GDPR data processing information clause

In pursuance of the requirements included in Articles 13 and 14 of the Regulation of the European Parliament and the Council of the European Union (EU) 2016/679 of April 27, 2016, on the protection of natural persons with respect to the processing of personal data and the free flow of such data, as well as the repealing of Directive 95/46/EC (hereinafter referred to as GDPR), we inform you about the processing of your personal data at Wrocław University of Science and Technology.

A. Information on the identity of the Data Controller

Within the meaning of the GDPR, the Data Controller is the entity that decides on the purposes for which personal data is processed as well as the means of processing it. The Controller of the data is Wrocław University of Science and Technology, with its registered seat at Wybrzeże Wyspiańskiego 27 in Wrocław. Contacting the Controller's representative is possible by writing a letter to the address of the Controller's registered seat as well as by using the contact form on the webpage The Controller has appointed a Data Protection Officer, whom you can contact with respect to matters of data protection using the following e-mail address: or by writing a letter to the Controller's registered office address.

B. The rights of persons being data subjects

The Controller ensures that the data subjects whose data it processes have the rights as set out in the GDPR. According to the basis of processing, these may be rights to: .
  • access, correct, and rectify their data,
  • erase their data (in the event of withdrawal of consent – if there were no other legal basis for processing),
  • restrict the processing of their data if it appeared that the data is unnecessary to us or the processing thereof is objected to by the data subject, or it is incorrect, or if it appeared that it is unlawfully processed; however, the processing cannot be effectively restricted if it is necessary to protect the claims of the Data Controller or the rights of another person, or if it is necessary for important reasons related to the public interest;
  • transfer their data by means of a commonly used machine-readable computer format, provided that the Controller processes the data electronically and that it is technically feasible,
  • object to the processing on grounds of the data subject’s particular situation; this right may be exercised when the data is processed only to pursue the legitimate legal interests of the Data Controller; with regard to data used for direct marketing purposes, it is not even necessary to invoke any particular situation.
Most of these rights are not absolute. Specified below are detailed explanations of the data subject’s rights as well as information on how to exercise them. In the event of a request to exercise a specific right, the Controller will respond within one month, but, if necessary, we are entitled to extend this period by a further two months. If the response time is extended, the Controller will notify the data subject of this fact within one month of receipt of the request. The data subject can exercise their rights by contacting us using the contact form specified above. In the event of queries concerning the processing of personal data or the need to exercise your rights under the GDPR, you should contact a representative of the Controller ( If there is any doubt as to the identity of the person contacting the Controller, additional information or proof of identity may be required.

C. Legal basis of personal data processing

When someone decides to participate in an event organised by WUST, their personal data is collected. Typically, the scope of the data includes, in particular, first name and surname, postal address, e-mail address, telephone number, and other contact details, organisational affiliation and, if necessary, other data – such as specific dietary expectations or need for other forms of support from the organiser, accommodation details, payment methods and credit card information for hotel bookings, etc. – needed for the organisation of the event. If the participant in the event does not enter into an agreement with the Data Controller, the basis for the processing of the data will be the participant's consent (in connection with Article 6(1)(a) of the GDPR).
If relevant regulations, registration rules, or the very nature of the event (e.g. a ticketed career expo) prevent one from assuming that the provision of data is tantamount to giving consent to its processing, the Data Controller will ask for separate, additional consent to the processing of personal data for specific purposes. Personal data of participants in specific events may also be shared with other co-organisers of the event since, as a rule, institutions of the scientific world actively cooperate in such activities.

D. Recipients of the personal data

Participants' data may be used to register their participation, make materials available, provide additional services, and provide communication services (it may be made available to providers of services such as e-mail, instant messaging, etc.).
Participants’ likeness and voice may be recorded in the form of photographic and video material and used on the organisers' websites and in press reports. If the participant does not wish to disclose their identity and does not accept the use of such data, they should – before sharing their information – confirm the possibility of opting out of such processing of their data with the organiser’s representative.
Participants' data may also be made available to sponsors and used to enable the presentation of offers, but – as a general rule – (unless the organiser informs otherwise) these will be the purposes of other data controllers.

For details, please refer to: Policy - Wrocław University of Science and Technology (