Data Controller
The data controller and operator of the websites (hereinafter “Websites”) is the SWPS University of Social Sciences and Humanities with its registered office in Warsaw 03-815, at ul. Chodakowskiej 19/31, 03-815 Warsaw, NIP 1180197245, REGON 011947981, (hereinafter „SWPS University").
Scope and Purpose
of Privacy Policy
This Privacy Policy applies to all cases in which the SWPS University acts as the data controller. Below you will information concerning the processing of your data.
The Privacy Policy is designed to allow access to the most important information concerning processing of personal data by the SWPS University. Thereby we comply with the fundamental obligation to inform referred to in art. 13 and art. 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council, also known as the general data protection regulation (hereinafter GDPR). The information contained in this policy will allow you to control your personal data better. Informacje tutaj zawarte pozwolą Ci lepiej pełnić kontrolę nad swoimi danymi osobowymi.
Privacy Policy will provide you with the information on purposes of data processing and time of its storing. You will learn about the categories of entities which may gain access to your personal data and about your rights and how to exercise them. Here you will also find information (including contact details) about the Data Protection Officer appointed by the SWPS University. Additionally in the section entitled ”Cookies Technology” you will learn about the information saved on your devices when using our Websites.
Purposes of Processing, Scope of Data
and Period of its Storing
Art. 6 of GDPR provides a legal framework for processing of personal data. For transparency of the following Policy the legal bases for authorising the SWPS University to process personal data are referred to as follows:/p>
- consent – art. 6 (1)(a) GDPR – ”the data subject has given consent to the processing of his or her personal data for one or more specific purposes”;
- contract – art. 6 (1)(b) GDPR – ”processing is necessary for the performance of a contract which the data subject is party to or in order to take steps at the request of the data subject prior to entering into a contract”;
- legal obligation – art. 6 (1)(c) GDPR – “processing is necessary for compliance with a legal obligation to which the controller is subject”;
- legitimate interest – art. 6 (1)(f) GDPR – “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”.
With reference to people corresponding via e-mail
Personal data will be processed on the basis of a reasonable interest of the data controller in order to reply to an e-mail following which it will be archived and stored until prescription of all possible claims.
With reference to university candidates
Personal data of University candidates will be processes in order to conclude and perform ”Terms of payment of university fees” and compliance with provisions of the law.
The scope of processing of data is based on provisions of The Law on Higher Education and Science.
Moreover the SWPS University will process data for purposes of legitimate interests such as contact in order to examine the reason of a failure to undertake study, to improve services provided by the University, provide assistance through e-mail or telephone in view of successful completion of recruitment process or defending or pursuing possible claims.
After the completion of the recruitment process the data of individuals who failed to undertake study will be stored in accordance with the adopted policy of data retention (i.e. till 31 December – for summer recruitment; 31 May – for winter recruitment).
With reference to individuals who have undertaken studies
The SWPS University will process data within the scope necessary to fulfil the requirements of ”Terms of payment of university fees”. Personal data will also be processed for accounting purposes and in order to comply with other requirements of legal provisions in particular The Law on Higher Education and Science. Moreover the data will be processed for the purposes of legitimate interests pursued by the SWPS University such as informing about events significant for the SWPS University or conducting a student satisfaction study.
The scope of processing of students’ data is regulated by the Regulation of the Minister of Science and Higher Education on studies of 27 September 2018 (§14-§28), which also specifies the period of storing personal files of students (50 years).
For individuals who do not have the status of a student (e.g. post-graduate students, PhD students), personal data will be processes only in the scope necessary to complete the course of study and for other legitimate purposes, and the period of storing the data will be determined by the length of claim prescription period..
With reference to graduates
Under provisions of The Law on Higher Education and Science, the SWPS University may process personal data within the scope determined by the law as part of monitoring of professional careers of graduates in order to accommodate the programmes of study to the labour market needs. The above monitoring may be continued for a period not longer than 10 years from completing the studies.
With reference to job candidates
The SWPS University does not request job candidates to send information which exceed the scope of data specified in the Labour Code. A candidate sends application documents voluntarily (with a consent).
After completion of the recruitment process personal data of job candidates will be archived until prescription.
The data of rejected candidates will not be used for another purpose except for data of individuals who previously gave their consent for having their data processed for purposes of future recruitment processes.
With reference to other categories of individuals
In the event none of the above categories is adequate to your case, purposes and scope of data protection and other information which the SWPS University is bound to deliver under the provisions of the GDPR will be specified in places where it will be possible for the SWPS University to obtain your personal data.
What is more, the SWPS University will store personal data not only until the moment of fulfilling all legitimate interests after which the data will be properly deleted or anonymized.
Voluntary or Obligatory
Submission of Data
In some instances submission of personal data will be voluntary however the decision not to submit data may hinder fulfilling some purposes of data processing such as provision of service through electronic means (in the event of a Newsletter), registering for events organized by the SWPS University.
Among purposes of data processing by the SWPS University there are cases when submission of data is required by the law e.g. after successful admission for study the SWPS University will be obliged to run personal file of a student in accordance with the Regulation of the Minister of Science and Higher Education on studies of 27 September 2018, therefore each future student is obliged to submit a number of data.
Your Rigts
Upon submission of your personal data to the SWPS University you shall have the following rights:
- The right of access – making access to and obtaining a copy of submitted data;
- The right of rectification – rectifying inaccurate data or supplementing incomplete data;
- The right to be forgotten – erasure of personal data;
- The right to restrict processing – temporary restriction of processing;
- The right to data portability – transferring data to another controller (the right will apply only to data submitted by you and in the event of processing of data under consent or contract);
- The right to object – objecting at any moment to processing of data (the right shall apply to processing of data under a legitimate interest of the controller or to perform a task in the public interest);
- The right to withdraw consent – withdrawal of the consent to processing at any moment without effect on compliance of the processing with the law (the right shall apply only when the processing is upon consent);
- The right not to be subject to automated decisions based on profiling.
- The right to lodge a complaint with a supervisory authority, i.e. President of the Personal Data Protection Office when you decide that the processing of your data infringes the GDPR provisions and other provisions specifying the manner of personal data processing.
There may be reasonable restriction to using some of the above rights e.g. due to statutory obligations of the controller, therefore every application for exercising a right will be considered individually.
How Can You Exercise
Your Rights
In order to exercise your rights please contact the Data Protection Officer appointed by the SWPS University through sending an e-mail to the address This email address is being protected from spambots. You need JavaScript enabled to view it. or by traditional mail to the address of the SWPS University i.e. ul. Chodakowska 19/31, Warsaw (03-815).
Additionally, our Data Protection Officer will answer any queries concerning processing and protection of data and consider any complaint concerning the processing of your data.
Data Recipients
The SWPS University uses services only of verified external entities who may receive your data (only for reasonable purposes).
Possible recipients of your data are:
- employees, individuals cooperating with the University under civil law contracts and sole traders supporting the operation of the SWPS University;
- e-mail hosting services providers;
- e-mail and marketing system providers;
- technical support providers;
- entities supporting monitoring and debt enforcement;
- documentation archiving and destruction services providers;
- public entities authorised to receive data within the scope of obligatory disclosure by the SWPS University.
Personal Data Protection
The SWPS University, having attention to your privacy, handles the issue of personal data safety with due care. We make every effort to protect your data properly, especially against access of unauthorised persons or any unauthorized use.
In order to provide the highest level of security of the processed data the SWPS University uses security measures adequate to risks. Moreover we regularly perform analyses and audits to make sure that the measures applied are sufficient and to monitor the ever changing environment which may be the source of new challenges and threats.
When planning the implementation of a new technology we take data protection into account as early as at the stage of designing new processes. From the very beginning of their existence data protection is an inherent feature of new processes.
We know the importance of the human factor in the operation of data protection systems, therefore before being authorised to process data every person must undertake to keep this data confidential and comply with the obligations and principles of our Safety Policy.
Cookies
The SWPS University in accordance with art. 173 and 174 of the Act of 16 July 2004 Telecommunication Law (Journal of Laws of 16 July 2004 as amended) informs that its Websites use “cookies”.
What are ”cookies”?
When using the Websites on you user’s device (a computer, smartphone, tablet etc.) small files (text files in particular), the so-called “cookies” are saved, which contain information necessary for proper use of the website. Their storing ensures stability and safety of the Websites. Cookies also allows for collecting statistical data in order to make Websites relevant to your interests.
Are cookies safe?
Cookie are by no means dangerous to your device and do not change any settings of software installed on it. Reading the content of cookies is only possible through the server that created them.
Consent to cookies technology operation
For ”cookies” to operate your browser must accept them and they must not be deleted from your hard drive. You may delete or block “cookies” through changing the browser’s settings on the computer which you use to access our Websites. Most of Internet browsers have default settings which allow for the use of cookies.
Types of cookies used
The SWPS University uses the following types of cookies:
- Session Cookies – files which are stored on the device and remain there until closing of the session of a particular browser. After closing the session the information is permanently deleted from the device’s memory.
- Persistent cookies – files which are stored on the device and remain there till they are deleted. Closing a browser session or switching off the device does not lead to their removal from your device.
- External cookies – information from advertising servers, servers of companies and service providers (e.g. search engines or maps placed on the page) cooperating with the owner of the webpage.
Purposes of storing cookies
In the event of using Websites with settings which allow for using cookies technology and when you submit your data through an electronic form, cookies are made possible to be linked to you and may be processed:
In reasonable interest of the data controller:
- For marketing purposes
Using the history of user’s behaviour and personal data submitted through electronic forms for segmentation of data subjects according to the criteria such as: preferences, place of residence, education, interests etc. The aim of this activity is to send to the user who gave his or her consent – only such marketing information as may be interesting to the user.
- For statistical purposes
e.g. creating statistics which help to understand how individuals use the Websites which allows for improving their structure and content)
- For the purposes which are essential of the operation of the web page
necessary to ensure safety, stability and functionality of the page.
It is worth knowing that the information recorded in cookies on devices facilitate using the Websites. Apart from our own cookies our servers may use cookies of third parties especially those belonging to advertisers, operators of systems analysing and reporting on the viewing audience.
Cookies of third parties are used for the following purposes:
- collecting statistical data on popularity and usefulness of particular pages of the Websites or their elements;
- displaying behavioural advertising – relevant to users’ interests;
- creating behavioural profiles of users, in particular to avoid repeated presentation of one advertisement to the same user and in order to create behavioural advertisements taking into account users’ preferences;
- technical service of components supplied by third parties such as Adobe Flash or Facebook Connect.
For uniform representation of typefaces we use the so-called Internet fonts provided by Google. After entering the address of our websites your browser loads the necessary Internet fonts to the browser’s cache in order to correctly display the fonts selected by us and the text on the website. In order to do that your browser must connect to the Google servers. As a result Google finds out that one of our website addresses was entered on your device with a unique identifier.
The legal basis for processing of personal data consisting of a unique identifier of a browser or a device is legitimate interest of the controller, which consists in sustaining consistent and attractive presentation of our online services by means of Google Fonts.
You have the possibility to change the settings of your browser so that the fonts are not loaded through Google servers (for example by installing add-ons). If your browser does not use Google fonts or access to Google servers is blocked, the text will be displayed by using the standard system font. You should then remember that our website will not be consistent with our screen design.
More information on Google services can be found in the Privacy Policy of this company at: https://www.google.com/policies/privacy/
Disabling Cookies
It is up to you whether to save and store cookies on your device or not. You may independently make any changes to settings of your browser.
Detailed information on the possibility and manners of using of cookies is available from the settings and in the ”Help” section of your browser. Please remember though, that restrictions in using cookies may hinder or prevent using our Websites.
Other Technical Information
We also use geolocation i.e. we check the place (continent, country, province and city/town) where you place your order.
The SWPS University also uses standard log files to count people visiting the Website and to evaluate the technical possibilities of the Websites. Cookies of Google Analytics which we use are meant to create websites statistics provided by Google. The information created by such cookies concerns using our Websites (including IP address and the information on the location of the computer in the Internet) by the Users and is provided and stored by Google on the servers in the United States. Google uses this information in order to evaluate the use by Users of our Websites, list reports of activities on the Websites and to provide other services concerning the activity and use of the Internet.
Name of the cookie |
Expires on (expiry period) |
Description of the cookie |
__utma |
730 days |
Identifier of the user – tracking service of Google Analytics – used by most www sites; “permanent" cookie, tracks how many times the user visited a given domain, when the first and the last visit was. It enables specifying the number of unique users (defined as a particular browser on a particular computer) who visit the page. |
__utmb |
Expires after 30 minutes of inactivity |
Session identifier – Google Analytics tracking service– used by most www sites. The cookie enables to calculate how long the visit is.__utmb downloads the mark of time at the moment when the user enters the site, while utmc __ downloads the mark of time the moment the user leaves the site. __utmb expires at the end of the session. __utmc waits 30 minutes and then expires. |
__utmc |
At the end of the session |
__utmz |
182 days |
Campaign identifier - Google Analytics tracking service – used by most www sites _utmz tracks where the visitor comes from, what browser he uses, what links he clicked on, what key words he entered and where in the world he was when he got access to the web page. Its expiry period is 15,768,000 seconds or 6 months. |
General Provisions
The SWPS University reserves the right to amend the principles of its Privacy Policy due to significant reasons. Users shall be informed about amendments to the Privacy Policy at least 7 (seven) days in advance. Amendments to the Privacy Policy shall be published on the Websites. Every amended version of the Privacy policy shall be publishes with a new date.