Information clause on personal data processing of a User of the City of Warsaw information service (“the service”)

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) entered into force on 25 May 2018.
  2. The Controller of Users’ personal data processed by the City of Warsaw is the Mayor of Warsaw with the registered office at Bankowy Square 3/5 00-950 Warsaw.
  3. The Controller appointed a Personal Data Protection Officer who can be contacted via e-mail: iod@um.warszawa.pl.
  4. The legal basis authorising the Controller to process the User’s personal data is:
    1. legitimate interest (Article 6 (1) (f) of the GDPR)
    2. The User’s consent to the processing of their personal data (Article 6 (1) (a) of the GDPR)
  5. Providing personal data will be required in order for the User to gain access to a particular functionality of the Service, i.e.:
    1. newsletter subscription,
    2. ability to comment on particular articles, events,
    3. participation in competitions, surveys, events registrations,
    4. mailbox use
  6. In cases referred to in in point 4, the Controller has the right to process the following personal data of the User:
    1. first and last name,
    2. nickname,
    3. phone number,
    4. e-mail address,
    5. residence address,
    6. date of birth.
  7. In addition, the User may consent to the disclosure of their personal data, indicated in point 5, to the Controller for the Controller’s marketing purposes.
  8. The User’s personal data will be processed for a period necessary for the implementation of processing goals.
  9. The recipients of the User’s personal data may include:
    1. entities to which the Controller will entrust the processing of personal data, in particular entities providing IT and postal services for the benefit of the Controller, public authorities and other entities to which the Controller will provide access to personal data on the basis of applicable law, entities to which the Controller will provide access to personal data on the basis of the User’s consent.
  10. The User has the right to:
    1. access personal data, including the right to obtain a copy of these data;
    2. request correction (revision) of personal data;
    3. request the erasure of personal data (known as the “right to be forgotten”) in the following events:
      1. the data are no longer necessary for the purposes for which they were collected or otherwise processed;
      2. there is no legal basis for processing personal data;
      3. the data subject has objected to the processing of the data and there is no other legal ground for processing;
      4. the data are processed unlawfully;
      5. the data must be removed in order to comply with the legal obligation.
    4. request a restriction to the processing of personal data;
    5. object to the processing of data – when the following conditions are cumulatively met:
      1. there are reasons related to an extraordinary situation,
      2. the data are processed in order to complete a task which is carried out in the public interest or under the exercise of public authority entrusted to the Controller, except for the situation in which the Controller demonstrates that there are important legitimate grounds for the processing of personal data superior to the interests, rights, and freedom of the data subject, or grounds for the establishment, exercise or defence of claims;
    6. lodge a complaint to the President of Personal Data Protection Office (2 Stawki Street, 00-193 Warsaw, helpline: 606-950-00) if the User becomes aware of the unlawful processing of their personal data by the City of Warsaw;
    7. withdraw consent at any time – with regard to the data processed on the basis of the consent;
    8. transfer data – with regard to the data processed on the basis of the consent when the data processing is automated.