HOW SCHOBER INFORMATION GROUP POLSKA PROCESSES PERSONAL DATA IN CONNECTION WITH THE CURRENT ELECTRONIC CORRESPONDENCE
Below we present information on how, for what purposes and to what extent we process your personal data in connection with the conduct of e-mail correspondence with employees and representatives of the company Schober Information Group Polska sp. z o.o. with its seat in Warsaw [POLAND], Lesznowolska 6a, 01-808 Warsaw, e-mail firstname.lastname@example.org.
WHAT IS THIS DOCUMENT FOR?
On May 25th 2018, the regulations of the General Data Protection Regulation (called: GDPR) came into force. The GDPR for the collection of personal data imposes an obligation to provide comprehensive information on how the collected data is processed. In the light of the GDPR, when we receive a correspondence from a specific e-mail address, with a specific content, with a signature, we collect personal information contained in that correspondence. If you are reading this, it means that your data was also collected by our e-mail correspondence. In this document, we provide you with the information required by law and thus fulfill the legal obligation resulting from the GDPR.HOW WE ACQUIRED YOUR PERSONAL DATA?
We obtain your personal data mainly from you. You provide us with your details in connection with the e-mail correspondence. We may also have your personal data from your colleague from the same company or from your contractor who gave us your contact details (either in e-mail message itself or simply by placing your e-mail address in CC).
WHY WE PROCESS YOUR PERSONAL DATA?
We process the data you provide for a purpose related to the correspondence. It may be services performed by us, ordering certain benefits or deliveries, recruitment or other activities related to our company. If you are our customer, potential customer or its representative, we will also process your data for marketing purposes.
WHICH PERSONAL DATA WE PROCESS?
We process your data in the following scope: e-mail address and data contained in the correspondence sent to us (usually the issue being the subject of correspondence and footer with contact details). If we write to you first, then you can assume that next to your e-mail address we also have your name, surname, position and place of employment (applies to business correspondence).
ON WHAT LEGAL BASIS WE PROCESS YOUR DATA?
We process your data in order to implement the contract that binds us, or to conclude it.
If you want to get hired by us, your data provided for the recruitment are processed on the basis of your consent, which you expressed by applying in the recruitment process and sending your CV or other application documentation.
If you are a representative of a state institution, we process your data in order to fulfill a legal obligation or to obtain the necessary information related to the subject of our activity (accounting services, human resources and payroll).
We may also process your data in order to simply maintain business relations – basing on our legitimate interests we have to be in touch with you.
HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?
We process data from e-mail correspondence for the period of its usefulness for mutual contacts. We do not have a specific period of time, after which we absolutely remove all correspondence. However, if we terminate the cooperation or simply do not start any cooperation, we will store your data no longer than for the next 5 years (in the name of the accountability rule).
WHO IS A RECIPIENT OF YOUR PERSONAL DATA?We are a database agency. Your personal data from publicly available and official sources (eg CEIDG, KRS, official websites of companies and public administration units) may be commercially available to third parties who will request us to provide a specific database.
Your data can also be made available to companies from Schober Group in EU and to service providers whose services relate to the right of access to data:
- legal, tax and accounting consulting offices
- providers of IT and security services to our company
- our subcontractors and sales representatives with whom we have signed data entrustment agreements – if the content of the correspondence proves the need to implement a specific service on our part.
We provide each of the subcontractors only with data that is necessary to achieve a given goal.
HOW WE PROCESS YOUR PERSONAL DATA?
We process personal data in accordance with applicable law, in particular in accordance with the provisions of the Polish Data Protection Act and in accordance with the General Data Protection Regulation.
We have the following rules in mind when we process your personal information:
a) Adequacy rule
We process only data that is necessary to achieve a given processing goal; we have carried out an analysis of the fulfillment of this rule for each process.
b) Transparency rule
You should have full knowledge of what is happening with your data. This document, in which we try to provide you with complete information about the rules of processing your personal data by us is the manifestation of this rule.
c) Accuracy rule
We strive to keep your personal data in our systems up-to-date and accurate. If you find that in any area your personal data have not been updated or are incorrect, please contact us directly or at email@example.com or by writing to Schober Information Group Polska sp. z o.o., Lesznowolska 6a, 01-808 Warsaw [POLAND].
d) Integrity and confidentiality rule
We apply the necessary measures to safeguard the confidentiality and integrity of your personal data. We are constantly improving them, along with the ever changing environment and technological progress. Security measures include physical and technological measures restricting access to your data, as well as appropriate safeguards against the loss of your data.
e) Accountability rule
We want to be able to account for each of our actions on personal data, so that in the event of your inquiry, we can give you full and reliable information about what actions we have carried out on your data.
WHAT ARE YOUR RIGHTS?
The personal data protection law gives you a number of rights that you can use at any time. If you do not abuse these rights (eg unreasonable daily requests for information), then using them will be free for you and should be easy to implement. Your rights include:
a) The right of access to the content of your personal data
This law means that you can ask us to export from our databases the information we have about you and send it to you in one of the commonly used formats (eg XLSX, DOCX, etc.).
b) The right to correct the data
If you find out that the data processed by us is incorrect, you have the right to ask us to correct it and we will be obliged to do so. In this case, we have the right to ask you for a document or proof of change.
c) The right to limit data processing
If, despite the fact that we adhere to the adequacy rule, which we write about in the section “How we process personal data”, you will find that for a specific process we process a too wide catalog of your personal data, you have the right to request that we limit this scope of processing. If your request does not oppose the requirements imposed on us by applicable law, or it will not be necessary for the performance of the contract, we will accept your request.
d) The right to demand the deletion of data (the right “to be forgotten”)
This right, also known as the right to be forgotten, means your right to demand that we remove any information that contains your personal information from our database systems and our records. Remember that we will not be able to do this if, under the law, we have an obligation to process your data (eg keeping employee records, tax settlements) or your data is necessary for the performance of a contract. In each case, however, we will remove your personal data to the fullest extent possible, and where it is not possible we will ensure their pseudonymisation (which means that the data subject cannot be identified without a corresponding key), allowing your data to be kept in line with applicable law, will be available only to a very limited group of people in our organization.
e) The right to transfer data to another data controller
In accordance with the General Data Protection Regulation, you can ask us to export the data you provided to us in the course of all our contacts and all cooperation to a separate file for further transfer to another data controller. The aforementioned rights can be exercised by contacting us at the email address firstname.lastname@example.org or by writing to Schober Information Group Polska sp. z o.o., Lesznowolska 6a, 01-808 Warsaw [POLAND].
You can also write to us if any action or situation you encounter will raise your concerns about whether it is legally compliant or does not violate your rights or freedoms. In this case, we will answer your questions and concerns and immediately address the issue.
If you believe that in any way we have violated the rules for the processing of your personal data, you have the right to submit a complaint directly to the supervisory authority (it is the Prezes Urzędu Ochrony Danych Osobowych). As part of exercising this right, you should provide a full description of the situation and indicate what action you consider violating your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
RIGHT TO OBJECT
We would like to inform you separately that you also have the right to object to the processing of your personal data.
You submit the right to object when you do not want us to process your personal data for a specific purpose. In this case, we will continue to process your data for other processes (for other purposes), but not for the purpose for which you have objected, unless your request is against the obligation imposed by law.