Information Clause on the Processing of Personal Data
as part of the recruitment process at the Pontifical University of John Paul II in Krakow
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR"), the Pontifical University of John Paul II in Krakow informs that:
Data Controller
The Data Controller of your personal data is the Pontifical University of John Paul II in Krakow, with its registered office at: ul. Kanonicza 25, 31-002 Kraków, Poland.
Data Protection Officer (DPO)
The Pontifical University of John Paul II in Krakow has appointed a Data Protection Officer. You may contact the DPO:
-
by email: IODO@upjp2.edu.pl
-
or in writing to: Pontifical University of John Paul II in Krakow, ul. Kanonicza 25, 31-002 Kraków, with the note “DPO”.
Purposes and Legal Basis for Data Processing
Your personal data will be processed for the purpose of carrying out the admission process at the Pontifical University of John Paul II in Krakow and—if admitted—for the administration of your studies at the University.
The processing of your personal data is necessary to fulfill the legal obligations incumbent upon the Controller related to the implementation of tasks set forth in the Act of 20 July 2018 – Law on Higher Education and Science (Journal of Laws 2024, item 1571, as amended), as well as secondary legislation and internal regulations applicable at the Pontifical University of John Paul II in Krakow (Article 6(1)(c) GDPR).
Your personal data may also be processed on the basis of the legitimate interests pursued by the Controller, such as the establishment, exercise, or defense of legal claims (Article 6(1)(f) GDPR).
Data Retention Period
Your personal data will be processed for a period of 6 months following the completion of the admission process. If you are admitted, your personal data will be processed for the duration of your studies to document their course, and thereafter for archival purposes—on the basis of the Act of 20 July 2018 – Law on Higher Education and Science (Journal of Laws 2024, item 1571, as amended), relevant implementing legislation, and other applicable legal regulations.
Recipients of Personal Data
Recipients of your personal data may include entities authorized to receive such data under applicable laws, as well as entities cooperating with or providing services to the Controller under data processing agreements—especially those providing technological support for IT systems used to process your personal data.
In the case of non-admission, your personal data may also be transferred to a company providing postal services for the purpose of delivering the decision on your non-admission.
Your Rights in Relation to Data Processing
You have the right to:
-
request access to your personal data (Article 15 GDPR),
-
request rectification of your personal data (Article 16 GDPR),
-
request erasure of your personal data (Article 17 GDPR),
-
request restriction of the processing of your personal data (Article 18 GDPR),
-
the right to data portability (Article 20 GDPR), and
-
the right to object to the processing of your personal data (Article 21 GDPR).
Please note that the Controller will verify your requests, demands, or objections in accordance with applicable data protection laws. These rights are not absolute and are subject to limitations provided by law.
To exercise your rights or for questions regarding privacy and data processing by the Controller, please contact the Data Protection Officer:
-
via email: IODO@upjp2.edu.pl
-
or in writing to: Pontifical University of John Paul II, ul. Kanonicza 25, 31-002 Kraków, Poland, with the note “DPO”.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the provisions of the GDPR.
Obligation to Provide Data and Consequences of Failure to Provide
Providing your personal data is voluntary, but necessary for participation in the recruitment process and for the Controller to fulfill its legal obligations. Failure to provide the required personal data will result in the inability to participate in the admission process.
