Privacy policy
InnoTech4Life Ltd.
Dear Sir/Madam,
On May 25, 2018, the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 2016, No. 119) came into force. The Regulation imposes a number of new obligations on entities that collect, process, and use personal data.
Treating the protection of personal data as the highest priority, InnoTech4Life Sp. z o.o. (SGGW purpose company) hereinafter referred to as the Company has prepared the necessary information about the processing of personal data in the Company below. From the Privacy Policy, you will learn how we process personal data and what rights you have and how you can apply for them.
1. Explanation of basic terms
The following content includes terms whose meaning may be legally defined. Therefore, for better understanding, we present the following definitions:
- GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 2016, No. 119);
- personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, identification number, location data, internet identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person;
- processing – means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
- profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
- controller – means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
- recipient – means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- consent – of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. What principles do we follow when processing your personal data?
Personal data in InnoTech4Life Sp. z o.o. (SGGW purpose company) are:
- processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
3. Who is the controller of your personal data and what is the address of its headquarters?
The controller of personal data is InnoTech4Life Sp. z o.o. (SGGW purpose company) located at Nowoursynowska 166 bldg. 8, room 119, 02-787 Warsaw.
4. Has the Company appointed a Data Protection Officer?
InnoTech4Life Sp. z o.o. (SGGW purpose company) has appointed a Data Protection Officer with whom you can contact to exercise the rights described in this policy by writing to the email address: iod@innotech4life.pl, or the headquarters address:
Data Protection Officer
InnoTech4Life Sp. z o.o. (SGGW purpose company)
Nowoursynowska 166, 02-787 Warsaw.
5. On what basis do we process your personal data?
The legal basis for the processing of personal data by the Company may be:
- Article 6(1)(a) of the GDPR, when you have given consent in the scope and purpose specified in its content;
- Article 6(1)(b) of the GDPR, when processing is necessary for the performance of a contract to which you are party or in order to take steps at your request before entering into a contract with the Company;
- Article 6(1)(c) of the GDPR, when processing is necessary for compliance with a legal obligation to which the Company is subject;
- Article 6(1)(d) of the GDPR, when processing is necessaryin order to protect your vital interests by the Company;
- Article 6(1)(f) of the GDPR, when processing is necessary for the purposes of the legitimate interests pursued by the Company.
6. For what purpose do we process your personal data?
The purposes for which the Company processes your personal data are, in particular:
- Commercialization of scientific research and development work results;
- Activities in the field of technology transfer and science promotion;
- Widespread dissemination of basic, industrial, or experimental development research results;
- Teaching, publishing;
- Undertaking all actions related to knowledge transfer including processes aimed at acquiring and collecting explicit and tacit knowledge;
- Sharing knowledge including skills and competencies in the field of economic and non-economic activities e.g., research cooperation, consulting, licensing, creating spin-off companies, publications, and mobility of researchers and other personnel engaged in such activities;
- Taking or acquiring shares or stocks in companies;
- Taking subscription warrants entitling to subscribe for or acquire shares in companies, especially for the implementation or preparation for the implementation of scientific activity results or know-how in the field of indirect commercialization;
- Management of research infrastructure;
- Conducting commissioned research;
- Conducting activities that indirectly or directly may contribute to the implementation of scientific research results.
- Additionally, the Company processes personal data, among others, for the following purposes:
- accounting records, making transfers,
- implementation of legal provisions to which the employer, contractor, service recipient is obliged,
- fulfillment of payer’s obligations related to the submission and dispatch of tax declarations,
- implementation of recruitment processes,
- implementation of agreements and contracts with external entities (data entrusted by other entities – personal data controllers),
- implementation of the provisions of the Act on the Social Insurance System and other legal provisions to which the Payer is obliged,
- office services,
- implementation of a request for contact (e.g., through a contact form),
- exchange of business cards during various types of events in which employees/associates of the Company participate or which are organized by the Company,
- storing data for archival purposes, and ensuring accountability (demonstrating compliance with legal obligations).
7. Whose personal data do we have?
In connection with the tasks implemented by InnoTech4Life Sp. z o.o. (SGGW purpose company) as specified above, we have the following categories of personal data:
- Data of persons participating in evaluations and research organized by the Company;
- Data of senders and recipients of correspondence with the Company;
- Data of persons calling the Company;
- Data of offerors, contractors, clients;
- Data of owners or proxies of entities performing services on behalf of the Company;
- Data of employees, associates, and possibly members of their families, as well as data of candidates for employment or applying for work on another basis, including data of interns and trainees;
- Data of natural persons who are parties, participants in civil, criminal, administrative, and enforcement proceedings;
- Data of owners or proxies of entities who have not fulfilled their obligations towards the Company;
- Data of persons performing control activities and persons appearing in the documentation related to the conducted controls.
8. Is there an obligation to provide personal data?
- If the processing of your personal data is based on expressed consent – providing data is voluntary.
- In the case of processing personal data based on legal provisions – their processing is a legal requirement, so we must have them.
- When we enter into a contract, providing the Company with personal data is necessary for its conclusion and implementation.
9. What rights do you have in connection with the processing of personal data by the Company?
The rights you are entitled to are described in the individual provisions of the GDPR. It is important to be aware of their limitations. However, as a rule, depending on the basis for processing personal data, you are entitled to:
- the right to access your personal data (Art. 15 GDPR),
- the right to rectify (correct) or complete incomplete personal data – if possible (Art.16 GDPR),
- the right to request the deletion of your personal data in cases provided by law (Art. 17 GDPR),
- the right to request the restriction of processing of your personal data (Art. 18 GDPR),
- the right to receive your data in a structured, commonly used format and to transfer them when processing is based on your consent or a contract, and also when processing is carried out by automated means and does not infringe the rights of third parties (Art. 20 GDPR),
- the right to object to the processing of your personal data in the case of processing them for the purpose of realizing the legitimate interest of the Controller, for reasons related to your particular situation, including profiling (Art. 21 GDPR),
In the situation where the processing of personal data takes place on the basis of the consent expressed by you, you have the right to withdraw this consent at any time. This withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
In cases where you believe that the processing of your personal data violates the provisions of the Regulation, you have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office located in Warsaw, ul. Stawki 2, which can be contacted in the following ways:
- by mail: ul. Stawki 2, 00-193 Warsaw
- through the electronic mailbox available on the website https://www.uodo.gov.pl/pl/p/kontakt
- by phone: (22) 531 03 00
InnoTech4Life Sp. z o.o. (SGGW purpose company) has appointed a Data Protection Officer with whom you can