PRINCIPLES OF PERSONAL DATA PROTECTION
IN THE PODLASKA REGIONAL DEVELOPMENT FOUNDATION
We would like to inform that the Podlaska Regional Development Foundation based in 15-073 Bialystok, Starobojarska 15 street, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Białystok, 12th Commercial Division of the National Court Register under number: 0000051191, tax identification number: 542-10-07-427, REGON number: 050309431 (hereinafter referred to as „PODLASKA REGIONAL DEVELOPMENT FOUNDATION”, PFRR or „Administrator”), from 25 May 2018 it processes personal data in accordance with the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (Official Journal of the European Union 2016.119.1) on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC hereinafter referred to as the „RODO Regulation” or „RODO / GDPR” and the Personal Data Protection Act of May 10, 2018. (Journal of Laws of 2018, item 1000, as amended).
All inquiries and applications regarding the protection of personal data in the Podlaska Regional Development Foundation should be sent to the e-mail address iod@pfrr.pl.
1. The PFRR processes personal data in accordance with the law, and only in cases where at least one of the conditions set out in Article 6 para. 1 of the RODO Regulation, in particular:
1.1. the data subject has given his or her consent;
1.2 processing is necessary for the performance of the contract;
1.3. processing is necessary to fulfil the legal obligation of the administrator;
1.4. processing is necessary to protect the vital interests of the data subject or another natural person;
1.5. processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party.
2. In the processing of personal data, PFRR applies the following rules:
2.1. reliability and transparency – personal data are processed in a transparent manner for the data subject, and the person has the opportunity to view their data and receives information about the purposes and rules of processing at the time of obtaining personal data, as well as information about their rights related to the processing of personal data;
2.2. goal limitation – the collection and processing of data takes place only for specific, explicit and legitimate purposes;
2.3. data minimization – the data being processed is adequate to the purpose it is used for, therefore data that may be considered redundant or unnecessary is not processed;
2.4. correctness – PFRR makes all efforts to ensure that the data processed is in accordance with the actual state of affairs, and the persons whose data is processed have an unrestricted right to inspect such data and to supplement or correct it;
2.5. limitation of storage – personal data is stored only during the period necessary to achieve the objectives, and after this period they are permanently deleted;
2.6. integrity and confidentiality – PFRR applies technical and organizational security measures, which protect data against accidental or unlawful disclosure, as well as protect them against accidental or illegal removal or modification;
2.7. accountability – PFRR documents the process of personal data processing.
3. Persons whose data is processed are entitled to the following rights, unless they are restricted by other legal provisions or make it impossible to achieve the objective to which they apply:
- 1. the right to information carried out at the moment of obtaining data and during the processing;
- 2. the right to access personal data;
- 3. the right to correct (rectify) personal data;
- 4. the right to limit the processing of personal data;
- 5. the right to object to the processing of personal data;
- 6. the right to delete personal data (the right to be forgotten);
- 7. the right to transfer personal data;
- 8. the right not to be profiled;
- 9. the right to file a complaint to the President of the Personal Data Protection Office.
4. In the processing of personal data, PFRR may use the services of other entities (also located in third countries) that process personal data on its behalf. The processing of personal data is entrusted only to entities that guarantee their security in accordance with the requirements of law and safety standards in force in the PFRR.
5. In order to ensure the security of personal data, PFRR applies technical and organizational security measures that protect data against accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed and that may, in particular, lead to physical damage, property or non-property damage, in particular by:
- 1) appointing the Data Protection Officer;
- 2) processing of personal data only by authorized persons; having knowledge of security principles and obligations resulting from the RODO Regulation;
- 3) use of computer hardware, software, ICT infrastructure equipped with safeguards ensuring the ability to continually ensure the confidentiality, integrity, availability and resilience of processing systems and services and the ability to quickly restore the accessibility and access to personal data in the event of a physical or technical incident.
6. Each time prior to the processing of personal data, as well as periodically, the processing processes are reviewed and the effects for data protection and the risk of possible violation of the rights and freedoms of persons in connection with data processing are assessed.
7. Depending on the results of the above-mentioned analysis, PFRR undertakes appropriate measures to minimize risk and improve the security system.
8. Personal data processing techniques involving the profiling of a natural person will not be applied to personal data processed by PFRR.
9. CUSTOMER DATA
9.1. Personal data of clients, that is, recipients of PFRR services, are processed in order to execute concluded agreements or to implement statutory objectives of the PFRR. The legal basis of the processing is:
- the contract concluded between PFRR and the client in the mode of art. 6 par. 1 letter b of the general regulation on the protection of personal data (RODO / GDPR).
- the consent given by the client in the mode of art. 6 par. 1 letter a of the general regulation on the protection of personal data (RODO / GDPR).
9.2. Recipients of this personal data are entities authorized under applicable law and entities providing services on behalf of PFRR, based on entrusted data processing agreements (also located in third countries).
9.3. The personal data of clients are processed in the period necessary to fulfil the obligations imposed on the PFRR by law and during the period necessary to establish, assert or defend claims arising from the concluded contracts.
9.4. Providing personal data is voluntary, but necessary to fulfil the obligations arising from the contract.
9.5. PFRR does not use customer data for automated decision-making, including the so-called profiling.
10. DETAILS OF NEWSLETTER RECIPIENTS
10.1 The personal data of the information bulletin recipients (also called „newsletter”) are processed in order to provide recipients with information about PFRR products and services, including news, special offers, events organized by PFRR or events in which our company is involved or is responsible for promotion.
10.2. The legal basis for the processing of personal data is the consent of the newsletter recipient expressed in the mode of art. 6 par. 1 letter a of the general regulation on the protection of personal data (RODO / GDPR).
10.3. Recipients of personal data are entities authorized under applicable law and entities providing services on behalf of PFRR, based on data processing agreements (also located in third countries).
10.4. The personal data of the newsletter recipients are processed in a period enabling the delivery of information or until cancellation, i.e. the withdrawal of the consent by the recipient, which may be done by clicking on the appropriate link at the bottom of the newsletter. In addition, data may be processed during the period necessary to establish, investigate or defend claims.
10.5. Providing personal data is voluntary, but necessary for the correct provision of information in electronic form.
10.6. The personal data of the newsletter recipients are not used for automated decision making, including the so-called profiling.
10.7 Regulations for the use of the PFRR newsletter are available at: https://pfrr.pl/newsletter/
Polish version of Privacy Policy: https://pfrr.pl/polityka-prywatnosci/