PERSONAL DATA CONTROLLER AND OTHER DEFINITIONS
The Administrator of Personal Data (ADO, Administrator), i.e. the entity deciding on the purposes and means of personal data processing, is BIATECH sp. z o.o. with its registered office in 15-521 Zaścianki, 40 Szosa Baranowicka St. In matters related to personal data protection, you can obtain assistance and information at telephone no: 500 221 909 or by sending an email to: firstname.lastname@example.org
Personal data - is information about an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
The Personal Data Controller, which the Company is, in connection with the processing of personal data, shall ensure compliance with the principles of personal data protection included in the RODO in its entirety.
Anyone who processes data on behalf of the Company shall take special care to protect the interests of data subjects by:
- correct downloads,
- protection of personal data against unauthorised access,
- protection against destruction, alteration or loss of data,
- the protection of any information medium containing personal data against unauthorised access and accidental destruction.
ACQUISITION OF DATA AND PURPOSE OF PROCESSING
In connection with its business activities involving the sale of goods and the provision of services, the Company will collect personal data from individuals.
The following data will be collected in connection with our business activities: name, surname, e-mail address, address of residence, telephone number, PESEL, NIP, company name and address in the case of business activity and other registration data.
PURPOSES OF DATA PROCESSING
Individuals' data will be processed in connection with :
1. expressing voluntary consent to the processing of data ( Art. 6(1)(a) RODO), for the purpose indicated in the consent, including recruitment, marketing, information and the sending of offers and information electronically.
2. to undertake activities aimed at concluding a contract, as well as the performance of the contract concluded with the Administrator ( Article 6(1)(b) RODO), in order to perform the contract, to handle documentation related to the contract, i.e. filling in the online application, orders, accounting documents.
3. the existence of legitimate requirements of the Administrator, i.e. the need to pursue the Administrator's legitimate interests, to assert and defend against claims, to conduct video surveillance, to protect persons and property ( Article 6(1)(f) RODO ).
4. the fulfilment of statutory requirements incumbent on the Administrator ( Article 6(1)(c) of the DPA), in order for the Administrator to comply with the law.
In connection with its operations, the Company will disclose personal data to the following entities:
a. persons carrying out business activities, including advisors, legal advisors, trainers cooperating with the Company in the scope of training and consulting services in the scope of the conducted course,
b. entities and bodies of state and local administration authorised by law to receive them, including tax offices, Social Insurance Institution (ZUS) in order to fulfil tax law provisions, regulations on accounting, fulfilment of obligations resulting from decisions, judgements issued by authorised bodies, institutions or courts,
c. to banks in case of need for settlements,
d. entities cooperating and supporting the Company in conducting its business activity, such as: suppliers of ICT systems, entities auditing the activity, providing accounting and legal services, entities cooperating within the framework of marketing campaigns; however, such entities will process personal data only for the purpose and to the extent indicated by the Company.
PERIOD OF RETENTION OF PERSONAL DATA
With a view to maintaining the basic principles of personal data processing, inter alia the principle of purposefulness of personal data processing and a limited storage period, the Company informs that personal data will be stored until:
a. in the case of processing based on consent, until withdrawal of consent;
b. where the Company processes personal data on the basis of a legitimate interest of the controller, the period of processing shall last until the expiry of the aforementioned interest (e.g. the period of limitation of civil law claims) or until the data subject objects to further such processing - in situations where such objection is legitimate under the law; in the case of video surveillance, the period shall last no longer than 3 months.
c. where the Company processes personal data because it is required to do so by applicable legislation, the periods of processing for that purpose shall be determined by such legislation;
d. if the Company processes data in connection with the conclusion, performance and handling of a contract, for the duration of the contract, unless the law provides for a longer retention period, which may be related, for example, to the financial settlement of the contract, the assertion of claims for payment or the defence against claims.
DATA PROCESSING RIGHTS
Individuals whose data is processed by the Company have the following rights:
a. The right to information about the processing of personal data:
On this basis, the Company shall provide the person making such a request with information on the data processing, including in particular the purposes and legal grounds for the processing, the scope of the data held, the entities to which they are disclosed and the planned date of their deletion;
b. The right of access to data, including the right to obtain a copy of the data:
On this basis, the Company shall provide the data subject with confirmation as to whether or not personal data concerning him or her are being processed and, therefore, whether he or she has the right of access to the information. Under this entitlement, the ADO shall, upon request of the individual, provide a copy of the processed data relating to the requesting individual; When dealing with an individual's request, the ADO shall analyse Article 15 of the RODO and the provisions of other specific laws in order to correctly resolve the request.
c. Right of rectification:
On this basis, the ADO is obliged to delete any inconsistencies or errors in the processed personal data, as well as to complete them if they are incomplete, at the request of the entitled person and after he/she has provided an appropriate statement and proof of the existing necessity to rectify the data. The right to rectification is described in Article 16 of the RODO.
d. Right of erasure:
On this basis, it is possible to request the erasure of data: the processing of which is no longer necessary for any of the purposes for which they were collected or otherwise processed; the person whose data were processed on the basis of Article 6(1)(a) - has withdrawn consent to their processing and there is no other consent to their processing; the person whose data are processed objects to their processing and there are no other overriding grounds for processing, unless it concerns direct marketing. The right to erasure is enshrined in Article 17 of the RODO, when analysing the request the ADO is obliged to take into account the grounds excluding the possibility of erasure set out in Article 17(3) of the RODO.
e. Right to restrict processing:
On this basis, the ADO shall, where such a request is made, cease to carry out operations on the personal data, except where the processing is related to storage, only with the consent of the data subject, or in order to establish, assert or defend claims, or to protect the rights of another natural or legal person, or for important grounds of public interest of the Union or of a Member State. The right to restrict processing is set out in Article 18 of the RODO, which forms the basis for the analysis of the implementation of the request made. It is also necessary in this case to analyse Article 19 RODO and its implementation.
f. Right to data portability:
On this basis, insofar as the data are processed solely by automated means, in connection with a contract concluded or consent given, the ADO will issue the data provided by the data subject in machine-readable format. It is also possible for the individual to request that the data be sent to another entity - provided, however, that the technical possibilities for doing so exist on the part of both the Controller and the other entity; The right to data portability is described in 20 RODO and applies only to data processing by automated means.
g. Right to object to data processing:
On this basis, the data subject may at any time object to the processing of personal data on grounds relating to his or her particular situation. The objection in this respect should contain a statement of reasons. The ADO may still process the data if he/she demonstrates that there are compelling legitimate grounds for the processing overriding the rights and freedoms of the data subject. This does not apply to the objection against the processing of data in the framework of direct marketing where the processing shall be stopped immediately if the objection is raised. The rules for dealing with an objection are contained in Article 21 of the RODO.
h. Right to withdraw consent:
Where data are processed on the basis of consent, the data subject shall have the right to withdraw the consent at any time, which shall not, however, affect the lawfulness of processing carried out before the withdrawal of consent. When considering the request, it is important to bear in mind the need to consider the request with regard to the possibility and necessity of further processing due to the existence of other grounds for processing.
i. Right to complain:
If a data subject considers that the processing of personal data violates the provisions of the RODO or other data protection legislation, he or she may lodge a complaint with the President of the Office for Personal Data Protection in Warsaw.
Requests for exercise of rights may be submitted in writing to the Company's registered address (in person or by mail) or by e-mail to: email@example.com.
The request should identify precisely the natural person from whom the request originates and specify what the request concerns.
PROCESSING OF DATA BY AUTOMATED MEANS
Personal data will not be processed in a purely automated manner, including through profiling, such that any decision could be made as a result of such automated processing, any other legal effect would be produced or would otherwise materially affect our customers, contractors and their employees/co-workers.
TRANSFER OF DATA TO A THIRD COUNTRY
Personal data will not be transferred to a third country.
WHETHER THERE IS AN OBLIGATION TO PROVIDE DATA
The provision of data serves the purpose of fulfilling the obligations binding the parties, while the refusal to provide data may make it impossible to take action in accordance with the application or the contract. Lack of data will result in the inability to conclude, execute and then settle the contract for the provision of training services.
The provision of data for marketing purposes and to obtain information on products and offers is completely voluntary.
(2) Cookies (so-called "cookies") are computer data, in particular text files, which are stored on the final device of a website user.
3 Cookies are used for the following purposes:
a. to compile statistics which help us to understand how visitors use our websites in order to improve their structure and content;
b. in order to participate in a training course.
(4) The Site uses two main types of cookies: "session" (session cookies) and "permanent" (persistent cookies). "Session" cookies are temporary files that are stored in the user's terminal equipment until logging out, leaving the website or switching off the software (web browser). "Permanent" cookies are stored in the user's terminal equipment for the time specified in the parameters of cookies or until they are deleted by the user.
The web browsing software (web browser) usually allows the storage of cookies on the user's terminal device by default. Website users can change their settings in this regard. The web browser allows you to delete cookies. It is also possible to block cookies automatically. For details, please refer to the help or documentation of your Internet browser.
(7) If you do not wish to receive cookies, you can change your browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintenance of user preferences may hinder, and in extreme cases may make it impossible to use the websites.
(8) In order to exercise the right to object granted by the General Data Protection Regulation, it is necessary to log out of all devices and delete cookies from them.
To manage your cookie settings, please select your browser / system from the list below and follow the instructions:
- Google Chrome
- Internet Explorer