INTRODUCTION

This Privacy Policy explains how personal data is processed and protected on the Website located at www.e-podyplomowe.wsei.eu.

The Administrator of personal data is WSEI University, 4 Projektowa Street, 20-209 Lublin, entered in the Register of Non-Public Higher Education Institutions maintained by the Ministry of Education and Science under number 196, Tax ID (NIP) 712-26-52-693, REGON: 432260703 (hereinafter: Administrator).

Users may direct any questions or concerns, particularly regarding the processing of personal data, to:

by post – to the address of the Administrator’s registered office;

by email to: iod@wsei.lublin.pl

via the website www.e-podyplomowe.wsei.eu/kontakt/

The Administrator ensures that the personal data entrusted to it is processed in compliance with the requirements of generally applicable law, in particular Ordinance by the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 2016.119.1) – hereinafter referred to as the GDPR.

The Administrator’s primary objective is to ensure that Users of the Website enjoy a level of privacy protection that meets, at a minimum, the requirements set forth in applicable laws, and in particular the provisions of the GDPR.

Any person who uses the Website in any way agrees to all the terms set forth in this Privacy Policy.

The Administrator reserves the right to make changes to the Privacy Policy if required by law or due to changes in the Website’s functionality.

The Administrator will notify all Users of any relevant changes and their effective date, in particular by posting a notice on the Website.

BASIC CONCEPTS

User – any person whose personal data is processed by the Administrator,

Personal data – any information about an identified or identifiable individual based on one or more specific factors that define their physical, physiological, genetic, mental, economic, cultural, or social identity, as well as the device’s IP address, location data, online identifiers, and information collected through cookies and other similar technologies.

GDPR – European Parliament and Council Ordinance (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on the repeal of Directive 95/46/EC.

Website – a customized IT solution available at the following web address www.e-podyplomowe.wsei.eu and, where applicable, other websites, as well as in applications and other IT tools, comprising a set of interconnected computer programs, databases, and associated components (e.g., graphical elements), integrated into a single ICT system;

Processing of Personal Data – any operations performed on personal data, such as collection, recording, storage, processing, modification, disclosure, and deletion, particularly those carried out in information systems;

Data Breach – a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data transmitted, stored, or otherwise processed;

PURPOSES, LEGAL BASIS, SCOPE OF DATA PROCESSING, AND INFORMATION ON APPLICATION FORMS

The Administrator processes personal data only if at least one of the following conditions is met:

when the Website User consents to this in the forms posted on the Website, for the purpose of taking the actions to which those forms relate (Article 6(1)(a) of the GDPR);

when processing is necessary for the performance of a contract to which the Website User is a party (Article 6(1)(b) of the GDPR);

to handle complaints – the legal basis for processing is that processing is necessary for the performance of a contract (Article 6(1)(b) of the GDPR);

to comply with a legal obligation to which the Administrator is subject (Article 6(1)(c),

to potentially establish and pursue claims or defend against them – the legal basis for processing is the Administrator’s legitimate interest in protecting its rights (Article 6(1)(f) of the GDPR);

for the Controller’s marketing purposes, consisting of informing the User about the current offer and new features of the Website—the legal basis for processing is consent (Article 6(1)(a) of the GDPR),

The Administrator processes the personal data of Website Users to the extent necessary for the purposes specified in section 1 above, for the period necessary to achieve those objectives or until the Website User withdraws their consent. Failure by the Website User to provide such data may, in certain situations, result in the inability to achieve the objectives for which the provision of such data is necessary.

The data provided in the forms available on the Website is processed for purposes related to the function of the specific form; furthermore, it may also be used by the Administrator for archival and statistical purposes. The data subject’s consent is given by ticking the appropriate box on the form.

DATA SECURITY

The Administrator conducts ongoing risk assessments to identify threats to the secure processing of data and implements appropriate technical and organizational measures to ensure the protection of the personal data being processed.

The Administrator ensures that access to personal data is restricted to authorized persons and is limited to the extent necessary for the performance of their duties.

The Administrator keeps a record of persons authorized to process personal data. These persons are required to keep personal data and the methods used to secure it strictly confidential.

DATA RECIPIENTS

The recipients of Users’ personal data may include entities to which the Administrator outsources tasks related to the processing of such data, in particular with regard to email management, telecommunications and IT services, hosting, IT services, administrative support, legal services, or consulting services.

A third party with access to personal data processes such data solely on the basis of a data processing agreement and exclusively at the Administrator’s instruction.

The recipients of Users’ personal data may also include entities and authorities authorized to receive such data—only in justified cases and in accordance with generally applicable laws.

RECEIVING COMMERCIAL INFORMATION

A Website User may, where the Website provides for such an option, consent to receiving commercial communications via electronic means.

If a Website User has consented to receiving commercial communications via electronic means, they have the right to withdraw that consent at any time.

To exercise the right to revoke consent to receive commercial communications, please send a request to the Administrator’s email address, including the full name of the Website User.

USER RIGHTS

Every individual whose data is processed has the following rights:

the right of access to data and to information regarding the processing of personal data (Article 15 of the GDPR) – the Administrator shall provide the person making such a request with access to their data, as well as information regarding the processing of personal data, the purposes and legal grounds for processing, the scope of the data held, the entities to which the personal data is disclosed, and the planned date of its deletion;

the right to obtain a copy of your data (Article 15(3) of the GDPR) – the Administrator shall provide a copy of the data being processed concerning the person making the request, provided that this is possible and does not infringe on the rights of third parties;

the right to rectification (Article 16 of the GDPR) – the User has the right to request the correction of inaccuracies or errors in the personal data being processed, as well as to have such data supplemented or updated if it is incomplete or has changed;

the right to erasure (Article 17 of the GDPR) – a User may request the deletion of data whose processing is no longer necessary for any of the purposes for which it was collected;

the right to restrict processing (Article 18 of the GDPR) – on this basis, the Administrator may cease processing personal data, with the exception of processing operations to which the data subject has consented and the storage of such data in accordance with established retention policies, or until the grounds for restricting data processing cease to exist (e.g., a decision is issued by the supervisory authority authorizing further processing of the data);

the right to data portability (Article 20 of the GDPR) – on this basis, to the extent that the data is processed in connection with a contract or consent, the Administrator may disclose the data provided by the data subject;

the right to object to other purposes of data processing (Article 21 of the GDPR) – the data subject may object to the processing of their personal data at any time. Such an objection must be supported by a statement of reasons and is subject to the assessment by the Administrator;

the right to object to the processing of data for marketing purposes (Article 21 of the GDPR) – the data subject may object at any time to the processing of personal data for marketing purposes, without having to provide a reason for such objection;

the right to withdraw consent (Article 7(3) of the GDPR) – If data is processed on the basis of consent, the data subject has the right to withdraw that consent at any time; however, this does not affect the lawfulness of the processing carried out prior to the withdrawal of consent;

the right to file a complaint (Article 77 of the GDPR) – If it is determined that the processing of personal data violates the provisions of the GDPR or other data protection laws, the data subject may file a complaint with the supervisory authority—the President of the Personal Data Protection Office https://uodo.gov.pl/pl/p/kontakt

A request to exercise the rights of data subjects may be submitted:

in writing to the Administrator’s registered office;

to the email address: iod@wsei.lublin.pl

A response to the request will be provided within one month of receipt. If it is necessary to extend this deadline, the Administrator will inform the applicant of the reasons for the extension.

The response will be sent to the email address from which the request was sent; for requests submitted by mail, it will be sent by certified mail to the address provided by the applicant, unless the letter indicates a preference for receiving a response via email (in which case, please provide an email address).

COOKIES AND SIMILAR TECHNOLOGY

The website uses cookies.

Cookies are pieces of data, specifically text files, that are stored on a Website User’s device and are intended for use on the Website’s pages. Cookies typically contain the name of the website they come from, their storage duration on the device, and a unique number.

The entity that places cookies on the Website User’s device and accesses them is the Administrator.

Cookies are used, among other things, for the following purposes:

compiling statistics that help us understand how Website Users interact with the website;

maintaining the website user’s session (after logging in), so that the User does not have to re-enter their username and password on every subpage of the website;

determining the user’s profile in order to display tailored content to them on advertising networks, in particular the Google network.

The Website uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files that are stored on the User’s device until the User logs out, leaves the website, or closes the web browser. “Persistent” cookies are stored on the User’s device for the duration specified in the cookie settings or until the User deletes them.

Web browsing software (web browser) typically allows cookies to be stored on the User’s device by default. Website users can change these settings. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this topic can be found in the web browser’s help or documentation.

The Administrator uses the services of third parties, the list of which is constantly changing, and who may use cookies for the following purposes, among others:

monitoring traffic on the Administrator’s websites;

collecting anonymous, aggregated statistics that help us understand how Users interact with the Administrator’s website;

tracking how often specific content is displayed to Users;

controlling how often users select a given service;

analyzing newsletter subscriptions;

using communication tools;

integration with social media platforms;

You can perform the management of the cookies used by the Administrator or by any other third-party providers by changing your web browser settings. For more information on this topic, please refer to the COOKIE POLICY document available on the Website.

Restricting the use of cookies may affect certain features available on the Website.

The Administrator may use Google Analytics to collect statistics. In this case, the data of Users visiting the Website will be provided to Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Users may block Google Analytics from accessing their data by installing the plugin available at the following web address: https://tools.google.com/dlpage/gaoptout/

The Administrator encourages you to review the detailed explanations regarding data processing within Google Analytics, prepared by Google and available at the following web address: https://policies.google.com/privacy?hl=pl.

The Administrator may also use marketing tools available on the Facebook social media platform, which is owned by Meta Platforms. These tools may be used to target advertisements on the Facebook social media platform. Such activities are carried out based on the Administrator’s legitimate interest in marketing its own products or services (Article 6(1)(a) of the GDPR).

In order to target advertisements tailored to the behavior of Users visiting the Website, a Meta Pixel may be implemented on the Website, which automatically collects information about the use of the Website. The information collected in this manner may be transmitted to Facebook’s servers in the United States and stored there.

The information collected via the Meta Pixel is anonymous, meaning it does not allow for the identification of the User. The Administrator is only informed of the actions the User has taken on their website. However, Meta Platform may combine this information with other information about the User collected through their use of the Facebook social media platform and use it for its own purposes, including marketing. Such actions by Facebook are no longer within the Administrator’s control, and information about them is described in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. Users can also manage their privacy settings directly from their Facebook account. Meta Platforms is headquartered in the U.S. and uses technical infrastructure located in the U.S. and other countries.

SOCIAL MEDIA

The Administrator processes the personal data of Users who visit the Administrator’s social media profiles (e.g., Facebook, Instagram, YouTube).

This data is processed to inform Users about the Administrator’s activities, to offer services, and to communicate with Users via social media tools. The legal basis for processing personal data for this purpose is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR), which consists of promoting its own brand and the services it offers, as well as building and maintaining a community associated with the brand. Further information on this subject can be found in the FACEBOOK FAN PAGE INFORMATION CLAUSE and the YOUTUBE INFORMATION CLAUSE.

The website contains links to the Administrator’s social media profiles, which have separate privacy policies; you can review these policies by visiting the respective page via the link marked with the corresponding icon.

With regard to any websites linked to on the Website that are not owned by the Administrator or under its control, the Administrator assumes no responsibility for their content or for the privacy policies applicable to Users. When displaying a webpage containing such a link, the User’s browser establishes a direct connection with the servers of social media administrators (service providers). The content of the plugin is transmitted by the respective service provider directly to the User’s browser and integrated into the webpage. Through this integration, service providers are notified that the User’s browser has displayed the Administrator’s website, even if the User does not have a profile with that service provider or is not logged in. This information (along with the IP address) is sent directly by the User’s browser to the service provider’s server (some servers are located in the U.S.) and stored there. If the User is logged in to one of the social media platforms, that service provider will be able to directly associate the visit to the Administrator’s website with the User’s profile on that social media platform. If you use a particular plugin—for example, by clicking the “Like” or “Share” button—the relevant information will also be sent directly to the service provider’s server and stored there. In addition, this information will be published on the social media platform and will be visible to your contacts.

The purpose and scope of data collection, as well as the subsequent processing and use of such data by service providers, along with contact information, the User’s rights in this regard, and the ability to configure privacy settings, are described in the privacy policies of the respective service providers. The Administrator encourages you to review these policies.

If you do not want social media platforms to link the data collected during your visit to the Administrator’s website directly to your profile on that platform, you should log out of that platform before visiting the website.

Users can also completely prevent plugins from loading on the page by using appropriate browser extensions, such as script blockers.

SERVER LOGS

Using the Website involves sending requests to the server where it is hosted. Every request sent to the server is recorded in the server logs.

The logs include, among other things, the User’s IP address, the server date and time, and information about the web browser and operating system the User is using. The logs are recorded and stored on the server.

The data stored in the server logs is not linked to specific individuals using the website and is not used by the Administrator to identify the User.

Server logs are used solely as supporting material for Website Management, and their contents are not disclosed to anyone other than those authorized to administer the server.

TRANSFER OF DATA OUTSIDE THE EEA

The Administrator may transfer Users’ personal data to third countries, i.e., countries outside the European Economic Area. Your data may only be transferred to third countries or entities for which the European Commission has determined that an adequate level of data protection exists.

The list of countries for which the European Commission has issued a decision confirming that the third country provides an adequate level of protection is available at the following web address https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#relatedlinks.

In the absence of a decision by the European Commission confirming an adequate level of protection as referred to in Article 45(3) of the GDPR, Users’ personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct, or an approved certification mechanism (Article 46 of the GDPR).

In the absence of a decision by the European Commission establishing an adequate level of protection as referred to in Article 45(3) of the GDPR, or in the absence of appropriate safeguards as referred to in Article 46 of the GDPR, including binding corporate rules, the Administrator shall request the User’s explicit consent to such a transfer to a third country or an international organization, having previously informed the User of the risks associated with such a transfer pursuant to Article 49(1)(a) of the GDPR.

In connection with the transfer of data outside the EEA, Users may request information from the Administrator regarding the relevant safeguards in this regard, obtain a copy of such safeguards, or be informed of where they are made available.

INFORMATION ON AUTOMATED DECISION-MAKING

As part of the Website, the Administrator may automatically tailor certain content to the User’s needs, i.e., engage in profiling, using the personal data provided by the User. This profiling primarily involves automatically conducting the assessment of which products the User may be interested in, based on their previous online activities, including on the Administrator’s websites, and displaying product advertisements tailored in this way.

The profiling carried out by the Administrator does not result in decisions that have adverse legal effects on the User or otherwise significantly affect the User.

The current version of the Privacy Policy is effective as of October 1, 2023.

Skip to content