Privacy Policy

PRIVACY POLICY

This Privacy Policy aims to inform the users of https://ump.edu.pl and https://pums.edu.pl websites and the users of the ViSUS system (hereinafter “Users”) about the ways in which personal data are collected during accessing the abovementioned websites as well as logging in and using ViSUS system.

Privacy Policy is designed to provide information referred to in Article 13 of the European Parliament and Council (EU) 2016/679 regulation of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation), referred to as GDPR effective since May 25, 2018.

  1. Personal Data Administrator

The Administrator of personal data of Users is Poznan University of Medical Sciences, 10 Fredry St., 61-701 Poznań (hereinafter “Administrator”)

In all matters relating to the protection of personal data, Administrator can be contacted by e-mail: abi.ump@ump.edu.pl or post: Poznan University of Medical Sciences, ul. Fredry 10, 61-701, Poznań, Poland.

  1. Aims and basis for personal data processing

Personal data of Users are processed by Administrator in order to:

A. answer inquiries sent through contact forms from the abovementioned websites and in ViSUS system. Legal basis for processing is consent given by User during sending messages (art. 6, paragraph 1, subparagraph a, GDPR),
B. conduct analytical research, especially research and analysis of https://ump.edu.pl and https://pums.edu.pl websites and ViSUS system. Legal basis for processing is agreement given by User during sending system traffic and collection of statistical data. The aim constitutes a legitimate interest of Administrator and the legal basis for the processing is art. 6, paragraph 1, subparagraph f, GDPR
C. enable logging in and using ViSUS system to allow Users to use specialist applications and process selected types of issues through ViSUS system. The aim constitutes a legitimate interest of Administrator and the legal basis for the processing is art. 6, paragraph 1, subparagraph f, GDPR.

3. Categories of processed personal data

While browsing Administrator’s website as well as logging in and using ViSUS system, the following data are processed:

A. name, surname, e-mail address – contact form available from the website,
B. IP address, requested URL address, device identifier, the amount of time spent on particular pages, type of browser, browser’s language, date and time of the use of website, screen resolution, type and version of the operating system, and other related information,
C. name surname, telephone number, e-mail address, permanent address, PESEL number, NIP (tax ID) number, date of birth, place of birth, temporary stay card, passport number, military service book number, photos of Users (employees and students) – in the scope of ViSUS system.

The abovementioned data are provided voluntarily, however a failure to provide them will prevent the actions mentioned above. In the case when a consent is a basis for User’s personal data processing, the lack thereof will prevent Administrator from performing actions which the consent refers to.

Please be informed that the consent can be withdrawn anytime, which will not affect the processing legality of until the moment of the withdrawal.

  1. Time period of personal data storage

Personal data of Users will be processed:

A. until the withdrawal of consent by User in the case of data collected as based on art. 6, paragraph 1, subparagraph a, GDPR,
B. until User objects, in the case of data collected as based on art. 6, paragraph 1, subparagraph f, GDPR,
C. until User’s personal data removal request, in the cases indicated in art. 17, GDPR,

System log data of PUMS’ websites which are publicly available are processed through one year period in order to ensure IT security which relies on the possibility of verification of specific events, including their correlation in a defined period of time.

Personal data from ViSUS system will be processed in the period of time essential to achieve the objective of processing and also during the period of time which is enforced on Administrator by other regulations.

  1. User’s rights in relations to personal data

Users have a right to access the content of their personal data, a right to correct, delete the data as well as a right to limit the processing, a right to withdraw the consent, a right to transfer data, a right to object to the processing of User’s personal data. Users have a right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data violates GDPR.

  1. Cookies

What are cookie files (cookies)?

Administrator’s website uses cookies. Cookies are small text files sent by the www server and stored by the software of the browser’s device. When the browser reconnects with the website, the site recognizes the type of device which is used by User. The settings allow the information included in them to be decoded only by the server which created them. In that sense, cookies facilitate revisiting Internet websites.

Gathered information involve the IP address, type of used browser, language, type of operating system, Internet services provider, information on the date and time, localization and information sent to the site by means of contact form.

Cookies identify the user which allows to customize the site’s content to their needs. By saving individual preferences, cookies allow to suit advertisements to the User. Administrator uses cookies to guarantee the highest standard of comfort of use of the website and the collected data is used only for the optimization of actions.

What kind of information can be included in cookies?

It depends first and foremost on the character of the website. Data can be:

  • Relevant for statistical needs
  • Relating to the content which should be presented to User according to his/her interests
  • Relevant for the purposes of Internet shop, e.g. shopping cart
  • Relevant for the purposes of User identification, so called session cookies which are deleted after session expiration

Control and deletion of cookies
User has a right to block and delete cookie files. In order to perform the operation, one has to go to browser’s settings. Detailed information can be found in the ‘Help’ section, available in the browser’s menu. Below Internet addresses of popular web browsers (in alphabetical order) are presented, where information about cookies are included:

Contact form

Personal data provided by Users by a means of the service’s electronic forms are used only in order to answer inquires and complaints.

IP address

IP address data is saved into logs in the database and used for statistical purposes.

Final information

Using the Internet website and ViSUS system without changes in the browser’s settings, User consents to the use of cookies by Administrator.

Blocking or deleting cookies by User may result in difficulties in functioning of the website and ViSUS system.

  1. Receivers of personal data

Receivers of User’s personal data are Google Analytics, Facebook. In a situation when User objects to the above – please use browser settings in a way indicated above.

Personal data of Users will not be subject to processes which would lead to automated decision-making, including profiling.