Politechnika Śląska | Personal data processing in projects

Annex 1 Information clause under Article 13 (for individuals signing the contract) - Silesian University of Technology is the administrator of personal data Download

Annex 2 Information clause pursuant to Article 14 (for persons designated in the contract for contact) - Silesian University of Technology is the administrator of personal data Download

Annex 3 Information clause under Article 13 (for persons signing the contract) - Silesian University of Technology is a joint controller of personal data Download

Annex 4 Information clause under Article 14 (for persons indicated in the contract for contact) - Silesian University of Technology is a joint administrator of personal data Download

Annex 5 Tables to be filled in by ERASMUS+ project managers Download

Annex 6 Template of consent for the use of the image of an adult Download

Processing of personal data in projects

COMMENTS RELATING TO ALL PROJECTS

DUTY OF INFORMATION

The Silesian University of Technology, being a leader or partner in the project, signs agreements with other institutions or organizations whose subject matter is to undertake actions aimed at granting the project or sharing the responsibilities resulting from the implementation of the project itself. When concluding such agreements, we obtain personal data of both the persons who sign such agreements, and very often we obtain personal data of persons who are indicated for contact in the implementation of the provisions of the agreement.

In this case, we are obliged to comply with the information obligation. general, information clauses from Article 13 (for persons signing the contract) - Annex 1 and Article 14 (for persons indicated in the contract for contact) - Annex 2 should be attached to such contracts.

For the most part of the projects, we are dealing with a RELATIONSHIP between institutions/organizations of the nature ADMINISTRATOR <=> ADMINISTRATOR, which results in the fact that each institution/organization separately processes personal data and bears responsibility for it in the scope of operations it performs on personal data.

If there is a relationship between the Silesian University of Technology and other partners in the project, in order to implement the information obligation, information clauses from Article 13 (for persons signing the contract) - Annex 3 and Article 14 (for persons indicated in the contract for contact) - Annex 4 should be attached to the contracts.

AUTHORIZATIONS TO PROCESS PERSONAL DATA

When the University starts the project, the project manager should check that all persons who carry out the project tasks and have access to personal data have a mandate to process personal data. If this person is an employee, he or she probably already has such an authorization, if he or she is a non-employee of the Silesian University of Technology, then most likely it will be necessary to issue such authorization.

The issue of issuing authorizations is regulated in detail in paragraph 6 in the Personal Data Protection Policy at the Silesian University of Technology – Ordinance No. 183/2024 of 11.10.2024.

INFORMATION OBLIGATION FOR NATURAL PERSONS PARTICIPATING
IN THE PROJECT

The implementation of the project may involve the acquisition of additional personal data (e.g. trainings for employees or students are conducted as part of the project). In this case, the information obligation must be fulfilled for these persons. It is difficult to introduce a formula that would be correct for any type of project. If the information clause is not included in the project documents and its content has not been explicitly indicated by the funding institution, it is recommended to contact the Data Protection Officer in order to develop the appropriate provisions.

COMMENTS ON ERASMUS+ PROJECTS

There is a slightly different rule for ERASMUS+ programme

SILESIAN UNIVERSITY OF TECHNOLOGY AS A PROCESSOR

Silesian University of Technology and other partners in the project are PROCESSORS toward the controller of personal data, which is the European Commission: Education, Youth Sport and Culture (EAC), and
therefore each of the institutions participating in the project is obliged
to keep appropriate documentation.
The project manager (at the Silesian University of Technology), before the start of the project implementation, is obliged to send to the Management Control and Security Office completed tables in a version allowing to copy the data to the central register. The table to be filled in is Appendix 5.

INFORMATION OBLIGATION FOR NATURAL PERSONS PARTICIPATING
IN THE PROJECT

Implementation of the Project, with a high probability, will involve the need to obtain personal data of beneficiaries. It is the responsibility of the University to fulfil the information obligation on behalf of the European Commission. The fulfilment of the aforementioned obligation may take place by sending a link to the following pages to the person whose data we process:

(a) if the project is financed through the National Agency
for the Erasmus+ Program

https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf

(b) in the case of projects managed by EACEA:

Privacy notice | Erasmus+ and European Solidarity Corps programs (europa.EU)

REPORTING

Project contracts also include a reporting obligation in the field of personal data protection. The final reports should address the following issues:

security of data processing,
confidentiality of data processing,
assistance to the data controller,
data retention,
contribution to audits, including inspections,
keeping a register of categories of processing activities carried out on behalf of the data controller.