INFORMATION CLAUSE

In accordance with Article 13(1) and (2) and Article 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter “GDPR”), the University of Białystok hereby informs you:

1. The Controller (Administrator) of your personal data is the University of Białystok, ul. Świerkowa 20B, 15-328 Białystok. Information on the adopted privacy policy can be found at: https://uwb.edu.pl/ochrona-danych-osobowych.
2. The Controller has appointed a Data Protection Officer (DPO) responsible for ensuring the lawful processing of personal data. You may contact the DPO by email at: iod@uwb.edu.pl.
3. Your personal data will be processed on the following legal bases and for the following purposes:
   1. Conclusion and performance of the Agreement – the legal basis for processing your personal data is Article 6(1)(b) GDPR.
   2. Fulfillment of legal obligations incumbent on the Controller, in particular tax, accounting, and financial reporting obligations – Article 6(1)(c) GDPR.
   3. Legitimate interests pursued by the Controller, particularly those related to enabling the exchange of information necessary for the performance of the Agreement, communication during the course of the Agreement, and settlement of the Agreement, as well as the establishment, exercise, or defense of legal claims – Article 6(1)(f) GDPR.
4. The provision of personal data is necessary for the performance of the Agreement.
5. Your personal data will be processed for the period necessary to achieve the purposes related to the performance of the Agreement, but no longer than:
   1. until you request their erasure, withdraw your consent for data processing, request restriction of processing, object to their processing, or request their transfer;
   2. until the expiry of claims in accordance with generally applicable Polish law, for the purpose of establishing, exercising, or defending such claims;
   3. until the legitimate interest of the Controller has been fulfilled.
6. Your personal data may be disclosed to entities whose services are used by the Controller. The recipients of the data may also include institutions authorized by law (e.g., courts, police), based on specific obligations. Employees of the Controller who process personal data in connection with their official duties will have access to these data. The recipients of personal data may also be entities to which the Controller, on the basis of a data processing agreement, entrusts the performance of certain activities requiring the processing of personal data.
7. You have the following rights related to the processing of your personal data:
   1. the right of access to your personal data;
   2. the right to request the rectification of inaccurate personal data and the completion of incomplete personal data;
   3. the right to request erasure of personal data (this right does not apply, in particular, when processing is necessary for compliance with a legal obligation under applicable law or for performing a public task);
   4. the right to request restriction of the processing of your personal data;
   5. the right to object to the processing of your personal data;
   6. the right to data portability;
   7. the right to lodge a complaint with the supervisory authority responsible for personal data protection, i.e., the President of the Personal Data Protection Office.
8. Your personal data will not be transferred outside the European Economic Area (EEA).
9. Your personal data will not be subject to profiling.