Conference policies

Privacy Policy of the www.accord.wum.edu.pl website.

§1 GENERAL PROVISIONS.

1.      The administrator of personal data collected through the website www.accord.wum.edu.pl is the Medical University of Warsaw (MUW).

2.      Personal data collected by the Administrator through the Website shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “RODO”, and the Personal Data Protection Act of 10 May 2018.

§2 DEFINITIONS.

1.      Policy – means this Policy;

2.      Website – means the website at www.accord.wum.edu.pl;

3.      Administrator – means Medical University of Warsaw, 61 Żwirki i Wigury Street (postal code: 02-091 Warsaw), REGON: 000288917, NIP: 525-00-05-828;

4.      Fanpage – shall mean the public profile of Warsaw Medical University on social networking Websites: Facebook, Linkedin, Tweeter, Youtube;

5.      Conference – Interdisciplinary Conference on Drug Science, ACCORD 2024, organized by the Medical University of Warsaw;

6.      RODO means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1);

7.      Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;

8.      Profiling means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular, to analyse or predict aspects related to that individual’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

§3 PERSONAL DATA SECURITY

The Administrator shall exercise due diligence to protect the interests of data subjects, and in particular, shall ensure that the data collected by it are:

1.      processed lawfully, fairly and in a manner transparent to the data subject;

2.      collected for specified, explicit and legitimate purposes and not processed further in a way incompatible with those purposes;

3.      adequate, relevant and limited to what is necessary for the purposes for which they are processed;

4.      correct and updated when necessary;

5.      kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;

6.      processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures, and access to the data is restricted to persons authorized by the Administrator.

§4 PURPOSE AND SCOPE OF DATA COLLECTION. TYPE OF PROCESSED PERSONAL DATA. THE PERIOD OF PERSONAL DATA PROCESSING.

1.      The Medical University of Warsaw may process personal data for the purpose of and on the basis of:

1)      real-time transmission of the proceedings of the Conference, recording of the transmission (audio/video) and making the audio/video recording available to other participants of the Conference on the Administrator’s Website (access after logging in) – in the case of a prior consent of the participant of the Conference to processing of their personal data in the form of the image, including voice – on the basis of the consent given, i.e. pursuant to Article 6(1)(a) of the RODO, and no longer than until the withdrawal of consent. In the case of persons participating in the Conference in a remote manner (in the case of a hybrid mode), consent is deemed given by using the link enabling (online) participation in the Conference and switching on the webcam or microphone, and in the case of persons participating in the Conference in a stationary manner, consent is deemed given by the presence in the conference hall;

2)      promoting and advertising of the Administrator’s activities (e.g. other scientific events) – in the case of persons who have given their consent and only to the extent specified in such consent – on the basis of Article 6(1)(a) of the RODO and no longer than until the withdrawal of consent;

3)      taking action prior to concluding an agreement for participation in the Conference at the request of the data subject, or concluding and performing an agreement to which the data subject is a party during the registration for the Conference (concluding agreements for the provision of electronic services) and through registration forms – the legal basis of Article 6(1)(b) of the RODO;

4)      providing service to participants of the Conference, including dissemination of current organizational information, issuing a certificate confirming the participation in the Conference, transferring post-conference materials and processing payments related to participation in the Conference – the legal basis of Article 6(1)(b) of the RODO when the participant is also a party to the agreement on participation in the Conference, otherwise the basis for processing is Article 6(1)(f) of the RODO, i.e. the legally justified interests pursued by the Administrator – providing service to the participant of the Conference

5)      fulfilling obligations arising under both national and EU laws – the legal basis of Article 6 (1) (c) of the RODO (e.g. processing of personal data contained in tax and accounting documents for settlement purposes), also for archival purposes;

6)      e-mail correspondence – when inquiries about the Conference are sent to the Administrator prior to concluding an agreement for participation in the Conference, personal data of the sender of the correspondence is processed solely for the purpose of communication with the sender and resolving the matter to which the correspondence pertains. Legal basis: Article 6(1)(f) of the RODO – legitimate interest of the Administrator – to conduct correspondence addressed to the Administrator or the resolution of the reported matter, in connection with the Conference;

7)      managing the Website and Fanpage – personal data left by persons visiting the Administrator’s social networking profiles (such as Internet IDs, comments, likes) in order to enable persons visiting the Website/Fanpage to be active, to run the Fanpage effectively by presenting users with information on the Administrator’s initiatives and activities, to respond to comments and to promote events. The legal basis is Article 6(1)(f) of the RODO – the Administrator’s legitimate interest in managing the Website and Fanpage;

8)      pursuing the Administrator’s legitimate interest in adjusting the Website to users’ needs and for analytical and statistical purposes – the legal basis of Article 6(1)(f) of the RODO;

9)      providing the most advantageous offer tailored to users – the Administrator may then apply “profiling”, which is a form of automated processing of personal data which consists in using personal data to evaluate certain personal factors of the individual, in particular to analyse or predict aspects concerning personal preferences and interests (the basis of Article 6(1)(f) of the RODO, i.e. the legitimate interests pursued by the Administrator). However, the Administrator shall not make decisions which would be based solely on automated

processing, including profiling, and significantly affect the data subject;

10)  establishing, asserting or defending claims – for the period of limitation of these claims; the legal basis of Article 6(1)(f) of the RODO i.e. legitimate interests pursued by the Administrator;

2.      In connection with section 1 point 9) above, navigational data may also be collected from users, including information about links and references they choose to click or other actions taken on the Website. The legal basis for such activities is the legitimate interest pursued by the Administrator (Article 6(1)(f) of the RODO), which consists in facilitating the use of services provided electronically and in improving the functionality of these services.

3.      The Administrator processes the following personal data of the user:

(a)name and surname;

(b)title/degree;

(c)place of employment

(d)scientific achievements;

(e)image;

(f)vaccination data

(g)e-mail address;

(h)data necessary for billing purposes;

(i)other data provided by the user of the Website.

4.      When using the Website, additional information may be collected, in particular: the IP address assigned to your computer or the external IP address of your Internet provider, domain name, browser type, access time, operating system type.

5.      Navigational data may also be collected, including information about the links and references you choose to click or other actions you take on the Website. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), which consists in facilitating the use of services provided electronically and in improving the functionality of these services.

6.      If the basis for data processing is consent (and thus processing is performed pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO) – data are stored by the Administrator until the date of withdrawal of consent at the latest.

7.      If the basis for data processing is the performance of a contract (and thus processing takes place on the basis of Article 6(1)(b) of the RODO), as long as it is necessary for the performance of the contract, and thereafter, personal data contained in tax or accounting documentation will be stored until the expiry of data storage obligations under the law, and also until the expiry of the limitation period (in accordance with Article 6(1)(c) and (f) of the RODO).

8.      Users’ personal data are processed on the basis of the legitimate interest of the Administrator (Article 6(1)(f) RODO) for the period necessary to respond to the sent e-mail (e.g. via the contact form) and for the period of further correspondence, possibly for the time necessary to assert claims.

9.      For archival purposes, personal data will be processed for the time specified for the individual archival categories by which the documentation collected by the Administrator is marked in accordance with the Uniform Tangible File List of the MUW developed on the basis of the Ordinance of the Minister of Culture and National Heritage of 20 October 2015 on the classification and qualification of documentation, transfer of archival materials to state archives and the discarding of non-archival documentation, possibly for the time of the Administrator’s claim or defence against claims;

10.  Apart from the cases referred to above, the data shall be stored by the Administrator until the date of lodging an effective objection or an effective request for data deletion.

11.  After the expiration of the processing period, the data shall be irreversibly destroyed or anonymized.

§5 SHARING OF PERSONAL DATA.

1)      Users’ personal data are transferred to service providers used by the Administrator in the course of his/her activity or to entities specified in regulations. Service providers to whom personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the Administrator’s instructions as to the purposes and means of processing those data (processors) or determine themselves the purposes and means of processing (Administrators).

2)      Users’ personal data are stored exclusively in the European Economic Area (EEA).

§6 RIGHTS OF DATA SUBJECTS (USERS).

1.      The Administrator has appointed a Data Protection Officer, who can be contacted at e-mail address: iod@wum.edu.pl, or at phone number: +48 22 57 20240.

2.      The Administrator shall exercise due care to protect the interests of data subjects, and in particular to ensure that the data collected by him/her are:

1)   processed in accordance with the law,

2)   collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes,

3)   accurate and adequate in relation to the purposes for which they are processed and stored in a form which allows identification of data subjects for no longer than it is necessary to achieve the purpose of processing.

3.      The data subject has the right to access the content of their personal data and the right to rectify, erase, restrict processing, the right to object. When the processing is based on the legitimate interest of the Administrator, the data subject has no right to data portability, or the right to withdraw consent.

4.      Providing personal data by the user is voluntary. Failure to provide them will prevent participation in the Conference or the use of the functionalities offered on the Website. 

5.      Legal grounds for the request of the data subject (person, whose personal data are processed):

1)   Access to data – Article 15 of the RODO – in any case.

2)   Rectification of data – Article 16 of the RODO in each case where the data are incorrect.

3)   Erasure of data (so-called right to be forgotten) – Article 17 of the RODO when:

(a)    the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(b)   the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) of the RODO and there is no other legal basis for the processing;

(c)    the data subject objects under Article 21(1) of the RODO to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21(2) of the RODO to the processing;

(d)   the personal data have been unlawfully processed;

(e)   the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject.

4) Restriction of processing – Article 18 of the RODO – in the following cases:

(a)               the data subject challenges the accuracy of the personal data – for a period allowing the Administrator to verify the accuracy of the personal data;

(b)               the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead that the processing be restricted;

(c)                the Administrator no longer needs the personal data for the purposes of the processing, but they are needed by the data subject for the establishment, enforcement or defence of claims;

(d)               the data subject has objected under Article 21(1) of the RODO to the processing – until such time as it is established whether the legitimate grounds on the part of the Administrator override the grounds of the data subject’s objection.

5) Right to data portability – Article 20 of the RODO if:

(a)    the processing is based on consent pursuant to Article 6(1)(a) or on contract pursuant to Article 6(1)(b) of the RODO; and

(b)   the processing is carried out by automated means.

6)                 Objection – Article 21 of the RODO – concerns the processing of personal data based on Article 6(1)(e) or (f) of the RODO, including profiling on the basis of those provisions. The Administrator shall no longer be permitted to process such personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, enforcement or defence of claims. If personal data are processed for direct marketing purposes (grounds under Article 6(1)(f) of the RODO), the data subject shall have the right to object at any time to such processing, whether primary or further – including profiling, insofar as it is related to direct marketing.

7)                 The right to erasure (so-called right to be forgotten) does not apply if the processing is necessary for:

(a)    exercising the right of freedom of expression and information;

(b)   complying with a legal obligation requiring processing under Union or Member State law to which the Administrator is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;

(c)    archival purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the RODO, insofar as the right to object is likely to prevent or seriously impede the purposes of such processing; or

(d)   establishing, asserting or defending claims.

8) Right to withdraw consent – The data subject has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

6.      In order to exercise the rights referred to in Subsection 5, you may send a relevant e-mail to the address indicated in Subsection 1 above.

7.      When the user applies the rights resulting from the above rights, the Administrator shall fulfil the request immediately or refuse to fulfil it, but no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator will not be able to comply with the request within one month, it will comply within the next two months by informing the user about the intended extension of the deadline and the reasons for it within one month of receiving the request.

8.      If it is determined that the processing of personal data violates the provisions of RODO, the data subject has the right to lodge a complaint to the President of the Office for Personal Data Protection.

9.      Providing personal data is voluntary, but necessary, among others: to continue to use the Fanpage, to conclude an agreement to participate in the Conference, to obtain answers to questions that were asked.

10.  The consequence of not providing personal data is the inability to implement / continue the services provided, including participation in the recruitment, concluding an agreement, leaving a comment.

§7 GOOGLE ANALYTICS.

1.      The Website uses Google Analytics provided by Google Ireland Limited (“Google”), a company incorporated and operating under the laws of Ireland (registration number: 368047), with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

2.      Google will analyze the use of the Website by users, which will allow the Administrator to improve the Website. The information collected by Google in connection with the use of the Website (e.g. pages visited and time spent on them) will be transmitted to a Google server, where it will be stored and analysed. The relevant results will then be made available to the Administrator in an anonymised form in the GA panel. The collected data will not be associated with the user’s full IP address as a part of this process.

3.      Additional information about the Google Analytics service is available on the Google Analytics Terms of Use, Privacy and Data Protection Guidelines of Google Analytics and Google Privacy Policy.

4.      The user can deactivate Google Analytics by clicking the hyperlink below to download and install the browser plug–in.

§8 FACEBOOK PIXEL.

1.      The Administrator uses the Facebook pixel. This is a service provided by Facebook Ireland Limited, a company with the following address: 4 Grand Canal Square, Dublin 2, Ireland.

2.      The provisions of this paragraph are relevant to people with Facebook accounts. If you are not a member of Facebook, the Facebook pixel does not affect you.

3.      This service allows to target Facebook ads’ audience based on the frequency of visits on the Website and other user activity. The Facebook pixel is used to measure the effectiveness of online marketing efforts. It allows for monitoring of user actions after viewing or clicking a Facebook ad.

4.      When you click the Website link, the Facebook pixel may store a cookie on your device. However, the collected user data is stored and processed by Facebook so that conclusions can be drawn about the respective user profile. Data processing by Facebook takes place in accordance with Facebook’s data use policy.

5.      Further information on the terms of use and data protection can be found on the following website: https://www.facebook.com/business/help/651294705016616.

§9 COOKIES.

1.      This Website uses “cookies”(small text information stored by your browser). They are used for statistical purposes and to ensure proper operation of the Website. Most browsers used on computers and other devices accept cookies by default. If you wish to change the default settings, you can do so using the settings in your browser. If you have problems with setting changes, please use the “Help” option in the menu of the browser you are using. Cookies allow for a more comfortable and effective use of the website. Disabling them may cause the website to work incorrectly and display incorrectly in your browser.

2.      Installation of cookies is necessary for the proper provision of the services on the Website. Cookies contain information necessary for the proper functioning of the Website and they make it possible to compile anonymous statistics on visits to the Website.

3.      The Website uses the following types of “cookies”:

1)                 “Session” “cookies” are temporary files, which are stored in the user’s terminal equipment until logging out (leaving the Website).

2)                 “Functional” cookies are stored in the terminal equipment of the user for the time specified in the parameters of “cookies” or until they expire or are deleted by the user.

3)                 “Cookies” that ensure the operation of analytical programs and better targeting of advertising.

4.      The Administrator uses its own cookies to better understand how the user interacts with the content of the Website. Cookies are part of the mechanism responsible for sending to analytical programs data containing information about how the user uses the Website. This data includes information such as the number of sessions, time spent interacting with the Website, the number of pages visited, and the source from which the user accessed the Website. This information does not record your specific personal information.

5.      In many cases, software used to browse the Internet (web browser) by default allows to store cookies on your terminal device. Users of the website can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or inform on their placement in the device of the website user each time. Detailed information on the possibility and methods of using cookies is available in the software settings (web browser). Failure

to change the settings for cookies means that they will be placed on the user’s terminal equipment and thus we will store information in the user’s terminal equipment and we will be able to access this information.

§10 FINAL PROVISIONS.

1.      The Administrator shall apply technical and organizational measures to ensure the protection of personal data processed, appropriate to the risks and categories of data covered by the protection, in particular to protect data from unauthorized access, acquisition by an unauthorized person, processing in violation of applicable laws, and the change, loss, damage or destruction.

2.      The Administrator provides appropriate technical measures to prevent acquisition and modification of personal data transmitted electronically by unauthorized persons.

3.      In matters not covered by this Privacy Policy shall apply respectively the provisions of RODO and other relevant provisions of Polish law.

4.      This Privacy Policy shall be reviewed and updated on an ongoing basis. Any changes to this Privacy Policy due to changes in the law or related to changes in the offer of services available on the Website shall be promptly communicated to the user by an announcement on the Website.

5.      This Privacy Policy is effective as of December, 1^st, 2023.