Privacy Policy


The University of Warsaw respects the privacy of users visiting websites at the * domain. To provide services at the possibly-highest level, we use cookies. Using our website means that they (cookies) are downloaded on your device. You may change your browser settings at any time.

Cookies used by
  1. Performance – collecting information on how visitors use the site;
  2. Functionality – saving user’s settings, e.g., languages, consents, etc., such as:

Third-party websites to which the website might direct to may use, also, cookies other than those listed above. The website shall not be held responsible for the privacy practices of said websites. We kindly ask to get acquainted with the privacy policy established therein after going to other websites.

Having changed cookie settings may affect some of the functionalities available on websites in the domain.

Data collection

The website retains HTTP queries directed to our server. URLs identify resources. The following information is stored in the web server log files:

  • the public IP address of the computer from which the request has been made,
  • number of bytes sent by the server,
  • information about the user’s browser,
  • information about the time when data from the server has been sent.

This information does not contain data on the identity of users; however, in conjunction with other information, may constitute personal data and, therefore, the administrator shall provide it with full protection under the provisions governing personal data protection.

Use of data

Collected logs are stored for an indefinite period as an auxiliary material used for administering the site. Information contained therein is not disclosed to anyone except for persons authorised to administer the website. Based on log files, statistics helpful in administration-related purposes may be generated.

Information on personal data processing

Data controller

The data controller of your processed data is the University of Warsaw, 26/28 Street Krakowskie Przedmieście, 00-927 Warsaw.

You may contact the Controller:

  • by mail: University of Warsaw, 26/28 Street Krakowskie Przedmieście, 00-927 Warsaw (one shall indicate the organisational unit to which correspondence is addressed);
  • by phone: 22 55 20 000.

Data Protection Officer

The Controller has appointed a Data Protection Officer whom you may contact via e-mail at

The DPO may be contacted in each and every matter regarding the processing of your personal data by the University of Warsaw, as well as your exercise of rights related to personal data processing.

Purposes and legal bases of the processing

We will process your personal data for purposes as follows:

  • Conducting communication with you via e-mail or telephone, if you have initiated such communication – art. 6 par. 1(c) of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC – General Data Protection Regulation, Official Journal of the EU L 119 of 04./05/2016, page 1, as amended). The processing is deemed necessary to fulfil the legal obligation incumbent on the Controller (the legal obligation, in particular, gives rise from, either, the Act of July 20, 2018 – Law on Higher Education and Science; the Act of July 16, 2016 – Telecommunications Law, the Act of February 17, 2005, on the computerisation of the activities of entities performing public tasks);
  • Improving the quality of services; the Controller processes statistical information regarding the use of the website – art. 6 par. 1(f) of the GDPR (the legitimate interest of the Controller consisting in facilitating the use of the site, improving both the quality and functionality of the services rendered);
  • Sending the newsletter – art. 6 par. 1(a) of the GDPR (based on the consent of the data subject);
  • Joining the media mailing list – art. 6 par. 1(a) of the GDPR (based on the consent of the data subject);

You may withdraw your consent to personal data processing at any time through sending an e-mail at

We want to remind you, simultaneously, that your withdrawal of consent does not affect the lawfulness of the processing which has been carried out based on your consent before its withdrawal.

We may also process your personal data to perform a task in the public interest (Art. 6 par. 1(e) of the GDPR), as well as in justified cases we will process your personal data for purposes resulting from legitimate interests pursued by the Controller (Art. 6 par. 1(f) of the GDPR).

Personal data recipients

Access to your personal data will be granted to both authorised employees and associates of the University of Warsaw who must process your data as regards the task being carried out.

Recipients of data may also be entities whom the Controller will instruct the performance of certain activities, which involves the need to process personal data.
In order to ensure proper protection of personal data, a contract on entrusting personal data processing has been signed with these recipients.

Personal data retention period

We will process your personal data until the purpose for which the data has been collected is satisfied, and subsequently, in cases which require it for the period indicated in the Act of July 14, 1983, on the national archival resource and archives (Journal of Laws of 2018 item 217, as amended), as well as in the provisions of the Telecommunications Law.

Rights related to data processing

We guarantee you the exercise any and all of your rights on the terms laid down by the GDPR, i.e., the right to:

  • access to data and receive a copy thereof;
  • rectify (correct) your personal data;
  • limit personal data processing;
  • delete personal data (subject to Art. 17 par. 3 of the GDPR);
  • lodge a complaint with the President of the Office for Data Protection, if you believe that personal data processing violates the law on the protection of personal data.

Obligation to provide data and the consequence of failure to provide thereof

Providing data which is under processing in connection with the satisfaction of a legal obligation is deemed mandatory; in the case of data processing based on consent to the processing of personal data, providing data is voluntary. Failure to provide data may, either, impede or prevent the achievement of the objectives indicated hereinabove.

The privacy policy may be supplemented or updated following the current needs of the Controller in order to provide up-to-date and reliable information to users regarding their personal data and information thereon. Any and all amendments the privacy policy are made on this website.