I. Privacy policy

1. The Controller of personal data processing shall be Foundation for Students and Graduates of the Medical University of Warsaw "Koło Medyków", with its registered office in Warsaw, Wojciecha Oczki 1a street, 02-007 Warsaw, Poland, holder of NIP 701-10-03-075 and REGON 387479847; E-mail: kolomedykow@wum.edu.pl 
2. This Privacy Policy shall be binding to all Users using this website.
3. This Privacy Policy contains information on how the Controller processes the personal data of Users while they are using Internet applications.
4. This Privacy Policy may be amended. The up-to-date version of the Privacy Policy is available at: https://prospects.wum.edu.pl/index.php/pps/about/privacy.

II. Cookies

1. The PPS website uses cookies and similar technologies e.g. in order to tailor the system to users’ needs.
2. Cookies are computer data, in particular text files stored on the user’s device and designed to use websites.
3. The PPS website stores information as cookies for the following purposes:
   1. functional purposes to remember settings selected by the user and adapt the user’s interface,
   2. statistical purposes to create anonymous statistics, which allow for improving systems offered.
4. Each user may decide on his/her own how cookies are stored on his/her device. This is enabled by Internet browser settings. Default settings of popular browsers allow for the storage of cookies. The user may, in his/her Internet browser settings, block or restrict the sending of cookies.
5. Restricted use of cookies in the browser configuration may affect some functionalities available of PPS website.

III. Types of data collected and how they are used

1. In order to use the PPS editorial system service, an account must be created and one must log into that account. Personal data may contain full name, scientific degree, telephone number, email address, institutional affiliation, affiliation address, date of birth, specialty, areas of scientific interest and photograph. Some elements are not required. Some elements, e.g. a photograph, can be added at any time when using the Editorial System. Data of users are used to identify authors, reviewers, editorial staff, publishing house staff, members of scientific conferences’ committees involved in the flow of articles and abstracts submitted to scientific journals and for conferences, and to contact such persons to the extent necessary for that process as part of the PPS editorial system. Personal data must be provided for the correct performance of the agreement on services provided by electronic means.
2. The personal data shall be:
   1. processed lawfully, fairly and in a transparent manner in relation to the User,
   2. collected for specified, explicit and legitimate purposes (provision of services) and not further processed in a manner that is incompatible with those purposes;
   3. adequate, relevant and limited to what is necessary in regards to the purposes for which they are processed;
   4. accurate and, where necessary, kept up to date;
   5. kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
   6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
3. The Controller shall process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Those measures shall be updated.
4. The Controller shall not process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
5. Personal data processed in order to perform the agreement will be processed for the term of the agreement and thereafter, for the period necessary for archiving purposes in the context of publishing activities of data recipients. If data are not required to comply with obligations under the agreement on provision of services by electronic means or statutory obligations, such data are deleted.

IV. Security

1. The Controller of personal data shall take all reasonable activities to ensure the protection of the personal data of users of the PPS editorial system. This means for example development of relevant technical and organizational rules and procedures to minimize the risk of unauthorized access to the user’s account and to data of users and the risk of disclosing them. Information provided by users shall be processed and stored using appropriate measures of security compliant with requirements set by applicable laws. These measures shall be reviewed and updated where necessary.
2. The Controller shall implement technical and organizational measures such as:
   1. maintaining records of processing activities,
   2. pseudonymization and encryption of personal data;
   3. ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
   4. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
   5. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
3. However, the Controller of personal data shall not guarantee that the risk of unauthorized use of personal data by unauthorized persons acting unlawfully shall be excluded entirely. Any passwords to accounts shall be kept in a safe place and shall not be disclosed to third parties. We must be promptly notified of any cases of unauthorized use of the password or of other threats to security.

V. Rights of Users

1. The User shall have the right to obtain from the Controller of personal data confirmation as to whether or not personal data concerning the User are being processed and, where that is the case, access to the personal data and the following information:
   1. the purposes of the processing;
   2. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
   3. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
   4. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the User (data subject) or to object to such processing;
   5. the right to lodge a complaint with a supervisory authority;
   6. where the personal data are not collected from the User, any available information as to their source.
2. The Controller shall comply with the above obligation e.g. by providing Users with these information, which is the performance of art. 13 of the GDPR.
3. The User shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. The User shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
   1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   2. the User objects to the processing,
   3. the personal data have been unlawfully processed;
   4. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   5. the personal data have been collected in relation to the offer of information society services.
5. The User shall have the right to obtain from the Controller restriction of processing where one of the following applies:
   1. the accuracy of the personal data is contested by the User, for a period enabling the Controller to verify the accuracy of the personal data;
   2. the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
   3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims;
   4. the User has objected to processing.

VI. Change of personal data

The Controller of personal data shall ensure that the user has the right to access and update or erase personal data. These activities can be done mostly on one’s own after logging into the PPS editorial system. If a function has not been provided, this can be done by contacting the Controller at biuletynfarmacji@wum.edu.pl.

VII. Amendments to the Privacy Policy

1. The Controller may update this Policy from time to time. The Controller shall inform Users about each amendment to this Policy by publishing a new document on this website.
2. The User may read this document and amendments thereto at this website. Amendments to the Privacy Policy shall take effect on thy day they are published on this website.