Skip to content Skip to footer

Who we are

Our website address is: https://shipip.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

GDPR

Personal data processing

August 6, 2020

Information on the processing of personal data under the Operational Programme Infrastructure and Environment 2014-2020 (OP I&E 2014-2020)

Several entities serving as controllers within the meaning of the GDPR [Regulation (EU) 2016/679 of the European Parliament and of the Council of by 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) dated 27 April 2016 (OJ EU L No. 119, p. 1)] participate in the processing of personal data within the OP I&E 2014-2020. These entities make decisions related to the personal data being processed, i.e. what personal data are processed, for what purpose and in what way. Each controller is individually responsible for the protection of personal data and for informing the public about the way in which it processes such data.

Due to the fact that it is the Minister of Development Funds and Regional Policy – as the Managing Authority of the OP I&E 2014-2020 – who determines: what personal data, how and for what purpose will be processed in connection with the implementation of the Programme, the Minister acts as the controller of personal data processed in connection with the implementation of the OP I&E 2014-2020.

The Minister is the controller of both the data the Minister obtained independently as well as of the personal data obtained by other entities involved in the implementation of the Programme (i.e. by other controllers, who in this case also perform the function of processors [Processors are institutions (Intermediate Bodies and Implementing Authorities), beneficiaries and other entities involved in the implementation of the OP I&E 2014-2020, to which the Minister (or another authorised entity) entrusted the processing of personal data within the OP I&E 2014-2020]).

The Minister of Development Funds and Regional Policy is also the controller of personal data that the Minister processes as a beneficiary of projects co-financed from the funds of OP I&E 2014-2020.

The Minister of Development Funds and Regional Policy is also the controller of data collected in the Central IT System managed by the Minister, which supports the implementation of OP I&E 2014-2020.

I. Purpose of personal data processing

The Minister of Development Funds and Regional Policy processes personal data in order to implement the tasks assigned to the Managing Authority to the extent that it is necessary such an objective. Similarly, processors process personal data in order to implement the tasks assigned to them within the scope of OP I&E 2014-2020’s implementation to the extent it is necessary to achieve this objective.

The Minister and processors process such data, in particular, for the following purposes:

  1. to grant support to the beneficiaries applying for co-financing and implementing projects;
  2. to confirm the eligibility of expenditure;
  3. to request payments from the European Commission;
  4. to report irregularities;
  5. to evaluate;
  6. to monitor;
  7. to control;
  8. to audit;
  9. to run reporting activities;
  10. to run information-promotion activities.

II. Legal grounds for data processing

Processing of personal data in connection with the implementation of OP I&E 2014-2020 is carried out in accordance with the GDPR.

1. The legal basis for data processing is primarily the need to fulfil the obligations incumbent on the Minister of Development Funds and Regional Policy – as the Managing Authority of the Programme – pursuant to the provisions of Union law and national laws (Article 6(1)(c) of the GDPR). These obligations arise from the following legal provisions:

  1. Regulation of the European Parliament and of the Council No. 1303/2013 of 17 December 2013 laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries fund, and repealing Council Regulation (EC) No 1083/2006;
  2. Commission Delegated Regulation (EU) No 480/2014 of 3 March 2014 supplementing Regulation (EU) No 1303/2013 of the European Parliament and of the Council laying down common provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund, the European Agricultural Fund for Rural Development and the European Maritime and Fisheries Fund and laying down general provisions on the European Regional Development Fund, the European Social Fund, the Cohesion Fund and the European Maritime and Fisheries Fund;
  3. Commission Implementing Regulation (EU) No 1011/2014 of 22 September 2014 laying down detailed rules for implementing Regulation (EU) No 1303/2013 of the European Parliament and of the Council as regards the models for submission of certain information to the Commission and the detailed rules concerning the exchanges of information between beneficiaries and managing authorities, certifying authorities, audit authorities and intermediate bodies;
  4. Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012;
  5. Act of 11 July 2014 on the rules of implementing cohesion policy programmes financed under the 2014-2020 financial perspective;
  6. Act of 14 June 1960 – Polish Code of Administrative Procedure;
  7. Act of 27 August 2009 on Public Finance;
  8. Act of 29 January 2004 – Public Procurement Law.

2. Processing is also lawful if one of the following applies:

  1. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR) – this ground applies, inter alia,  to personal data of persons running a business as a sole trader, with whom the Minister concluded contracts in order to implement OP I&E 2014-2020;
  2. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested   in the Minister (Article 6(1)(e) of the GDPR) – this ground applies, inter alia, to competitions and promotional campaigns organised by the Minister concerning the Programme.

III. Categories of personal data processed

The Minister of Development Funds and Regional Policy, in order to implement OP I&E 2014-2020, processes personal data, of, among others:

  1. employees representing or performing tasks for entities involved in the service and implementation of the programme and projects, i.e. Intermediate Bodies and Implementing Authorities;
  2. contact persons, persons authorised to make binding decisions and other persons performing tasks for applicants, beneficiaries and partners;
  3. participants in trainings, competitions, conferences, monitoring committees, working groups, steering groups and information or promotional meetings organised under the Programme;
  4. candidates for experts and experts involved in the process of selecting projects to be co-financed or performing tasks related to the implementation of rights and duties of competent institutions, resulting from the concluded grant agreements;
  5. persons whose data will be processed in connection with the examination of eligibility of funds in the project, including in particular: project personnel, participants of tender commissions, bidders and contractors of public procurements, persons providing services under civil law contracts.

The types of personal data processed by the Minister include:

  1. identification data, in particular: name, surname, series and number of identity card, date and place of birth, place of residence, place of employment / form of conducting business activity, official position, PESEL (Personal Identification Number) / NIP (Tax Identification Number) / REGON (Statistical ID), user identifier / user login;
  2. data concerning the employment relationship, in particular: remuneration received and working time, occupation or education, length of service;
  3. contact details, which include in particular: e-mail address, telephone number, fax number, correspondence address;
  4. financial data, in particular: bank account number, amount of remuneration;
  5. other data, for example: information about the real property (plot number, land and mortgage register number, gas connection number).

Data are obtained directly from data subjects or institutions and entities involved in the implementation of operational programmes, in particular applicants, beneficiaries and partners.

Where data are collected directly from data subjects, the provision of data is voluntary. However, the refusal to provide the data is tantamount to the lack of possibility to take appropriate actions, e.g. applying for funds under OP I&E 2014-2020.

IV. Data retention period

Personal data will be stored for the period specified in Article 140(1) of Regulation (EU) No 1303/2013 of the European Parliament and of the Council of 17 December 2013 and at the same time for a period not shorter than 10 years from the date of awarding the last aid under OP I&E 2014-2020 – also taking into account the provisions of the Act of 14 July 1983 on National Archival Resources and Archives.

In some cases, e.g. when the EU authorities control the Minister, this period may be extended.

V. Data recipients

The recipients of personal data may be:

  • the entities to which the OP I&E 2014-2020 entrusted the performance of tasks related to the implementation of the Programme, including in particular entities acting as Intermediate Bodies and Implementing Authorities, as well as experts, entities conducting audits, controls, trainings and evaluations;
  • institutions, bodies and agencies of the European Union (EU), as well as other entities to which the EU has entrusted the performance of tasks related to the implementation of OP I&E 2014-2020;
  • entities providing the Minister with services related to the operation and development of IT systems and ensuring communication, in particular IT solutions providers and telecommunication operators.

VI. Rights of data subjects

Persons whose data are processed in connection with the implementation of OP I&E 2014-2020 have the following rights:

  1. to access their personal data and to receive a copy of the data (Article 15 of the GDPR) and the right to rectify the data (Article 16 of the GDPR) – Upon exercising this right, the data subject may ask the Minister, among others, whether the Minister processes his or her personal data, what personal data are processed by the Minister, and where the Minister has obtained them from, what is the purpose of the processing and its legal ground, and for how long the data will be processed. If the processed data prove to be outdated, the data subject may apply to the Minister with a request to update them,
  2. the right to have their data erased (Article 17 of the GDPR) – if the circumstances referred to in Article 17(3) of the GDPR did not occur,
  3. the right to demand that the controller restrict the processing of the data subject’s data (Article 18 of the GDPR) – Restriction of personal data processing causes that the Minister may only store personal data. The Minister may not transfer such data to other entities, modify or delete them. Restricting the processing of personal data is temporary and lasts until the Minister performs the assessment whether the personal data are accurate, processed in accordance with the law and necessary to achieve the purpose of processing.
  4. the right to lodge a complaint with the President of the Personal Data Protection Office (Article 77 of the GDPR),
  5. the right to data portability, includingthe right to receive their personal data in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Article 21 of the GDPR), where the processing both is based on a contract (is necessary to sign or to carry out a contract to which the data subject is party, according to Article 6(1)(b) of the GDPR) and is carried out by automated means (an outline is enough to save the data on the storage device),
  6. the right to object to processing of personal data (Article 21 of the GDPR) – if the ground for the processing is the performance of public tasks of the controller (Article 6(1)(e) of the GDPR).

Filing an objection causes that the Minister will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The data are not subject to the process of automated individual decision-making, including profiling.

Tags:
0Likes
About Author

You May Also Like

CONSULTANCY, GDPR, GENERAL DATA PROTECTION REGULATION, Regulation, TMSA 3

Cyber security regulations will have teeth maritime GDPR TMSA Cyber Security

August 28, 2018
GDPR

Hungarian government overwrites the GDPR in its COVID-19 state-of-emergency decree

May 15, 2020