GDPR

AAA

Acting under Art. 13 and Art. 14 of the Regulation of the European Parliament and of the Council of Europe (EU) 2016/679 of 27 April 2016 on protecting natural persons regarding the processing of personal data, and on the free movement of such data, and repeal of Directive 95/46/EC, the so-called GDPR, Grupa Kęty S.A. [joint-stock company] inform that:

1. Data administrator:

The administrator of personal data is Grupa KĘTY S.A. (ul. Kościuszki 111, 32-650 Kęty, NIP [VAT number]: 5490001468).

2. Categories of personal data processed:

  • JOB APPLICANTS:

Personal data is processed:

- to conclude an employment contract or at the request of the data subject before concluding an employment contract under art. 6 sec. 1 point (b) GDPR;

- based on the candidate’s consent under Art. 6 sec. 1 point (a) GDPR and art. 9 sec. 2 point (a) GDPR, which may include the processing of personal data for subsequent recruitment processes.

The processed data is limited to: the information that has to be provided due to the provisions of labour law, the information necessary to conclude the contract (name(s) and surname, date of birth, person’s contact details, level of education, professional qualifications, earlier employment history), and provided voluntarily by the job applicant (e.g. the image in a form of a photo), other contact details, personality and/or psychological tests, fluid intelligence tests, and video recording of a conversation.

The processing of personal data is necessary to take part in recruitment for a job for the administrator.

If the basis for the processing of personal data is consent, providing personal data is voluntary.

Personal data is processed during the recruitment process, and after its completion, as long as the consent to the processing of personal data is not withdrawn, but not longer than for one year.

Each job candidate is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectify personal data, based on art. 16 GDPR;
  • the right to request the deletion of personal data, based on art. 17 GDPR;
  • the right to request the limitation of the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to transfer personal data only if personal data is processed in an automated manner, based on art. 20 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw, if the applicant thinks that the processing of his or her personal data violates the GDPR

In the case of processing personal data on the basis of consent, the job applicant may withdraw it, which, however, does not affect the validity of actions performed on the basis of consent in the period between its granting and its withdrawal.

A candidate for a job does not have the right to object to the processing of personal data under art. 21 GDPR, as the legal basis for the processing of personal data is not Art. 6 sec. 1 points (e) or (f) GDPR.

  • WORKERS:

Processed personal data includes the information that has to be provided due to the provisions of labour law and personal data provided voluntarily by the employee.

Personal data is processed:

  • on the basis of voluntary consent to the processing of personal data under art. 6 sec. 1 point (c) and art. 9 sec. 2 point (b) GDPR;
  • to conclude an employment contract under art. 6 sec. 1 point (b) GDPR;
  • to fulfil the legal obligations incumbent on the administrator under art. 6 sec. 1 point (c) GDPR, in particular, obligations resulting from labour law, tax law and social security;
  • in video monitoring to ensure the safety of persons, property protection, production control and ensuring the confidentiality of information, which is the legitimate interest of the administrator under art. 6 sec. 1 point (f) GDPR and art. 22 (2) § 1 of the Labour Code;
  • in other forms of monitoring used by the administrator to guarantee work organisation enabling full use of working time and proper use of work tools provided to the employee, which is the administrator’s legitimate interest under art. 6 sec. 1 point (f) GDPR and art. 22 (3) of the Labour Code

The processing of personal data is necessary for the conclusion and implementation of an employment relationship with the administrator.

If the basis for the processing of personal data is consent, providing personal data is voluntary.

Personal data is processed during employment and after it for as long as required by the relevant legal provisions or as long as the consent to the processing of personal data is not withdrawn when the consent constitutes the legal basis for the processing of personal data.

Personal data from video monitoring are stored for no longer than 30 days, and data from other forms of monitoring are stored for the period specified in IT procedures.

Each employee is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectify personal data, based on art. 16 GDPR;
  • the right to request the deletion of personal data, based on art. 17 GDPR;
  • the right to request the administrator to limit the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to transfer personal data only if personal data are processed in an automated manner, based on art. 20 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw, if the employee thinks that the processing of his or her personal data violates the GDPR.

With processing personal data on the basis of consent, the employee may withdraw it, which, however, does not affect the validity of activities performed on the basis of consent in the period between its granting and its withdrawal.

In the case of data processing under art. 6 sec. 1 point (f) GDPR, i.e. to implement legitimate interests, the employee may object to the processing of data.

  • GUESTS:

Personal data includes data necessary for identification, data recorded by monitoring and vehicle data (optional data).

Personal data is processed based on art. 6 sec. 1 point (f) of the GDPR solely to ensure the safety of persons and property protection, production control and ensuring the confidentiality of information, which is the legitimate interest of the Administrator.

Providing the data is necessary — not providing it will cause the inability to identify oneself and thus enter the Company’s premises.

Therefore, it is necessary to present an ID card to issue a pass - however, the ID card will not be photocopied, scanned or photographed.

Personal data is processed as long as it is required by law on ensuring the safety of persons and protection of property in establishing, investigating or defending claims.

The data recorded by video surveillance is stored for a period not exceeding 30 days.

Each person is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectification, based on art. 16 GDPR;
  • the right to request the administrator to limit the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, if you think that the processing of your personal data violates the GDPR

If the legal basis for data processing is Art. 6 sec. 1 lit. f GDPR, under art. 21 GDPR, you may object to the processing of personal data.

You are not entitled to:

  • the right to request the deletion of personal data in connection with art. 17 sec. 3 points (b), (d) or (e) GDPR;
  • the right to transfer personal data referred to in art. 20 GDPR.

Video surveillance recordings cannot be enhanced for technical reasons and are not subjects to the right to obtain a copy if this action could violate the rights and freedoms of other people who may be found on the recording.

  • CUSTOMERS AND CONTRACTORS:

Personal data includes identification data, contact details and data contained in publicly available registers and sources or resources provided by the client/contractor, including data of persons authorized to represent and data of proxies and details of contact persons.

Personal data is processed, depending on the legal basis connecting the parties to:

  • conclude a contract or perform its provisions under art. 6 sec. 1 point (b) GDPR;
  • take action before concluding the contract, at the request of the data subject, in particular preparing an offer under art. 6 sec. 1 point (b) GDPR;
  • fulfilment of the legal obligation in tax and accounting obligations under art. 6 sec. 1 point (c) GDPR;
  • implement the administrator’s legitimate interest in marketing his or her own goods, conducting correspondence or responding to inquiries made using the administrator’s contact details and conducting debt collection activities and complaint handling under art. 6 sec. 1 point (f) GDPR.

In case of concluding a contract with a commercial company or institution, the administrator will process the personal data of persons authorized to represent them and persons indicated for contact only for purposes related to the conclusion, and performance of contracts, and carrying out complaint and debt collection activities. Such processing is the administrator’s legitimate interest under Art. 6 sec. 1 point (f) GDPR. Here, personal data includes identification data, contact details, the position held and other data contained in publicly available registers (e.g. KRS, CEIDG) or provided by the company or institution for the purpose of concluding and performing the contract.

Providing personal data is necessary to conclude and perform the contract.

Your personal data will be processed for the time necessary to perform the contract or the limitation of claims, and to fulfil the legal obligation incumbent on the administrator, in particular those regarding tax and accounting obligations.

Each person is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectify personal data, based on art. 16 GDPR;
  • the right to request the deletion of personal data, based on art. 17 GDPR;
  • the right to request the limitation of the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to transfer personal data only if personal data are processed in an automated manner and on the basis of a contract, based on art. 20 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw, if the employee thinks that the processing of his or her personal data violates the GDPR

In the case of data processing under art. 6 sec. 1 lit. f GDPR, i.e. to implement legitimate interests, the client/contractor may object to data processing.

  • CONTACT/CORRESPONDENCE

Personal data is processed to answer the question asked using the contact form or mail. In such case data processing the legitimate interest of the Administrator pursuant to art. 6 sec. 1 lit. f GDPR.

Providing data is necessary to answer the question asked using the contact form or mail.

Your personal data is processed for the time necessary for the limitation of claims.

Each person is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectify personal data, based on art. 16 GDPR;
  • the right to request the deletion of personal data, based on art. 17 GDPR;
  • the right to request the limitation of the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to transfer personal data only if personal data are processed in an automated manner and on the basis of a contract, based on art. 20 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw, if the employee thinks that the processing of his or her personal data violates the GDPR

In the case of data processing under art. 6 sec. 1 point (f) GDPR, i.e. to implement the legitimate interests of the sender or addressee of correspondence, he or she may object to the processing of data.

  • SHAREHOLDERS:

The administrator processes the following categories of personal data of shareholders or shareholders’ proxies: identification data, address details, contact details and image.

Personal data of shareholders or proxies may be processed for the following purposes:

1) organization of the General Meeting and enabling the exercise of voting rights by authorized persons under art. 6 sec. 1 point (c) of the GDPR,

2) registration and transmission of the General Meeting under Art. 6 sec. 1 point (f) of the GDPR as part of promoting the transparency of the administrator’s operations, and equal access to decisions, and discussions at the General Meeting,

3) exercising the rights and obligations of the shareholder under Art. 6 sec. 1 point (c) GDPR.

Personal data of shareholders or proxies may be made available by the Administrator to:

1) other shareholders if they relate to the administrator’s shareholders under art. 407 § 1 and § 11 of the Commercial Companies Code,

2) the Polish Financial Supervision Authority (“KNF”), under art. 70 point 2 of the Act on public offering and the conditions for introducing financial instruments to an organised trading system and on public companies,

3) an entity processing personal data at the request of the administrator, handling the voting service at the General Meeting.

Personal data of shareholders or proxies in the form of their image registered during the General Meeting will be made available as part of the real-time transmission and publication of the recording on the administrator’s website.

Personal data of shareholders or proxies will be stored for 6 years from the date of their receipt or recording by the administrator.

Each shareholder or proxy is entitled to:

  • the right to access personal data, based on art. 15 GDPR;
  • the right to rectify personal data, based on art. 16 GDPR;
  • the right to request the deletion of personal data, based on art. 17 GDPR;
  • the right to request the limitation of the processing of personal data, without prejudice to the cases referred to in art. 18 sec. 2 GDPR, based on art. 18 GDPR;
  • the right to transfer personal data only if personal data are processed in an automated manner and on the basis of a contract, based on art. 20 GDPR;
  • the right to lodge a complaint to the president of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw, if the employee thinks that the processing of his or her personal data violates the GDPR

In terms of personal data processed under art. 6 sec. 1 point (f) GDPR, the shareholder or his representative may object to the processing of personal data under art. 21 GDPR.

The personal data of the shareholder or proxy may be taken from:

1) the system of the National Depository for Securities S.A. if they concern the administrator’s shareholder,

2) the principal in the case of a power of attorney granted when it relates to the shareholder’s proxy.

Providing personal data by a shareholder or a proxy is necessary for the purpose set out above, to prepare and submit to the PFSA [KNF], or to another shareholder, a list of persons authorized to take part in the General Meeting and to verify one’s right to participate in the General Meeting.

3. Transfer of personal data outside the European Economic Area:

The employee’s personal data may be transferred outside the European Economic Area only in the case of business trips. Here, the administrator will ensure the protection of personal data, in particular by signing applicable contracts, and will ensure the possibility of exercising the right to obtain a copy of the data or information on the place where the data is made available.

In cases not listed above, personal data is not transferred outside the European Economic Area or to international organizations.

4. Profiling:

Personal data is not used in the processes of automated decision making, in particular automatic profiling.

5. Recipients of personal data:

Personal data may be made available to state authorities in connection with their proceedings under applicable law.

In the remaining scope, access to personal data is also available to trained and authorized employees or associates of the Administrator, including entities providing services in personal and property protection, legal, advisory, IT, accounting, courier or postal services, auditing, programming and insurance services.

6. Contact information for the data protection officer:

In case of any questions or comments about the processing of personal data, in particular, to exercise your rights, please contact the data protection officer, Mr Tomasz Cygan, e-mail: IODO_grupakety@grupakety.com, tel. 0 694 429 337 or send a message by post to the administrator’s address.

 

 

 

Ważne: strona wykorzystuje pliki cookies.

Używamy informacji zapisanych w plikach cookies m.in. w celach statystycznych oraz w celu dopasowania serwisu do indywidualnych potrzeb użytkownika. W programie służącym do obsługi internetu możesz zmienić ustawienia dotyczące akceptowania plików cookies.

Korzystanie ze strony bez zmiany ustawień dotyczących plików cookies oznacza, że będą one zapisane w pamięci urządzenia. Więcej informacji, wraz ze wskazówkami dotyczącymi zmiany ustawień, można znaleźć w Polityce prywatności

Zamknij i nie pokazuj więcej tego komunikatu