Basic definitions – explanation
- Data controller – the authority, organizational unit, entity or person referred to in Art. 3 of the Act on Personal Data Protection, deciding on the purposes and means of personal data processing.
- Processor – means any natural or legal person, public authority, body or other entity which processes personal data on behalf of the controller.
- DPO / IODO (PL) – data protection officer
- IS Administrator – Information Systems Administrator
- The Act – Act of 29 August 1997 on the protection of personal data (Journal of Laws of 2016, item 922 as amended.
- Regulation – Regulation of the Minister of Interior and Administration of 29 April 2004 on documentation of personal data processing and technical and organizational conditions to be met by devices and IT systems used for personal data processing (Journal of Laws of 2004 No. 100, item 1024 as amended).
- The data subject – the natural person to whom the personal data relate is processed.
- Personal data – any information relating to an identified or identifiable, directly or indirectly, natural person, in particular by means of an identifier such as:
- name and surname,
- PESEL identification number,
- location data,
- Internet ID,
- phone number,
- e-mail address,
- bank account number,
- car registration number,
- one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual,
- personal data are divided into ordinary data and ‘special data category’. (in old days they were called “sensitive data”), means e.g. those concerning origins, religion, worldview, health, sexuality, etc.
- Data collection – means a structured set of personal data accessible according to specific criteria, whether centralized, decentralized or geographically dispersed.
- Data processing – any operation on personal data such as collection, recording, storage, processing, modification, copying, making available and deletion, in particular those carried out in IT systems.
- Data confidentiality – the competence to ensure that data are not made available for unauthorized parties.
- Data subject’s consent – means the freely given, specific, informed and unambiguous indication of their willingness to consent to the processing of personal data concerning them in the form of a statement or explicit confirmatory action.
- Information obligation – means that at the moment of data acquisition, the controller has an information obligation towards each person whose data was acquired by the controller.
- Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.
Personal data controller
The controller of your personal data is RTC Group Sp. z o.o., 40-101 Katowice Ul. Chorzowska 150, www.rtcgroup.pl, e-mail: firstname.lastname@example.org
The purpose of processing personal data
Your personal information may be visible and used by RTC Group employees for various purposes related to the cooperation between us:
- to offer our products and services,
- to execute supplies of commercial goods
- to establish and maintain business relationships
- to conduct marketing activities
- to conduct commercial analyses
- to exchange information on market trends
The legal provisions entitling to processing of personal data
The processing of personal data is carried out in accordance with the applicable legal regulations. In our case, this applies primarily to:
- performance of the contract / cooperation undertaken – the basis for processing your personal data will then be a contract concluded with the Administrator; providing personal data for this purpose is not obligatory, but necessary to perform the contract,
- a legitimate interest in offering our products and services,
- in order to carry out possible complaint processes – in this case the basis for processing is the Administrator’s obligation resulting from the legal regulations concerning the warranty for defects of the sold item; providing personal data for this purpose is not obligatory, but necessary to consider a possible complaint,
- in order to confirm the Administrator’s performance of his or her duties and to assert claims or defend against claims that may be made against the Administrator, to prevent or detect fraud – the basis for processing your personal data in this case will be the Administrator’s legitimate interest in protecting rights, confirming the performance of his or her duties and obtaining due remuneration from the Administrator’s customers for this;
Security, sharing and retention period of your personal data
Data security is very important to us, so we make sure to provide the best physical, technical and organizational security measures to prevent it from accidental or intentional destruction, incidental loss, amendment, unauthorized disclosure, use or access, in accordance with all applicable laws.
The recipients of your data will be entities entitled to obtain personal data or entities cooperating with the Administrator in the performance of the agreement and for the purpose of proper performance of the cooperation.
Your personal data will be stored for the period necessary for the performance of the contract, as well as the complaints you are entitled to, as well as confirmation of the performance of the Administrator’s duties and the assertion of claims or defense against claims that may be made against the Administrator – however, no longer than the legal regulations;
General principles of data processing security – in accordance with the requirements of personal data protection legislation – and procedures taking into account the specificity of the RTC Group
- For the security of the processing of personal data in a specific set, the individual responsibility lies primarily with each employee who has access to the data.
- Employees who have access to personal data may not disclose them, both in the workplace and outside, in a way that goes beyond the activities related to the processing of personal data within the scope of their official duties, within the framework of the authorization to process data.
- In the place of processing personal data recorded in paper form, employees are obliged to apply the principle of a “clean desk”. This principle means not leaving materials containing personal data in a place where they can be physically accessed by unauthorized persons. Each employee is responsible for the implementation of the above principle at his or her position
- Destruction of dirty copies, erroneous or unnecessary copies of materials containing personal data must be done in a way that makes it impossible to read the content contained in them, e.g. using shredders.
- It is unacceptable to take materials containing personal data out of the processing area without connection with the performance of official activities. In this case, the person carrying out the removal and his/her direct superior is responsible for the security and return of the materials containing personal data.
- The presence of unauthorized persons in the room where personal data is processed is allowed only in the presence of a person authorized to process personal data, unless the data is adequately protected against access.
- Employees shall be obliged to lock any rooms or buildings included in the areas where personal data are processed during their temporary absence from the work room, as well as after its completion, and the keys cannot be left in the lock at the door.
- Employees are obliged to exercise due diligence in order to protect their keys against unauthorized access. Employees using their position to access computers, mobile devices, the Prestiż operating system, e-mail, etc., are obliged to follow the rules described in the ICT system Security Manual.
Your data protection rights
At any time, you may ask for access, correction, deletion or restriction of your data. For further information, you can contact us as Administrator by e-mail: email@example.com.
You have the right to complain to the supervisory authority.