1. The administrators of the personal data of the Website Users are the Universities:
a) WSB Merito University in Gdańsk, with its registered office in Gdańsk at al. Grunwaldzka 238A, entered into the Register of Non-Public Universities under number 314,
b) WSB Merito University in Poznań, with its registered office in Poznań at ul. Powstańców Wielkopolskich 5, entered into the Register of Non-Public Universities under number 47,
c) WSB Merito University in Toruń, with its registered office in Toruń at ul. Młodzieżowa 31a, entered into the Register of Non-Public Universities under number 148,
d) WSB Merito University in Warsaw, with its registered office in Warsaw, at ul. Łabiszyńska 25, entered into the Register of Non-Public Universities under number 311,
e) WSB Merito University in Wrocław, with its registered office in Wrocław, at ul. Fabryczna 29-31, entered into the Register of Non-Public Universities under number 146,
f) The University of Lower Silesia in Wrocław, with its registered office in Wrocław 53-611, at ul. Strzegomska 55, entered into the Register of Non-Public Universities under number 118,
2. After enrolling in studies or postgraduate studies at one of the universities, the User’s personal data will be processed only by that University.
3. Contact with the data protection officer of the Universities indicated in § 5, Point 1, Letters a-e, is possible via e-mail, the e-mail address: iod@merito.pl
4. Contact with the data protection officer of the University indicated in § 5, Point 1, Letter f, is possible via e-mail, the e-mail address: iod@dsw.edu.pl
5. In the case of enrollment for studies or postgraduate studies and programmes at one of the Universities indicated in Point 1, personal data provided by the User in connection with the activities necessary for the proper conclusion of the agreement shall be processed solely by the University selected by the User.
6. Personal data will be processed for the purpose of:
a) creating a User account, concluding the agreement for the provision of educational services. The legal basis for processing is Article 6, Section 1, Letter b of GDPR;
b) the implementation of obligations under the legal regulations. The legal basis for processing is Article 6, Section 1, Letter C of GDPR;
c) providing marketing services. The legal basis for processing is Article 6, Section 1, Letter A of GDPR;
d) the legitimate interest of the Administrator: to establish, investigate or defend against claims. The legal basis for processing is Article 6, Section 1, Letter f of GDPR.
7. Personal data will be kept for the period necessary to exercise the User’s rights resulting from the account service on the Website and the period of limitation of claims. Personal data processed for marketing purposes will be processed for 5 years, counted from January 1 following the date of the person’s consent to the processing of their data for this purpose.
8. The data recipients will be entities with the right to access data based on legal provisions and entities cooperating with the Data Administrator to the extent necessary for the proper performance of the tasks imposed on the Data Administrator.
9. The User has the right to access their data and rectify, correct, delete, limit processing, the right to transfer data, the right to withdraw consent at any time without affecting the lawfulness of the processing.
10. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their personal data violates the provisions of the general regulation on the protection of personal data of April 27, 2016 (GDPR).
11. The data will not be processed in an automated manner. Data may be transferred to a third country (outside the EEA) if the Data Administrator’s service provider has its registered office there. Due to the possibility of transferring the User’s data outside the EEA, the Administrator has ensured that the suppliers guarantee a high level of personal data protection. Data may also be transferred to public authorities, but only if these authorities are authorized to obtain the by applicable regulations. In no case does the transfer of data release the Personal Data Administrator from responsibility for their processing