This page uses cookies

Due to the settings of your browser and in order to facilitate the functioning of the umcs.pl webpage, the cookies have been installed. By continuing to use this webpage, you accept their usage. You can change this in the settings of you browser.

  1. Main page
  2. Employee
  3. HR and Payroll
  4. Personal Data Protection

Employee

Personal Data Protection

Data Protection Officer

Contact for matters related to personal data protection:

Katarzyna Żółkiewska-Malicka

e-mail: iod@mail.umcs.pl

Legal acts and training regarding personal data

Internal legal acts regarding the principles of personal data processing and employee training are made available on an ongoing basis on the website:

odo.umcs.pl

Note! The website can only be used from computers and devices connected to the UMCS computer network.

Basic rules for the processing of personal data

  1. As an employee of the entity that is the Personal Data Administrator processing personal data, you are obliged to process this data in the manner provided for in detail by the law and based on the law. Personal data may not be collected if there is no legal basis for their processing, e.g. a legal provision requiring the processing of data, the consent of the person whose data it concerns or an agreement regulating these matters.
  2. Personal data is any information relating to an identified or identifiable natural person.
  3. When processing data, special care must be taken to protect the interests of the data subjects, and in particular you MUST ensure that the data is:

a) processed in accordance with the law,

b) collected for specified, lawful purposes and not subject to further processing incompatible with these purposes,

c) substantively correct and adequate in relation to the purposes for which it is processed,

d) stored in a form that allows identification of the data subjects for no longer than is necessary to achieve the purpose of processing.

  1. It is absolutely necessary to apply technical and organisational measures that ensure the protection of processed personal data appropriate to the threats and categories of data subject to protection, and in particular to protect data against their disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction. As a rule, transferring personal data outside the unit is not permitted, except in cases indicated in the provisions of law! In this respect, you bear individual responsibility, including disciplinary, and in particular cases even criminal, including imprisonment.
  2. Detailed measures ensuring data security are described in the so-called Personal Data Protection Regulations, the knowledge and application of which is necessary.
  3. In order to properly perform official duties, the authorised person representing the Data Controller delegates the performance of duties related to the processing of personal data to each employee within the scope of his or her tasks by issuing an authorisation to access the data contained in the personal files.
  4. 7.      As an employee authorised to access personal data, you are obligated to keep confidential the data obtained in the course of performing your official duties and the methods of securing it, as well as to use this data only for the performance of your official duties.
  5. You are obliged to participate in periodic training/instructions reminding of the principles related to the processing of personal data and to strictly comply with the requirements of the law in this respect.
  6. It is your responsibility to apply appropriate security measures when accessing data processed in the IT system, in particular in terms of the ability to log into the system only through an individual identifier and a confidential password consisting of at least 8 characters (including a lowercase and uppercase letter, a number or a special character), changed at most every 30 days. You may not share your passwords with anyone. Everyone is responsible for everything that happens on their account!
  7. 10.  If you notice anything that raises suspicions as to the correct application of the principles of personal data processing, you are obliged to immediately notify your supervisor.

Information clause for employees and contractors of UMCS

In accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR"), Maria Curie-Skłodowska University (hereinafter also referred to as "UMCS") informs that:

1. The administrator of your personal data is Maria Curie-Skłodowska University in Lublin, with its registered office in Lublin, pl. Marii Curie-Skłodowskiej 5, 20-031 Lublin.

2. Maria Curie-Skłodowska University has appointed a Data Protection Officer (hereinafter "DPO"), Paweł Kidyba, who can be contacted by e-mail: iod@mail.umcs.pl.

3. The DPO can be contacted in any matter concerning the processing of personal data.

4. Your personal data will be processed for the purpose of:

a) performance of the contract to which you are a party (Article 6, paragraph 1, item b of the GDPR);

b) fulfillment of the legal obligation incumbent on UMCS (Article 6, paragraph 1, letter c of the GDPR);

c) performance of a task carried out in the public interest, (Article 6, paragraph 1, letter e of the GDPR)

d) purposes resulting from legitimate interests pursued by UMCS (Article 6, paragraph 1, letter f of the GDPR).

e) In addition, if applicable, personal data may be processed on the basis of Article 6, paragraph 1, letter a of the GDPR, i.e. on the basis of your consent to processing.

5. Providing your personal data is necessary to conclude and perform the contract.

6. The Administrator receives your personal data directly from you or from contractors.

7. Your personal data may be made available to entities authorised to receive them under generally applicable legal provisions.

8. Your personal data, in legally justified cases, may be transferred to third countries (outside the European Economic Area) and to international organizations.

9. Your personal data will be stored for the period necessary to perform and settle the Agreement, as well as until the limitation period for claims that may arise from the performance of the Agreement, and to the extent indicated in point 3 letter e above - until you withdraw your consent to the processing of data.

10. You are entitled to: obtain information on the processing of personal data and the rights granted in accordance with the GDPR, access to the content of your data and its rectification, as well as to delete personal data from the administrator's files (unless further processing is necessary for the performance of a legal obligation or for the purpose of establishing, pursuing or defending claims) and the right to limit processing, transfer data, object to processing - in cases and under the conditions specified in art. 13 of the GDPR.

To the extent that processing is based on consent, you are entitled to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

11. Your personal data will not be subject to automatic decision-making or profiling.

12. You are entitled to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the provisions of the GDPR.

RSS

UMCS logotype HR Excellence in Research logo

All rights reserved
© 2013 UMCS

BIP

powered by Veneo