Privacy policy

Data controller

The Polish-U.S. Fulbright Commission (Fulbright Poland), located at 28 Emilii Plater Street, 00-688 Warsaw, entered in the register of associations conducted by the District Court in Warsaw, XII Division of the National Court Register, with KRS number 0000166179, collects and processes personal data in connection with its activities in accordance with the applicable laws in Poland.

With any questions regarding your data you can contact us at [email protected] or via post to the address given above.

The fulbright.edu.pl website

Unless stated otherwise, the content on the website is made available under the CC BY-NC 4.0 license and is intended solely for informational and educational purposes. We make every effort to ensure the highest quality and reliability of the published content. If you come across outdated, incomplete, or misleading information on our website, please contact us.

No data is associated with specific individuals using the website. However, if you use our website, we may have access to data such as your IP address or other user identifiers, as well as information collected through cookies. We process this data:

1. To provide electronic services in the scope of content available on the website, based on Article 6(1)(b) of the GDPR (the necessity of processing for the performance of a contract).
2. For analytical and statistical purposes based on Article 6(1)(f) of the GDPR (our legitimate interest in analyzing user activity and preferences to tailor the website to their needs and expectations).
3. For the potential establishment and assertion of claims or defense against claims based on Article 6(1)(f) of the GDPR.
4. To ensure the security and continuity of the website based on Article 6(1)(f) of the GDPR. This primarily concerns data collected in server logs, including IP addresses.

Cookie Policy

The website uses two types of cookies – session and persistent. Session cookies are temporary, stored until you leave the website (by navigating to another page, logging out, or closing the browser). Persistent cookies are stored on the user’s end device until they are deleted by the user or for a period specified in their settings.

We utilize Google Analytics and social media plugins (Facebook, Instagram, Youtube), which may also place cookies on the user’s end device and use them.

The website provides users with a plugin to manage cookie preferences. Users can also change their browser settings at any time to block the use of cookies or receive notifications about their placement on their device. Disabling cookie support does not block access to any information on our site, but it may affect how the information is displayed.

What do we use cookies for?

1. Primarily, we use cookies to tailor the content of the website to individual user preferences (e.g., screen resolution, language version) and to speed up page loading by storing certain files that make up the page, such as headers and footers, in the device’s cache.
2. We use the Google Analytics service to collect and analyze anonymous statistical data, such as the device and operating system you use, location, and time spent on the site. With this data, we can better understand the behaviors and preferences of our users and customize the site to meet their needs and expectations. To learn more and to see how you can disable Google Analytics cookies, visit: https://tools.google.com/dlpage/gaoptout.
3. We also use plugins from social media services such as Facebook, Instagram, and Youtube, allowing us to embed content from these services on our website.

Links to Other Websites

Our website contains links to social media platforms and other types of third-party websites. Clicking on a link means that you are leaving our website and entering an external site, where you will be subject to the privacy policies of the external site.

We make every effort to provide links only to reputable and secure third-party sites, but we do not take responsibility for the content found on those sites. We encourage you to review the privacy policy established on any external site after transitioning from our website.

Privacy notices and policies

Link	Recipients
Fulbright Program privacy policy	Applicants, grantees and alumni of Fulbright programs managed by the Polish-U.S. Fulbright Commission
BioLAB Program privacy policy	Applicants, participants and alumni of BioLAB program
Newsletter privacy notice	Newsletter recipients
Online events privacy notice	Fulbright Poland online events participants
In-person events privacy notice	Participants of Fulbright Poland in person events or events organized by the Fulbright Poland grantees as part of their grant.
Donors privacy notice	Individuals who made a donation to Fulbright Poland.

E-mail and postal correspondence

If you send us an email or postal correspondence, the personal data contained in that correspondence will be processed solely for the purpose of communication and resolving the matter to which the correspondence pertains.

The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which involves conducting correspondence directed to them in connection with their activities.

We only process personal data that is relevant to the matter addressed in the correspondence. The entire correspondence is stored in a manner that ensures the security of the contained personal data (as well as other information) and is disclosed only to authorized personnel.

In most cases, received email messages are not deleted but archived. Upon your request, we can delete the message and the associated email address. Such a request should be sent to the address [email protected] or to the email address to which the correspondence was sent.

Telephone Contact

If you contact us by phone, the phone number from which the call was made will be permanently recorded in the call history of the device that received the call and temporarily in the billing records of our telephone service provider. Personal data provided during the conversation will be used solely for the purpose of handling the matter to which the contact relates. We do not record incoming calls.

Social Media Profiles

We maintain profiles on social media platforms such as Facebook, Instagram, LinkedIn, and YouTube. Consequently, we may process data left by individuals visiting these profiles (e.g., messages and comments, likes, internet identifiers).

We process such data for the following purposes:

• Facilitating your activity on these profiles.
• Statistical and analytical purposes.
• Potentially, data may be processed for the purpose of asserting claims and defending against claims.

The legal basis for processing personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which involves promoting our brand and improving the quality of services provided, and, if necessary, asserting claims and defending against claims.

Processing of Personal Data of partner organization’s Personnel

In the course of entering into contracts as part of our business activities, we obtain data from contractors, partner organizations, and collaborators about individuals involved in the execution of such contracts (e.g., designated contact person). The scope of the provided data is always limited to the extent necessary for contract performance and typically does not include other information beyond names and business contact details.

Such personal data is processed for the purpose of fulfilling the legitimate interests of the Administrator and its contractor (Article 6(1)(f) of the GDPR), which involves enabling the proper and effective performance of the contract. We may disclose this data to third parties involved in contract execution.

The data is processed for a period necessary to fulfill the above interests and comply with obligations arising from legal regulations.

Collecting Data of Professional Contacts

Our employees may collect personal data through contacts established during the performance of their professional duties, such as exchanging business cards. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which involves creating a network of contacts in connection with the conducted business activities.

Personal data collected in such cases is processed solely for the purpose for which it was collected, and the Administrator ensures their appropriate protection.

Recipients of Data

In the course of conducting activities that require the processing of personal data, personal data may be disclosed to third parties, including but not limited to service providers (e.g., IT systems, accounting, postal operators, couriers).

Data transfer is always based on the appropriate legal basis and in accordance with the provisions of applicable law.

International Data Transfers

We always inform about the intention to transfer personal data outside the European Economic Area (EEA) at the stage of their collection. The transfer of your data beyond the borders of the EEA is always based on a suitable legal basis, as mentioned in Chapter V of the GDPR, especially with your explicit consent or standard contractual clauses approved by the European Commission.

Data retention

The processing time of data depends on the legal basis and purpose of processing. In the case of processing data based on the legitimate interest of the Administrator, the data is processed for a period allowing the realization of this interest or until an effective objection to data processing is raised. If processing is based on consent, data is processed until the consent is withdrawn. When the processing is necessary for the conclusion and performance of a contract, data is processed until the termination or completion of the contract.

The data processing period may be extended if processing is necessary to establish or assert claims or defend against claims, and after this period, only to the extent and in cases where it is required by law. After the processing period, data is irreversibly deleted or anonymized.

Your Rights

You have the right to:

• Access your data and receive copies of it.
• Correct (amend) your data if it is inaccurate or incomplete.
• Delete personal data if there is no basis for further processing.
• Withdraw consent if it was the basis for processing. Please note that withdrawing consent does not affect the lawfulness of processing personal data that occurred before its withdrawal.
• Request the transfer of your personal data to another administrator.
• Limit or object to data processing.
• Lodge a complaint with the supervisory authority (in Poland: the President of the Office for Personal Data Protection).

These rights may be restricted, for example, if fulfilling your request would reveal the personal data of another person, or if you request the deletion of information that we are required by law to retain, or we have a legitimate interest in retaining.

To exercise your rights, please contact the Administrator at the address provided in the “Data controller” section. As a rule, you can exercise your rights free of charge, subject to statutory exceptions.

Automated Decision-Making

We do not use personal data for automated decision-making based on automated processing, including profiling.

Note on changes to this statement

We may revise this privacy policy periodically and modify it as appropriate. We reserve the right to change this privacy policy by publishing the amended privacy policy on the Fulbright Poland website. We recommend revisiting and reviewing this policy regularly to ensure that you understand how we may be processing your personal data.