The ZABYTEK.PL portal is administered by the National Institute of Cultural Heritage. It allows using digital resources of the Institute - to browse and view the monuments and their documentation, to see themed collections and proposed sightseeing routes, to obtain information on selected monuments, their characteristics, descriptions, history and location. The portal also allows creating user accounts and adding content, including: descriptions of selected monuments, photos, and creating tour routes by registered users.
We would like to inform you that while using our portal the following information about users and their activity on the portal is collected automatically on our servers:
- logs including an IP address, date and time of using the portal, and a list of pages visited within the portal (whereby the logs do not contain any personal data);
- cookies that allow recognising user-preferred settings (whereby the possibility of downloading them by the user depends on individual browser settings);
- personal data necessary to create a user account on the portal that allows using all its functionalities: user name, email address and phone number
Personal data necessary to create a user account, i.e. user name and email address, will be used to contact users in matters related to the portal functioning. Users may also use data gathered by Facebook and Google to log in the ZABYTEK.PL portal - the data gathered on servers of the National Institute of Cultural Heritage will be collected from the abovementioned portals.
I consent to the processing of my personal data included in the zabytek.pl portal by the National Institute of Cultural Heritage with its registered office in Warsaw at ul. Kopernika 36/40, for the purposes necessary to render the portal user account access service, supplementing the contents on the portal, reporting threats to monuments to the Voivodeship Office for the Protection of Historic Monuments, reporting errors or irregularities found on the portal and using the contact form.
The information included in cookies identifies the computer and browser data of the user, which enables us to remember your visits to the site and preferences concerning the use of the site (e.g. site language, layout, arrangement of content, etc.). Cookies enable the National Institute of Cultural Heritage to create anonymous statistics of portal visits. Owing to this we can assess the actual interest in our portal, learn more about the expectations and preferences of users, understand the way they use the portal, which enables us to prepare statistics and helps improve our site. Data obtained in that manner are not in any way combined with user personal data. The cookies usually contain the name of a website from which they originate, time of storage on an end-device and a unique number. The cookies constitute IT data, in particular text files, that are stored on the end-device of the Portal User and allow using the Zabytek.pl portal.
The entity placing cookies on the terminal device of the user and obtaining access to them is the National Institute of Cultural Heritage with its registered office at ul. Kopernika 36/40, 00-924 in Warsaw.
The user may individually manage and block cookies using the browser settings. Blocking cookies may result in the loss of capacity to use some of the portal parts or available functions.
Data concerning the users of the ZABYTEK.PL portal, gathered on the servers of the National Institute of Cultural Heritage, are protected against unauthorised access and are not made available to third parties, except for cases where these data are requested by entities authorised to collect these data pursuant to the applicable law, e.g. courts or enforcement bodies - if they request them pursuant to a relevant legal basis.
On the basis of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the Act of 10 May 2018 on personal data protection (Journal of Laws of 2019, item 1781), we would like to inform you that:
1. the National Institute of Cultural Heritage (NID), with its registered office in Warsaw at ul. Kopernika 36/40, shall be the controller of your personal data,
2. Data Protection Inspector shall be Mr Dominik Krasowski, contact: email@example.com,
3. your personal data will be processed for the following purposes and on the following legal basis:
Circumstances for personal data processing by NID
Legal basis and data storage period
Legitimate objective of personal data processing
Concluding and performing civil-law contracts
The controller shall process the personal data throughout the term of the agreement, until the expiry of claims related to the performance of contractual obligations, unless a longer period of processing is necessary in cases dictated by law or further processing of such data is necessary for the execution of a task performed in the public interest.
Personal data processing by NID is necessary to conclude and perform the contract
As regards contracts where NID acts as a contracting authority as a result of a public contract awarded, the data processing takes place also to fulfil the legal obligations imposed on NID and for the purpose of performing tasks in the public interest (in particular, in the scope of tasks performed by NID).
Running an Internet portal
Personal data will be processed taking account of the requirements of Google Ireland Limited for up to 180 days from the date of withdrawing user consent
NID shall process personal data of persons using the Internet portal (data included in cookies) for statistical and marketing purposes and to adjust the site contents to user preferences. Data processing also takes place to render a service (newsletter).
Pursuing claims or defending against legal claims
Until the expiry of claims related to the performance of contractual obligations, and in the case of instigation of court proceedings to pursue claims - until their final closing, and in the case of enforcement proceedings - until the final satisfaction of such claims. In the case of public procurements - usually 4 years (details below)
The controller may process data of employees/cooperators of clients or contractors as well as of entities participating in the public contract award procedure to establish, investigate or defend against claims that may arise in relation to the performance of contracts or public contract award procedures.
Personal data will be stored for the period of 4 years from the date of completion of the contract award procedure and if the term of the contract exceeds 4 years, the storage period covers the entire contract validity period
Personal data processing takes place for the purpose related to
Storing documents, i.e. contracts and settlement documents
For periods laid down by the provisions of the law, and if they have not been indicated as regards certain documents, for a period when the storage thereof fulfils a legitimate objective of the controller, regulated by the period of possible pursuit of claims
Data processing takes place for archiving purposes against the legitimate interest in securing and storing personal data in case of a legal necessity to confirm facts, and also constitutes the fulfilment of requirements arising from the provisions of the law, in particular the fiscal and accounting law
Storing employee and payroll documentation
In accordance with the applicable regulations, an employer should store employee documentation for 10 years (from the termination of employment relationship for contracts concluded in 2019) or 50 years (from the termination of employment relationship for contracts concluded until end-2018). Personal records - category BE50 - following the expiry of the storage period they should be subject to an expert opinion in terms of requalifying them to category A. Payroll documentation shall be stored for 50 years from the termination of the employment relationship
The obligation to store employee and payroll documents results from the provisions of the law, in particular in the scope of labour law and social insurance
4. In relation to the conducted activity, NID will disclose your personal data to the following entities:
- Voivodeship Offices for the Protection of Historic Monuments for the purpose of making notifications (name, surname, email address, phone number), for establishing contact concerning the notified case exclusively
- state authorities or other entities authorised pursuant to the provisions of the law,
- entities supporting us in the conducted activity upon our commission,
in particular: entities rendering IT services as well as suppliers of external ICT systems who support our activity, including Microsoft, Google, banks, entities providing legal assistance, IT, audit, dispatch and postal services. The basis for processing shall be the personal data processing agreements guaranteeing the security of such data. Entrusting the data to other entities shall take place only in the scope
and for the purpose described in this Policy.
5. Your personal data will not be transferred to a third country,
6. Your personal data will be stored in the period of granted consent or until the expiry of the legal basis,
7. You have the right to:
- request access to your personal data and a copy of the personal data undergoing processing - in accordance with Article 15 of GDPR;
- rectify and supplement data if they are inaccurate or incomplete - in accordance with Article 16 of GDPR;
- request erasure of your personal data - in accordance with Article 17 of GDPR;
- request restriction of processing of your personal data - in accordance with Article 18 of GDPR;
- transmit your personal data - in accordance with Article 20 of GDPR;
- object to processing of your personal data - in accordance with Article 21 of GDPR;
- withdraw consent at any time and in any form, in a situation where your personal data are processed on the basis of granted consent, whereby the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- lodge a complaint to the President of the Personal Data Protection Office if you consider that NID processes your personal data in non-compliance with the personal data protection regulations.
8. You have the right to file a complaint with the President of the Personal Data Protection Office if you decide that the processing of personal data concerning you violates the provisions of the General Data Protection Regulation of 27 April 2016.
9. Provision of your personal data is voluntary,
10. Your data will not be processed in an automated manner and will not be profiled, which could have impact on your legal situation or in any other way have impact on your rights, freedoms and obligations.