Privacy Policy
The Privacy Policy explains who we are, for what purposes we process your personal data, how we process it, and to whom we may entrust or disclose it. We will also inform you of your rights in this regard.
Poznan University of Technology is obliged to protect your personal data. Your data is processed in accordance with the laws applicable in the Republic of Poland. The legal act governing the processing of your personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
We ensure that your personal data is protected against loss, destruction, disclosure, unauthorized access, or improper use.
To protect your data, several measures have been implemented. Examples include:
- We use data encryption, firewalls, and antivirus software.
- We continuously monitor IT systems and apply security procedures.
- We have also implemented a procedure in the event of a personal data breach.
We will inform you of any incident related to the processing of your data if we determine that it poses a high risk to your rights and freedoms.
1. Data Controller
The Data Controller is Poznan University of Technology, located at Pl. Marii Skłodowskiej-Curie 5, email: biuro.rektora@put.poznan.pl, phone: +48 61 665 36 39.
2. Data Protection Officer (DPO)
The Controller has appointed Mr. Piotr Otomański as the Data Protection Officer, who supervises the proper processing of personal data at Poznan University of Technology. You can contact the DPO via email: iod@put.poznan.pl.
3. Purposes and Legal Bases of Processing
Your personal data is processed for the following purposes:
- Compliance with legal obligations of the controller – Article 6(1)(c) GDPR (e.g., student recruitment, staff recruitment, granting benefits (scholarships), education process support, accounting and tax documentation);
- Performance of a contract or taking steps at the request of the data subject prior to entering into a contract – Article 6(1)(b) GDPR (e.g., civil law contracts, cooperation with contractors, conference organization);
- Protection of vital interests of the data subject – Article 6(1)(d) GDPR;
- Performance of tasks carried out in the public interest or in the exercise of official authority – Article 6(1)(e) GDPR (e.g., ensuring the safety of people and property);
- Legitimate interests pursued by the controller – Article 6(1)(f) GDPR (e.g., assertion and defense against claims).
In other cases, data is processed based on your consent – Article 6(1)(a) GDPR.
In the context of the web application used to collect performance indicators (e.g., academic cooperation, training participation, project activity tracking) within the EUNICE network, the following categories of your personal data will be processed:
| Data Category | Examples |
| Identification data | First name, last name |
| Contact details | Email address (preferably institutional) |
| Organizational affiliation | Home university (e.g., Poznan University of Technology, or another EUNICE partner institution) |
| System activity data | Login timestamps, session metadata, activity status (e.g., task submission, form completion), IP address |
These data are processed for the following specific purposes:
| Purpose | Legal Basis under GDPR | Justification |
| 1. User identification and access control | Art. 6(1)(e) GDPR – task carried out in the public interest | Ensuring secure access to the application and user accountability |
| 2. Monitoring of user activities related to indicator collection | Art. 6(1)(e) GDPR | Supporting cross-institutional reporting and project evaluation |
| 3. Generating statistical summaries and progress reports | Art. 6(1)(e) GDPR | Fulfilling obligations under EU-funded programs and academic partnerships |
| 4. Technical maintenance and error diagnostics | Art. 6(1)(f) GDPR – legitimate interest | Maintaining the system’s security and reliability |
| 5. Communication with users (e.g., confirmation messages, technical updates) | Art. 6(1)(f) GDPR | Necessary for effective use and support of the application |
No sensitive (special category) data is processed. No profiling or automated decision-making occurs in the system.
4. Integration with PIONIER.Id Federation
The service allows users to log in via the Polish Identity Federation PIONIER.Id. As part of the authentication process, identity providers (IdPs) that are members of the federation transmit a set of user attributes required for proper identification.
The following user attributes are requested and required in accordance with the SAML 2.0 standard, and their provision is mandatory for successful login and account provisioning within the system:
| OID | Friendly Name | Description |
| urn:oid:2.5.4.42 | givenName | Given (first) name |
| urn:oid:2.5.4.4 | sn | Surname |
| urn:oid:0.9.2342.19200300.100.1.3 | Alternative email (legacy compatibility) | |
urn:oid:2.16.840.1.113730.3.1.241 | displayName | Display name used in the interface |
| urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName (EPPN) | Unique federated login identifier |
These attributes are processed solely for authentication purposes and for enabling authorized access to the service. No additional data from the identity providers is stored or shared beyond what is necessary for account management and access control.
5. Data Recipients
Recipients of your data may include:
- Public authorities and state offices or other entities authorized by law or performing tasks in the public interest or in the exercise of official authority;
- Other entities processing data on behalf of Poznan University of Technology based on contracts (especially IT service providers).
6. Data Retention Period
Your data will be processed for the time necessary to fulfill the purposes outlined in point 3, especially the duration specified by applicable law or for the duration of a contract (including settlements and the period necessary to assert and defend claims and document archiving) or, in the case of consent-based processing, until the consent is withdrawn.
7. Rights of Data Subjects
Under the GDPR, you have the following rights:
- Right of access – to know whether your data is processed and to receive a copy;
- Right to be forgotten – to request data deletion and notify others to delete it;
- Right to data portability – to receive and transfer your data in a machine-readable format (applies if processing is based on consent or contract and is automated);
- Right to restrict processing – to limit processing to storage only;
- Right to rectification – to request immediate correction of inaccurate data;
- Right to object – to stop processing based on legitimate interest (e.g., direct marketing);
- Right to withdraw consent at any time – without affecting the legality of previous processing;
- Right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office
8. Obligation to Provide Data and Consequences of Failure
Providing personal data is voluntary, but failure to do so may prevent the fulfillment of legal obligations or contract execution by Poznan University of Technology.
