The Institute De Republica respects the privacy of the Users of the websites it operates, including, among others:
- The Institute De Republica,
- The Institute De Republica Public Information Bulletin,
- The Institute De Republica Newsletter.
The Institute De Republica endeavours to protect its websites from unauthorised access by third parties and it controls the methods of collecting, storing and processing data.
Therefore, the Institute De Republica applies security measures: the website has an SSL certificate, Firewall and Sitelock in order to protect against attacks.
The Institute De Republica shall only provide access to data to authorised employees and entities entrusted with the processing of personal data on behalf of the Institute De Republica, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, as amended), hereinafter referred to as “RODO”.
All data collected by the Institute De Republica, which may include personal data, falls within two categories distinguished by the manner in which the data is obtained, i.e.:
- data provided voluntarily by the user to the extent required during registration – name, surname, email address.
- data obtained while using the service, including information in the server log – the server automatically records data such as IP address.
The processing of personal data of users of websites operated by the Institute De Republica is performed on the basis of the applicable legislation, in particular the RODO and the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781).
WHO PROCESSES YOUR PERSONAL DATA:
Your personal data is processed by the Institute De Republica, with its seat in Warsaw (00-761), at 23/1 Belwederska Street, which is the Administrator of such data within the meaning of the RODO.
For any enquiry regarding the processing of personal data, please contact the Inspector of Data Protection at: ul. Belwederska 23/1, 00-761 Warsaw, e-mail address: firstname.lastname@example.org.
PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA:
Personal data shall be processed for one or more of the purposes indicated below, depending on the use of the Institute De Republica websites:
- in connection with browsing the websites’ content:
we process personal data in order to provide the content posted therein that corresponds to the subject matter of the respective website, including information about the Institute De Republica.
– pursuant to Article 6(1)(c) or (e) of the RODO, as the processing is necessary for compliance with a legal obligation vested in the Administrator or for the performance of a task in the public interest, which consists, inter alia, of ensuring access to public information, including the status and functions of the Institute De Republica and the Institute’s activities.
- in connection with registration on those of our websites where this option is provided (registration form):
– in order to provide functionality related to registration on our websites, including newsletter distribution – under Article 6(1)(a) of the RODO, as data processing in that case is based on the User’s voluntary consent.
WHO WE PROVIDE PERSONAL DATA TO:
Personal data may be disclosed to persons authorised by the Administrator to process data on the Administrator’s behalf and for the Administrator’s benefit (e.g., employees), to entities to whom data has been provided for processing on behalf of the Administrator pursuant to an entrustment agreement, as well as to entities authorised to obtain data under law.
STORAGE DURATION OF PERSONAL DATA:
In accordance with the applicable legal provisions, we process, and thus also store, personal data for the period that is necessary to accomplish the purpose of the processing.
When the provisions of the RODO provide the data subject with the option to exercise his/her rights entailing the termination or limitation of the processing of personal data, the processing of particular personal data may be terminated pursuant to the exercise of those rights, and hence earlier than that resulting from the rule outlined above.
The storage period of personal data may be extended each time for the time necessary for the Institute De Republica to pursue its claims or to protect itself against claims raised in connection with the use of the websites and services operated by the Institute De Republica and the processing of personal data by the Institute De Republica. The personal data will be irreversibly deleted or destroyed after the processing period has concluded.
THE RIGHTS APPLICABLE TO THE PROCESSING OF PERSONAL DATA:
To the extent and pursuant to legal provisions, including in particular the RODO, the following rights shall be applicable in relation to the processing of personal data on the websites operated by the Institute De Republica:
- the right to request information on the processing of personal data. When exercising the right, upon the user’s request the Administrator shall provide information as to whether or not it is processing personal data and shall indicate which data is being processed, additionally informing about, among others, the purposes and legal grounds for the processing, the entities to which the personal data is disclosed and the expected period of storing the data; in exercising the right the user may also request the Administrator to provide a copy of his/her personal data,
- the right to request rectification or supplementation of personal data. When exercising this right, at the request of the user, the Administrator shall rectify any discrepancies or errors concerning the personal data processed, and shall complete or update it if it is incomplete or has changed,
- the right to request erasure of personal data (“the right to be forgotten”). Pursuant to this right, you can request – in the cases specified in Article 17 of the RODO – the immediate erasure of your personal data,
- the right to request the limitation of the processing of your personal data. The exercise of the right is applicable in the cases provided for in Article 18(1) of the RODO. Pursuant to the limitation of processing, the Administrator may only store personal data and process it in order to determine, pursue or defend claims, in order to protect the rights of another natural or legal person, or due to important public interest reasons of the European Union or its Member State, as well as process it in a different manner and for other purpose, albeit only with the consent of the data subject,
- the right to transfer of personal data. The right shall be granted if the personal data is processed in an automated manner in connection with the concluded contract or on the basis of the provided consent. The exercise of that right implies that the Administrator shall transfer the personal data provided in a machine-readable and commonly used structured format. The data may also be, at the request of the data subject, transferred to another entity if technical capacities of both the Administrator and the entity are available in that regard,
- the right to object to the processing of personal data. If the Administrator processes personal data in the performance of a task carried out in the public interest or on the basis of a legitimate interest, you may object to the processing of personal data at any time – on grounds relating to your particular situation. The Administrator shall no longer be permitted to process such personal data unless the Administrator demonstrates compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for determining, asserting or defending claims. Requests concerning the exercise of the aforementioned rights may be submitted by means of:
- an application submitted in writing to the Administrator’s seat,
- traditional post, by writing to the address of the Administrator’s seat,
- electronic mail, by writing to the e-mail address: email@example.com
Each request should as precisely as possible indicate who is submitting it and the subject of the request, i.e., in particular which of aforementioned rights and data as well as the purposes of their processing the request concerns. If the Administrator is still unable to determine the details of the request or identify the person submitting the request, it will request additional information. The response to the request shall be delivered by registered mail to the address indicated in the request. If the request is submitted by e-mail, the response shall be delivered to the e-mail address the request was submitted from, unless it is clearly indicated that the response is to be delivered by regular post. The Administrator shall reply promptly, no later than one month after receiving the request. Where necessary, the time limit may be extended by a further two months due to the complexity of the request or the number of requests. In such case, the Administrator shall inform the requesting party of the necessity of the time extension and the reasons of it.
If you think that your personal data is processed in violation of the applicable law, you have the right to lodge a complaint to the relevant supervisory authority. According to the applicable law in the Republic of Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS:
Personal data is neither transferred to third countries, i.e., outside the European Economic Area (EEA), nor to any international organisations.
PROCESSING OF PERSONAL DATA USING PROFILING:
When processing personal data for the purpose of providing the services of the Institute De Republica, the Administrator shall not make decisions by automated means, including the use of profiling.
We use so-called “cookies”, which are small text files sent by the website to the device (computer, smartphone, etc.) of the website user. Cookies are used to:
- facilitate the use of the website – “cookies” enable the recognition of the user’s device and the appropriate display of a customised website,
- generate anonymous service statistics – which allows us to learn more about our users’ expectations and to develop the service in order to improve its accessibility.
The majority of web browsers allow cookies to be stored on a user’s computer or other device as default. However, the Internet users may independently manage cookies, which may include blocking the storage of such files on the device by simply selecting the option in the browser to reject cookies. However, you should be aware that certain functions of the websites may not operate properly then. The instructions (“Help”) of a specific browser will show how to disable using cookies.