Privacy policy

Data privacy and cookie policy

I. About us

As a responsible organisation that is aware that information has a certain value and is a resource that needs to be properly protected, we are keen to keep you duly informed on matters relating to the processing of personal data, especially in view of the content of the new legislation on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“RODO”). Therefore, in this document we provide key information about the legal basis for processing personal data, how it is collected and used, as well as the rights of data subjects.

We would like to inform you that the administrator of your personal data is ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. with its registered office in Kielce ul. Na Ługach 7, 25-803 Kielce entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Kielce under KRS number 0000991317 , NIP 9542756472, REGON 361937885.

Contact with the Personal Data Protection Inspector is possible at: Sandomierska 105, 25-324 Kielce,

Personal data shall be obtained and processed in the manner and on the terms set out in this Policy.

II. General provisions

At ŚWIĘTOKRZYSKA INDUSTRIA S.A. INDUSTRIA INDUSTRIAL GROUP, we attach particular importance to protecting the privacy of our customers, contractors, partners, subcontractors, employees and associates. One of its key aspects is the protection of the rights and freedoms of individuals in relation to the processing of their personal data.

We ensure that the processing of your data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “RODO”), the Act of 10 May 2018 on the protection of personal data, as well as specific provisions (contained, among others, in the Labour Law or the Accounting Act).

ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A is a controller of personal data within the meaning of Art. 4 pt. 7 RODO, we also use the services of processors referred to in Art. 4 pt. 8 RODO – they process personal data on behalf of the controller (these are e.g. IT companies, software providers, security).

ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A implements appropriate technical and organisational measures to ensure a degree of security corresponding to the possible risk of infringement of the rights or freedoms of natural persons with different probability of occurrence and seriousness of threat. Our personal data protection measures are based on adopted policies and procedures and regular training to improve the knowledge and competence of our employees and collaborators.

III. What we use your personal data for

As an employer, we process the data of employees and persons who cooperate with us on a basis other than employment. The contact data we obtain from contractors (e.g. their employees) is used for the conclusion and efficient execution of contracts. We use our customers’ data for the performance of the contract and the provision of our services. We also carry out marketing activities and as part of this we aim to reach the widest possible audience to provide them with up-to-date information about our products and services. We share your data with third parties with your consent or when we are obliged to do so by law.

IV. On what terms and on what basis we process your data

We take care to protect the interests of data subjects and, in particular, ensure that the data:

  • processed lawfully, fairly and in a transparent manner for the data subject,
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes,
  • adequate, relevant and limited to what is necessary for the purposes for which they are processed,
  • accurate and, where necessary, kept up to date. We take steps to ensure that personal data which is inaccurate in the light of the purposes for which it is processed is promptly erased or rectified,
  • kept in a form which permits identification of the data subject for no longer than is necessary for the purposes of the processing,
    processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss or destruction.

We normally process your data on the basis of your consent, which can be withdrawn at any time. Another case is where the processing of your data is necessary for the performance of a contract to which you are a party or to take action at your request, even before the conclusion of the contract.

In some situations, processing is necessary for the fulfilment of a legal obligation incumbent on us as a controller. Such obligations arise, for example, under employment law or the Accounting Act.

Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the assertion of claims from our business activities.

V. What rights do you have

We take appropriate measures to provide you with all relevant information in a concise, clear, understandable and easily accessible form and to conduct all communications with you regarding the processing of your personal data in connection with the exercise of your right to:

  • information provided when personal data is collected,
  • information provided on request – whether data is being processed, and
  • other matters set out in Article 15 of the RODO, including the right to a
  • copy of the data,
  • rectification of data,
  • to be forgotten,
  • restriction of processing,
  • data portability,
  • to object,
  • not to be subject to a decision based solely on automated processing (including profiling),
  • data breach notification.

In addition, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of the processing carried out before the withdrawal.

To contact us regarding the exercise of the respective right, please contact us via email: iod@sksmkielce.pl

The security of your data is a priority for us, however, if you consider that by processing your personal data we are in breach of the provisions of the RODO, you have the right to lodge a complaint with the President of the Data Protection Authority.

VI. How we will contact you

We provide information in writing or by other means, including electronically where appropriate. If you request it, we may provide the information orally, provided that we can confirm your identity by other means. If you communicate your request electronically, where possible the information will also be provided electronically unless you indicate to us another preferred form of communication.

VII. By what date will we comply with your request

We endeavour to provide information promptly – in principle within one month of receipt of the request.

If necessary, this deadline may be extended by a further two months due to the complexity of the request. However, in any case, we will inform you within one month of receipt of the request about the action taken and (where applicable) about the extension of the deadline, stating the reason for such delay.

VIII. Subcontractors/processors

We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf. Where we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the RODO and protects the rights of data subjects. We check in detail the entities to whom we entrust the processing of your data. We enter into detailed contracts with them and perform periodic checks on the compliance of the processing operations with the content of such contracts and the law. Your data may be accessed by our subcontractors, in particular carriers, as well as law firms, IT companies, loss adjusters, loss adjustment contractors, auditors, consultants.

We may also transfer your personal data to:

  • to entities and authorities authorised to process your personal data by law,
  • to banks in case of the need to conduct settlements,
  • to companies providing consultancy services,
  • to system and software providers,
  • entities providing hosting services,
  • transport companies, suppliers,
  • cloud service providers

IX. How we take care of the processing of your data

To meet the requirements of the law, we have developed detailed procedures covering issues such as:

  • data protection by design and data protection by default,
  • data protection impact assessment,
  • breach notification,
  • keeping records of data processing activities,
  • data retention,
  • realisation of data subjects’ rights.

We regularly review and update our documentation in order to be able to demonstrate compliance with the requirements of the law in accordance with the principle of accountability formulated in the RODO, but also, for the sake of the interests of the data subjects, we strive to incorporate best market practices.

X. Data retention

We keep personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, we either anonymise (de-identify the data) or delete the data. In the retention procedure, we ensure that the retention period of personal data is limited to a strict minimum.

We determine the period of data processing in the first instance on the basis of legal provisions (e.g. retention time for employee records, accounting documents), as well as the legitimate interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.

The retention period of personal data, depends primarily on the purpose for which the data is collected, according to the following criteria:

  • the period of execution of the cooperation agreement/order – in case of data processing for the purpose of concluding and executing a cooperation agreement,
  • the period necessary for processing a filed complaint – in case of data processing for the purpose of handling a filed complaint,
  • until a dispute is resolved / the parties are settled, taking into account the relevant periods of limitation of claims – in case of data processing for the purpose of asserting claims and taking action of a vindicatory nature,
  • until the moment of lodging an objection – in case of data processing for the purpose of measuring the level of satisfaction among the Administrator’s clients and direct marketing (sending commercial information).

XI. Mandates

We shall ensure that any person acting under our authority and having access to your personal data shall only process it on our instructions, unless otherwise required by Union or Member State law

XII. Cookies

  1. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website from which they originate, the time of storing them on the terminal equipment and a unique number.
  2. The entity placing cookies on the terminal equipment of a Service User and gaining access to them is the owner of the service.
    The mechanism of cookies is not used to obtain any information about service users or to track their navigation. Cookies used on the website do not store any personal data or other information collected from users and are used for statistical purposes.
  3. By default, the web browsing software (browser) allows cookies on the User’s device on which it is running. In most cases, you can configure your browser software to block cookies automatically. The configuration of the handling of cookies can be found in the settings of the software (web browser). Please note that the setting of restrictions on the handling of cookies may affect the operation of certain functionalities of the website.
  4. Cookies are used for:
  • adapting the content of the Website pages to User preferences and optimising the use of the websites; in particular, these files allow for recognition of the Website User’s device and appropriate display of the website, adapted to his/her individual needs,
  • creation of statistics which help to understand how users of the Website use websites, which enables improvement of their structure and content,
  • maintaining a session of a User of the Website (after logging in), thanks to which a User does not have to re-enter his/her login and password on each sub-page of the Website,
  1. The Website uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files that are stored on the User’s terminal equipment until they log off, leave the website or switch off the software (web browser). “Persistent” cookies are stored on the User’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the User.
  2. The following types of cookies are used within the Service:
  • “necessary” cookies to enable the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website,
  • cookies used to ensure safety, e.g. used to detect misuse of the Website’s authentication; ◦ “performance” cookies, making it possible to collect information on how the Website’s pages are used,
  • “functional” cookies, enabling “remembering” the User’s selected settings and personalising the User’s interface, e.g. with regard to the chosen language or region of origin of the User, font size, web page layout, etc.
  1. The owner of the website informs that the website contains links to other websites. The owner of the service recommends reading the privacy policies applicable there, as he/she is not responsible for them.
  2. A description of technical and organisational security measures is included in the Service Owner’s Security (Personal Data Protection) Policy.
  3. Data collected from users during the registration process are protected by SSL protocol and by the service access authentication mechanism.
We value your privacy

The website uses cookies to provide its services in accordance with the Cookies Policy. You can specify the conditions for storing or accessing cookies in your browser.