Pursuant to Regulation EU No 2016/679 (hereinafter referred to as the ‘GDPR’), Laboratorium PIAP (hereinafter referred to as ‘Laboratorium’ or the ‘Data Controller’) as data controller for your personal data hereby informs you that the aforesaid regulation provides for the protection of data subjects in relation to the processing of data personal concerning them and that this processing will be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.
Your personal data will be processed in accordance with the legal provisions of the aforesaid regulation, as well as any other regulation on data protection if applicable, and the confidentiality requirements envisaged therein.
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data.
Which kind of personal data we collect
We collect your personal data only with your consent and only if it is necessary for the purposes of the project. So we may ask you to provide us your personal data such as first name, last name, address, e-mail and, only if you are voluntary involved in pilots and, in case of video or photographs, your image.
Why we process your personal data
We will process your personal data exclusively within the purposes of the research within the project.
Further information on the project may be find at following URL: https://laboratorium.piap.lukasiewicz.gov.pl/
We process your personal data, as long as you, in your quality of data subject, has provided us with your consent for the processing of your personal data for one or more specific purposes such as to contribute and support Laboratorium Piap project participating in workshop, field exercises and demonstrations to provide feedback, to participate in surveys or to disseminate the results of EU-funded research and innovation projects.
We also may process your personal data if it is necessary for compliance with a legal obligation to which the Data Controller is subject.
Additional legal bases for the processing may be the Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 – the Framework Programme for Research and Innovation (2014-2020) and its annex.
Your personal data will not be used for any automated decision-making including profiling.
For how long we keep your personal data.
Laboratorium only keeps your personal data for the time necessary to fulfil the purpose of the project and will be destroyed or anonymised when no longer needed for that purpose.
How do we protect and safeguard your personal data?
All processing is carried out in compliance with Article 32 of the GDPR, with the adoption of appropriate security measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk of the processing and of the nature of the personal data. Organisational measures include restricting access to the personal data solely to authorised persons or third parties where legitimated by the Data Controller for the purposes of processing operation.
Who may access to your personal data
Access to your personal data is provided to the Laboratorium PIAP responsible for carrying out this processing operation and to authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
However, we may disclose your information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.
The Laboratorium website and project repositories are hosted in the European Union.
Which are your rights and how you can exercise them
You have specific rights as a ‘data subject’ under the GDPR, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of the GDPR.
If you have consented to use your personal data, you can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.
You can exercise your rights by contacting the Data Controller at the contact information given under below.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.
Your requests will be handled within a maximum of 30 working days.