Controller – Head of the Office for Foreigners, who alone or jointly with other entities determines the purposes and means of processing Personal Data.
Personal Data – means any information about an identified or identifiable natural person; an identifia-ble natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, nationality, gender, date of birth, telephone number, login, identification num-ber, location data, on-line identifier, information collected through cookies and other similar technolo-gies or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. The MOS processes Personal Data of Users and persons for whom Users undertake certain activities at the MOS.
Account – a collection of resources in which the User’s data marked with a unique name (login) and information about their activities within the MOS are stored.
MOS – the portal run by the Head of the Office for Foreigners, available at https://mos.cudzoziemcy.gov.pl, designed for submitting applications on matters of residence in the territory of the Republic of Poland and providing necessary knowledge on migration procedures.
Recipient – a natural or legal person, public authority, body or other entity to whom Personal Data is disclosed, whether or not they are a third party. Public authorities which may receive Personal Data in the context of a specific proceeding in accordance with the EU or Member State law are not considered Recipients; the processing of such data by these public authorities must comply with the data protection legislation applicable according to the purposes of the processing.
Processing Entity – a natural or legal person, public authority, entity or other body that processes Per-sonal Data on behalf of the Controller.
Terms and Conditions – the document setting out in particular the rules for the use of the Case Handling Module (MOS) portal and the responsibilities of the Users.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
The purpose of the Policy is to set out the steps taken by the Controller to protect Personal Data processed through the MOS. In particular, the Policy sets out the scope and legal basis for the processing of Personal Data that is collected by the Controller in connection with the Users’ use of the MOS.
The Controller obtains Personal Data from the User when the User registers an Account in the MOS, in connection with the User’s activities on the MOS and in connection with updates to Personal Data made through the Account.
III. SCOPE OF PERSONAL DATA PROCESSED BY THE CONTROLLER
When registering (creating an Account), it is mandatory to provide the following Personal Data:
name and surname,
date of birth,
Failure to provide the information indicated above will prevent registration in the MOS, as it is necessary for submitting an application through the MOS.
When registering, you can voluntarily provide a mailing address.
The User’s Account will be activated by means of an activation link sent to the e-mail address provided during registration. An Account that is not activated within the validity period of the activation link (10 minutes after receipt) will be automatically deleted.
IV. PURPOSE, BASIS AND DURATION OF THE PROCESSING OF PERSONAL DATA
The data processed through the MOS will be used by the Head of the Office for Foreigners to perform the statutory tasks set out, inter alia, in the Act of 12 December 2013 on foreigners and the Act of 13 June 2003 on granting protection to foreigners within the territory of the Republic of Poland, in particular with regard to filling out on-line application forms in cases of granting a foreigner a temporary residence permit and a permanent residence permit on the territory of the Republic of Poland. In addition, the MOS allows for the creation of Accounts for minors, which are subsequently operated by their legal guardians.
During the use of the Account, the Personal Data will be processed in order to fulfil the Controller’s legal obligation under the aforementioned Acts and to perform tasks carried out within the scope of public authority entrusted to the Controller (Art. 6(1)(c) and (e), Art. 9(2)(g) of the GDPR).
Personal data may also be processed through the MOS for analytical and statistical purposes on the basis of Article 6(1)(a) of the GDPR. For this purpose, the Controller will collect information such as data from cookies, browser information or IP addresses. If the information is necessary for the proper operation of the MOS, it is processed on the basis of Article 6(1)(f) of the GDPR.
The Controller may process Personal Data in connection with the right to assert or defend against claims under Article 6(1)(f) of the GDPR. For this purpose, the Controller may process the Personal Data until the expiry of the limitation period in accordance with the applicable legislation.
V. PERIOD OF STORAGE OF PERSONAL DATA IN THE MOS
Personal Data will be processed in the MOS until the Account is deleted by the User or due to the User’s inactivity in the Account.
VI. IP ADDRESS, COOKIES
Cookies are computer data, in particular text files, stored on Users’ terminal equipment (e.g. computer, phone, tablet), transmitted by websites. These files allow the website to recognise the User’s device, so that the website is tailored to the User’s individual preferences, is displayed in the User’s language as remembered by these cookies and uses other website settings chosen by the User. Cookie files usually contain the name of the website from which they originate, their storage time on the end user device, as well as a unique number.
Cookie files are also used to create anonymous, aggregated statistics that help the Administrator understand how a User uses the MOS. Cookie files also help to ensure that the MOS is refined and running smoothly, including performance testing.
There is a detailed breakdown of cookies:
1. Based on the necessity for the provision of the service:
a) indispensable – they are absolutely necessary for the proper functioning of the MOS or the functionality the User wishes to use;
(b) functional – they are important for the operation of the MOS because:
– they serve to enrich the functionality of the MOS; without them, the portal will work correctly, but will not be adapted to the User’s preferences,
– they serve to ensure a high level of functionality of the MOS; without them, the level of functionality of the portal may decrease, but their absence should not prevent the portal from being used altogether,
– they serve the majority of the MOS functionality; blocking them will result in selected functions not working properly;
2. Based on the length of time cookies will be placed on the User’s terminal device:
a) session cookies – cookie files placed for the duration of the browser use (session), and are deleted when the browser is closed or the User logs out of the MOS;
b) permanent – they are not deleted when the browser is closed and remain on the User’s device for the time specified in the cookie parameters or until they are manually deleted by the User.
3. Based on the purpose they serve:
a) configuration of the MOS – they allow the setting up of functions and services on the portal;
b) security and reliability of the MOS – they enable the verification of authenticity and optimising portal performance;
c) authentication – they allow information to be provided when the User is logged in so that the MOS can show the relevant information and functions;
d) session status – they allow for the recording of information about how Users use the MOS, to help improve the services available on the portal and enhance the browsing experience;
e) processes – they enable the smooth operation of the MOS and the functions available on it.
In principle, cookies do not constitute Personal Data. However, certain information stored in cookies (e.g. as to your preferences), especially when combined with other information about you, may be treated as Personal Data. Personal data collected using cookies may only be processed for the purpose of performing the specified functions described above on behalf of the User.
By default, the browsing software allows cookies to be placed on the user’s terminal device. In particular, these settings can be changed in such a way that the automatic support for cookies will be blocked in the browser settings or the information on their use on the device of the User will be displayed every time. It is possible to change the browser settings individually for each browser.
VII. USERS’ RIGHTS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND THEIR EXERCISE
Users have the following rights arising from the Controller’s processing of their Personal Data.
The right to access Personal Data and obtain a copy thereof.
The right to rectify Personal Data where the Personal Data is incorrect or incomplete.
The right to request the Personal Data to be deleted.
The right to restrict the processing of Personal Data.
The right to transfer Personal Data in the scope of Personal Data processed by automated means on the basis of consent.
The right to object against the processing of Personal Data.
The right to withdraw consent to the processing of Personal Data without affecting the lawfulness of the processing of such data prior to this withdrawal.
Notwithstanding the above, the User has the right to lodge a complaint in relation to the processing of Personal Data by the Administrator to the supervisory authority, which is the President of the Office for Personal Data Protection (address: ul. Stawki 2, 00-193 Warsaw).
VIII. RECIPIENTS OF PERSONAL DATA AND OTHER ENTITIES TO WHOM THE CONTROLLER MAY DISCLOSE PERSONAL DATA
The Controller may transfer Personal Data to Entities providing IT, postal, consultancy, legal services to the Controller. Notwithstanding the above, the Controller may transfer Personal Data to public authorities and other public entities in connection with the performance of their statutory tasks. These entities may then become separate controllers of the Personal Data. Personal Data processed in the MOS is not transferred outside the European Economic Area.
IX. AMENDMENT OF THE PROVISIONS
The Policy may be amended when it becomes necessary, of which Users will be notified by an appropriate announcement available on the MOS. The User will have the opportunity to indicate that they have consulted the amendments.
X. CONTACT DETAILS
Information on the processing of Personal Data in the MOS can be obtained by contacting the Data Protection Officer appointed by the Controller, in writing to the address of the Controller (correspondence address: ul. Taborowa 33, 02-699 Warsaw) or by e-mail at: firstname.lastname@example.org.