Golden key with its registered office in Warsaw (00-480) at 11/13 Wiejska street, entered in the register of entrepreneurs kept by the District Court of the capital city of Warsaw, XII Economic Division of the National Court Register under the KRS number 0000552455, NIP (Tax Identification Number) 521 369 37 74 hereinafter referred to as Company.
Company has appointed a Data Protection Supervisor available at the address firstname.lastname@example.org Personal data are collected and processed in the manner and under the principles set forth in this Policy.
Company attaches particular importance to the protection of privacy of our customers, contractors and employees. One of its key aspects is the protection of rights and freedoms of natural persons with regard to processing of their personal data.
We ensure that your data is processed pursuant to the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter referred to as GDPR), Personal Data Protection Act, as well as specific provisions (included among others in labour law or the Accounting Act).
Companies of the Group are controllers of personal data within the meaning of Article 4(7) of GDPR; we also employ processors referred to in Article 4(8) of GDPR which process personal data on behalf of the controller (processors are e.g. accounting or IT firms, or real estate agents).
As a Group, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the possible risk of varying likelihood for the rights and freedoms of natural persons. We also develop policies and procedures, as well as organise regular training courses which increase the knowledge and competence of our employees in this field.
What we use your personal data for?
As an employer, we process the data of employees and other persons who work with us on a different basis than employment relationship. Contact data obtained from contractors are used for conclusion and effective execution of contracts as well as provision of services. We also carry out marketing activity by which we try to reach to as many interested persons as possible in order to provide them with up to date information about our products and services.
We disclose your data to third parties with your consent, or if we are obliged to do so under the law.
Principles and grounds for processing your data
We make every effort to protect the interests of data subjects, in particular we ensure that the data are:
- processed lawfully, fairly and in transparent manner with relation to the data subject;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- we take every step to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than it is necessary for the purposes;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss or destruction.
We generally process your data with your consent which may be withdrawn at any time. Another example is when processing of your data is necessary to discharge a contract which you are a party to, or to take action on your request prior to conclusion of a contract.
In certain situations processing is necessary to discharge a legal duty incumbent on us as the controller.
Such duties arise out of the provisions of labour law, the Accounting Act, etc. Processing may also be necessary for purposes resulting from our legally justified interests, for instance pursuing claims in relation to our business activity.
What rights you have
We take appropriate measures to provide any relevant information and any communication, in a concise, transparent, intelligible and easily accessible form, using clear and plain language, relating to the processing of your personal data with regard to the execution of your right:
- to information provided at collecting personal data,
- to information provided on request – about whether the data are processed, and the other matters specified in Article 15 of GDPR, including the right to obtain a copy of the data,
- to rectification of the data;
- to be forgotten;
- to restriction of processing;
- to data portability;
- to object;
- not to be subject to a decision based solely on automated processing (including profiling),
- to information on personal data breach.
With regard to the execution of a particular right, contact us at email@example.com In certain situations processing is necessary to discharge a legal duty incumbent on us as the controller
How we will contact you?
We will provide information in writing or by other means, including, where appropriate, by electronic means. If you request so, we may provide information orally, provided that your identity is proven by other means. If you submit your request by electronic means, information, if possible, will be also provided by electronic means, unless you designate a different preferred form of communication.
When we will grant your request?
We will try to provide information without undue delay, generally within a month of receipt of the request. Where necessary, we will extend this time limit by further two months, taking into account the complexity or the number of the requests. However, in any case, within a month of receipt of the request, we will notify you of actions taken and (where appropriate) of the extension of the time limit, together with the reasons for the delay.
Subcontractors / Processors
In order to cooperate with us, processors who process personal data on our behalf must guarantee that they have implemented appropriate technical and organisational measures so that the processing fulfils the requirements of GDPR and protects the rights of data subjects.
We carefully check the entities whom we entrust the processing of your data. We conclude specific contracts with them, and also carry out periodical inspections for the compliance of the processing operation with the provisions of the contract and legal regulations.
How we care for the processing of your data
In order to meet legal requirements, we have developed detailed procedures covering such issues as:
- data protection by design and by default,
- data protection impact assessment,
- notification of breaches,
- preparation of a record of processing activities,
- data retention,
- execution of the rights of data subjects.
We check and update our documentation on a regular basis in order to be able to comply with the accountability principle defined in GDPR, but we also try to incorporate the best market practice to that principle, taking into account the interests of data subjects.
We keep personal data in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the data are processed. After the lapse of this period, we render the data anonymous (we remove features which permit identification of data subjects) or erase them. The data are erased completely and permanently. The retention procedure ensures that:
- the time of keeping personal data is limited to the absolute minimum,
- the time limit for erasing personal data is set and the criteria for setting that time limit or periodical inspections are established.
We set the data processing time pursuant to legal regulations (e.g. storage time of employment documentation or accounting documents) first and foremost, and also taking into account the justified interests of the controller (e.g. marketing activity). The retention policy encompasses both data on paper or in electronic form.
We ensure that every person authorised by us and having access to your personal data process the data solely on our instruction, unless other requirements arise out of the law of the European Union or a member state.
“Cookie” files are small files saved onto your computer where settings and other information used on the web pages which you have visited are kept. “Cookie” files may contain website settings or be used to track users’ interactions with the website. We use “cookie” files to adjust the content of our web page to your preferences, and to optimise the usage of web pages and perform actions allowing for maintaining security.