INFORMATION NOTICE – PROCESSING OF PERSONAL DATA

This Notice on the Processing of Personal Data is provided for informational purposes only and is disclosed to fulfill the information obligations under the GDPR by PW SOLUTIONS Sp. z o. o., with its registered office in Lublin.

PERSONAL DATA ADMINISTRATOR

  1. WSEI University, 4 Projektowa St., 20-209 Lublin, entered in the Register of Non-Public Higher Education Institutions maintained by the Ministry of Education and Science under number 196, Tax ID No. 712-26-52-693, REGON: 432260703, is the administrator of personal data (hereinafter: Administrator) of its customers, business partners, and individuals who have provided their data via forms available on the website or via email, as well as other entities that have consented to the processing of their personal data.
  2. The Administrator hereby declares that it processes personal data in accordance with European Parliament and Council Ordinance (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR).

PRELIMINARY PROVISIONS

  1. The information regarding the Administrator’s processing of data applies to data received, in particular:
  • via online forms;
  • collected by the Administrator’s representatives in connection with business operations or marketing activities.
  1. This notice does not apply to the processing of personal data of employees or job applicants, or to data entrusted for processing under a data processing agreement.
  2. The data is processed for the purpose of performing contracts, as well as when necessary to pursue the Administrator’s legitimate interests, in particular to send electronic notifications about promotions for its own services or for other purposes to which the data subject consents, if such consent is required under applicable law.

SOURCES OF DATA AND CATEGORIES OF DATA PROVIDED BY OTHER ENTITIES

  1. The administrator may collect personal data directly from the data subject (e.g., through online forms or email) or through third parties (e.g., from an employer, another employee, or another entity with which the data subject regularly collaborates).
  2. In the case of direct contact, the data subject has full control over the scope of data provided to the Administrator.
  3. If personal data is provided by a third party, the Administrator generally collects only basic contact information related to the individual’s professional activities, including: first name, last name, email address, phone number, job title or position, company name, and, where applicable, other information specified in the agreement under which the personal data of the designated contact person is provided.
  4. Personal data entrusted to other administrators for processing is processed to the extent specified in the data processing agreement, for the purposes and in the manner specified by the administrator of the personal data being transferred.

LEGAL BASIS, PURPOSES, AND DURATION OF PERSONAL DATA PROCESSING

  1. The administrator processes personal data only if at least one of the following conditions is met:
  2. the data subject has consented to the processing of their personal data (Article 6(1)(a) of the GDPR),
  3. the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps prior to entering into a contract (Article 6(1)(b) of the GDPR),
  4. The processing is necessary for compliance with a legal obligation to which the Administrator is subject (Article 6(1)(c) of the GDPR);
  5. the processing is necessary to protect the vital interests of the data subject or of another natural person (Article 6(1)(d) of the GDPR);
  6. the processing is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) of the GDPR);
  7. the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party (Article 6(1)(f) of the GDPR).
  8. Personal data is processed by the Administrator solely for the purposes specified below:
  9. Implementation of the agreement – the legal basis for the processing is Article 6(1)(b) of the GDPR.
  • If an agreement is signed, personal data will be processed for the purpose of performing the agreement and settling the financial aspects thereof.
  • If personal data is collected through online forms used to schedule a meeting, the information provided will be processed for the purpose of organizing such a meeting and for related communications, as well as for any necessary financial settlements.
  • In pursuit of this objective, personal data will be processed for the duration of the performance of obligations and for the period during which claims are time-barred under general legal provisions.
  1. Business contacts – The legal basis for the processing is Article 6(1)(f) of the GDPR.
  • Achieving this objective involves ongoing communication, particularly regarding business meetings or correspondence, ongoing negotiations, fulfilling agreements, submitting offers, marketing activities, and other actions undertaken in connection with our professional activities.
  • To achieve this purpose, the data subject may occasionally receive information about the Administrator’s services and other information related to its activities.
  • If the data subject is a representative of the Administrator’s supplier or service provider, the Administrator’s representatives may also contact that person to obtain a quote, information, or documents.
  • In such cases, the processing of personal data will be carried out for the purpose of pursuing the Administrator’s legitimate interest, which is marketing and selling services, as well as building and strengthening business relationships.
  • The data subject has the right to object to such processing of personal data.
  • The Administrator may process contact information provided through electronic forms, as well as information provided under the applicable agreement.
  • In pursuit of this objective, personal data will be processed until the objection is filed under Article 21 of the GDPR.
  1. Response to the inquirythe legal basis for the processing is Article 6(1)(a) of the GDPR.
  • By filling out the contact form or submitting an inquiry in another form (e.g., via email, phone, or social media), the individual consents to being contacted regarding the processing of their request or inquiry.
  • Such consent may be withdrawn at any time; however, its withdrawal does not affect the lawfulness of processing that took place prior to the withdrawal. Furthermore, withdrawal of consent results in no response.
  • Data collected on the basis of consent is processed until the consent is withdrawn or until the purpose for which the consent was given has been fulfilled.
  1. Execution of the agreement concluded between the Administrator and another entity – the legal basis for the processing is Article 6(1)(f) of the GDPR.
  • If the data subject is designated as a contact person by an employer or another entity, that person’s data may be processed for the purpose of performing and settling the agreement concluded between the Administrator and that person’s employer or another entity in order to pursue the Administrator’s legitimate interest, which is the protection of its rights, the performance of concluded agreements, and the receipt of the remuneration due in this respect.
  • In such cases, the processing of data will include ongoing communications related to the performance of such an agreement, the preparation and archiving of documentation regarding its performance, and the pursuit of claims or defense against claims by the other party.
  • In such cases, the data subject has the right to object to such processing.
  • In pursuit of this purpose, personal data will be processed for the duration of the performance of obligations and for the limitation period for claims as provided by law, or until an objection filed under Article 21 of the GDPR is upheld.
  1. Media relations and media promotion of the Administrator’s activities and services – the legal basis for the processing is Article 6(1)(a) of the GDPR.
  • In the case of journalists, editors, reporters, and other individuals engaged in journalistic activities, personal data will be processed for the purpose of maintaining the Administrator’s contacts with the media and promoting its activities, services, and products in the media. Such activities may include, in particular, providing information about important events, activities, products, services, and achievements of the Administrator.
  • Contacting the Administrator’s representative will be considered consent to such contact.
  • If consent is given, such consent is considered voluntary and may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal of consent.
  • In pursuit of this objective, personal data will be processed until you withdraw your consent (revoke your consent).
  1. Compliance with the legal obligation to prepare and retain documentation – the legal basis for the processing is Article 6(1)(c) of the GDPR.
  • In the event of the execution of the agreement or other service provided to the data subject, the Administrator will also process personal data contained in invoices, accounting records, or other documentation confirming the conclusion and performance of the agreement, prepared and stored in accordance with applicable law. This applies both when the data subject is a party to the agreement and when the party to the agreement is the data subject’s employer or an entity with which the data subject cooperates.
  • The retention periods for invoices, accounting records, and documents confirming the conclusion and performance of agreements are set forth in the law.
  1. Confirmation of the fulfillment of obligations and the pursuit of claims or defense against claims – the legal basis for the processing is Article 6(1)(f) of the GDPR.
  • Data provided via an electronic form, made available under an agreement or otherwise provided to the Administrator may be processed for the purpose of archiving information or documents confirming the Administrator’s fulfillment of its obligations, as well as for the purpose of pursuing potential claims or defending against claims brought against the Administrator.
  • This applies to situations where the data subject is a party to an agreement, as well as situations where the data subject’s employer or an entity with which the data subject cooperates is a party to the agreement, and also to situations where, on any basis, the Administrator was obligated to provide a service to the data subject or to fulfill the data subject’s rights.
  • In such cases, data processing will be carried out to pursue the administrator’s legitimate interest in protecting its rights, confirming the fulfillment of its obligations, and receiving the remuneration due in this regard.
  • The data subject has the right to object to such processing of personal data.
  • In pursuit of this objective, personal data will be processed for the duration of the performance of obligations and for the period during which claims are time-barred under general legal provisions.
  1. The verification of the vendor – legal basis for processing:
  1. the contractor’s data based on Article 6(1)(b) of the GDPR,
  2. of data of persons designated by the contractor for contact purposes is Article 6(1)(f) of the GDPR:
  • Prior to the conclusion of an agreement and during its performance, the data of subcontractors, suppliers, service providers, or partners with whom the Administrator enters into a business relationship, as well as the data of persons designated by these entities for contact purposes, will be processed for the purpose of contractor verification, which may be carried out by sending a questionnaire regarding the contractor to be completed, or by verifying the contractor’s data and financial situation in publicly available registers, or by entities specializing in contractor verification.
  • In such cases, the processing of personal data provided by the contractor for contact purposes will be carried out to pursue the Administrator’s legitimate interest, which is the performance of the agreement and the protection of its rights.
  • After the purpose of this processing has been fulfilled, the data will continue to be processed:
  1. in order to comply with the legal obligation to prepare and retain documentation, and
  2. to verify the fulfillment of obligations and to pursue or defend against claims.
  • In pursuit of this objective, personal data will be processed for the duration of the contractor’s verification.

OBLIGATION TO PROVIDE DATA AND CONSEQUENCES OF FAILURE TO PROVIDE DATA

  1. For electronic forms, providing your information is voluntary; however, failure to provide the information marked as mandatory (required) will prevent you from submitting the form and, as a result—depending on the type of form—you will not receive a response to your inquiry.
  2. In the case of data collected by the Administrator’s representatives in connection with its business operations, the provision of such data is entirely voluntary, and failure to provide it may result in the inability to contact the individual in the future.
  3. For individuals who are parties to an agreement concluded with the Administrator, providing the data necessary for the performance of the agreement and the fulfillment of legal obligations is a prerequisite for the conclusion and performance of the agreement. If you refuse to provide the data, it will not be possible to fulfill the purpose of the agreement.
  4. Providing your data for informational and marketing purposes is voluntary. If you refuse to consent to the processing of your data for these purposes, the Administrator will be unable to perform certain actions, including, but not limited to, informing you about current packages, promotions, new services, etc.
  5. Consent to the processing of personal data for marketing or informational purposes is voluntary, and consent may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
  6. Providing your email address and other information in electronic correspondence is voluntary. Withdrawing your consent to the processing of your data will make it impossible to continue electronic correspondence.

RIGHTS OF DATA SUBJECTS

  1. In accordance with Articles 15–22 of the GDPR, the data subject has the following rights:
  1. right to information regarding the processing of personal data – upon request, the Administrator shall provide the requester with information regarding the processing of personal data, the purposes and legal grounds for such processing, the scope of the data held, the entities to whom the personal data is disclosed, and the planned date of its deletion;
  2. right to obtain a copy of the data – the Administrator shall provide a copy of the data being processed that pertains to the person making the request;
  3. right to rectification – upon request by the data subject, the Administrator shall correct any inaccuracies or errors in the personal data being processed, and shall complete or update such data if it is incomplete or has changed;
  4. right to erasure – the data subject may request the erasure of data whose processing is no longer necessary for any of the purposes for which it was collected. The right to erasure applies only in the cases specified in the GDPR. The Administrator may refuse to erase the subject’s data, despite such a request, if one of the exceptions listed in the GDPR applies, e.g., when the processing of data is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims;
  5. the right to restrict processing – on this basis, the Administrator ceases to process personal data, with the exception of operations to which the data subject has consented and the storage of such data in accordance with established retention policies, or until the grounds for restricting data processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further data processing). The right to request restriction of processing applies only in the cases specified in the provisions of the GDPR;
  6. right to data portability – on this basis, to the extent that data is processed in connection with a contract or consent, the Administrator shall provide the data subject with the data they have provided. The right to data portability applies only where the legal basis for processing is consent or the performance of a contract;
  7. right to object to the processing of data for marketing purposes – the data subject may object at any time to the processing of personal data for marketing purposes, without having to provide a reason for such objection;
  8. right to object to other purposes of data processing – the data subject may object to the processing of personal data at any time. Such an objection must be supported by a statement of reasons and is subject to the Administrator’s assessment. In certain cases, the Administrator may refuse to accommodate an objection to data processing based on the Administrator’s legitimate interest when there are compelling legitimate grounds for processing the data that override the interests, rights, and freedoms of the data subjects, or when there are grounds to establish, pursue, or defend claims—the Administrator does not have this right when data is processed for direct marketing purposes (e.g., commercial contacts);
  9. the right to withdraw consent – if data is processed on the basis of consent, the data subject has the right to withdraw that consent at any time; however, this does not affect the lawfulness of the processing carried out prior to the withdrawal of consent;
  10. right to file a complaint – if the data subject believes that the processing of personal data violates the provisions of the GDPR or other data protection laws, they may file a complaint with a supervisory authority.
  1. Requests regarding the execution of data subjects’ rights may be submitted via email to the following address:
  2. A response to the request will be provided within one month of receipt. If it is necessary to extend this deadline, the Administrator will inform the applicant of the reasons for such an extension.
  3. The response will be sent to the email address from which the request was sent; for requests submitted by mail, it will be sent by registered mail to the address provided by the applicant, unless the letter indicates a preference for receiving a response via email (in which case, please provide an email address).

DATA RECIPIENTS, TRANSFER TO THIRD COUNTRIES

  1. As a general rule, the Administrator does not transfer data to countries outside the EU. In the event of a data transfer to a third country for which the European Commission has not issued a decision confirming an adequate level of protection, the Administrator applies appropriate safeguards through standard data protection clauses adopted by the European Commission or a supervisory authority (in accordance with Article 46(2)(c) and (d) of the GDPR).
  2. Data may be shared with suppliers, service providers, and partners with whom the Administrator collaborates to the extent necessary to provide services to customers, maintain business contacts, conduct marketing activities, and operate the business.
  3. A third party with access to personal data processes such data solely on the basis of a data processing agreement and exclusively at the Administrator’s instruction.
  4. Please direct any inquiries regarding data processing and how to obtain a copy of the standard data protection clauses in accordance with the information provided in point 2 of the section titled “RIGHTS OF DATA SUBJECTS”.

INFORMATION ON AUTOMATED DECISION-MAKING

  1. The Administrator may automatically tailor certain content to the needs of customers and individuals who have consented to the processing of their personal data, i.e., engage in profiling using the personal data they have provided. This profiling primarily involves an automated assessment of which products the data subject may be interested in, in order to tailor the marketing content, offers, or information sent by the Administrator to the interests and business or professional activities of the data subject.
  2. The profiling carried out by the Administrator does not result in decisions that produce legal effects on the data subjects or otherwise significantly affect them.
Skip to content