Information on personal data processing

Ladies and Gentlemen,

On 25 May 2018, the new Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, which governs protection of personal data, hereinafter referred to as “General Regulation” or “GDPR” became effective.

Pursuant to the applicable regulations concerning personal data protection, in particular the General Regulation, in order to ensure proper protection of personal data, data subjects must first of all be provided with information about processing of their personal data, which are specified in Art. 13 or 14 of the GDPR, depending on whether such data was obtained directly from the data subject or from other sources.

Given the above, we would like to inform you that:

INFORMATION ABOUT THE CONTROLLER

The controller of your personal data (hereinafter referred to as “Controller”) is Association Polish Platform for Homeland Security, with its registered office in: Poznan 60-822 at 17/11 Slowackiego Street, having taxpayer identification no. 783-161-82-32, statistical (REGON) no. 300294630, and National Court Register (KRS) no. 0000251345.

The Controller can be contacted in writing, by post at the following address: 17/11 Slowackiego, Poznan 60-822, or by electronic mail at the following address: sekretariat@ppbw.pl.

DATA PROTECTION OFFICER

The Controller has designated the Data Protection Officer who can be contacted by post at the following address: 17/11 Slowackiego, Poznan 60-822, or by electronic mail at the following address: iodo@ppbw.pl.

LEGAL GROUNDS FOR DATA PROCESSING

Your personal data is processed pursuant to Art. 6 (1) (a, b, and f) of the GDPR, i.e.:

  1. based on a prior consent;
    or
  2. based on a contract concluded with the Controller concerning personal data that is necessary for the purpose of performance of the present contract;
    or
  3. a legitimate interest of the Controller (including with regard to pursuit of claims).

PURPOSES OF PROCESSING

Your personal data is processed manually (in a paper version) or automatically (in an electronic version):

  1. for marketing purposes based on your consent (grounds specified in Art. 6 (1) (a) of the GDPR) or based on legitimate interest of the Controller (grounds specified in Art. 6 (1) (f) of the GDPR);
    If your data is processed based on your permission, you have the right to withdraw your consent to processing of personal data but your withdrawal shall not affect the legality of the processing of personal data that has been performed based on your consent prior to its withdrawal.
  2. in order to conclude a contract or as a part of activities performed with the intent to conclude a contract based on your interest in our offer (grounds specified in Art. 6 (1) (b) of the GDPR). You need to provide your personal data in order to perform a contract. On the other hand, if you do not provide your data, performance of the contract and, consequently, conclusion of the contract, will not be possible;
  3. for analytical purposes [better matching of services with the needs of our customers, general optimization of our products, optimization of service processes, gathering knowledge about our customers, financial analysis of our company, etc.] as a part of implementation of our legitimate interest (grounds specified in Art. 6 (1) (f) of the GDPR);
  4. in order to finally determine, pursue, or defend against claims as a part of implementation of our relevant legitimate interest (grounds specified in Art. 6 (1) (f) of the GDPR);
  5. in order to study customer satisfaction as a part of implementation of our legitimate interest in determination of the quality of our services and the level of satisfaction of our customers from products and services (grounds specified in Art. 6 (1) (f) of the GDPR).

RECIPIENTS AND PROCESSORS

The recipients of your personal data are entities that support us in provision of services, such as those that provide card payment handling services, loan services, and insurance services, provide consulting or audit services, and support customer service.

Your personal data can be disclosed to entities that are members of our group of companies, to our partners that work with us in combining products or services, etc.

Your data may also be accessed by our subcontractors (processors), such as accounting companies, law firms, IT companies, claims adjusters, contractors performing services as a part of claims adjustment, and marketing agencies.

PERIOD OF DATA PROCESSING

 

Your personal data will be processed by the Controller during the term of the contract – if the contract constitutes legal grounds for processing of your personal data, as well as after expiry of the term of the contract as a part of:

  1. pursuit of claims in connection with performance of the Contract;
  2. performance of obligations arising from law, including in particular tax and accounting obligations;
  3. prevention of abuse or fraud;
  4. statistical and archiving obligations;
  5. for a maximum of three years after the date of expiry of the Contract, unless relevant laws provide for a different personal data processing period or claims limitation period.

If your personal data is processed on the basis of your consent, your data will be processed until you withdraw your consent.

Your personal data will be processed as a part of direct marketing until you submit the objection mentioned below.

RIGHTS OF THE DATA SUBJECT

In connection with processing of your personal data, you have the right to:

  1. demand that the Controller provide access to your personal data;
  2. demand that the Controller correct your personal data;
  3. demand that the Controller erase to your personal data;
  4. demand that the Controller limit the processing of your personal data;
  5. raise an objection to processing of your personal data;
  6. transfer your personal data;
  7. file a complaint to a supervisory body: the President of the Personal Data Protection Office.

OBJECTION

At any time you may raise an objection to processing of your personal data describe above. We will stop processing your personal data for the above purposes, unless we are able to demonstrate that we have important legitimate grounds in relation to your data, which take precedence to your interests, rights, and freedoms, or if we need your personal data is in order to finally determine, pursue, or defend against claims.

At any time you may raise an objection to processing of your personal data for purposes associated with direct marketing. If you exercise this right, we will stop your personal data for this purpose.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The Controller uses Google Analytics, which may involve transfer of your personal data to servers in third countries.

PROFILING

Your personal data may be subject to activities related to profiling, however, profiling is not used to make automatic decisions that may lead to legal consequences.

The Controller makes every effort to provide all physical, technical, and organizational means of protection of personal data against its accidental or intentional damage, accidental loss, modification, unauthorized disclosure, use, or access, in compliance with all applicable regulations.