PERSONAL DATA PROCESSING POLICY (TRANSPARENT POLICY)
GoldenLine Sp. z o.o. with headquarters in Szczecin (70-471), al. Wojska Polskiego 8, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Warsaw, XII Commercial Division of the National Court Register, under number KRS: 0000241921, NIP: 526-289-14-45 .
all information regarding identified or identifiable physical person by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the individual, including image, voice recording, contact details, location data, information contained in correspondence, information collected via recording equipment or other similar technology.
Policy processing of personal data.
Regulation of the European Parliament and of the Council (EU) 2016/679 of 7 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of the directive 95/46/WE.
The data subject:
any natural person whose personal data is processed by the Administrator, e.g. a person visiting the Administrator's premises or sending a query to him in the form of an e-mail.
DATA PROCESSING BY THE ADMINISTRATOR
In connection with its business activities, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular with the RODO, and the data processing rules provided for them.
The Administrator ensures transparency of data processing, in particular, always informs about the processing of data at the time of collection, including about the purpose and legal basis of the processing - e.g. when concluding a contract for the sale of goods or services. The administrator makes sure that the data is only collected to the extent necessary for the indicated purpose and processed only for the period in which it is necessary.
By processing data, the Administrator ensures their security and confidentiality and access to information about this processing for data subjects. In the event that, despite the security measures in place, personal data protection (e.g. "leak" or loss of data) has been breached, the Administrator informs the data subject about such an event in a manner consistent with the regulations.
CONTACT WITH THE ADMINISTRATOR
Contact with the Administrator is possible via an e-mail address firstname.lastname@example.org
, other e-mail addresses indicated for this purpose by the Administrator or in writing to the address: al. Wojska Polskiego 8, 70-471 Szczecin.
The data Administrator has appointed a Data Protection Officer, which can be contacted via e-mail email@example.com
in any matter regarding the processing of personal data.
PERSONAL DATA SECURITY
In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures allowing access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them. The Administrator applies organizational and technical solutions to ensure that all operations on personal data are registered and made only by authorized persons.
In addition, the Administrator undertakes all necessary actions to ensure that its subcontractors and other cooperating entities provide the guarantee of applying appropriate security measures whenever they process personal data at the request of the Administrator.
The Administrator conducts risk analysis on an on-going basis and monitors the adequacy of data security measures applied to the identified threats. If necessary, the Administrator implements additional measures to increase data security.
OBJECTIVES AND LEGAL BASIS OF DATA PROCESSING BY THE ADMINISTRATOR
E-mail and traditional correspondence
In the case of sending e-mail correspondence or a traditional one to the Administrator, not related to the services provided to the sender or other contract concluded with him, personal data contained in this correspondence are processed solely for the purposes of communication and handling of the matter to which correspondence relates.
The legal basis of the processing is a legitimate interest Administrator (Art. 6, paragraph. 1 point f RODO), of carrying out correspondence addressed to him in connection with the business activity.
The Administrator processes only personal data relevant to the case to which the correspondence relates. All correspondence is stored in a manner ensuring the security of personal data contained in it and other information and disclosed only to authorized persons.
In the case of contacting the Administrator by phone, in matters not related to the contract or services provided, we may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis, in this case, is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), consisting in the necessity to settle a reported matter related to the business activity.
Telephone calls can also be recorded - in this case, information is provided at the beginning of the conversation. Calls are recorded in order to verify the quality of the service provided and verify the work of consultants, as well as for statistical purposes. The recordings are available to the employees of the Administrator and people servicing the Administrator's helpline.
Personal data in the form of recorded calls are processed:
for purposes related to customer and customer service via the helpline, in the event that the Administrator provides such a service - the legal basis for processing is the necessity of processing to provide it (Art. 6, paragraph. 1 point b RODO);
to monitor the quality of service and verification of consultants operating the helpline - the legal basis for processing is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), which consists in ensuring the highest quality of service to clients and clients.
As part of recruitment processes, the Administrator expects the transfer of personal data (e.g. in a CV or resume) only to the extent specified in the employment law. Therefore, you should not provide information in a wider scope. In the event that the uploaded applications contain such additional data, this information will not be used or included in the recruitment process.
Personal data are processed:
in order to comply with legal obligations related to the employment process, including in particular the Labor Code - the legal basis for processing is the legal obligation incumbent on the Administrator (Article 6 paragraph 1 point c RODO in connection with the provisions of the Labor Code);
to conduct the recruitment process for data not required by law, as well as for future recruitment processes - the legal basis for processing is consent (Art. 6, paragraph. 1 point a RODO);
to establish or pursue possible claims or defend against such claims - the legal basis for data processing is the legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO).
Data collection in connection with the provision of services or the execution of other contracts
In the event of data collection for purposes related to the execution of a specific contract, the Administrator provides the data subject with detailed information regarding the processing of his personal data, at the time the contract is concluded.
Data collection in other cases
In connection with the conducted activity, the Administrator collects personal data also in other cases - e.g. during business meetings, at industry events or through exchange of business cards - for purposes related to establishing and maintaining business contacts. The legal basis for processing is, in this case, a legitimate interest of the Administrator (Art. 6, paragraph. 1 point f RODO), consisting in creating a network of contacts in connection with the conducted activity.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator provides them with adequate protection.
In connection with the conduct of business requiring the processing of personal data, they are disclosed to external entities, including in particular suppliers responsible for the operation of IT systems and equipment, entities providing legal or accounting services, couriers, marketing agencies or recruitment agencies. The data is also disclosed to entities associated with the Administrator, including companies from its capital group. More information on the Administrator's capital group can be found at: https://www.agora.pl/grupa-agora
The Administrator reserves the right to disclose selected information about the data subject to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the applicable law.
DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of protection of personal data outside the European Economic Area (EEA) differs from the one provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, above all through:
cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
use of standard contractual clauses issued by the European Commission;
application of binding corporate rules, approved by the competent supervisory authority;
in the event of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.
The Administrator always informs about the intention to transfer personal data outside the EEA at the collection stage.
PERIOD OF PROCESSING PERSONAL DATA
The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The data processing period may also result from the provisions in case they form the basis for processing. In the case of data processing based on the justified interest of the Administrator - e.g. for security reasons - the data is processed for a period enabling its implementation or for reporting an effective objection to the processing of data. If the processing is based on consent, the data is processed until it is withdrawn. If the basis of the processing is indispensable for the conclusion and performance of the contract, the data will be processed until it is resolved.
The data processing period may be extended if the processing is necessary to establish, investigate or defend against any claims, and after this period only if and to the extent that the law requires it. After the processing period, the data is irreversibly deleted or anonymized.
RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
Rights of data subjects
The data subjects have the following rights:
The right of information about the processing of personal data – on this basis, the person submitting such a request to the Administrator provides information on the processing of data, including primarily about the purposes and legal grounds for processing, the scope of data held, entities to which they are disclosed and the planned date of their removal;
The right to obtain a copy of the data – on this basis, the Administrator provides a copy of the data processed concerning the person making the request;
The right to rectify – The administrator is obliged to remove any inconsistencies or errors of the personal data being processed and to supplement them if they are inaccessible;
The right to delete the data – on this basis, you can request deletion of data, the processing of which is no longer necessary to carry out any of the purposes for which it was collected;
The right to limit the processing in the event of such a request, the Administrator ceases to conduct operations on personal data, except for operations agreed to by the data subject and their storage, in accordance with the established retention rules, or until the reasons for the restriction of data processing cease to exist (e.g. issued a decision of the supervisory authority, allowing further processing of data);
The right to data transfer – on this basis, to the extent that the data is processed in connection with the concluded agreement or consent, the Administrator will release the data provided by the person concerned in a format that allows them to be read by the computer. It is also possible to request sending this data to another entity - provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and the other entity;
The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes without the need to justify such objection;
The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data based on the justified interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should contain justification;
The right to withdraw a consent – if the data is processed on the basis of the expressed consent, the data subject has the right to withdraw it at any time, but this does not affect the legality of the processing carried out prior to the withdrawal of the consent.
The right to complain – if it is found that the processing of personal data violates the provisions of the RODO or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office for the Protection of Personal Data.
Reporting requests related to the implementation of rights
Proposal for implementation of the rights of data subjects may be submitted:
in writing to the address: al. Wojska Polskiego 8, Szczecin, postcode 70-471
by e-mail to the address: firstname.lastname@example.org or to other e-mail addresses indicated for this purpose by the Administrator.
The application should, if possible, precisely indicate what the request is for, i.e. in particular:
what permission the applicant wants to use (e.g. the right to receive a copy of the data, the right to delete the data, etc.);
what processing the request involves (e.g. using a specific service, activity on a specific website, receiving a newsletter containing commercial information to a specific email address, etc.);
what processing purposes the request is for (e.g. marketing goals, analytical goals, etc.).
If the Administrator is unable to determine the content of the request or identify the person submitting the application based on the submitted application, he will ask the applicant for additional information.
The application may be submitted in person or through a proxy (e.g. a family member). For reasons of data security, the Administrator encourages the use of a power of attorney in a form certified by a notary public or an authorized legal advisor or attorney, which will significantly speed up the verification of its authenticity.
The response to the application should be given within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for such extension.
The answer is given in writing, unless the request has been submitted by e-mail or has been requested to provide a response in electronic form.
Rules for collecting fees
Proceedings regarding the submitted applications are free. Fees can only be charged in the event:
requesting the second and each subsequent copy of the data (the first copy of the data is free); in this case, the Administrator may request payment of a fee of 30 PLN (in words: thirty zloty).
The above fee includes administrative costs related to the fulfillment of the request.
reporting by the same person excessive demands (e.g. extremely frequent) or evidently unjustified; in such a case, the Administrator may request payment of a fee of 30 PLN (in words: thirty zloty).
The above fee includes the costs of communication and the costs associated with taking the required actions.
If the decision to impose a fee is challenged, the data subject may file a complaint to the President of the Office for the Protection of Personal Data.
CHANGES OF PERSONAL DATA PROCESSING POLICY
The policy is verified on an ongoing basis and updated as necessary. The current version of the Policy was adopted on May 21, 2018.
DATA PROTECTION OFFICER
GoldenLine Sp. z o.o. on 21st 2018 designed data protection officer.