How does MUS protect your personal data?
For reasons connected with the security of data entrusted to us, we have developed internal procedures and guidelines whose aim is the prevention of disclosure of data to unauthorised persons. We supervise their enforcement and verify their congruence with the applicable law on an ongoing basis. We take care of organisational and technical security measures to protect your personal data in our possession against unauthorised disclosure, use, change or damage.
This document has been drafted in accordance with articles 13 and 14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
The controller of your personal data is the Maritime University of Szczecin ( MUS), ul. Wały Chrobrego 1- 2, 70-500 Szczecin, tel. (91) 48 09 400, e-mail: firstname.lastname@example.org
Contact the Data Protection Officer:
Inspektor Ochrony Danych
ul. Wały Chrobrego 1-2
Categories of personal data
The scope of personal data processed by the Maritime University of Szczecin includes:
In the scope of personal data processed by the Maritime University of Szczecin, there are also special categories of personal data on the condition of health and the degree of disability.
- identification data,
- data on the education,
- HR data,
- series and number of identity card or passport,
- telephone number,
- image from the video surveillance.
Purposes and legal basis for the processing of personal data
The Maritime University of Szczecin processes personal data, among others for the following purposes:
Some legal regulations under which Maritime University of Szczecin may process personal data: the Law on Higher Education, the Labour Code, the Social Security System Act, the Public Procurement Law, and the act on the national archival resources and archives.
- point (a) of Article 6(1) GDPR (consent):
- monitoring the careers of graduates,
- sharing data at the request of third parties, for example, potential employers to verify education,
- service and implementation of competitions, projects, scientific research, seminars, trainings, courses, etc.,
- supplementary personal data in the employment context for the purposes of recruitment;
- point (b) of Article 6(1) GDPR (performance of the contract, taking actions at the request of the data subject before concluding the contract):
- recruitment of candidates for work,
- conclusion and implementation of civil law contracts,
- implementation of the projects,
- provision of accommodation in Hotel Asystencki, Dom Pracy Twórczej w Świnoujściu, Studencki Dom Marynarza PM;
- point (c) of Article 6(1) GDPR (compliance with the legal obligation):
- recruitment of students,
- implementation of the education process,
- granting scholarships,
- recruitment of employees,
- keeping HR documentation,
- supervising compliance with health and safety at work rules,
- conducting social affairs of students and employees,
- support for the library-information system,
- work related to the public procurement procedure;
- point (f) of Article 6(1) GDPR (legitimate interests pursued by the controller):
- establishment, exercise or defence against legal claims,
- video surveillance.
The recipients of the personal data
Recipients of the personal data are, among others: authorities to the extent we are under statutory obligation to do so, postal operators and couriers, banks in the scope of payments, potential employers based on graduate student consent.
Transfers of personal data outside European Economic Area (EEA)
Your personal data will not be transferred to recipients located in countries outside the EEA. However, if such a transfer was to take place, then only to the extent that the law of the European Union would allow it. You will be informed about the planned transfer.
The period for which the personal data will be stored
If the basis for the processing of personal data is:
Documents of candidates for studies can be stored for 6 months (§ 19(2) Regulation of the Minister of Science and Higher Education of September 16, 2016 regarding documentation of the course of studies).
Students’ personal files are kept in the archives of the university for 50 years (§ 4(2) Regulation of the Minister of Science and Higher Education of September 16, 2016 regarding documentation of the course of studies).
Employee documentation is stored for 10 years, counting from the end of the calendar year in which the employment relationship terminated or expired, unless separate regulations provide for a longer period of storage (point (9b) of article 94 labour code).
Data of natural persons related to the public procurement procedure - 4 years from the date of completion of the public procurement procedure, unless the duration of the contract exceeds 4 years (article 97(1) public procurement law).
- consent, then the data is processed until the consent is revoked. After revoking the consent, the data may be processed for a period corresponding to the possible period of limitation of claims that may be lodged by the Maritime University of Szczecin,
- the performance of the contract, then the data can be processed as long as it is necessary for the performance of the contract, and after that time for a period corresponding to the period of limitation of claims,
- fulfilment of legal obligation or performance a task carried out in the public interest, the term of data processing is determined by specific regulations.
If processing of your personal data is based on point (a) of Article 6(1), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Requirements for the processing of personal data
Providing data, including due to the legal obligation or in order to close the contract is required by MUS, the lack of data will result in the lack of implementation of actions.
You have the right of access to the contents of your personal data and to correct it, remove it („the right to be forgotten”) and limit the scope of its processing, the right to have your data affecting the lawfulness of processing, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal – pursuant to the rules as stipulated in articles 16-21 of GDPR.
If you choose to use these rights, send a message to Data Protection Officer. Contact details are above. To ensure that you are entitled to submit an application, you may be asked to provide additional information that allows us to authenticate you.
Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority, that is, the Office of Personal
Data Protection, if you decide that the processing of your data is in breach of the provisions of GDPR.
Your personal data will not be automatically processed (including profiling) in accordance with Article 22 (GDPR).