Privacy Policy

  1. Details of the personal data controller
    The personal data Controller is the College of Europe, with its registered office in Warsaw
    at ul. Nowoursynowska 84, 02-797 Warsaw.
    For all matters relating to the processing of your personal data and the exercise of your rights in relation to the processing of your data, you can contact us by mail using the address indicated above or by e-mail: iodo.pl@coleurope.eu.
    The Controller has appointed a Data Protection Officer to supervise the correctness of the processing of personal data, who can be contacted via e-mail address: iodo.pl@coleurope.eu.
  2. Purposes and legal basis for processing personal data
    Your personal data will be processed for the following purposes:
    a) in connection with the performance, reporting and settlement of the agreement between College of Europe and European Commission (European Commission, B-1049 Brussels, Belgium) concerning the implementation of a programme funded by the European Union: “Capacity Building for Integration and Reform – Strengthening the administrative capacity of the Ukrainian civil service for European integration through a comprehensive educational programme” (hereinafter referred as Programme), of which you are a Participant, based on the legitimate interest of the administrator i.e. Article 6 (1)(f) GDPR,
    b) in connection with the conclusion and implementation of the agreement for the provision of services by electronic means, providing services to Users of the website, including, among others, making e-learning materials available and executing their search, Users’ use of forums, webinars, conducting rankings, participation in the evaluation process (including the completion of surveys on courses, training and the training platform as well as regarding educational progress and course completion), the issuing of diplomas/certificates confirming the completion of courses and classes, the maintenance of User accounts on the website and the processing of complaints regarding electronically provided services as well as transferring data on participation in the Programme within reporting and settlement of the Programme to the institutions indicated in the agreement – on the basis of the concluded agreement for the provision of electronic services pursuant to Article 6(1)(b) GDPR,
    c) in order to communicate in connection with participation in training courses as part of the ongoing pro-gramme on the basis of the Controller’s legitimate interest, i.e. Article 6(1)(f) GDPR,
    d) establishing, investigating or defending against claims on the basis of the Controller’s legitimate interest pursuant to Article 6(1)(f) of the GDPR, which is the possible investigation or defence against claims,
    e) analytical, statistical purposes – on the basis of the Controller’s legitimate interest pursuant to Article 6(1)(f) GDPR, which consists in analysing the traffic of the website’s users (if consent for cookies will be given) – in order to improve the services provided by means of the website,
    f) gaining access to previously created and installed cookies files in your browser by the third parties, which deliver us additional services at our website, e.g. YouTube – on the basis of consent within Article 6(1)(a) GDPR, if the consent for the third party cookies will be provided. We do not use information from these files for our own purposes, however, files from these outsourced services may be added to the demands send by our website to the aforementioned third parties, e.g. when displaying a video. Most often, third parties use these cookies for user tracking between websites for the purpose of better matching of marketing offers, profiling, etc. We would point out that we are not responsible for previous creation of third party cookies and recommend for User to refer to their Privacy and Cookies Policies (separate personal data Controllers).
    Used cookies are listed in Cookies Policy.
  3. Recipients of personal data
    Your personal data may be disclosed to the following parties:
    a) the Controller’s employees or collaborators who are authorised to process personal data in connection with the performance of their duties and who are obliged to maintain the confidentiality of the data and to protect them from disclosure to unauthorised persons,
    b) providers of technical and organisational services, where they are entrusted with the technical or organisa-tional operation of the e-learning platform under a separate agreement.
    c) entities providing consultancy or legal services to the Controller,
    d) entities authorised by law (e.g. courts),
    e) the European Commission (European Commission, B-1049 Brussels, Belgium) and the Delegation of the Eu-ropean Union in Kiyv (Volodymyrska St, 101, Kyiv, Ukraine, 01033), RSM Audyt Poland SA (ul. Droga Dębińska 3b 61-555 Poznań) – in accordance with Article 5(2) of the project financing agreement, as well as to other entities appointed by the European Commission and/or the European Union Delegation in Kiyv for the purposes of audit and control, within the reporting and accounting for the Programme financed from European Union funds,
    f) designated entities of the public administration of Ukraine to the extent necessary for the implementation of the project, including the purpose of obtaining permission to use the Services offered (in particular, participation in courses/training) and as part of the process of human resources management of the administration of Ukraine and the implementation of the system for the improvement of administrative staff.
    If you are additionally selected to participate in a residential training course organised by the College of Eu-rope, detailed information on the organisation and delivery of the residential training course will be sent to you separately with the invitation to participation.
    Due to the possibility of transferring information to public administration entities of Ukraine and also Euro-pean Union Delegation in Kyiv, there will be transfers of data to a third country, i.e. Ukraine, for which an adequate level of protection has not been established by the Commission. The transfer of data is based on Article 49(1)(b) of the GDPR – necessary for the performance of an agreement between the Participant and the Controller or for the implementation of pre-contractual measures taken at the request of the data subject.
    g) data from cookies, regards Users who consent to marketing, targeting cookies, may be transferred to their authors e.g. YouTube and Vimeo supplier.
    Due to the usage of these cookies may occur transfer of data to a third country, in particular to USA. According to European law, USA does not guarantee the adequate level of data protection. Public authorities may have access to these data on the ground of regulations for mass control of safety. After revealing personal data, they would not be protected in the same way, and User can be unable to exercise their rights towards these data.
    Accepting access to these cookies on the website means acceptance for above mentioned usage of data and processing by YouTube and Vimeo. More information on privacy in YouTube services: https://policies.google.com/privacy and on privacy in Vimeo services: https://vimeo.com/privacy
  4. Period of retention of personal data
    The personal data of Visitors to https://eplatform.natolin4cb.eu /, who do not have an account registered on the platform, will be processed for the duration of the session.
    The personal data of non-registered and non-logged Users will be processed for the duration of the session within cookies, unless they consented analytical/ statistical and/or third party cookies – then for the cookies validity period. More information in Cookies Policy.
    The User may individually shorten this period by removing cookies from their browser.
    The personal data of registered Users additionally will be processed for the duration of the agreement for the provision of electronic services and, after its termination, may be stored for the period of limitation of claims arising therefrom (i.e. for a period of 6 years from the termination of the agreement).
    If the User submits a declaration of withdrawal from an agreement for the provision of electronic services, their data may be stored for the period of the statute of limitations for claims arising therefrom (i.e. for a period of 6 years from the end of the agreement).
  5. Rules on the collection of personal data
    The provision of your data is voluntary, but is a condition for the conclusion of the agreement for the provision of electronic services and the use of services via the website. If data is not provided, it will not be possible to conclude and perform the agreement for the provision of electronic services.
    Data stored in cookies are in particular secondary data, not obtained directly by the User. Users are allocated with various, unique identifiers. The User cannot affect installation of cookies necessary for correct functioning of the website. The User can affect installation of additional cookies, i.e. analytical/ statistical via giving adequate consent, moving proper slider in settings. Not giving above mentioned consent does not affect usage of the basic functionalities of the website. Providing these data is voluntary.
  6. Rights in relation to the processing of personal data
    The data subject may exercise the following rights against the Controller:
    (a) the right to request access to their personal data and to be informed of its processing and, if it is inaccurate, the right to request its rectification (pursuant to Articles 15 and 16 of the GDPR),
    (b) the right to request the restriction of processing in the situations and under the conditions indicated in Article 18 of the GDPR (the data subject may request the restriction of the processing of their personal data for the period of verification of its accuracy or until their objection to the processing is considered. This right also applies if, in the opinion of the data subject, the processing of their data is unlawful, but they do not want the data to be erased immediately or if they need the data for a longer period of time than assumed in the processing, for the establishment or defence of claims),
    (c) the right to request erasure under Article 17 of the GDPR (“right to be forgotten”),
    (d) the right to object at any time to the processing of personal data on grounds relating to the specific situa-tion of the data subject or where the data is processed for direct marketing, profiling or analytical purposes, in accordance with Article 21(1) and (2) of the GDPR,
    h) e) the right to data portability in accordance with Article 20 of the GDPR.
    Within cookies, the consent may be revoked at any time with the effect for the future by changing settings in cookies settings’ window (you can manage your cookie settings via the pop-up window in the bottom right corner of the screen).
    User must individually removed previously created cookies in their browser.
    Revoking consent does not affect compliance with processing right made on the basis of consent before its revoca-tion.
    In addition, the data subject has the right to lodge a complaint against the processing of their personal data by the Controller to the President of the Office for Personal Data Protection (address: ul. Stawki 2 00-193 Warsaw).
  7. Contact with the Controller
    In matters relating to the processing of personal data and the exercise of data subjects’ rights, the Controller can be contacted via e-mail address: iodo.pl@coleurope.eu. Correspondence in the paper form, however, should be sent to the registered office address given in item 1 of the Privacy Policy.
    A person who has made a request or demand for the processing of their personal data, in the exercise of their rights, may be asked to answer a number of questions to verify their identity.