SJSI

RSS
Dane kontaktowe:
e-mail: kontakt@sjsi.org

Polityka Prywatności EN

WSTECZ

PL: https://sjsi.org/polityka-prywatnosci/

PRIVACY POLICY

The Stowarzyszenie Jakości Systemów Informatycznych, hereinafter referred to as „SJSI”, takes every care to adequately protect the personal data of persons who are (i) employees of SJSI, (ii) associates and contractors of SJSI, (iii) business partners of SJSI, (iv) members of SJSI, (v) exam participants, (vi) customers of the Shop, (vii) website users:

  1. https://sjsi.org/ hereinafter referred to as the „Website”,
  2. https://exam-rejestracja.sjsi.org, hereinafter referred to as the „Registration Service”,
  3. https://exam-platforma.sjsi.org, hereinafter referred to as the „Examination Service”,
  4. https://sklep.sjsi.org/ hereinafter referred to as the „Shop”,
  5. https://konferencje.sjsi.org/ hereinafter referred to as the „Conference Service”.

SJSI regularly trains its staff in data protection and also conducts periodic audits related to ensuring the security of personal data processing.

SJSI takes care of the security of personal data by protecting it from unauthorised access and ensuring that rights under:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, (hereinafter „RODO”),
  • Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204 as amended),
  • Act of 10 May 2018 on the protection of personal data (Journal of Laws No. 2018 item 1000 as amended).

Who is the Administrator of personal data?

The administrator of the personal data of the persons indicated in the first paragraph of this document is Stowarzyszenie Jakości Systemów Informatycznych with its registered office in Warsaw (00-680) at ul. Poznańska 16 lok. 4, entered in the register of entrepreneurs and in the register of associations, other social and professional organisations, foundations and public health care institutions kept by the District Court for the capital city of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000175199, with NIP number: 5272426649 and REGON number: 015596805.

How can I contact the Administrator?

In matters concerning the processing of personal data by the Administrator, please contact us in writing, directing your correspondence to the address of our office in Wrocław, located at ul. Kazimierza Wielkiego 1, 50-077 Wrocław.

It is also possible to contact via e-mail, in which case messages should be sent to: rodo@sjsi.org 

What is the legal basis and purposes for processing personal data?

Depending on the content of the legal relationship between the data subject and the Administrator, the legal basis for the processing of personal data may be:

  • Article 6(1)(b) of the RODO – in connection with the performance of a concluded contract or for the purpose of taking steps to conclude a contract,
  • Article 6(1)(c ) RODO – in connection with the Administrator’s performance of its legal obligations, in particular obligations under data protection legislation, labour law, tax legislation, etc.
  • Art.6(1)(f) RODO (legitimate interest of the Administrator) – to ensure the functioning of all processes related to the Administrator’s statutory and business activities, including ensuring the operation of the SJSI bodies, the convening of meetings of these bodies, the defence against claims and the assertion of claims to which the Administrator is entitled. 
  • Art.6(1)(a) RODO – consent of the data subject, if the use of personal data is not necessary for the performance of a contract, performance of a legal obligation or does not constitute a legitimate interest of the Administrator, the Administrator may ask for consent for certain uses of personal data. 

SJSI processes personal data in order to:

  • implementation of examinations for software testers and business analysts, including handling the exam, issuing certificates, making settlements, etc,
  • the conclusion and execution of employment contracts and civil law contracts,
  • conducting accreditation processes for trainers, training providers and training material developers, 
  • the fulfilment of SJSI’s legitimate purposes as Administrator, as well as the fulfilment of SJSI’s legal obligations in connection with SJSI’s functioning as a registered association.

This document is general in nature and its purpose is to explain how the Administrator collects, processes and protects your personal data. Detailed information on the processing of personal data is set out in the so-called information obligations, which have been developed for the following data subjects:

  • Information obligation for contributors, contractors, contractors entering into any type of contract with the Administrator;
  • Information obligation for SJSI employees and those involved in the recruitment process;
  • Information obligation for SJSI Members or applicants for membership;
  • Information obligation for those participating in examinations organised by the Administrator.
  • Information obligation for customers of the Shop.

What rights do you have in relation to the processing of your personal data?

Every person has the right to:

  • access to the content of your personal data and receive a copy of your data,
  • rectification (correction) of personal data, 
  • deletion of personal data,
  • restriction of the processing of personal data,
  • the transfer of personal data if the data is processed on the basis of a contract or consent. SJSI will transfer the data to the data subject on the appropriate medium or send the data to the designated data subject,
  • to object to the processing of personal data,
  • revoke at any time your consent to the processing of your data (without affecting the lawfulness of the processing carried out on the basis of your consent before revocation),
  • The data subject has the right to lodge a complaint with the President of the Data Protection Authority.

Processing of special categories of personal data

As a general rule, SJSI does not process special category personal data.  In justified cases, described in detail in the Regulations for the provision of electronic services, SJSI may, with the consent of the data subject, process personal data of special categories, i.e. data concerning the health status of exam participants in order to provide exam participants with their entitlements due to disability or dyslexia.

To whom does the Administrator transfer personal data?

The Administrator, in order to duly exercise its rights or to fulfil its obligations, in particular its contractual obligations, may communicate personal data to the following recipients or categories of recipients:

  • to service providers providing services to the Administrator, with each time in the contract concluded with such a service provider the Administrator shall impose on the service provider the obligation of confidentiality, as well as the obligation to comply with personal data protection regulations and conclude a personal data processing entrustment agreement,
  • to entities entitled to obtain personal data on the basis of legal provisions (police, public prosecutor’s office, authorities, etc.).

Transfer of personal data to third countries

The Administrator does not intend to transfer personal data outside the European Economic Area. In the event of the need to transfer personal data to third countries, i.e. recipients located outside the European Economic Area or in countries which, according to the European Commission, do not provide sufficient data protection, the Administrator transfers the data using mechanisms in accordance with applicable law, which include, inter alia, the „Standard Contractual Clauses” approved by the European Commission.

How long do we keep personal data?

The Administrator shall make every effort to ensure that personal data are processed adequately and for as long as necessary for the purposes for which they were collected. With this in mind, the Administrator shall keep personal data for no longer than necessary to achieve the purposes for which the data were collected or, if necessary, to comply with applicable law, in particular the period for the performance of the contract and the period of limitation of claims.

Automated decision-making

The Administrator does not carry out automated decision-making, including profiling, based on the personal data provided.

Cookies

The Website, the Registration Service, the Examination Service, the Shop, and the Conference Service use so-called „cookies” in their functionalities. Cookies are text information sent by our server and stored on the terminal device on which an Internet user accesses the Website, the Registration Service, the Examination Service, the Shop or the Conference Service. The use of cookies allows you to leave selected information about the website in your web browser.

In terms of how long cookies are used, we can divide them into two types: session cookies and permanent (periodic) cookies. Session cookies are temporary cookies stored on the user’s terminal equipment only while they are on the website. Permanent (periodic) cookies are cookies stored on the user’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted from the user’s device.

In technical terms, we can divide cookies into (i) functional (necessary for the proper functioning of the respective website), (ii) marketing, (iii) statistical.

Below is a list of all the cookies used:

Website:

Name of cookiesPeriod storageDescriptionCategory
hu_consentaccording to user’s choice: 1 month or 3 months or 1 yearSaves your cookie choices/optionsFunctional
_fpb3 monthsIt is used to store and track visits to various websites.Marketing
_ga2 yearsIt is used to store and count page views.Statistical
_ga_2XXPEDB93C2 yearsUsed to store session status.Statistical

Registration Service:

Name of cookiesStorage periodDescriptionCategory 
language-cookie1 yearIt is used to remember which interface language has been selected.Functional
antiforgery-cookiesessionIt is used to prevent XSRF/CSRF attacks in ASP.NET MVC and Web Pages patterns.Functional
_grecaptcha6 monthsIt serves to provide protection against spam.Functional
_ga2 yearsIt is used to store and count page views.Statistics
_ga_2XXPEDB93C2 yearsUsed to store session status.Statistics
datasessionIt is used to store temporary data until the website is refreshed.Functional

Examination Service:

Name of cookiesPeriod storageDescriptionCategory
ai_session1 hourA cookie used by the MS Insights application to measure site telematics.Statistical
ai_user1 yearA cookie used by the MS Insights application to measure site telematics.Functional

Shop:

Name of cookiesPeriod storageDescriptionCategory
hu_consentaccording to user’s choice: 1 month or 3 months or 1 yearSaves your cookie choices/optionsFunctional
woocommerce_*sessionIt serves the functional part of the shop.Functional

If the user of the Website, the Registration Service, the Examination Service, the Shop or the Conference Service does not agree to receive cookies, please change the settings of your Internet browser. Internet browsers allow you to block cookies. The procedure for changing browser settings should be placed on the website of the manufacturer of the installed browser used by the Internet user.

Deleting, blocking, or restricting the receipt of cookies may interfere with the use of the Website, the Registration Service, the Examination Service, the Shop, and the Conference Service, and in some cases may even prevent you from using them altogether.

You are also informed that it is possible to change your cookie preferences at any time and that cookies can be deleted at any time from the device used to view the Website, the Registration Service, the Examination Service, the Shop or the Conference Service.

rCaptcha

For security purposes, the Conference Service uses the hCaptcha service. The hCaptcha service helps to protect the Conference Service from abuse and spam. The hCaptcha service is used to verify that activities on the Conference Service meet our security requirements. The use of hCaptha is intended, among other things, to determine whether data entered on the Conference Service has been entered by a human or by a so-called bot. The basis for the use of hCaptcha is the legitimate interest of the Administrator arising from (Article 6(1)(f) of the RODO), in this case the legitimate interest is to prevent abuse resulting from improper, unauthorized use of the Conference Service.