Homepage › Privacy policy
As a responsible organisation that is aware that information has a certain value and is a resource that needs to be properly protected, we are keen to keep you duly informed on matters relating to the processing of personal data, especially in view of the content of the new legislation on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“RODO”). Therefore, in this document we provide key information about the legal basis for processing personal data, how it is collected and used, as well as the rights of data subjects.
We would like to inform you that the administrator of your personal data is ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A. with its registered office in Kielce ul. Na Ługach 7, 25-803 Kielce entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Kielce under KRS number 0000991317 , NIP 9542756472, REGON 361937885.
Contact with the Personal Data Protection Inspector is possible at: Sandomierska 105, 25-324 Kielce,
Personal data shall be obtained and processed in the manner and on the terms set out in this Policy.
At ŚWIĘTOKRZYSKA INDUSTRIA S.A. INDUSTRIA INDUSTRIAL GROUP, we attach particular importance to protecting the privacy of our customers, contractors, partners, subcontractors, employees and associates. One of its key aspects is the protection of the rights and freedoms of individuals in relation to the processing of their personal data.
We ensure that the processing of your data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “RODO”), the Act of 10 May 2018 on the protection of personal data, as well as specific provisions (contained, among others, in the Labour Law or the Accounting Act).
ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A is a controller of personal data within the meaning of Art. 4 pt. 7 RODO, we also use the services of processors referred to in Art. 4 pt. 8 RODO – they process personal data on behalf of the controller (these are e.g. IT companies, software providers, security).
ŚWIĘTOKRZYSKA GRUPA PRZEMYSŁOWA INDUSTRIA S.A implements appropriate technical and organisational measures to ensure a degree of security corresponding to the possible risk of infringement of the rights or freedoms of natural persons with different probability of occurrence and seriousness of threat. Our personal data protection measures are based on adopted policies and procedures and regular training to improve the knowledge and competence of our employees and collaborators.
As an employer, we process the data of employees and persons who cooperate with us on a basis other than employment. The contact data we obtain from contractors (e.g. their employees) is used for the conclusion and efficient execution of contracts. We use our customers’ data for the performance of the contract and the provision of our services. We also carry out marketing activities and as part of this we aim to reach the widest possible audience to provide them with up-to-date information about our products and services. We share your data with third parties with your consent or when we are obliged to do so by law.
We take care to protect the interests of data subjects and, in particular, ensure that the data:
We normally process your data on the basis of your consent, which can be withdrawn at any time. Another case is where the processing of your data is necessary for the performance of a contract to which you are a party or to take action at your request, even before the conclusion of the contract.
In some situations, processing is necessary for the fulfilment of a legal obligation incumbent on us as a controller. Such obligations arise, for example, under employment law or the Accounting Act.
Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the assertion of claims from our business activities.
We take appropriate measures to provide you with all relevant information in a concise, clear, understandable and easily accessible form and to conduct all communications with you regarding the processing of your personal data in connection with the exercise of your right to:
In addition, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of the processing carried out before the withdrawal.
To contact us regarding the exercise of the respective right, please contact us via email: iod@sksmkielce.pl
The security of your data is a priority for us, however, if you consider that by processing your personal data we are in breach of the provisions of the RODO, you have the right to lodge a complaint with the President of the Data Protection Authority.
We provide information in writing or by other means, including electronically where appropriate. If you request it, we may provide the information orally, provided that we can confirm your identity by other means. If you communicate your request electronically, where possible the information will also be provided electronically unless you indicate to us another preferred form of communication.
We endeavour to provide information promptly – in principle within one month of receipt of the request.
If necessary, this deadline may be extended by a further two months due to the complexity of the request. However, in any case, we will inform you within one month of receipt of the request about the action taken and (where applicable) about the extension of the deadline, stating the reason for such delay.
We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf. Where we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the RODO and protects the rights of data subjects. We check in detail the entities to whom we entrust the processing of your data. We enter into detailed contracts with them and perform periodic checks on the compliance of the processing operations with the content of such contracts and the law. Your data may be accessed by our subcontractors, in particular carriers, as well as law firms, IT companies, loss adjusters, loss adjustment contractors, auditors, consultants.
We may also transfer your personal data to:
To meet the requirements of the law, we have developed detailed procedures covering issues such as:
We regularly review and update our documentation in order to be able to demonstrate compliance with the requirements of the law in accordance with the principle of accountability formulated in the RODO, but also, for the sake of the interests of the data subjects, we strive to incorporate best market practices.
We keep personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, we either anonymise (de-identify the data) or delete the data. In the retention procedure, we ensure that the retention period of personal data is limited to a strict minimum.
We determine the period of data processing in the first instance on the basis of legal provisions (e.g. retention time for employee records, accounting documents), as well as the legitimate interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.
The retention period of personal data, depends primarily on the purpose for which the data is collected, according to the following criteria:
We shall ensure that any person acting under our authority and having access to your personal data shall only process it on our instructions, unless otherwise required by Union or Member State law