Privacy Policy

The privacy policy explains who we are, for what purposes we process your personal data, how we process it, and to whom we may entrust or disclose it. It also informs you of your rights regarding the processing of your personal data.

In our commitment to respecting your privacy, we ensure that your data is protected against loss, destruction, disclosure, unauthorized access, or improper use.

The legal act regulating the processing of personal data is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

Personal Data Administrator

The administrator of your personal data will be the Director of the Government Security Centre (RCB) with headquarters in Warsaw, Al. Ujazdowskie 5, postal code: 00-583.

RCB is a state organizational unit performing tasks based on the Act of 26 April 2007 on crisis management (Journal of Laws of 2022, item 261).

You can contact the Administrator:

  • in writing to the RCB headquarters address,
  • through the e-PUAP electronic delivery box: /RCB/skrytka,
  • via email, telephone, or fax – contact details available on the website: https://www.gov.pl/web/rcb/dane-kontaktowe

Data Protection Officer

The Data Protection Officer (DPO) at RCB is Jan Teleon. You can contact him through the RCB electronic delivery box or by email at: iod@rcb.gov.pl

Purposes and Legal Basis of Processing

We will process your personal data:

  • in connection with the fulfillment of a legal obligation incumbent on the administrator (Article 6(1)(c) of the GDPR),
  • in the performance of tasks carried out in the public interest or in the exercise of public authority entrusted to the Administrator (Article 6(1)(e) of the GDPR),
  • in the performance of a contract in which you may be a party or in taking action at your request before entering into a contract (Article 6(1)(b) of the GDPR),
  • in the pursuit of legally justified interests pursued by the Administrator (Article 6(1)(f) of the GDPR),
  • with your consent to the processing of personal data expressed by you (Article 6(1)(a) of the GDPR).

Recipients of Personal Data

Recipients of your personal data may include:

  • public authorities and entities performing public tasks or acting on behalf of public authorities, within the scope and for the purposes specified by law,
  • other entities processing personal data based on agreements signed with RCB. This applies to data for which the Director of RCB is the Administrator.

A separate category of recipients who may be disclosed your data are entities authorized to handle deliveries and entities with which RCB has concluded an agreement for the provision of service support for the used teleinformation systems.

Data Retention Period

Your personal data will be processed for the period necessary to achieve the processing purposes. They will be stored for no less than the period specified in the archival regulations, i.e., the Act of 14 July 1983 on the National Archival Resources and Archives (Journal of Laws of 2020, item 164).

Rights of Data Subjects

In cases, on principles, and in the manner specified in the applicable regulations, in connection with the processing of your personal data, you have the following rights:

  • the right to access your data and obtain copies of them (Article 15 of the GDPR),
  • the right to rectify (correct) your data (Article 16 of the GDPR),
  • the right to erase personal data (Article 17 of the GDPR),
  • the right to restrict the processing of data (Article 18 of the GDPR),
  • the right to object (Article 21 of the GDPR),
  • the right to withdraw consent at any time, where your data is processed based on obtained consent, with the withdrawal not affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

Right to Lodge a Complaint with the Supervisory Authority

In the event of unlawful processing of your personal data at RCB, you have the right to lodge a complaint with the supervisory authority responsible for data protection matters, i.e., the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Information on the Voluntariness or Obligation to Provide Data

Providing data, subject to specific legal provisions, is voluntary but necessary to consider/resolve your request, especially under the relevant regulations.

The Administrator may ask you to provide additional data to authenticate your information to ensure that you are the person authorized to submit the application.

Other Information

For individual personal data processing processes at RCB, detailed information clauses have been prepared, which are available in the RCB websites’ tabs or are otherwise provided to individuals whose data is concerned.

Privacy policy in RCB websites

The principles of data processing on the https://www.gov.pl/web/rcb website are defined in our Privacy Policy:

Information clause regarding the processing of personal data on RCB social media.

Back to top