This document outlines the way National Institute of Architecture and Urban Planning (NIAiU) processes personal data and the rights of people whose data are processed: Visitors.
Services Operator is National Institute of Architecture and Urban Planning located in Warsaw, 00-366, Foksal 4, available under telephone number: +48 22 522 65 30 and e-mail address: email@example.com, having NIP (tax identification number): 525-273-34-95 and REGON number: 368945652.
By the term Service should be understood all websites owned, created, administrated and moderated by NIAiU, as well as all information or document contained on them.
Purposes of processing data about the Visitors
1. Service performs functions of processing information about Visitors and their behavior on the following way:
- by information entered voluntarily in forms;
- by saving cookie files in end devices (so-called “Cookies”);
- by collecting by web server logs by the hosting operator: nazwa.pl
2. Information in the forms and purpose of storing and accessing them:
- Service collects information provided voluntarily by the Visitor;
- Service may also save other information about the connection parameters (time stamp, IP address);
- Data in the form are not shared with the third parties other than with the consent of the Visitor;
- Operator may store information or gain access to information already stored in Visitor’s end device.
1. Operator is obligated to obtain consent (hereinafter referred to as: Consent) from the Visitor (understood as end user) for storing and accessing information, and the above consent may be expressed by means of software settings installed on end device used by him or service configuration.
2. The Consent:
- cannot be implied or implied from a declaration of will with a different content;
- can be expressed electronically, provided that it is recorded and confirmed by the end user;
- it can be withdrawn at any time, in a simple way and free of charge;
- stored information or accessing it cannot cause configuration changes in the Visitor’s end device as well as on the software installed on this device.
3. Conditions referred to in paragraph 1 and 2 above, does not apply if the storage or access to information is mandatory for:
- performing the transmission of the message via the public telecommunications network;
- providing the telecommunication service or service by electronic means requested by the Visitor (end user).
Installing the software
1. The Service Operator is able to install software in Visitor’s end device that is intended for the use of these services or use this software, provided with the Visitor (end user):
- before installing the software has been informed directly, in an unambiguous, easy and understandable manner about the purpose for which the software will be installed, and the methods of using this software by the Operator;
- will be informed directly, in an unambiguous, easy and understandable manner about the method of removing the software from (his) end device;
- before the installing software agrees to its installation and usage.
Collection and processing of personal data
1. Administrator of the collected personal data is National Institute of Architecture and Urban Planning located in Warsaw, 00-366, Foksal 4, available under telephone number: +48 22 522 65 30 and e-mail address: firstname.lastname@example.org,
2. Administrator takes special care to protect the interest of third parties and in particular ensures that data collected by hum are:
- processed in accordance with applicable law;
- collected for specified, legal purposes and not processed further that is not compliant with those purposes;
- essentially correct and adequate in the relation to the purposes for which they are processed and stored in a way that allow the identification of person whom they relate to, no longer than it is neccessary to achieve the purposes of processing.
3. Visitor may voluntarily provide his personal data as:
- name, surname, compamy name;
- address (street and house / flat number, zip code, city);
- telephone number;
- e-mail address;
- NIP (tax identification number);
- computer IP address.
4. Personal data will be collected for the purpose of correspondence with stakeholders in the scope of statutory activities of NIAiU, implementation of contracts, implementation of cooperation / volunteering, implementation of programs, projects, competitions, own or commissioned tasks.
5. In accordance with the adopted policy of security, we store HHTTP queries directed to our server. The browsed resources (content) are identified by URL addresses. We save the following data in the web server log files:
- public IP address of the computer from which the query came (it can be directly Visitor’s computer);
- name of the client’s station – identification is carried out by the HTTP protocol, if possible;
- time of arrival of the inquiry;
- the first line of the HTTP request;
- HTTP response code;
- the number of bytes sent by the server;
- URL address of the page previously visited by the Visitor – if NIAiU website was accessed via a link;
- information about Visitor’s browser;
- information about errors that occurred during the execution of the HTTP transaction.
The above data is not associated with specific people browsing the website (Service).
6. Administrator processes personal data in accordance with the applicable law, collects them for specified, lawful purposes and does not subject them for further processing. The data is collected to the extent necessary in the relation to the purposes for which they are processed.
7. Administrator makes every effort to protect Visitors personal data against unauthorized access by third parties. The Administrator does not provide personal data to any unauthorized recipients. The recipient of personal data may only be institutions authorized to receive them under the mandatory provisions of law.
Service Operator may be required to provide information collected by the Service to authorized state authorities on the basis of lawful requests to the extent resulting from the request.
8. Administrator will not transfer personal data to a third party country or an international organization.
9. Administrator stores the data for the period necessary to perform the services and until the consent for the processing of personal data is withdrawn.
10. Providing personal data is voluntary, however failure to provide data in cases where it is necesary for the use of specific service prevents the proper use of such service.
11. Each Visitor, to whom the data relate, has the right to access, rectify, delete or limit processing at any time by contacting Administrator at the following address: email@example.com.
12. Each Visitor, to whom the data relate, has the right to object the processing at any time, as well as the right to transfer his data to another entity by contacting the Administrator at the following address: firstname.lastname@example.org.
13. If during the processing of personal data there was a breach of the provisions of the GDPR, each Visitor has the right to lodge a complaint with the President of the Office for Personal Data Protection.
National Institute of Architecture and Urban Planning guaranties Visitors of Service (websites) the right to share information that aplly to them. NIAiU informs that uses on its website technical measures such as cookie files i.e. text files, known as Cookies.
Cookie files are files saved on Visitor’s end device that are used to identify Visitor’s web browser while using Service (websites). Cookie files are used to adapt the content to Visitor’s settings and to optimize usage of Service (websites). They are also used in order to create anonymous, aggregated statistics that helps to understand somehow the Visitor is using Service (websites) which enables improvement of its structure and content.
Cookie files contains various information about Visitors of the Service (website) and history of his using the website. Thanks to them, Operator and the owner of the server who send cookies, is allowed to know the IP of the Visitor and also for instance is able to check what other websites he was browsing before he entered the Service (websites). Moreover owner of the server is allow to check what web browser the Visitor is using and whether there are any information about difficulties which he might have had while viewing the Service (websites). It is worth to notice that those data are not associated with specific people (anonymous User) without feeding Users name and surname, just with the device connected to internet on which cookie file was saved by IP address. Additionally those data are encrypted in a way that prevents access by unauthorized persons.
Our Service (websites) uses two types of cookies - “session” and “permanent”. The first of them are temporary files that remain on the Visitor device until logging out of the website or turning off the software (web browser). Permanent files remains on the Visitor’s device for the time specified in the cookie file parameters or until they are manually delayed by the user.
Managing cookie files. Consent and revert consent
Web browser very often by default allow to collect and store cookie files in end device of Visitor. Visitor’s are able to change cookie files settings at any time. Those settings could be change e.g. in a way that default service of cookie files is blocked or in a way to inform Visitor about each storage on Visitor’s device. Detailed information about how cookie files service could be changed are available in web browsers settings: Chrome, Firefox, Internet Explorer, Safari, Opera, Edge.
If Visitor don’t want to receive cookie files is allowed to change web browser settings. Service (websites) Operator reserves that blocking or exclusion of cookie files services that are mandatory to authentication, security and maintaining Visitors preferences, could make harder or unable use of advantages of the websites.
Operator declares that any limitations of cookie files usage can affect on some of functionalities available on Service (websites).
1. Administrator, who is also the Operator, applies technical and managing measures providing protection of personal data accurate to threats and data categories covered by protection. In particular prevents disclosure and protects against removal by unauthorized persons, protects against processing in violation of applicable laws same against change, loss, damage or destruction.
2. Administrator, who is also the Operator, applies appropriate technical measures that prevents personal data sent by e-mail from being harvested and modifies by unauthorized persons.