GDPR Policy

GDPR Policy

In accordance with the general regulation of 27 April 2016 on the protection of personal data, hereinafter referred to as GDPR, we wish to inform you that:

  1. The Administrator of your personal data is the Sano Centre for Computational Personalised Medicine – International Research Foundation – located at (30-072) Kraków, ul. Nawojki 11. The Administrator may be contacted at the following e-mail address: legal@sano.science.
  2. Your personal data shall be processed for the purposes of the recruitment process.
  3. The legal basis for processing your personal data for the purposes of recruitment shall be Article 6 Section 1 Point c of the GDPR, with processing being necessary for the fulfilment of a legal obligation to which the Administrator is subject, particularly Article 118a of the Law on Higher Education as well as Article 221 of the Labour Code. The condition legalising the processing of personal data provided voluntarily by the candidate, which is beyond the scope of data referred to in Article 221 of the Labour Code, shall be Article 6 Section 1 Point a of the GDPR – consent by the data subject.
  4. Providing your personal data, subsequent to the decision to enter the recruitment process, is obligatory within the scope defined by Article 221 of the Labour Code and the Law on Higher Education and determines the possibility of applying for work as well as possible further employment. In the case of personal data which is beyond the scope of the aforementioned legal regulations, providing your data is voluntary but it does determine the possibility of participating in the recruitment process.
  5. Your personal data shall be processed on behalf of the data administrator by authorised personnel purely for the recruitment purposes.
  6. Your personal data shall be stored for a period of time necessary for the fulfilment of the recruitment process. Should the recruitment outcome prove negative, your data shall be removed immediately at the completion of recruitment, unless otherwise provided by the record-keeping regulations ─ then for a period of time specified in these regulations.
  7. Your personal data shall not be shared with external entities with the exception of cases provided for by legal regulations. Should you submit your application documents in electronic form, the recipient of your data may be an entity acting on behalf of the administrator i.e. a mail service operator.
  8. Under the terms of the GDPR, you shall be entitled to:
  9. the right to access your data,
  10. the right to rectify it if factually incorrect,
  11. the right to remove or restrict the processing of the data as well as the right to data portability – in cases prescribed by the law,
  12. the right to object to the processing of the data,
  13. the right to file a complaint with the supervisory authority – the President of the Personal Data Protection Office, should you consider that the processing of your personal data violates personal data protection regulations.