Privacy
‍Policy

Personal data at Asseco Data Systems S.A. is processed on the basis of applicable laws, in particular the European Parliament and the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (hereinafter: "RODO") and the Law of May 10, 2018 on the Protection of Personal Data (hereinafter: "the Law").

This Privacy Policy sets out the rules for the processing of personal data in Asseco Data Systems S.A., as well as the rules for the processing of data in the Websites operated by Asseco Data Systems S.A..

PERSONAL DATA CONTROLLER

1. The administrator of the Personal Data processed in the company for various purposes related to the company's business activities is Asseco Data Systems S.A., seated in Gdańsk, ul. Jana z Kolna 11, 80 - 864 Gdańsk, entered in the Register of Entrepreneurs of the National Court Register under the number KRS 0000421310, kept by the District Court of Gdańsk - North in Gdańsk, VII Commercial Department of the National Court Register, NIP 517-03594-58, REGON 180853177, whose share capital amounts to PLN 120,002,940.00 (paid in full);
2. You can contact us:

• by letter (snail mail), writing to the address indicated above,
• via email at [email protected],
• By phone at +48 58 550 95 00.

• by letter (snail mail), writing to: Asseco Data Systems S.A., Office in Lodz, 136 Narutowicza St., 90-146 Lodz,
• via e-mail at: [email protected],
• By phone at +48 42 675 63 60.

WHAT IS PERSONAL DATA AND ACCORDING TO WHAT PRINCIPLES DO WE PROCESS IT?

1. Personal data - all information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet ID and information collected through cookies and other similar technology.
2. The Personal Data Administrator processes data in accordance with the following principles:
3. Reliability and lawfulness - meaning that data will be processed fairly, in accordance with correctly identified, RODO-compliant legal bases that are adequate for each processing activity. The Personal Data Controller identifies and determines the appropriate legal basis for each processing activity.
4. Transparency - meaning that data subjects are informed in a transparent, accessible and understandable manner about who will process their data, on what basis, for what purpose, to what extent and for how long. Data subjects are further informed about: the recipients of the data, their rights and how to exercise them, and whether the data will be transferred to countries outside the EU and whether the data will be subject to automated decision-making and, if so, what impact this will have on the data subject. The Personal Data Controller ensures that the information obligation will be fulfilled:

• in the case of collection of data from the data subject - at the latest at the time of collection,
• in the case of collection of data from a source other than the data subject - no later than within 30 days of their acquisition;
• Purpose limitation - meaning that personal data is collected and processed for specific, explicit and legitimate purposes and that it is not further processed in a manner incompatible with those purposes.
• Data minimization - meaning that data is adequate and limited to what is necessary to achieve the purpose for which it is processed.
• Correctness - meaning that the processed data are correct, truthful and are subject to updates when necessary.
• Storage limitations - meaning that data will be stored in a way that allows the data subject to be identified for no longer than necessary to fulfill the purposes for which the data are processed.
• Integrity and confidentiality - which means that the data are processed in a manner that ensures their adequate security and, in particular, in a manner that ensures protection against: accidental or unauthorized loss, modification, damage or destruction. The Personal Data Administrator shall ensure data security through the use of adequate technical and organizational measures. The Personal Data Controller shall develop a personal data protection system taking into account the risks defined in his organization to which the processed data are exposed (risk-based approach). A description of the measures used is included in this document.
• Accountability - meaning that the Personal Data Controller processes personal data in a manner that ensures compliance with the provisions of the RODO in connection with their processing operations, and that it will be able to demonstrate the implementation of organizational and technical measures to ensure data processing in accordance with applicable laws. Demonstration of the implementation of these measures will take place in particular through the implementation of appropriate rules, procedures and policies describing the rules of conduct for data processing.

WHAT PERSONAL INFORMATION MAY BE COLLECTED BY THE INTERNET WEBSITE.

USE OF COOKIE MECHANISMS AND OTHER MARKETING TOOLS

CONTACT FORMS, RECRUITMENT FORMS, AND ORDER FORMS

PRINCIPLES OF SHARING AND ENTRUSTING PERSONAL DATA

1. The Personal Data Administrator shares (including entrusts) personal data with other entities (data recipients) on the basis of:
2. legislation in force
3. Business decisions on outsourcing selected parts of the business.
4. In the case of sharing data with entities to which the Personal Data Controller subcontracts services in its name and on its behalf, a written entrustment agreement is required. The decision to entrust is preceded by an analysis of the credibility and reliability of the entity.
5. Any decision to outsource services, requires it to be analyzed by the Personal Data Controller also in terms of entering into an entrustment agreement for processing.

IMPLEMENTATION OF THE RIGHTS OF DATA SUBJECTS

Asseco Data Systems, in its role as a controller of personal data, ensures that the rights of the persons whose data it processes can be realized. Requests arising from the rights of data subjects can be realized:

• by submitting an application at https://www.daneosobowe.assecods.pl,
• by writing to the Data Protection Officer's email address: [email protected],
• by reporting directly to one of the administrator's offices and making the request in person.

PROVIDING INFORMATION TO DATA SUBJECTS

Asseco Data Systems S.A., as controller, provides each individual with information about the processing of his/her personal data. The Data Controller, upon the request of an individual, shall respond whether it processes his/her personal data. If he/she processes his/her data, he/she grants access to personal data and provides information about:

• person and contact information of the administrator,
• Person and contact information of the Personal Data Inspector,
• purpose of processing,
• The legal basis for processing,
• information about the recipients or categories of recipients to whom the data will be disclosed,
• The planned period of storage of personal data,
• The right to request rectification, erasure or restriction of data processing, data portability, and to object to such processing (the rights due to data subjects depend on the basis of processing applied in a given case),
• The right to lodge a complaint with the supervisory authority for the protection of personal data,
• information about the intention to transfer data outside the EU,
• Information about the obligation to provide data and the consequences thereof,
• information about whether the data will be processed by automated means and whether it will be subject to profiling,
• the categories of data involved and the source from which the person's data was obtained - in case it did not come directly from the person.

The information specified above is, in accordance with the implementation of the principle of transparency, provided to data subjects in information clauses.

DATA SECURITY

Asseco Data Systems makes every effort to ensure that the data processed in its enterprise are protected to the highest standards. It conducts a risk analysis for the processing activities for which it is the administrator and for the processing of data it has been entrusted with in order to select optimal technical and organizational means by which to ensure confidentiality, integrity and availability of personal data.

The Personal Data Administrator will regularly test, measure and evaluate the effectiveness of technical and organizational measures to ensure the security of processing and adjust security measures according to the results of the measurements.

Asseco Data Systems regularly conducts internal audits and undergoes independent assessments by external auditing firms for standards: ISO 9001, ISO 27001, ISO 22301.

‍

‍

‍