Processing of personal data in the process of creating and servicing user accounts

Z Uniwersyteckie Centrum Informatyczne

  1. The account system is the basis for all IT services that require user login.
  2. The account system stores user data necessary for its unambiguous identification and determination of their authorization to services.
  3. The administrator of the user's personal data is the Nicolaus Copernicus University in Toruń, ul. Gagarina 11, 87-100 Toruń; central phone: +48 56 611-40-10, fax: +48 56 654-29-44
  4. In all matters related to the processing of personal data, and in particular regarding your rights, please contact the Nicolaus Copernicus Data Protection Officer at the telephone number: +48 56 611-27-42 or email address:, or by post to the abovementioned address, with the note: "DPO".
  5. Personal data in the form of PESEL number are processed on the basis of art. 6 clause 1 point f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data [...], i.e. the legitimate interest of the Nicolaus Copernicus University, which is the need to guarantee an unequivocal identification of the account owner, personal data in the form of a contact number are processed on the basis of the user's voluntary consent granted by the Nicolaus Copernicus University to streamline the process of creating and maintaining an account (e.g. the possibility of obtaining quick contact).
  6. In the case of users who are not full-time employees of the Nicolaus Copernicus University, providing personal data regarding the PESEL number (or birth date in the case of non-Polish citizens) is a condition of using the service and refusal to provide it results in leaving the application without consideration. In relation to the contact number, providing it is voluntary and does not affect the processing of the application.
  7. If the user uses external IT services that require logging in via the UMK account system and transferring certain data to the service, the user will be informed about this fact before the data is transferred and may decide to resign from using the service. This means that your personal data will not be transferred in such cases without the user granting additional consent, in particular regarding data transfer outside the European Economic Area.
  8. Without your knowledge, your data may only be transmitted in situations provided for by law.
  9. User data is stored in the account system until the account is deleted, in accordance with the provisions of the NCU Computer Network Security Policy.
  10. After deletion of the account, the account identifier will be recorded to ensure that it will not be reassigned to another person. This ID will be kept for an unlimited time.
  11. Users have the right to access data, rectify, delete or limit processing, as well as the right to object to processing and the right to transfer data.
  12. To the extent that the processing of personal data is based on the consent of the user has the right to withdraw it at any time.
  13. Withdrawing consent to data processing results in deleting the user's data from the database. Backups containing data are stored in accordance with the retention period, i.e. 6 months. In case of restoring the system state from a backup, the deleted user's data will be immediately deleted.
  14. Users have the right to lodge a complaint with the supervisory authority.
  15. Each user login to the service is recorded in the logs of the central account system (identifier, time, IP address of the user's device). The collection of this data is necessary to ensure the high quality of the service and to identify cases of unauthorized use of the user's account. Logs from the central account system are stored for a period of 6 months and then deleted.