RULES FOR ADDING NOTICES (CALLS FOR PAPERS AND CALLS FOR APPLICATIONS) TO THE ON-LINE BASE OF THE INSTITUTE OF THE EUROPEAN NETWORK REMEMBRANCE AND SOLIDARITY
(hereinafter the ‘Rules’)
Article 1
PROVISIONS CONCERNING SERVICE PROVISION BY ELECTRONIC MEANS
1. The service of adding notices (calls for papers and calls for applications) to the online base of the Institute of the European Network Remembrance and Solidarity (‘online base’) shall be provided by the state cultural institution Institute of the European Network Remembrance and Solidarity seated in Warsaw at ul. Zielna 37, 00-108 Warsaw, acting on the basis of an entry into the register of cultural institutions kept by the Minister of Culture and National Heritage under the number of RIK 90/2015, holding the unique taxpayer’s NIP number 701-045-62-60 (‘IENRS’) in compliance with these Rules.
2. Notices added must concern open calls for projects or events of academic or educational nature such as, yet not exclusively, conferences, workshops and summer schools the subject of which pertains to 20th-century European history and remembrance/memory studies.
3. Notices may be added by entities in charge of organisation or promotion of a given project or event (‘User’).
4. The notice addition shall be effected by accepting these Rules (for this to be done, it is necessary to click on the activation link sent to the User’s email address provided by the User in the notice addition form available at enrs.eu/cfp-form (‘Form’)), submitting in the Form the notice contents and email address used by the User and clicking on the ‘Send’ button. If so desired, the User may also submit additional data, including personal data foreseen by the Form, in order to include them in the notice, subject to the User’s obligation to meet all regulatory requirements related to such submission.
5. Notice addition requires a computer with internet access, a web browser and a correctly configured electronic mail service.
6. Notice addition shall be free of charge. The IENRS reserves the right not to add a notice should it be found inconsistent with its mission or scope of activity.
7. The notice shall feature in the online base until the call related to a given project or event has been closed or the IENRS has decided that it be removed.
8. In the period from the addition of the notice to the online base until the closing of the call and the notice removal from the base, the User may at any time make changes in the notice or withdraw it from the online base, by sending a relevant message to: office@enrs.eu.
9. The IENRS reserve the right to amend these Rules should situations not regulated herein take place or when required by generally applicable legislation.
10. Complaints related to the service of adding notices to the online base can be made by email to: office@enrs.eu.
11. We suggest that complaint notifications include in particular: a description of the matter to which the complaint is related, the email address submitted during notice addition as well as the email address or postal address where the response to the complaint should be sent, if the User wishes to receive it by post or email at the address different than that submitted when completing the Form, as well as the method of notification as to outcome of the complaint handling process preferred by the User.
12. Complaints shall be handled and the response as to the outcome shall be given without delay, not later than within fourteen days from the date of complaint submission.
13. The User shall be notified of the outcome of the complaint handling process using the data indicated in the complaint notification. The recommendations concerning complaint submission presented above are merely an example which the User does not need to follow. Should the complaint submitted be incomplete, the IENRS shall ask the User to supplement it using the address data indicated in the complaint notification.
14. The online base is available at the following address: enrs.eu/cfp-database
15. These Rules are available at the following address: enrs.eu/rules-cfp-database
Article 2
PROVISIONS CONCERNING PERSONAL DATA PROCESSING AGREEMENT
Article 2.1.
Submitting Data for Processing
1. The User (‘Controller’) submits to the IENRS (‘Processor’), pursuant to Article 28(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 2016 No 119), hereinafter the ‘Regulation’ or the ‘GDPR’ the personal data submitted by the User in the Form (‘Personal Data’) for processing, under the principles and for the purpose specified in these Rules.
2. The Processor accepts the submission of the Personal Data for processing.
3. The Processor declares and represents to use safeguarding measures meeting the requirements of the Regulation.
4. The Processor undertakes to process the Personal Data submitted to it in compliance with legislation in force and this Agreement, exclusively for the purpose of performing tasks stemming from Article 1 of these Rules, i.e. in order to place notices in the online base, amend and remove them, as well as performing all activities required for the Processor’s exercise of the rights and obligations related to these Rules.
5. The type of Personal Data submitted for processing: given name and surname, email address, post occupied, academic title.
6. Duration of the processing of the Personal Data: until the notice removal from the online base.
7. Categories of persons whose data will be processed: contact persons for events included in the notices, persons participating in the events announced.
8. The Processor shall process the Personal Data exclusively on the Controller’s documented instruction, which shall also apply to the transfer of the Personal Data to a third country or an international organisation, unless the Processor is subject to such obligation under EU law or the law of a Member State applicable to the Processor; if that is the case, prior to commencing the processing, the Processor shall notify the Controller of that legal obligation provided that legislation does not prohibit the provision of such information because of a vital public interest. The Controller’s instruction shall be documented by the completing and sending of the Form to the Controller.
9. The Processor shall notify the Controller without delay, should it find that the instruction issued to it breaches the provisions of the Regulation or other provisions of generally applicable legislation.
Article 2.2.
Performance of the Data Processing Agreement
1. While processing the Personal Data, the Processor shall undertake to protect them by using appropriate technical and organisational measures that guarantee a level of security appropriate to the risk related to Personal Data processing in compliance with Article 32 of the Regulation.
2. The Controller agrees to entrusting the activity of the processing of the Personal Data processed under these Rules by the Processor to third parties (‘Subprocessor’).
3. The Subprocessors to which the Processor may entrust the Personal Data processing shall be the following entities: Marcin Kamiński rzeczyobrazkowe.pl, Greenin Sp. z o.o., nazwa.pl sp. Z o.o. and ADMIN.NET.PL Tomasz Rzepka Arkadiusz Nowara S.C.
4. The Processor shall notify the Controller of all intentional changes in terms of adding or replacing a Subprocessor. The Controller has three days to oppose such changes.
5. If to perform on behalf of the Controller specific processing activities the Processor uses services of another processing entity, the same data protection obligations shall be binding for that other processing entity – by virtue of the Agreement – as in the Rules between the Controller and the Processor, referred to in Article 2 of the Rules or Article 28(3) of the GDPR, in particular the obligation to ensure sufficient guarantees of implementing appropriate technical and organisational measures so that the processing meets the requirements of the GDPR. Should that other processing entity fail to meet its data protection obligations, the entire liability towards the Controller for the meeting of that other processing entity’s obligations shall be carried by the original Processor.
6. The Processor shall undertake to issue personal data processing authorisation (‘Data Processing Authorisation’) to all its staff, i.e. employees in the meaning of the Labour Code, apprentices, interns, as well as collaborators employed under civil law contracts and natural persons active as single-person economic operators performing tasks for the Controller, (hereinafter collectively referred to as the ‘Staff’) who will process the data entrusted in order to perform this Agreement (‘Authorised Staff’).
7. The Processor shall undertake that each member of the Authorised Staff with access to the Personal Data will process them solely on the Controller’s instruction, unless required to do so under EU law or the law of a Member State.
8. Transferring the entrusted data to a third country may take place exclusively on the Data Controller’s written instruction unless such obligation is placed upon the Processor by EU law or the law of a Member State applicable to the Processor. In the latter case, before commencing the processing the Processor shall notify the Controller of that legal obligation provided that legislation does not prohibit the provision of such information because of a vital public interest.
9. After the termination of the provision of services related to Personal Data processing foreseen by this Agreement, the Processor shall remove all Personal Data and all its existing copies.
10. Given the nature of Personal Data processing, the Processor shall undertake to support the Controller in ensuring appropriate technical and organisational measures, and, as much as possible, to assist the Controller in the performance of the Controller’s obligations related to responding to requests of data subjects foreseen in Chapter III of the Regulation.
11. The Processor shall undertake, given the nature of the processing and the information available to it, assist the Controller in meeting the requirement laid down in Articles 32-36 of the Regulation.
Article 2.3.
The Controller’s Control Right
1. Upon the Controller’s request, the Processor shall make available, at dates agreed by the Parties, all information needed to confirm that the obligations foreseen in Article 28 of the Regulation have been met.
2. The Controller shall enjoy the right to verify whether the measures applied by the Processor are consistent with the provisions of the Agreement and the Regulation.
3. The Controller or a third party indicated by the Controller and accepted by the Processor (bound to retain confidentiality) shall be entitled to control the Processor within a deadline agreed between the Parties, by means of audits and inspections. The Processor’s audits shall be performed once a year, unless the need for an audit stems from obligations imposed by a supervisory body.
Article 2.4.
The Processor’s Liability
1. The Processor shall be liable for making available or use of the entrusted Personal Data non-conforming to the Rules.
2. Pursuant to Article 30(2) of the GDPR, the Processor shall be obliged to maintain a record of categories of processing activities carried out on behalf of the Controller.
3. The Processor shall undertake to transmit to the Controller within forty-eight hours information concerning each case of its own or its Staff’s security breach regarding the Personal Data, imposing on the Controller the obligation of reporting it to a supervisory body.
4. The Processor shall undertake to notify the Controller of any activities related to Personal Data covered by the Rules performed by the President of the Office for Personal Data Protection (Polish abbreviation: PUODO), state authorities, the police or courts, unless an explicit legal provision prohibits it.
5. In the case of the circumstances referred to in paragraphs 1-4 of Article 2.5., the Processor shall be obliged to take all necessary steps in order to redress the infringement of the security of the Personal Data entrusted to it as well as to minimise its possible negative consequences.
Article 2.5.
Confidentiality
1. The Parties shall be bound to keep confidential all information, materials, documents and Personal Data as well as other data concerning the Rules, both those obtained intentionally and by chance, in any form, including written, oral or electronic (‘Confidential Data’).
2. The Parties declare and represent that according to the confidentiality clause the Confidential Data shall not be used, made available or revealed for a purpose other than the performance of the Rules, without written consent of the other party, unless the legislation or the Rules provide otherwise.
3. The Processor declares and represents that it will make all the Authorised Staff who under these Rules participate in the processing of the Personal Data entrusted to it bound to keep all the data and information received confidential.
4. The Parties declare and represent that they will make all efforts in order to ensure that the means of communication used for receiving, processing and keeping the Personal Data guarantee the security of such data against access of third parties.
5. Pursuant to Article 28(3)(b) of the Regulation, the Processor shall ensure that persons authorised to process the Personal Data undertake to retain confidentiality or be subject to a relevant statutory obligation to retain confidentiality.
Article 3
Validity of the Provisions of Article 2 of the Rules
The Agreement related to the Controller’s submission of Personal Data to be processed by the Processor included in Article 2 of these Rules shall be binding for each User separately, for the period from the acceptance of these Rules by a given User until the removal of its notice from the online base.
Article 4
Any changes to these Rules shall be announced on the following website: enrs.eu/rules-cfp-database and shall take effect upon such announcement.