Privacy Policy

I. GENERAL INFORMATION.

1. The operator of the website www.ibdim.edu.pl is the Road and Bridge Research Institute (Instytut Badawczy Dróg i Mostów) with its registered office in Warsaw at 1 Instytutowa Street.

2. The website performs functions of obtaining information about users and their behavior in the following ways:

a. Through information voluntarily entered in forms
b. Through storing cookies on end-user devices (so-called “cookies”)
c. Through storing technical logs at the www server level, operated by IBDiM (the hosting operator runs its website at www.ibdim.edu.pl. The Operator is the Road and Bridge Research Institute with its registered office in Warsaw at 1 Instytutowa Street).

3. This Policy is an informational document and does not replace the security policy maintained by the Website Operator in accordance with personal data protection regulations.

4. With regard to data constituting personal data under personal data protection regulations, the data controller is the Website Operator.

II. INFORMATION IN FORMS.

1. The website collects information voluntarily provided by the user.

2. The website may also record connection parameters (timestamp, IP address).

3. Data provided in forms are not made available to third parties other than with the user’s consent.

4. If data provided in a form allow identification of a natural person, such person has the right to access, modify, and request cessation of processing of their data at any time. However, this may result in lack of access to certain website functionalities.

5. Data provided in forms are processed for the purpose resulting from the function of a specific form, e.g., for contact purposes.

6. Data provided in forms may be transferred to entities technically implementing certain services with which the Website Operator cooperates in this respect.

III. INFORMATION ABOUT COOKIES.

1. The website uses cookies.

2. Cookies are IT data, in particular text files, stored on the end device of the Website User and intended for use of the website’s pages. Such files usually contain the name of the website they originate from, the time of storage on the end device, and a unique number.

3. The entity placing cookies on the Website User’s end device and accessing them is the Website Operator or entities cooperating with it.

4. Cookies are used for the following purposes:
   a. creating statistics that help understand how Website Users use the website pages, which enables improvement of their structure and content;
   b. maintaining the Website User’s session (after logging in), thanks to which the User does not have to re-enter login and password on each subpage of the website.

5. Within the website, two basic types of cookies are used: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the User’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until deleted by the User.

6. Web browsing software (web browser) usually allows cookies to be stored on the User’s end device by default. Website Users may change these settings. The web browser allows deletion of cookies. It is also possible to automatically block cookies. Detailed information on this subject is available in the help or documentation of the web browser.

7. Restrictions on the use of cookies may affect some functionalities available on the website pages.

IV. SERVER LOGS.

1. Information about certain user behaviors is subject to logging at the server level. These data are used solely for website administration and to ensure the most efficient provision of hosting services.

2. Accessed resources are identified by URL addresses. Additionally, the following may be recorded:
   a. time of request receipt,
   b. time of response dispatch,
   c. client station name – identification performed via the HTTP protocol,
   d. information about errors that occurred during HTTP transaction execution,
   e. URL address of the page previously visited by the user (referrer link) – if access to the website occurred via a link,
   f. information about the user’s browser,
   g. information about the IP address.

3. The above data are not associated with specific persons browsing the website pages.

4. The above data are used solely for server administration purposes.

V. DISCLOSURE AND ENTRUSTMENT OF DATA PROCESSING.

1. Data are disclosed to external entities only within legally permitted limits.

2. Data enabling identification of a natural person are disclosed solely with that person’s consent.

3. The Operator may be required to provide information collected by the website to authorized authorities based on lawful requests within the scope of such request.

VI. MANAGING COOKIES – HOW TO GIVE AND WITHDRAW CONSENT IN PRACTICE?

1. If the user does not wish to receive cookies, they may change browser settings. Please note that disabling cookies necessary for authentication processes, security, and maintaining user preferences may hinder, and in extreme cases prevent, the use of websites.

2. To manage cookie settings, select your web browser/system from the list below and follow the instructions:

a. Internet Explorer
b. Microsoft Edge
c. Google Chrome
d. Safari
e. Mozilla Firefox
f. Opera

INFORMATION CLAUSE FOR CLIENTS/CONTRACTORS

INFORMATION ON PERSONAL DATA PROCESSING

In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter “GDPR” – the Road and Bridge Research Institute in Warsaw informs you about the principles of processing your personal data and your related rights.

Contact regarding personal data processing:

The Controller has appointed a Data Protection Officer (hereinafter: DPO), whom you may contact regarding matters related to personal data processing – Tomasz Jaguś. Contact with the DPO is possible via:

DPO email address: iod@ibdim.edu.pl, by phone at: +48 793 705 103,
by correspondence to the Controller’s registered office address,
in person at the Controller’s registered office – however, prior email/phone contact is recommended to arrange a convenient meeting date.

I. Identification of the Controller
The Controller of your personal data is the Road and Bridge Research Institute with its registered office in Warsaw at 1 Instytutowa Street (03-302), entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000158240, NIP 525-000-76-61, REGON 000127686 (hereinafter “IBDiM”). The Controller may be contacted in writing at the above address, via email at: ibdim@ibdim.edu.pl or by phone at +48 (22) 814-50-25.

II. Purposes and legal basis for processing your personal data:

1. IBDiM processes your personal data for the purposes of:
   a) providing services resulting from concluded agreements, i.e., when it is necessary for the performance of a contract (Article 6(1)(b) GDPR);

2. In addition, in certain situations it may be necessary to process your personal data due to the legitimate interests of IBDiM (Article 6(1)(f) GDPR), in particular for the purposes of:
   a) marketing IBDiM products and services;
   b) assessing satisfaction with cooperation with IBDiM and with products or services;
   c) assessing preferences regarding demand for products or services;
   d) establishing, pursuing, or defending against claims related to the agreement referred to in paragraph 1(a) above;
   e) ensuring the security of services provided to you electronically.

3. In other cases, your personal data will be processed solely on the basis of prior consent within the scope and purpose specified in the consent.

III. Obligation to provide personal data

Providing your personal data is a condition for concluding and performing the agreement referred to in Section II(1)(a), results from compliance with legal obligations, or is necessary to achieve the purposes arising from the aforementioned legitimate interests of IBDiM.

Where personal data are collected on the basis of consent, providing personal data is voluntary.

IV. Information about recipients of your personal data

In connection with processing your personal data for the purposes indicated in Section II, your personal data may be disclosed to the following recipients or categories of recipients:
a) public authorities authorized under applicable law (e.g., courts, state authorities, PCA);
b) debt purchasers;
c) entities providing services in the field of:

• correspondence and parcel delivery;

• printing and archiving;

• IT and new technologies;

• telephone or electronic support;

• payment services;

• advisory services;

• accounting, financial or tax services;

• audit and control services;

• legal and debt collection services;

• marketing, communication and analytical services;
  d) companies cooperating with IBDiM by combining offered services or products.

V. Periods of personal data processing

Your personal data will be processed for the period necessary to achieve the purposes indicated in Section II, i.e., for the duration of the agreement concluded with IBDiM, and thereafter for the period and to the extent required by law or necessary to pursue IBDiM’s legitimate interests specified in Section II above, and in the case of consent for data processing after termination or expiration of the agreement – until withdrawal of such consent. Your personal data will also be processed for the purpose of:
a) establishing, pursuing or defending against claims – until expiration of claims arising from the agreement or related to personal data processing, or until objection referred to in Section VII(6);
b) direct marketing of products or services – until termination or expiration of the agreement, i.e., for the duration of IBDiM’s legitimate interest in processing personal data for this purpose, or until objection referred to in Section VII(6);
c) assessing satisfaction with cooperation and products or services – up to 1 month after termination or expiration of the agreement, or until objection referred to in Section VII(6);
d) assessing preferences regarding demand for products or services – until termination or expiration of the agreement, or until objection referred to in Section VII(6);
e) fulfilling obligations arising from legal provisions, including in particular tax and accounting regulations – for the period required by applicable provisions.

VI. Profiling and automated decision-making

Profiling means any form of automated processing of personal data consisting of using such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

IBDiM does not intend to profile you or make automated decisions concerning you.

VII. Rights of the data subject

IBDiM would like to assure you that all persons whose personal data are processed by IBDiM are entitled to a number of rights under the GDPR:

1. the right of access to personal data, including the right to obtain a copy of such data;

2. the right to request rectification (correction) of personal data – if the data are inaccurate or incomplete;

3. the right to request erasure of personal data (“right to be forgotten”) – if: (I) the data are no longer necessary for the purposes for which they were collected or otherwise processed, (II) the data subject objects to processing, (III) the data subject withdraws consent on which processing is based and there is no other legal basis for processing, (IV) the data are processed unlawfully, (V) the data must be erased to comply with a legal obligation;

4. the right to request restriction of personal data processing – if: (I) the data subject contests the accuracy of the data, (II) processing is unlawful and the data subject opposes erasure, requesting restriction instead, (III) the controller no longer needs the data but they are required by the data subject for establishing, defending or pursuing claims, (IV) the data subject has objected to processing – pending verification whether the controller’s legitimate grounds override those of the data subject;

5. the right to data portability where: (I) processing is based on a contract or consent, and (II) processing is carried out by automated means;

6. the right to object to personal data processing where: (I) there are reasons related to your particular situation, and (II) processing is based on the legitimate interests of IBDiM referred to in Section II(2).

VIII. Right to withdraw consent to personal data processing

To the extent that you have given consent for personal data processing, you have the right to withdraw such consent. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

IX. Right to lodge a complaint with a supervisory authority

If you believe that processing of your personal data by IBDiM violates GDPR provisions, you have the right to lodge a complaint with the competent supervisory authority.