/answer/6004245.

Facebook Pixel

The Administrator uses the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This tool allows the Administrator to measure the effectiveness of its advertisements and tailor them to specific Users. Facebook Pixel automatically collects information about the User’s use of the Website and then transfers this data to its servers in the EU or the US, where it is stored. Based on the information collected, the Administrator is unable to identify a specific User of the Website. The collected data only allows the Administrator to determine what actions the User has taken on the websites. Detailed information about how Facebook Pixel works can be found at:

https://www.facebook.com/business/help/742478679120153?helpref=page_content.

You can manage the operation of Facebook Pixel through the ad settings in your Facebook account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. For more detailed information on data processing by Meta Platforms Ireland Limited, please refer to the Privacy Policy available at: https://www.facebook.com/privacy/explanation. Meta Platforms Ireland Limited ensures an adequate level of protection of personal data processed, as accepted by the European Commission.

Other

The Operator uses remarketing techniques to tailor advertising messages to the User’s behaviour on the Website, which may give the impression that the User’s personal data is being used to track them, but in practice no personal data is transferred from the Operator to advertising operators. The technological prerequisite for such activities is the enabling of cookies.

The Operator uses a solution that analyses user behaviour by creating heat maps and recording behaviour on the Website. This information is anonymised before it is sent to the service operator, so that the operator does not know which individual it relates to. In particular, passwords and other personal data are not recorded.

The Operator uses a solution that automates the operation of the Website in relation to Users, e.g. one that can send an email to the User after visiting a specific subpage, provided that the User has consented to receiving commercial correspondence from the Operator.

5. PERIOD OF PERSONAL DATA PROCESSING

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or contract, or until an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator. The period of data processing may be extended if processing is necessary to establish and pursue possible claims or defend against them, and after that time only if and to the extent required by law. After the processing period has expired, the data is irrevocably deleted or anonymised.

Personal data processed on the basis of the User’s consent will be stored until the consent is withdrawn.

6. USER RIGHTS

Within the limits and under the rules set out in the GDPR, Website Users have the right to:

• access their personal data, including obtaining copies thereof,

• request the rectification of personal data,

• request the erasure of personal data,

• request the restriction of data processing,

• transfer their data,

• object to the processing of their personal data if the data is processed on the basis of the legitimate interest of the Controller

7.    RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

If you believe that your rights have been violated by our actions related to the processing of personal data, you may lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.

8.    DATA RECIPIENTS

For the purposes set out in this Policy, the Controller may transfer Personal Data to the following categories of third parties:

  • partners providing IT tools for internal management and data sharing, to whom the Controller entrusts processing on the basis of data processing agreements. The recipients of personal data may include, in particular, internet service providers, including platforms enabling enrolment in classes and electronic mail,
  • entities providing payment services,
  • entities and authorities authorised to receive Personal Data from the Controller or authorised to request access to Personal Data on the basis of generally applicable laws.

9.    TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

As a rule, your personal data will not be transferred to countries outside the European Economic Area, with the exception of personal data posted on the Institute’s fan pages on the social networking sites Facebook, Instagram, YouTube and LinkedIn. Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland), Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and LinkedIn Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland) ensure an adequate level of protection of the personal data processed, as accepted by the European Commission.

The controller always informs you of its intention to transfer personal data outside the EEA at the stage of collection.

If, as part of the processing, your personal data will be transferred to recipients in third countries (outside the EEA), such transfer may take place on the basis of:

  • a decision confirming an adequate level of protection (Article 45 of the GDPR), e.g. the United Kingdom;
  • appropriate safeguards, including standard data protection clauses, an approved code of conduct, an approved certification mechanism (Article 46 of the GDPR);
  • in accordance with binding corporate rules (Article 47 of the GDPR);
  • taking into account exceptions in specific situations (Article 49 of the GDPR).

10.    DATA PROVISION REQUIREMENT

The provision of personal data to the Controller is voluntary, but necessary to achieve the purposes indicated in point 3.

11.    PERSONAL DATA SECURITY

The Controller conducts ongoing risk analysis to ensure that personal data is processed by it in a secure manner – ensuring, above all, that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations on Personal Data are recorded and performed only by authorised employees and associates. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process Personal Data on its behalf.

The places where personal data is entered are protected on the Website at the transmission layer (SSL certificate). Thanks to this, personal data entered on the Website is encrypted on the User’s computer and can only be read on the target server.

In order to protect personal data, the Operator periodically changes its administrative passwords and regularly makes backup copies. An important element of data protection is also the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of programming components.

The website is hosted (technically maintained) on the Operator’s servers.

12.    CHANGES TO THE PRIVACY POLICY

This Policy is reviewed on an ongoing basis and updated as necessary.

Facebook-f Linkedin-in Youtube
Institute of Geodesy and Cartography

ul. Zygmunta Modzelewskiego 27
02-679 Warszawa

Powered by ESITIO - Your Digital Space