Multi-factor authentication (MFA)

For security purposes, Multi-factor Authentication (MFA) is enabled on SGH accounts. It is an additional procedure of securing access to university resources. In addition to entering the login details, the user in the next stages provides a one-time security code sent in an SMS or generated using a special application (available for all mobile systems).

MFA (Multi-factor Authentication) settings are made via the

website or during the first login to the SGH Cloud.

INFORMATION ON PROCESSING OF PERSONAL DATA

INFORMATION ON PROTECTION OF PERSONAL DATA RELATED TO THE USE OF THE SGH ACCOUNT, INCLUDING THE E-MAIL ACCOUNT

1. Controller
The controller of personal data is SGH Warsaw School of Economics with its seat in Poland, 02-554 Warsaw, at al. Niepodległości 162, hereinafter referred to as controller or SGH.

2. Data Protection Officer
You may contact the Data Protection Officer designated by SGH via e-mail iod@sgh.waw.pl.

3. The purposes and the legal basis of personal data processing ​
Your personal data will be processed for the purpose of:
ensuring the possibility of use the SGH account, including the e-mail account, enabling two-factor authentication when accessing your cloud account, pursuant to Article 6 paragraph 1 point (f) of the GDPR  (the legitimate interests pursued by SGH is to create conditions for participation in the life of SGH, dealing with university matters and ensure IT security);
ensuring proper use of the shared disk, network and cloud resources as well as e-mail, including in the field of information exchange, processing and protection of personal data, pursuant to Article 6 paragraph 1 point (f) of the GDPR (the legitimate interests pursued by SGH is to ensure IT security);
ensuring the possibility of detecting infringement and unauthorised access to data by monitoring e-mail using tools for automatic detection of events that may violate SGH IT security and security of the personal data pursuant to Article 6 paragraph 1 point (f) of the GDPR (the legitimate interests pursued by SGH is to ensure IT security);
enabling participation in the SGH activities– pursuant to Article 6 paragraph 1 point (f) of the GDPR (the legitimate interests pursued by SGH is to create conditions for participation in the life of SGH and dealing with university matters).

4. Obligation to provide personal data
Providing personal data shall be mandatory. In case of refusal to provide personal data will not be possible to use the IT resources of the cloud, including e-mail.

5. Recipients of the personal data
Your data will not in principle be disclosed to other entities, except entities authorized under the law. If the controller uses the services of other entities, personal data may be disclosed to them on the basis of contracts entrusting the processing of personal data, and these entities will be obliged to preserve the confidentiality of the data being processed (e.g. e-mail service provider).

6. The period for which the personal data will be processed
Personal data will be processed for the duration of the use of e-mail and cloud resources of SGH, then for the duration  of the storage of information from e-mail monitoring and the time necessary to pursue any claims

7. Rights of data s​ubject 
You have the right to access, rectify and erase your data, or restrict the processing thereof. You have right to object to processing on grounds relating to your particular situation.
No automated decision-making will be conducted based on your personal data. 

8. The right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office – if you consider that the processing of your personal data infringes upon GDPR.
New accordion title

MULTI-FACTOR AUTHENTICATION CONFIGURATION GUIDE