This document specifies details regarding the rules of processing of the personal details of all visitors of the sano.science site, as required by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC further referred as the General Data Protection Regulation or GDPR (Official Journal of the EU L 119/1).
Personal data controller
Sano – Centre for Computational Personalised Medicine – International Research Foundation based in Kraków acts as the personal data controller for the data mentioned in this document.
Purpose and lawful basis for data processing
We are processing personal data:
- to inform you about our activities (incl. products and services) based on your voluntary consent (Art. 6, 1a of the GDPR)
- when it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6, 1b of the GDPR)
- to provide the data to the state authorities for the needs of legal proceedings carried on by them as required by the Polish ACT of 18 July, 2002 on Providing Services by Electronic Means (Dz. U. [Journal of Laws] 2017.1219, as amended) (Art. 6, 1c of the GDPR)
- for analytical purposes – including: site customization based on your preferences, improvement of our services based on your feedback, technical logs to provide security and proper operations of our ICT systems – which are our legitimate interests (Art. 6, 1f of the GDPR)
- for archival purposes (as proof) to protect the information required to demonstrate the legal facts which is our legitimate interest (Art. 6, 1f of the GDPR)
- to potentially exercise our legal rights or to defend against legal claims which is our legitimate interest (Art. 6, 1f of the GDPR)
- to measure our visitors satisfaction and quality of our support, which is our legitimate interest (Art. 6, 1f of the GDPR)
- We may store Cookies on your device and retrieve it to offer best user experience.
- Cookies are small chunks of data stored as files by the browser and retrieved each time the Site is visited. Cookies usually contains site name / domain, expiration date, randomly generated UUID.
- store your preferences and optimize Site display based on the individual preferences; Cookies allow to detect your device and display Site personalized for you,
- collect statistical information to help understand behavior of Site visitors and serve personalized content,
- store sessions of logged users to prevent the need to re-login on each sub-page.
- Most browsers store Cookies by default. At any moment you may change browser’s behaviour, choosing whether to accept, block, or prompt for cookies.
- By not altering browser settings you give us consent to store Cookies on the device
- Blocking cookies may seriously harm Site usability or even block access to some of its sections (especially password protected parts of the Site).
Your data may be transferred to the following categories of recipients:
- our contractors – companies that help us in providing services to you:
- bookkeepers and accountants
- IT service providers (hosting, usage analytics, communication)
- marketing agencies.
Transfer to third countries and international organizations
We reserve the right to transfer your personal data outside of the European Economic Area (EEA) to the extent permitted by the GDPR, especially when it is required to perform:
- Site analytics
- Communication with visitors.
Data retention period
- Data required to take necessary steps at your request prior to entering into any Agreement with us are stored during the whole negotiation period as well as to the end of the calendar year following the year in which you contacted us for the last time regarding the contract.
- Data needed to perform any agreement are stored until the expiration of all potential legal claims related to the given contract.
- We store your basic contact details required to inform you about our new offers until you object to the processing of your personal data, withdraw your consent if the processing has been done based on your consent (so-called “marketing consent”), or we find out data to be no longer valid.
You have the right to:
- access your data and receive its copy
- rectify your data
- erase your data (if it is justified)
- restrict the data processing only to storage or performing agreed operations
- object to the processing of data
- receive personal data concerning you which you have provided to us – in a structured, commonly used, machine-readable and interoperable format. We may also transmit it to another controller providing sufficient technical means for secure transfer are ensured by this controller
- lodge a complaint with a supervisory authority (The President of the Personal Data Protection Office)
- withdraw your consent at any moment (if the processing has been done based on your consent). Withdrawing your consent does not change the lawfulness of any prior data processing
To execute your rights under GDPR you may contact us via e-mail at firstname.lastname@example.org .
Information regarding mandatory/voluntary data collection
- We’re automatically collecting some data (such as visitors’ IP addresses, User Agents, Cookies, date and time) for technical and legal reasons which are mandatory and which collection and processing is lawful on the basis of the Art. 6 of the GDPR as defined earlier in this document.
- Also to enter into any Agreement with us, you are required to provide us with data that we need to properly execute this contract. Please note that refusal to provide us with date required to enter into an Agreement would prevent us from concluding this contract.
- We may ask you additional data apart from the mentioned above (they are always going to be marked as “optional” in our forms), which might be processed to improve our offer or render better services, based on your voluntary consent.