Information Clause

I.        About us

As a responsible organization that is aware that information has a certain value and is a resource that requires appropriate protection, we are committed to properly informing you about matters related to the processing of personal data, especially in the light of the new regulations on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). For this reason, we present key information in this document about the legal basis for the processing of personal data and methods of collecting it and use, as well as the rights of data subjects.

We would like to inform you that the Controller of personal data is with its ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. registered office in Kielce, ul. Na Ługach 7, 25-803 Kielce, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Kielce, under KRS number 0000565585, NIP 9542756472, REGON 361937885. Contact with the Personal Data Protection Inspector is possible at: Sandomierska 105, 25-324 Kielce, and e-mail  iod@sksmkielce.pl

Personal data is obtained and processed in the manner and on the principles set out in this Policy.

II.        General provisions

In ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. we attach particular importance to protecting the privacy of our clients, contractors, partners, subcontractors, employees and collaborators. One of its key aspects is the protection of the rights and freedoms of natural persons in connection with the processing of their personal data. We make sure that the processing of your data is in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 /46/EC (hereinafter referred to as “GDPR”), the Act of May 10, 2018 on the protection of personal data, as well as special provisions (contained, among others, in labor law and the Accounting Act). ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. is the administrator of personal data within the meaning of Art. 4 point 7 of the GDPR, we also use the services of processing entities referred to in Art. 4 points 8 GDPR – they process personal data on behalf of the administrator (e.g. IT companies, software providers, security). ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. implements appropriate technical and organizational measures to ensure a level of security corresponding to the possible risk of violating the rights and freedoms of natural persons with varying probability of occurrence and threat severity. Our activities in the field of personal data protection are based on adopted policies and procedures as well as regular training to improve the knowledge and competences of our employees and associates.

III. What do we use your personal data for?

As an employer, we process data of employees and people who cooperate with us on a basis other than an employment relationship. Contact details obtained from contractors (e.g. their employees) are used to conclude and efficiently implement contracts. We use our customers’ data to perform the contract and provide our services. We also conduct marketing activities and try to reach as many interested parties as possible to provide them with up-to-date information about our products and services. We share your data with third parties with your consent or when we are obliged to do so by law.

IV. On what terms and on what basis do we process your data

We make every effort to protect the interests of data subjects, and in particular we ensure that the data is:

• processed lawfully, fairly and in a transparent manner for the data subject,
• collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,
• adequate, relevant and limited to what is necessary to achieve the purposes for which they are processed,
• correct and updated if necessary. We take steps to ensure that personal data that are incorrect in the light of the purposes of their processing are immediately deleted or rectified,
• stored in a form enabling identification of the data subject for a period no longer than necessary to achieve the purposes of processing,
• processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss or destruction.

We usually process your data on the basis of consent, which may be withdrawn at any time. Another case is when the processing of your data is necessary to perform a contract to which you are a party or to take action at your request before concluding the contract. In some situations, processing is necessary to fulfil the legal obligation imposed on us as the administrator. Such obligations result from, for example, labor law provisions or the Act about accounting. Processing may also be necessary for the purposes of our legitimate interests, an example of which is pursuing claims arising from our business activities.

V. What rights do you have?

We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form and to conduct any communication with you regarding the processing of personal data in connection with the exercise of your right to:

• information provided when obtaining personal data,
• information provided upon request – whether data is processed and other issues specified in Art. 15 GDPR, including the right to copy data,
• rectification of data,
• being forgotten,
• processing restrictions,
• data transfer,
• objection,
• not being subject to a decision based solely on automated processing (including profiling), • information about a data breach.

Moreover, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the legality of processing carried out before its withdrawal. In order to contact us regarding the exercise of a given right, please contact us via the email address: iod@sksmkielce.pl The security of your data is our priority, but if you believe that by processing your personal data we violate the provisions of the GDPR, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.

VI. How we will contact you

We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide information verbally if we can confirm your identity by other means. If you submit your request electronically, where possible, the information will also be provided electronically, unless you indicate to us another preferred form of communication.

VII. When will we fulfill your request?

We try to provide information immediately – usually within one month of receiving the request. If necessary, this deadline may be extended by another two months due to the complexity of the request. However, in any event, we will inform you within one month of receiving your request of the action taken and (where appropriate) of the extension of the deadline, stating the reason for such delay.

VIII. Subcontractors/processors

We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf. If we cooperate with entities that process personal data on our behalf, we only use the services of such processing entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that data processing meets the requirements of the GDPR and protects the rights of data subjects. We carefully check the entities we entrust with the processing of your data. We conclude detailed agreements with them and periodically check the compliance of processing operations with the content of such agreements and legal provisions. Our subcontractors, in particular carriers, as well as law firms, IT companies, loss adjusters, loss adjustment service providers, auditors and advisors may have access to your data. We may also transfer your personal data:

• entities and bodies authorized to process personal data on the basis of legal provisions,
• banks if it is necessary to conduct settlements,
• companies providing consulting services,
• system and software suppliers,
• entities providing hosting services,
• transport companies, suppliers,
• cloud service providers

IX. How we take care of the processing of your data

To meet legal requirements, we have developed detailed procedures covering such issues as:

• data protection by design and default data protection,
• data protection impact assessment,
• notification of violations,
• keeping a register of data processing activities,
• data retention,
• implementation of the rights of data subjects.

We regularly check and update our documentation to demonstrate compliance with legal requirements in accordance with the principle of accountability formulated in the GDPR, but also to protect the interests of data subjects, we try to incorporate the best market practices into it.

X. How we take care of the processing of your data

We store personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, the data is anonymized (removed of features enabling the identification of a given person) or deleted. In the retention procedure, we ensure that the storage period of personal data is limited to a strict minimum. We determine the data processing period first of all on the basis of legal provisions (e.g. storage time of employee documentation, accounting documents) as well as the justified interest of the administrator (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form. The storage period of personal data depends primarily on the purpose for which the data is collected, in accordance with the following criteria:

• period of implementation of the cooperation/commission agreement – in the case of data processing for the purpose of concluding and implementing the cooperation agreement,
• the period necessary to consider a submitted complaint – in the case of data processing in order to handle the complaint process,
• until the dispute is resolved / settlement of the parties, taking into account the appropriate limitation periods for claims – in the case of data processing for the purpose of pursuing claims and undertaking debt collection activities,
• until an objection is raised – in the case of data processing for the purpose of examining the level of satisfaction among the administrator’s customers and direct marketing (sending commercial information).

XI. Authorizations

We ensure that any person acting under our authorization and having access to your personal data processes it only on our instructions, unless other requirements result from EU or Member State law.

XII. Cookies

1. Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website’s websites. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
2. The entity that places cookies on the Website User’s end device and obtains access to them is the website owner
3. The cookie mechanism is not used to obtain any information about website users or track their navigation. Cookies used on the website do not store any personal data or other information collected from users and are used for statistical purposes.
4. By default, the software used to browse websites (browser) allows the use of cookies on the User’s device on which it is running. In most cases, you can configure the software in this area yourself, including forcing automatic blocking of cookies. Issues related to the configuration of cookie handling can be found in the software settings (web browsers). Please note that setting restrictions on the use of cookies may affect the operation of some functionalities of the website.
5. Cookies are used for the following purposes:

• adapting the content of the Website’s pages to the User’s preferences and optimizing the use of websites; in particular, these files allow you to recognize the Website User’s device and properly display the website, tailored to his individual needs,
• creating statistics that help understand how Website Users use websites, which allows improving their structure and content,
• maintaining the Website User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website,

6. The Website uses two basic types of cookies: “session cookies” and “persistent cookies”. “Session” cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
7. The following types of cookies are used on the Website:

• “necessary” cookies enabling the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website,
• cookies used to ensure security, e.g. used to detect authentication abuses within the Website; “performance” cookies, enabling the collection of information on how the Website pages are used,
• “functional” cookies, enabling “remembering” the settings selected by the User and personalizing the User’s interface, e.g. in terms of the selected language or region from which the User comes, font size, appearance of the website, etc.

8. The website owner informs that the website contains links to other websites. The website owner recommends reading the privacy policies applicable there, as he is not responsible for them.
9. The description of technical and organizational security measures is included in the Security Policy (personal data protection) of the website owner.
10. Data collected from users during the registration process is secured with the SSL protocol and through the website access authentication mechanism.