Conference Management System Regulations

§ 1. General Provisions

• This regulation defines the rules for using the Conference Management System (hereinafter: CMS) operating within the IT infrastructure of the University.
• Using the CMS is equivalent to accepting all provisions of this regulation.

§ 2. Content Submission Rules

• The person submitting a conference to the system agrees that all content and graphics uploaded by them comply with applicable laws and internal regulations of the University.
• The conference organizing committee assumes full responsibility for the published content, its compliance with copyright law, and any potential infringement of third-party rights.
• Content published in the CMS must align with the University's mission, academic ethics, and must not contain discriminatory, offensive, vulgar, or defamatory content.

§ 3. Rules for Uploading Graphics and Image Distribution

• All graphics and images published in the system must comply with copyright laws. The person uploading graphics agrees to have the appropriate licenses or authorizations for their use.
• Publishing graphics or images depicting individuals requires explicit consent for the distribution of their image in accordance with applicable regulations.
• The University is not responsible for legal violations resulting from the unlawful use of graphics by system users.

§ 4. Personal Data Protection (GDPR)

• The processing of personal data is carried out in accordance with the applicable GDPR regulations and the privacy policy in force at the University.
• The conference organizing committee commits to ensuring the confidentiality and security of the participants' data, limiting access to the data solely to authorized individuals.
• Each individual whose data is processed has the right to access, correct, restrict processing, and request the deletion of their data in accordance with the University's privacy policy.

§ 5. Information Security Management System (ISMS)

• Users of the CMS commit to adhering to the security principles defined within the University's Information Security Management System.
• It is prohibited to engage in activities that could jeopardize the security of the CMS, including disclosing access credentials to unauthorized persons.
• Any observed security breaches should be immediately reported to the system administrator.

§ 6. Final Provisions

• The University reserves the right to refuse publication or remove content that violates this regulation, legal provisions, or the University's internal regulations.
• Any disputes arising from the use of the CMS will be resolved in accordance with the internal procedures in place at the University.
• This regulation is effective from the date of its publication in the system.

I consent to the processing of my personal data in the "Conference Service System" by the University of Siedlce, located at Konarskiego 2, 08-110 Siedlce, and I acknowledge that my personal data, including first name, last name, email address, date of joining, activity status, administrative permissions, phone number (optional), affiliation (optional, title/position, country, scientific discipline (optional), biography (optional), ORCID number (optional), profile pictures (optional, alternative text for images, privacy settings, search engine visibility, special needs (e.g., for catering, accommodation), etc., will be processed.

Additionally, consent is granted for:

I consent to my data regarding activity in the conference service system, such as logs, date and time, and actions.

I consent to the data related to conference participation registration, including the form of participation, membership role in the conference, title/position held in the conference, data related to panel registration, and panel submissions, etc.

I consent to the data related to the usage of the website and its use, payment data, including data required for issuing invoices, account number, payment status (paid/unpaid),

I consent to any data shared in the form of attached images, files, and texts.

I consent to data related to consents, the scope of consents, and dates.

I consent to the processing by the University of Siedlce of my image, name, and voice recorded in a video in connection with participation in conferences. In accordance with Article 81(1) of the Act of February 4, 1994, on Copyright and Related Rights (Journal of Laws 2018, item 1191, as amended) and Article 6(1)(a) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data and the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR) (EU Official Journal L 119, May 4, 2016, p. 1), I consent to the free, unlimited, time-unlimited, and territory-unlimited (particularly on the internet – on the administrator's website and YouTube channel, Facebook, etc.) distribution by the administrator of my image and voice contained in the video for the purpose of promoting the administrator's informational and educational activities.

I declare that I am aware that the provision of data is voluntary and that consent may be withdrawn at any time. I have read the information obligation, including information about the purpose and methods of processing personal data and my right to access the content of my data and the right to correct them.

INFORMATION OBLIGATION

Personal data of participants in the Conference Service System are protected in accordance with Articles 13 and 14 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons. In connection with the processing of personal data and the free movement of such data, and the repeal of Directive 95/46/EC (GDPR), we inform you that:

1. The Administrator of your personal data is the University of Siedlce, represented by the Rector, located at Konarskiego 2, 08-110 Siedlce; You can contact the Administrator by mail at the above address or by email: konferencje@uws.edu.pl.

2. The correctness of the processing of personal data is overseen by the Data Protection Officer, with whom you can contact by mail (DPO, Konarskiego 2, 08-110 Siedlce) or by email: iod@uws.edu.pl. The Data Protection Officer should be contacted only regarding matters related to the processing of your data by the University of Siedlce, including the exercise of your rights;

3. Your personal data are processed for the following purposes:

   • registration in the Conference Service System, submission of participation in the event, assignment to appropriate thematic panels, as well as purposes related to the organization and service of the conference participation process, processing of submissions, and conducting organizational correspondence, providing selected materials after the event – the legal basis for the processing of personal data is the performance of a contract, the subject of which is participation in the Conference Service System, pursuant to Article 6(1)(b) GDPR;
   • maintaining security measures related to participation in the Conference Service System – the legal basis for data processing is the necessity of processing for the purpose of fulfilling the legitimate interest of the Administrator. In this case, the legitimate interest of the Administrator is ensuring security within the "conference service system" (Article 6(1)(f) GDPR);
   • establishing contact with participants of the conference service system – the legal basis for data processing is the necessity of processing for the purposes arising from the legitimate interests pursued by the Administrator. In this case, the legitimate interest of the Administrator is contact with participants of the Conference Service System (Article 6(1)(f) GDPR);
   • conducting statistics and reports and archiving for the Administrator’s internal purposes related to the number of participants in the conference service system – the legal basis for data processing is the necessity of processing for the purposes arising from the legitimate interests pursued by the Administrator. The legitimate interest of the Administrator is conducting statistics and reports (Article 6(1)(f) GDPR);
   • pursuing or defending against claims related to the conference service system – the legal basis for data processing is the necessity of processing for the purpose of fulfilling the legitimate interest of the Administrator. The legitimate interest of the Administrator in this case is the possibility of determining, pursuing, or defending against claims (Article 6(1)(f) GDPR);
   • Your personal data collected in connection with registration in the conference service system via the contact form is equivalent to granting consent for email and phone communication using the address and phone number provided at registration or in the contact form, and is processed for the purpose of maintaining contact and responding to a letter/request/inquiry/claim – based on your consent expressed through providing data in the content of the letter/request/inquiry/claim (Article 6(1)(a) GDPR);

4. The provided data will not be disclosed to third parties. The recipients of the data will be only institutions authorized by law (courts, police); Access to personal data will be granted to the Administrator’s employees who need to process personal data in connection with the performance of their duties. The recipients of personal data may also be entities to whom the Administrator entrusts the processing of personal data on the basis of a data processing agreement to perform specific tasks that require the processing of personal data.

5. The personal data you provided will be processed in the "conference service system" for as long as you have a user account. If you decide to delete your account, the data will be anonymized for archiving purposes.

6. Providing your personal data is voluntary, but necessary for registration in the conference service system. However, providing contact details, such as a phone number, is not necessary, but will enable contact with you.

7. You have the right to:

   • request access to your personal data, including information about their processing (Article 15 GDPR);
   • rectify or supplement data if they are incorrect or incomplete (Article 16 GDPR);
   • request the deletion of data (right to be forgotten), where there are no grounds for processing or consent to processing has been withdrawn (Article 17 GDPR);
   • request restriction of processing in case data are inaccurate, unnecessary, processed without legal basis, or an objection to processing based on legitimate interests of the Administrator has been made (Article 18 GDPR);
   • receive and transfer personal data in a structured, commonly used format, in case the data were provided to the Administrator and are processed based on consent (Article 20 GDPR);
   • you have the right to object at any time – for reasons related to your particular situation – to the processing of your personal data based on the legitimate interest of the Administrator as set out in Article 6(1)(f) GDPR, including profiling based on this provision (if applicable). In such a case, we will no longer process your personal data for these purposes unless there are valid legal grounds for processing that override your interests, rights, and freedoms or the grounds for establishing, pursuing, or defending claims.
   • You also have the right to object at any time to the processing of your personal data when such data are processed for direct marketing purposes – in which case we will no longer process your personal data for such purposes.
   • you also have the right to lodge a complaint with the supervisory authority if you consider that the processing of your personal data violates the provisions of the GDPR. The supervisory authority in Poland is the President of the Personal Data Protection Office (PUODO), located in Warsaw, Stawki 2, and you can contact them:
   • by mail: Stawki 2, 00-193 Warsaw;
   • electronically via the submission box available at https://uodo.gov.pl/pl/p/kontakt;

8. Transfer of data to third countries
   Some of the tools or solutions we use require the transfer of personal data outside the European Economic Area to third countries (e.g., some cloud services or marketing tools). If such a transfer of data is necessary, we make every effort to ensure the highest standards of data processing security and protection of your privacy, and we choose only service providers who ensure such protection. All data transfers occur on the basis of and within the law, particularly considering Chapter V of the GDPR, which sets out the conditions for the transfer of data to third countries.

9. Decisions based solely on automated processing, including profiling, will not be made based on your personal data.