PERSONAL DATA PROCESSING POLICY (TRANSPARENT POLICY)

DEFINITIONS

Administrator: GoldenLine Sp. z o.o. with headquarters in Szczecin (70-471), al. Wojska Polskiego 8, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Warsaw, XII Commercial Division of the National Court Register, under number KRS: 0000241921, NIP: 526-289-14-45 .
Personal data: all information regarding identified or identifiable physical person by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the individual, including image, voice recording, contact details, location data, information contained in correspondence, information collected via recording equipment or other similar technology.
Policy: Policy processing of personal data.
RODO: Regulation of the European Parliament and of the Council (EU) 2016/679 of 7 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of the directive 95/46/WE.
The data subject: any natural person whose personal data is processed by the Administrator, e.g. a person visiting the Administrator's premises or sending a query to him in the form of an e-mail.

DATA PROCESSING BY THE ADMINISTRATOR

In connection with its business activities, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular with the RODO, and the data processing rules provided for them.
The Administrator ensures transparency of data processing, in particular, always informs about the processing of data at the time of collection, including about the purpose and legal basis of the processing - e.g. when concluding a contract for the sale of goods or services. The administrator makes sure that the data is only collected to the extent necessary for the indicated purpose and processed only for the period in which it is necessary.
By processing data, the Administrator ensures their security and confidentiality and access to information about this processing for data subjects. In the event that, despite the security measures in place, personal data protection (e.g. "leak" or loss of data) has been breached, the Administrator informs the data subject about such an event in a manner consistent with the regulations.

CONTACT WITH THE ADMINISTRATOR

Contact with the Administrator is possible via an e-mail address iodo@goldenline.pl, other e-mail addresses indicated for this purpose by the Administrator or in writing to the address: al. Wojska Polskiego 8, 70-471 Szczecin.
The data Administrator has appointed a Data Protection Officer, which can be contacted via e-mail iodo@goldenline.pl in any matter regarding the processing of personal data.

PERSONAL DATA SECURITY

In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures allowing access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them. The Administrator applies organizational and technical solutions to ensure that all operations on personal data are registered and made only by authorized persons.
In addition, the Administrator undertakes all necessary actions to ensure that its subcontractors and other cooperating entities provide the guarantee of applying appropriate security measures whenever they process personal data at the request of the Administrator.
The Administrator conducts risk analysis on an on-going basis and monitors the adequacy of data security measures applied to the identified threats. If necessary, the Administrator implements additional measures to increase data security.

OBJECTIVES AND LEGAL BASIS OF DATA PROCESSING BY THE ADMINISTRATOR

E-mail and traditional correspondence

In the case of sending e-mail correspondence or a traditional one to the Administrator, not related to the services provided to the sender or other contract concluded with him, personal data contained in this correspondence are processed solely for the purposes of communication and handling of the matter to which correspondence relates.
The legal basis of the processing is a legitimate interest Administrator (Art. 6, paragraph. 1 point f RODO), of carrying out correspondence addressed to him in connection with the business activity.
The Administrator processes only personal data relevant to the case to which the correspondence relates. All correspondence is stored in a manner ensuring the security of personal data contained in it and other information and disclosed only to authorized persons.

Telephone contact

In the case of contacting the Administrator by phone, in matters not related to the contract or services provided, we may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis, in this case, is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), consisting in the necessity to settle a reported matter related to the business activity.
Telephone calls can also be recorded - in this case, information is provided at the beginning of the conversation. Calls are recorded in order to verify the quality of the service provided and verify the work of consultants, as well as for statistical purposes. The recordings are available to the employees of the Administrator and people servicing the Administrator's helpline.
Personal data in the form of recorded calls are processed:
  • for purposes related to customer and customer service via the helpline, in the event that the Administrator provides such a service - the legal basis for processing is the necessity of processing to provide it (Art. 6, paragraph. 1 point b RODO);
  • to monitor the quality of service and verification of consultants operating the helpline - the legal basis for processing is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), which consists in ensuring the highest quality of service to clients and clients.

Recruitment

As part of recruitment processes, the Administrator expects the transfer of personal data (e.g. in a CV or resume) only to the extent specified in the employment law. Therefore, you should not provide information in a wider scope. In the event that the uploaded applications contain such additional data, this information will not be used or included in the recruitment process.
Personal data are processed:
  • in order to comply with legal obligations related to the employment process, including in particular the Labor Code - the legal basis for processing is the legal obligation incumbent on the Administrator (Article 6 paragraph 1 point c RODO in connection with the provisions of the Labor Code);
  • to conduct the recruitment process for data not required by law, as well as for future recruitment processes - the legal basis for processing is consent (Art. 6, paragraph. 1 point a RODO);
  • to establish or pursue possible claims or defend against such claims - the legal basis for data processing is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO).

Data collection in connection with the provision of services or the execution of other contracts

In the event of data collection for purposes related to the execution of a specific contract, the Administrator provides the data subject with detailed information regarding the processing of his personal data, at the time the contract is concluded.

Data collection in other cases

In connection with the conducted activity, the Administrator collects personal data also in other cases - e.g. during business meetings, at industry events or through exchange of business cards - for purposes related to establishing and maintaining business contacts. The legal basis for processing is, in this case, a legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), consisting in creating a network of contacts in connection with the conducted activity.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator provides them with adequate protection.

DATA RECEIVERS

In connection with the conduct of business requiring the processing of personal data, they are disclosed to external entities, including in particular suppliers responsible for the operation of IT systems and equipment, entities providing legal or accounting services, couriers, marketing agencies or recruitment agencies. The data is also disclosed to entities associated with the Administrator, including companies from its capital group. More information on the Administrator's capital group can be found at: https://www.agora.pl/grupa-agora.
The Administrator reserves the right to disclose selected information about the data subject to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the applicable law.

DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

The level of protection of personal data outside the European Economic Area (EEA) differs from the one provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, above all through:
  • cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
  • use of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules, approved by the competent supervisory authority;
  • in the event of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.
The Administrator always informs about the intention to transfer personal data outside the EEA at the collection stage.

PERIOD OF PROCESSING PERSONAL DATA

The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The data processing period may also result from the provisions in case they form the basis for processing. In the case of data processing based on the justified interest of the Administrator - e.g. for security reasons - the data is processed for a period enabling its implementation or for reporting an effective objection to the processing of data. If the processing is based on consent, the data is processed until it is withdrawn. If the basis of the processing is indispensable for the conclusion and performance of the contract, the data will be processed until it is resolved.
The data processing period may be extended if the processing is necessary to establish, investigate or defend against any claims, and after this period only if and to the extent that the law requires it. After the processing period, the data is irreversibly deleted or anonymized.

RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

Rights of data subjects

Reporting requests related to the implementation of rights

Proposal for implementation of the rights of data subjects may be submitted:
  • in writing to the address: al. Wojska Polskiego 8, Szczecin, postcode 70-471
  • by e-mail to the address: iodo@goldenline.pl or to other e-mail addresses indicated for this purpose by the Administrator.
The application should, if possible, precisely indicate what the request is for, i.e. in particular:
  • what permission the applicant wants to use (e.g. the right to receive a copy of the data, the right to delete the data, etc.);
  • what processing the request involves (e.g. using a specific service, activity on a specific website, receiving a newsletter containing commercial information to a specific email address, etc.);
  • what processing purposes the request is for (e.g. marketing goals, analytical goals, etc.).
If the Administrator is unable to determine the content of the request or identify the person submitting the application based on the submitted application, he will ask the applicant for additional information.
The application may be submitted in person or through a proxy (e.g. a family member). For reasons of data security, the Administrator encourages the use of a power of attorney in a form certified by a notary public or an authorized legal advisor or attorney, which will significantly speed up the verification of its authenticity.
The response to the application should be given within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for such extension.
The answer is given in writing, unless the request has been submitted by e-mail or has been requested to provide a response in electronic form.

Rules for collecting fees

Proceedings regarding the submitted applications are free. Fees can only be charged in the event:
  • requesting the second and each subsequent copy of the data (the first copy of the data is free); in this case, the Administrator may request payment of a fee of 30 PLN (in words: thirty zloty).
    The above fee includes administrative costs related to the fulfillment of the request.
  • reporting by the same person excessive demands (e.g. extremely frequent) or evidently unjustified; in such a case, the Administrator may request payment of a fee of 30 PLN (in words: thirty zloty).
    The above fee includes the costs of communication and the costs associated with taking the required actions.
If the decision to impose a fee is challenged, the data subject may file a complaint to the President of the Office for the Protection of Personal Data.

CHANGES OF PERSONAL DATA PROCESSING POLICY

The policy is verified on an ongoing basis and updated as necessary. The current version of the Policy was adopted on May 21, 2018.

DATA PROTECTION OFFICER

GoldenLine Sp. z o.o. on 21st 2018 designed data protection officer.

Contact:
Natalia Domagała
iodo@goldenline.pl