Policy: the above policy for the processing of personal data in PRAGMATOR Dariusz Pałęcki, ul. Ryżowa 84/86 m.4, 02-495 Warszawa
Administrator: PRAGMATOR Dariusz Pałęcki, ul. Ryżowa 84/86 m.4, 02-495 Warszawa
Personal data: information about an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of a natural person.
GPDR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection) .
Data subject : any natural person whose personal data is processed by the Administrator in connection with its activities, e.g. a person going to restricted access zones in the Administrator's locations, a person with whom the Administrator is bound by a contractual contract or sending an inquiry to him in the form of an e-mail.
INFORMATION ON THE PROCESSING OF PERSONAL DATA BY THE ADMINISTRATOR
The Personal Data Administrator collects and processes personal data in accordance with applicable law, in particular with the GDPR for the purpose of conducting business activity.
The administrator adheres to the principle of ensuring transparency (transparency) of personal data processing. Data subjects are informed about the processing of data at the latest at the time of their collection, in addition, they are informed of the purpose and legal basis of their processing - e.g. when concluding a contract for the sale of goods or services.
The administrator makes sure that the principle of personal data minimization is respected in the company. The data is collected to the extent necessary for the indicated purpose of processing, and processed only for the minimum retention period. In order to speed up and improve the service of its customers, the Administrator obtains personal data from them that are not necessary, for example, to perform the contract concluded with them - such as a telephone number or e-mail, only with their consent, and before collecting such data, it informs customers about their voluntary submission.
The administrator ensures an appropriate level of security and confidentiality of the personal data processed by him. In the event of an incident related to the security of personal data, the Administrator informs the data subjects of such an event in a manner consistent with the law.
CONTACT ON MATTERS RELATED TO PERSONAL DATA PROTECTION
In matters related to personal data, you can contact the Administrator using the following e-mail address:
SECURITY OF PERSONAL DATA
The procedures introduced by the Administrator ensure an appropriate level of confidentiality and integrity of the personal data processed by him. Only properly trained and authorized persons have access to personal data. The administrator uses organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
The administrator takes the necessary steps when selecting processors and other subcontractors to ensure that the level of protection of personal data at these entities is sufficient.
The administrator conducts a risk analysis on an ongoing basis and monitors the adequacy of the data security applied to the identified threats. If necessary, the Administrator implements additional measures to increase data security.
OBJECTIVES AND LEGAL BASIS FOR DATA PROCESSING BY THE ADMINISTRATOR
The administrator uses the contact details provided by customers (e-mail address, telephone number) in order to implement the contracts concluded with them - running a Virtual Grave (www.virtualgrave.eu). These data may also be used for marketing purposes (informing about new products or services), but only after prior consent for contact for such purpose.
All personal data contained in both traditional and electronic correspondence and collected by telephone contact addressed to the administrator in matters not related to the provision of the service to the sender are processed only for the purpose of communication with the sender of the message. In this case, the provision of certain data is required by the Administrator only when it is necessary for the above purpose, and failure to provide such data results in the inability to settle the matter. In the above case, the legal case of data processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in conducting correspondence addressed to him in connection with the conducted business activity.
The administrator ensures that the amount of data processed in correspondence is consistent with the principle of data minimialization and that only authorized persons have access to it.
Collection of data in connection with the provision of services or the performance of other contracts
If data is collected for purposes related to the performance of a specific contract, the Administrator provides the data subject with detailed information on the processing of his personal data at the time of concluding the contract.
Collection of data in other cases
In connection with the conducted activity, the Administrator collects personal data also in other cases - e.g. during business meetings, at industry events or by exchanging business cards - for purposes related to establishing and maintaining business contacts. Personal data is provided in such cases voluntarily. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in creating a network of contacts in connection with the conducted activity.
Dane osobowe zebrane w takich przypadkach przetwarzane są wyłącznie w celu dla jakiego zostały zebrane, a Administrator zapewnia ich odpowiednią ochronę.
Personal data may be disclosed to competent authorities or third parties if, when requesting disclosure of such information, they refer to an appropriate legal basis and it will be in accordance with applicable law.
PERIOD OF PROCESSING OF PERSONAL DATA
The period of data processing by the Administrator depends on the purpose of data processing.
If the basis for data processing is necessary to conclude and perform the contract, personal data will be processed until its completion. If the processing is based on consent, personal data is processed until its withdrawal.
Provisions of law
In the event that the legal basis is a law, the period of personal data processing also results from specific provisions.
The legitimate interest of the Administrator
In the case of data processing on the basis of the legitimate interest of the Administrator, personal data is processed for a period enabling its implementation or until an effective objection to data processing is raised.
Protection against claims
The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, and after this period, only if and to the extent that it will be required by law.
In the event of the expiry of the retention period, personal data is immediately deleted or anonymized.
RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
Rights of data subjects
Data subjects have the following rights:
- The right to information about data processing - on this basis, the person making such a request, the Administrator provides information about the processing of his personal data, including in particular about the purposes and legal grounds for processing, the scope of data held, entities to whom they are disclosed and the planned date of their removal;
- The right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data relating to the person making the request;
- The right to rectify – the Administrator is obliged to remove any inconsistencies or errors in the processed personal data and to supplement them if they are incomplete;
- The right to delete data – on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which they were collected;
- The right to limit data processing – in the event of such a request, the Administrator ceases to perform operations on personal data, with the exception of operations to which the data subject has consented and their storage, in accordance with the adopted retention rules or until the reasons for limiting data processing cease ( e.g. a decision of the supervisory authority will be issued, allowing for further data processing);
- The right to transfer data – on this basis, to the extent that personal data are processed in connection with the concluded contract or consent, the Administrator will issue personal data provided by the data subject in a computer-readable format. It is also possible to request that this data be sent to another entity - provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity;
- The right to object to the processing of data for marketing purposes –the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
- The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data on the basis of the Controller's legitimate interest (e.g. for analytical or statistical purposes or for reasons related to the protection of property). The objection in this respect should contain a justification;
- The right to withdraw consent –if personal data are processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn;
- Right to complaints – if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office for Personal Data Protection.
Reporting requests related to the implementation of rights
An application regarding the exercise of the rights of data subjects may be submitted:
- in writing by traditional mail to the address PRAGMATOR Dariusz Pałęcki, ul. Ryżowa 84/86 m.4, 02-495 Warszawa
- by e-mail on the contact page
The answer to the application should be given within one month of its receipt. If it is necessary to extend this period, the Administrator informs the applicant about the reasons for such extension.