Privacy Policy

The following document describes the regulations and provisions related to the use of the website belonging to the Digital Science and Technology Center of the Cardinal Stefan Wyszyński University in Warsaw. It informs how the personal data of the Users of our website is processed and takes into account the following issues: who is the controller of Users’ personal data; what data is processed, for what purpose and on what basis it is done; how long the data is processed, to whom the collected data is made available and what rights you have as our Users and thus the personal data subjects.

The Digital Science and Technology Center of the Cardinal Stefan Wyszyński University in Warsaw, being a university unit, respects the CNT website Users’ right to privacy and guarantees them the right to select which information concerning them is being shared. The Digital Science and Technology Center also guarantees that the CNT website Users’ personal data is processed in accordance with the current European Union standards and regulations of the Polish law.

The Digital Science and Technology Center of the Cardinal Stefan Wyszyński University in Warsaw makes every effort to ensure that all assumptions included in this document are treated with full responsibility and due precautions.

Our Privacy Policy informs about the use of personal data belonging to Users, in respect of which we meet all the requirements of Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, the free flow of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation – hereinafter: “GDPR”).

Personal Data Controller

The Controller of your personal data, within the meaning of the GDPR, is the Cardinal Stefan Wyszyński University in Warsaw (hereinafter: UKSW) with its registered office in Warsaw (01-815), 5 Dewajtis St. UKSW decides on the purposes and methods regarding the processing of your personal data (how your data will be used).

In relation to matters concerning personal data protection (among others: security breach leading to accidental or unlawful destruction of personal data, loss of personal data, modification of personal data, unauthorized disclosure of personal data or unauthorized access to personal data transmitted, stored or otherwise processed), it is also possible to contact the Controller via the following e-mail address: or the Data Protection Officer appointed by the Controller at the Cardinal Stefan Wyszyński University in Warsaw (DPO – tel. 22/5619034; e- mail:

Any violations related to the protection of personal data can also be reported via a special contact form available on the website:

Purposes and Legal Bases of Data Processing

Your personal data may be processed by the Collector pursuant to Article 6(1)(c) of the GDPR, for purposes related to the implementation of legal obligations arising from the activities of the University (Law on Higher Education and Science and implementing acts issued on its basis; the Statute of the University and internal university regulations issued on its basis); Article 6(1)(b) of the GDPR – concerning the implementation of concluded agreements, where the data subject is a party or to take action at the request of the data subject prior to the conclusion of a contract; Article 6(1)(e) of the GDPR (e.g. for the purpose of video monitoring), where processing is necessary to perform a task carried out in the public interest; Article 6(1)(f) of the GDPR, concerning social media activity of the Controller who processes personal data in order to: maintain social media profiles/channels, contact users, inform about the Controller’s activities; Article 6(1)(a) of the GDPR, where the data subject has given consent to the processing of its personal data for one or more specific purposes.

Transfer of Personal Data

Only employees authorized by the Collector to the extent necessary have access to the User’s personal data. The data may be transferred only to entities located within the European Economic Area and thus subject to strict EU data protection regulations, or entities which are bound by an appropriate security standard – processing them on our behalf on the basis of contracts concluded with the Collector, but only for the purpose and the scope required to implement the above-mentioned purposes (including, among others, entities providing IT services for us or other services ensuring proper functioning of the Website. These entities process data only according to the directives given by the Collector. User data is not transferred to third countries.

Data Retention Period

Your personal data is processed only for the necessary period, pursuant to the relevant provisions of law and to enable the purpose referred to in paragraph 2 to be fulfilled, or to submit an effective objection to the processing of personal data – in particular until any claims are time-barred or the archiving obligation expires, including the obligation to store accounting documents.

The period of personal data processing may be extended in accordance with the relevant legal provisions, if their processing is necessary to pursue or clarify claims. After this period, personal data will be deleted or anonymized.

In the event of personal data processing, based on the consent expressed by the User, the data will be stored until it is withdrawn. Withdrawal of consents expressed on the CNT website is possible at any time.

The Right of Access to Personal Data

You have the right to obtain information included in Art. 15 GDPR. In case of doubts concerning the identity of an individual submitting a request for personal data, the Controller may request additional information required to confirm the identity of the data subject – pursuant to Art. 12(6) GDPR.

The Right to Lodge a Complaint With the Personal Data Protection Supervisory Authority

When it is justified that your personal data is processed by the Collector not in accordance with the GDPR, you have the right to lodge a complaint with the Personal Data Protection Supervisory Authority, which in Poland is the President of the Personal Data Protection Office.

Other Rights of the User as the Data Subject

In connection with the processing of your personal data by the Digital Science and Technology Center of the Cardinal Stefan Wyszyński University in Warsaw, you have the right to:

  • request updates/corrections to your data (in accordance with art. 16 of the GDPR);
  • restrict data processing (in accordance with art. 18 of the GDPR);
  • transfer personal data (in accordance with art. 20 of the GDPR);
  • delete the data (the right to be forgotten – in accordance with art. 17 of the GDPR);
  • to object to personal data processing (in accordance with art. 21 of the GDPR);
  • withdraw consent to the processing of personal data at any time, if it takes place on the basis of art. 6(1)(a) GDPR.

The Right to Modify the Privacy Policy

We reserve the right to make changes to the Privacy Policy at any time – to ensure that this document constantly meets the current legal requirements. This also applies if the Privacy Policy needs to be amended to cover new or modified services of the Website.

Skip to content