In relation with the conducted business activity, the Administrator collects and processes personal data in accordance to the relevant provisions, including in particular the GDPR, and the principles of data processing contained therein.
- The administrator ensures that the transparency of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis for processing. The administrator, when processing data, ensures their security and confidentiality as well as access to information about this processing for data subjects.
- Contact with the Administrator is possible via the e-mail address: firstname.lastname@example.org or in writing to the address INCAT sp. z o.o. ul. Braniborska 40, 53-680 Wrocław.
- In order to ensure data integrity and confidentiality, the Administrator has implemented procedures enabling access to personal data only to authorized person and only to the extent that it is necessary, due to the tasks they perform. The administrator applies organizational and technical solutions, to ensure that all operations on personal data are recorded and carried out only by entitled persons.
- The administrator also undertakes all necessary actions so that its subcontractors, and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data. The administrator conducts ongoing risk analysis, and we monitor the adequacy of the applied data security to the identified threats.
- When the email address is requested to the Administrator or by traditional means, personal data contained in this correspondence are processed solely for the purpose of communication, and dealing with the matter to which the correspondence related or related matters. The legal basis for processing is the Administrator’s legitimate interest (art.6 par.1 lit.f RODO), consisting in conducting correspondence addressed in connection with the business. The administrator processes only personal data needed for the case to which the correspondence relates. All correspondence is stored in a manner that ensures the security of personal data and other information contained therein and disclosed only to authorized persons.
- In case of telephone contact by telephone, the Administrator may request personal data only if it is necessary to handle the case to which the contact relates. In such a case, the legal basis is the Administrator’s legitimate interest (art.6 par.1 lit.f RODO), consisting in the need to settle a reported case related to the business.
- In order to ensure the security of persons and property, the Administrator may use visual monitoring and control access to premises and the area managed by the Administrator. The data collected in this way is not used for any other purposes. Personal data in the form of monitoring recordings and data collected in the register of entries and exits are processed in order to ensure security and order on the premises of the facility and, possibly, for defense or redress. The basis for the processing of personal data is the Administrator’s legitimate interest (art.6 par.1 lit.f RODO).
- As part of the recruitment process, the Administrator expects to provide personal data (e.g. in a CV or resume) only to the extent specified in the labor law. Therefore, information should not be provided more widely. If the submitted applications contain such additional data, this information will not be used or included in the recruitment process or for any other purpose. Personal data is processed for the following purposes:
- a) performance of obligations arising from legal provisions related to the employment process, including in particular the Labor Code – pursuant to art. 6 clause 1 lit. c GDPR in connection with the provisions of the Labor Code;
- b) conducting the recruitment process in the scope of data not required by law, as well as for the purposes of future recruitments – pursuant to art. 6 clause 1 lit. and GDPR;
- c) establishing or pursuing any claims or defending against such claims – pursuant to art. 6 clause 1 lit. f GDPR.
1.In order of collecting data for purposes related to the performance of a specific contract, the Administrator provides the data subject with detailed information regarding the processing of his personal data, at the time of conclusion of the contract at the latest.
2.In connection with its operations, the Administrator also collects personal data, e.g. during business meetings, industry events or by exchanging business cards – for the purposes of establishing and maintaining business contacts. In this case, the legal basis for processing is the Controller’s legitimate interest (Article 6 paragraph 1 letter f of the GDPR), consisting in creating a network of contacts in connection with the business. Personal data collected in this way are processed only for the purpose for which they were collected, while ensuring their adequate protection.
3.In connection with conducting operations that require the processing of personal data, they may be disclosed to external entities, including those operating IT systems and equipment, entities providing legal or accounting services, couriers, marketing or recruitment agencies. The data is also disclosed to entities related to us. Any disclosure or transfer of personal data to competent authorities or third parties who request such information may only take place on the basis of an appropriate legal basis and in accordance with applicable law.
4.The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
5.The period of data processing depends on the purpose of processing, and may also result from the provisions if they constitute the basis for processing. In the case of data processing on the basis of the Administrator’s legitimate interest, the data is processed for a period enabling its implementation or to object to effective processing. If the processing is based on consent, the data is processed until it is withdrawn. If the basis for processing is necessary to conclude and perform the contract, the data will be processed until its termination.
6.The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after that period only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
7.Data subjects have the following rights:
- a) the right to information about the processing of personal data – to the person submitting such a request, the Administrator provides information on data processing, including primarily about the purposes and legal grounds for processing, the scope of data held, entities to which it is disclosed and the planned date of their removal;
- b) the right to obtain a copy of the data – the Administrator provides a copy of the processed data regarding the person making the request;
- c) the right to rectification – at the request of the data subject, the Administrator removes any incompatibilities or errors of personal data processed and supplements them if they are incomplete;
- d) the right to delete data – you can request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;
- e) the right to limit processing – in the event of such a request, the Administrator ceases to carry out operations on personal data and their storage until the reasons for limiting data processing cease (e.g. a decision of the supervisory authority allowing further data processing is issued);
- f) the right to transfer data – to the extent that the data are processed in an automated manner or in connection with a concluded contract or consent, the Administrator will issue data provided by the person to whom they relate, in a format that can be read by a computer. It is also possible to request that the data be sent to another entity – however, provided that there are technical possibilities in this respect both on the part of the Administrator and that other entity;
- g) the right to object to the processing of data for direct marketing purposes – you can object to the processing of your personal data for direct marketing purposes at any time, without the need to justify such objection;
- h) the right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data for reasons related to his particular situation – provided that the Administrator processes its data on the basis of the justified interest of the Administrator (i.e. based on art. 6 para. 1 lit.f GDPR e.g. for analytical or statistical purposes or for reasons related to the protection of property). Opposition in this respect should include justification;
i) the right to withdraw consent – if the data are processed on the basis of expressed consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out prior to withdrawing this consent.
j) the right to complain – if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may file a complaint to the President of the Office for Personal Data Protection.
- An application / request related to the exercise of rights may be submitted in writing to the following address: INCAT Sp. z o.o. ul. Braniborska 40, 53-680 Wrocław or by e-mail to the following address: email@example.com. The answer is given in writing, unless the request / application has been submitted by e-mail or it has been requested to provide the answer in electronic form. In case of doubt as to the identity of the person submitting the request by e-mail, the Administrator reserves the right to verify the identity.
a) Administrator: INCAT Sp. z o.o. ul. Braniborska 40, 53-680 Wrocław, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Department of the National Court Register, under number 0000599310, REGON number 363642190, NIP 899-278-25-75
- b) Personal data: all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including image, voice recording, contact details, data about location, information contained in correspondence, information collected via recording equipment or other similar technology.
- c) Policy: this Policy for the processing of personal data.
- d) GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 7, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
- e) Data subject: any natural person whose personal data is processed by the Administrator (e.g. our clients, people using our services visiting our premises, people who correspond with us).