THE PRIVACY AND COOKIES POLICY
The Privacy Policy sets out the principles for storing and accessing information on the User’s devices using cookies for the provision of electronic services requested by the User, and the processing of personal data by the Institute of National Remembrance ‒ Commission for the Prosecution of Crimes against the Polish Nation with its registered office in Warsaw, ul. Janusza Kurtyki 1, 02-676 Warsaw.
§1.
Definitions
- Administrator – the Institute of National Remembrance – Commission for the Prosecution of Crimes against the Polish Nation with its registered office in Warsaw, ul. Janusza Kurtyki 1, 02-676 Warsaw, which provides services electronically and stores and accesses information on User’s devices.
- Cookies – computer data, in particular small text files, recorded and stored on devices through which the User uses the Service’s website.
- Administrator Cookies – Cookies published by the Administrator, related to the provision of electronic services by the Administrator through the website.
- External Cookies – Cookies saved on the website by the Administrator’s partners.
- Service – the website which is used by the Administrator to manage the online service.
- Device – an electronic device through which the User accesses the Website.
- User – an entity to whom electronic services may be provided or with whom a contract for the provision of electronic services may be concluded in accordance with the provisions of the law.
- GDPR (Polish abbrev. RODO) – par. 2 of the Regulation of the European Parliament and of the Council (EU) 2016/679 EU of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
§ 2.
Types of Cookies
- Cookies used by the Administrator are safe for the User’s Device. In particular, it is not possible for viruses or other unwanted software or malware to enter the User’s Devices through Cookies. These files allow the Administrator to identify the software used by the User and adapt the Service’s Website to each User individually. Cookies usually contain the name of the domain they come from, the time of storage on the Device and the assigned value.
- The Administrator uses two types of cookies:
- Session Cookies: files stored on the User’s Device and remaining there until the end of the session of a respective browser. The stored information is then permanently removed from the User’s Device memory. The mechanism does not allow session cookies to retrieve any personal data or any confidential data from the User’s Device.
- Persistent cookies: files stored on the User’s Device and remaining there until they are deleted by the User. Ending the session of a given browser or switching off the Device does not remove them from the User’s Device. The mechanism does not allow persistent cookies to collect any personal data or any confidential information from the User’s Device.
- The User is able to restrict or block the access of cookies to the Device. When the User decides to use this option, the use of the Service will still be possible with the exception of functions which by their nature require Cookies.
§ 3.
Data collection
In line with the adopted practice of most WWW services, we store HTTP requests posted to our server. Data collection is viewed and identified using URL addresses. The exact list of data stored in the server logs is as follows:
- public IP address of the Device that posts the request (it may be the User’s computer);
- client’s workstation name – authentication through the HTTP transfer protocol, if possible;
- User’s name authentication and authorisation;
- time of request;
- the first line of the HTTP request;
- the HTTP response code;
- the number of bytes sent by the server;
- the referrer URL to identify the website previously used if the Service has been reached through the referrer link;
- the User’s browser data;
- data on the errors that take place when completing the HTTP transaction.
The data are not associated with individual persons that view the IPN’s websites. For the purpose of ensuring the highest quality of our services, we analyse the log files from time to time to determine which websites are viewed most often, which web browsers are used, whether the website structure contains errors, etc.
§ 4.
Purposes for which cookies are used
- the Administrator shall use their own cookies to correctly configure the Service, and in particular:
- adapt the content of the Website to User’s preferences and optimise the use of the Website,
- recognise the Website User’s Device and its location and display the Website accordingly, meeting individual User’s needs,
- store the User’s settings and personalise the User’s interface, e.g. in terms of the language selected or the User’s area,
- store the history of visited pages on the Website to recommend future content,
- estore data on the font size, design of the website, etc.
- The Administrator shall use their own cookies to authenticate the Service User and ensure the User’s session in the Service, in particular to:
- maintain the Service User’s session on the Website (after logging in), so that the User does not have to enter their login and password again on each subpage of the Website,
- configure selected Service functions correctly, enabling, in particular, the verification of the authenticity of a browser session,
- optimise and increase the capacity of the services rendered by the Administrator.
- The Administrator shall use their own cookies to carry out processes necessary for the full Website functionality, in particular to:
- adjust the Service contents to the User’s preferences and optimise the use of the Website. These files mainly allow the system to recognise the User’s Device and display the Website according to the User’s individual needs;
- correctly operate an affiliate programme, allowing the system to verify the redirection sources of the Users to the Service pages.
- The Administrator shall use their own cookies to store the User’s location, and, in particular, correctly configure selected functions of the Website, making it possible to adjust the data provided to the User, taking into account the User’s area.
- The Administrator shall use their own cookies to analyse, investigate and audit the audience, in particular, to create anonymous statistics that help to understand how the Users use the Website. This allows the Administrator to improve the Website’s structure and contents.
- The Administrator shall use external cookies to sign in the Service with the use of Facebook or Twitter.
- The Administrator shall use external cookies to popularise the Service with the use of Facebook or Twitter.
§ 5.
Possibilities to determine conditions of storage or access to Cookies:
- The User may on their own and at any time change the settings to define the conditions of the storage of cookies and access to the User’s Device. The User may change the settings either in the Internet browser or in the Service configuration. These settings may be changed mainly to block automatic support of cookies in the Internet browser or to indicate every time cookies are stored on the User’s Device. Detailed information on the possibilities and ways of managing cookies are available in the software settings (web browser).
- The User may delete cookies at any time, using the functions available in the Internet browser.
- Restricting the use of Cookies may affect some functionalities available on the Service websites.
§ 6.
GDPR (Polish abbrev. RODO)
The Administrator of the Users’ personal data is the President of the Institute of National Remembrance ‒ Commission for the Prosecution of Crimes against the Polish Nation with its seat in Warsaw, address: ul. Janusza Kurtyki 1, 02-676 Warsaw, Poland. The Administrator of the personal data ensures appropriate technological, physical, administrative and procedural means of data protection in order to protect and ensure confidentiality, correctness and availability of the processed personal data, as well as protection against unauthorised use or unauthorised access to the personal data and protection against security breaches with regard to personal data.
The Institute of National Remembrance ‒ Commission for the Prosecution of Crimes against the Polish Nation shall process the User’s personal data in order to:
- inform them about the Institute’s activities (e.g., education, research, publishing) ‒ Newsletter (Article 6(1)(a) GDPR)
- maintain contacts with them through the Website or telephone number provided on the Website (Article 6(1)(c) of the GDPR and Article 6(e) of the GDPR)
- communicate and inform them about the Institute’s activities via the Website or Facebook, Twitter and YouTube (Article 6(1)(e) GDPR)
We shall only process the User’s personal data for the period necessary to fulfil the purpose of storing it or for as long as we are legally required to do so.
While processing the User’s personal data to provide a newsletter service, we shall process personal data for the period necessary to provide this service, the User having the possibility to resign at any time.
Contact details of the Personal Data Protection Inspector at the Institute of National Remembrance (IPN-KŚZpNP): inspektorochronydanych@ipn.gov.pl , address for correspondence: ul. Janusza Kurtyki 1, 02-676 Warsaw, Poland, addressed to: Inspector for Personal Data Protection.
Under no circumstances shall data concerning the Service Users be made available, transferred or sold to companies or third parties. All data may be transferred only at the request of state authorities authorised by law in connection with their proceedings or entities authorised by the Administrator of personal data.
The User shall have the right to access their personal data and rectify, delete or restrict its processing, and object to the processing of personal data and data transfer.
The User shall have the right to lodge a complaint with the President of the Office for Personal Data Protection if they are convinced that the processing of their personal data violates the GDPR provisions.
The User shall have the right to withdraw their consent to the processing of their personal data at any time, to the extent that the processing was based on consent. Withdrawal of consent will not affect the lawfulness of the processing that was carried out upon their consent before its withdrawal.
§ 7.
Changes in the Privacy Policy
We shall reserve the right to amend the Service’s Privacy Policy at any time to ensure that the Service’s Privacy Policy continues to meet the current requirements imposed by law.