Medical Research Agency Privacy Policy -

In order to provide services at the highest possible level, we use cookie files. Using this website means that they will be stored on your device.

At any time you may change the settings of your browser.

For your convenience, the website https://abm.gov.pl/ uses cookie files to be adjusted to the needs of its users and for statistical purposes.

Cookie files (the so-called cookies) are small text files sent by the visited website to the Internet user's device (a computer, smartphone, etc.). They do not contain any personal data.

The website https://abm.gov.pl/ uses two types of cookie files:

• performance cookies (that collect information on the way the website is used by the visitors, e.g. the most common pages or error messages, etc.),
• functional cookies (that save the user's settings, e.g. language, consents, etc.), such as:
  • google-analytics.com cookies – are used for the statistics for the website https://abm.gov.pl/; a detailed mode of action and Google Analytics privacy policy may be found at: http://www.google.com/analytics/learn/privacy.html,
  • inspectlet.com cookies – are used to define the way the website is used by its users; a detailed mode of action and the privacy policy may be found at: https://www.inspectlet.com/legal,
  • session cookies - are temporary information stored in the browser's memory until the session is closed.

The third-party websites that the website https://abm.gov.pl/ sometimes inserts links to, may also use cookie files other than the ones mentioned above, especially the files that enable registration and delivery of advertisements that match the user's tastes and behaviours. This type of cookie files include:

• on youtube.com - cookies that contain the user's preferences and click counter; the YouTube privacy policy is described at: http://www.google.pl/intl/pl/policies/privacy/,
• on player.vimeo.com and av.vimeo.com website - cookies that allow to log in and the cookies placed by advertisers in order to match the content and the form of advertisements; the Vimeo website privacy policy is available at: http://vimeo.com/cookie_policy.

In most of the web browsers you may: delete the cookie files from your hard drive (at the level of the browser settings), block all cookies sent or set a warning before saving such file on the drive.

Your should remember that changing settings of these files that result in their restricted use may influence some of the functions available on websites, e.g. they may prevent the users from logging into their email accounts.

If your do not change those settings, it means that you accept the use of the cookie files.

Below we show how you may change the cookies settings in the most popular browsers:

• Google Chrome Menu > Settings > Show advanced settings > Privacy > Content settings > Cookie files – you should select the appropriate option.
• Internet Explorer Menu > Tools > Internet options > Privacy – select the appropriate option.
• Mozilla Firefox Menu > Options > Privacy > History – select the appropriate option.
• Opera Menu > Preferences > Advanced > Cookies – select the appropriate option.
• Safari Menu > Preferences > Privacy > Cookie files – select the appropriate option.

Server logs.

Obtaining some information on some user's behaviours require logging in in the server layer. These data are used only to administer the website and in order to ensure the most efficient operation of the hosting services.

The reviewed resources are identified via their URL addresses. Moreover, the following may also be recorded:

• date of arrival of a question,
• time of response,
• client's workstation name - identification done by the HTTP protocol,
• information on errors that occurred during the HTTP transaction,
• URL address of the website that had been previously visited by the user (referrer link) – in case the other website is visited though the link,
• information on the user's browser,
• Information on the IP address.

3. The above-mentioned data is not linked to any specific individuals browsing pages.

4. The above-mentioned data is used only for the purposes of administering the website.

The data of individuals that communicate with the Medical Research Agency via social networks

Facebook, Linkedin, Twitter, Youtube administer personal data of their users and process them on the basis of their own regulations. When you interact with us via Facebook, Linkedin, Youtube or Twitter (like/observe the page, react to posts, share/re-tweet, comment, send private messages), also the Medical Research Agency becomes the administrator of your data. We process your data, such as you first name and family name/nick, image, public profile and other information given in messages or comments on the basis of our legitimate interest, in order to answer the comments and messages, maintain relations with individuals that interact with us and also to analyse the efficacy of communication.

You Facebook interactions with the Agency, in principle, are not connected to the information that you sent to the Agency via other means (e.g. email), unless the circumstances require such an action (e.g. you have written a private Facebook message, cited your e-mail address and asked for response). We do not transfer you personal data to anyone. Remember, however, that Facebook, Linkedin, Youtube or Twitter, as website administrators, have access to all the information about you.

If you want your data to be processed in line with out Privacy policy, please, contact us via other channels than the social networks. If you send us an email, for example, we control what happens with the information and who reads it. You may also encrypt it.

Informational clause for the Contractor, Beneficiary, Cooperating Entity and persons and Cooperating Entity, and natural persons assigned by them to maintain contact, and execute and perform the subject matter of the contract

In accordance with Articles 13 and 14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR, OJ L No. 119 of 2016) be informed that:

1. The Medical Research Agency based in Warsaw, postcode: 00-014, ul. Stanisława Moniuszki 1A, shall be the Controller of personal data of natural persons representing the Harvard Medical School Postgraduate Medical Education and natural persons assigned by it to maintain contact and execute the Letter of Intent.
2. Also be informed that the personal data that the Controller did not obtain directly from the persons referred to in par. 1 were obtained from the Harvard Medical School Postgraduate Medical Education.
3. The Controller has designated a Data Protection Officer who is available at iod@abm.gov.pl.
4. The Controller shall process personal data of the persons referred to in par. 1 based on:
   1. Article 6 par. 1 (b) GDPR, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
   2. Article 6 par. 1 (e) GDPR, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
   3. Article 6 par. 1 (c) GDPR, processing is necessary for compliance with the Controller's legal obligations; 
   4. Article 6 par. 1 (f) GDPR, processing only for the purpose and within the scope necessary to perform the Controller's tasks related to the execution of the Letter of Intent; the legitimate interest of the Controller is to make it possible to maintain communication related to the conclusion and execution of the Letter of Intent, receiving and transferring declarations of will of the parties to the Letter of Intent, dealing with possible claims; and after its conclusion it is necessary to establish, investigate and defend against possible claims.
5. The personal data shall include the category of identification and contact data: first name, surname, email address, telephone number, scientific title, post or function and employing company. 
6. The personal data referred to in par. 1 may be transferred to public institutions and state authorities or other entities authorised under the provisions of the law or performing tasks implemented in public interest or for the purpose of exercising public authority. The data may be transferred to entities that operate the Controller's telecommunications systems and provide the Controller with telecommunications tools or postal, hosting, cloud and document shredding services.
7. The Controller shall not take automated decisions, including decisions resulting from profiling within the meaning of GDPR, based on the personal data of the persons referred to in par. 1. 
8. The personal data of the persons referred to in par. 1 shall be processed for the period of the Letter of Intent execution, unless a longer period of processing is necessary, e.g. due to the period of limitation for claims or the registrar's instructions and Jednolity Rzeczowy Wykaz Akt [Uniform Material List of Files].
9. The persons referred to in par. 1 shall have the right to demand that the Controller give them access to their personal data, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability.
10.  The persons referred to in par. 1 shall also have the right to object processing.
11. The persons referred to in par. 1 shall have the right to complain to a supervising authority, i.e. the President of the Personal data Protection Office.
12.  The provision of the personal data referred to in par. 1 is necessary to conclude the Letter of Intent. Failure to provide personal data shall result in inability to conclude and execute the Letter of Intent.
13.  The personal data of the persons referred to in par. 1 shall not be transferred to a third country/international organisation unless the Controller's legal obligations require that.

Image

1. The Controller of your personal data is the Medical Research Agency based at ul. Moniuszki 1A, 00‑014 Warsaw.
2. The Controller has appointed a Data Protection Officer whom you can contact at iod@abm.gov.pl.
3. Your personal data in the scope of the personal image recorded in the video material and/or photo(s),¹ along with your name, academic title and/or degree, and/or function, will be processed, without prejudice to your personal rights, pursuant to Art. 6(1)(a) of the GDPR for educational, information and promotional purposes related to the Agency's activities.
4. Your personal data will be stored by the Controller for the period necessary to fulfil the above-mentioned purpose or until your consent is withdrawn.
5. Your personal data may be made available to bodies or entities authorised to that on the basis of separate regulations or performing tasks carried out in the public interest or in the exercise of public authority. We may transfer your personal data to the entities that operate the Controller's ICT systems and provide it with ICT tools, or provide electronic mail, cloud or hosting services for the Controller.
6. Your personal data will not be subject to decisions based on automated processing and will not be profiled.
7. You have the right to demand from the Controller access to your personal data, the right to rectify them, erase them, or limit their processing, the right to withdraw your consent at any time, and the right to data portability.
8. You have the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection in Poland (Prezes Urzędu Ochrony Danych Osobowych).
9. Providing your personal data is necessary to fulfil the purpose for which they are collected. Failure to provide these data shall result in the inability to share the video material and/or photo(s) from the training course or conference referred hereinabove.
10. Your personal data will not be provided to a third country/international organisation unless the Controller is required to do so by law.