I. About us
As a responsible organization that is aware that information has a certain value and is a resource that requires appropriate protection, we are committed to properly informing you about matters related to the processing of personal data, especially in the light of the new regulations on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). For this reason, we present key information in this document about the legal basis for the processing of personal data and methods of collecting it and use, as well as the rights of data subjects.
We would like to inform you that the Controller of personal data is with its ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. registered office in Kielce, ul. Na Ługach 7, 25-803 Kielce, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Kielce, under KRS number 0000565585, NIP 9542756472, REGON 361937885. Contact with the Personal Data Protection Inspector is possible at: Sandomierska 105, 25-324 Kielce, and e-mail firstname.lastname@example.org
Personal data is obtained and processed in the manner and on the principles set out in this Policy.
II. General provisions
In ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. we attach particular importance to protecting the privacy of our clients, contractors, partners, subcontractors, employees and collaborators. One of its key aspects is the protection of the rights and freedoms of natural persons in connection with the processing of their personal data. We make sure that the processing of your data is in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 /46/EC (hereinafter referred to as “GDPR”), the Act of May 10, 2018 on the protection of personal data, as well as special provisions (contained, among others, in labor law and the Accounting Act). ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. is the administrator of personal data within the meaning of Art. 4 point 7 of the GDPR, we also use the services of processing entities referred to in Art. 4 points 8 GDPR – they process personal data on behalf of the administrator (e.g. IT companies, software providers, security). ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. implements appropriate technical and organizational measures to ensure a level of security corresponding to the possible risk of violating the rights and freedoms of natural persons with varying probability of occurrence and threat severity. Our activities in the field of personal data protection are based on adopted policies and procedures as well as regular training to improve the knowledge and competences of our employees and associates.
III. What do we use your personal data for?
As an employer, we process data of employees and people who cooperate with us on a basis other than an employment relationship. Contact details obtained from contractors (e.g. their employees) are used to conclude and efficiently implement contracts. We use our customers’ data to perform the contract and provide our services. We also conduct marketing activities and try to reach as many interested parties as possible to provide them with up-to-date information about our products and services. We share your data with third parties with your consent or when we are obliged to do so by law.
IV. On what terms and on what basis do we process your data
We make every effort to protect the interests of data subjects, and in particular we ensure that the data is:
We usually process your data on the basis of consent, which may be withdrawn at any time. Another case is when the processing of your data is necessary to perform a contract to which you are a party or to take action at your request before concluding the contract. In some situations, processing is necessary to fulfil the legal obligation imposed on us as the administrator. Such obligations result from, for example, labor law provisions or the Act about accounting. Processing may also be necessary for the purposes of our legitimate interests, an example of which is pursuing claims arising from our business activities.
V. What rights do you have?
We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form and to conduct any communication with you regarding the processing of personal data in connection with the exercise of your right to:
Moreover, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the legality of processing carried out before its withdrawal. In order to contact us regarding the exercise of a given right, please contact us via the email address: email@example.com The security of your data is our priority, but if you believe that by processing your personal data we violate the provisions of the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
VI. How we will contact you
We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide information verbally if we can confirm your identity by other means. If you submit your request electronically, where possible, the information will also be provided electronically, unless you indicate to us another preferred form of communication.
VII. When will we fulfill your request?
We try to provide information immediately – usually within one month of receiving the request. If necessary, this deadline may be extended by another two months due to the complexity of the request. However, in any event, we will inform you within one month of receiving your request of the action taken and (where appropriate) of the extension of the deadline, stating the reason for such delay.
We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf. If we cooperate with entities that process personal data on our behalf, we only use the services of such processing entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that data processing meets the requirements of the GDPR and protects the rights of data subjects. We carefully check the entities we entrust with the processing of your data. We conclude detailed agreements with them and periodically check the compliance of processing operations with the content of such agreements and legal provisions. Our subcontractors, in particular carriers, as well as law firms, IT companies, loss adjusters, loss adjustment service providers, auditors and advisors may have access to your data. We may also transfer your personal data:
IX. How we take care of the processing of your data
To meet legal requirements, we have developed detailed procedures covering such issues as:
We regularly check and update our documentation to demonstrate compliance with legal requirements in accordance with the principle of accountability formulated in the GDPR, but also to protect the interests of data subjects, we try to incorporate the best market practices into it.
X. How we take care of the processing of your data
We store personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, the data is anonymized (removed of features enabling the identification of a given person) or deleted. In the retention procedure, we ensure that the storage period of personal data is limited to a strict minimum. We determine the data processing period first of all on the basis of legal provisions (e.g. storage time of employee documentation, accounting documents) as well as the justified interest of the administrator (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form. The storage period of personal data depends primarily on the purpose for which the data is collected, in accordance with the following criteria:
We ensure that any person acting under our authorization and having access to your personal data processes it only on our instructions, unless other requirements result from EU or Member State law.