PRIVACY POLICY OF CSG CLEANING SOLUTIONS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

 

 DATA CONTROLLER:

Te Controller of your personal data is CSG CLEANING SOLUTIONS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. Komorowicka 39-41, 43-300 Bielsko-Biała, entered in the Register of Entrepreneurs kept by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register under the KRS number: 0000788970, NIP 5242886174, REGON: 383514110.

GENERAL PRINCILPES:

  1. a) This Privacy Policy is a document regulating the principles of personal data processing by

the Controller.

  1. b) The introduction of the Privacy Policy is aimed to help ensure compliance with the GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) personal data processing by the Controller.
  2. c) In connection with the activity conducted by the Controller, your data is collected and processed in accordance with the relevant legal provisions (including the GDPR) based on the applicable principles, such as:
  • Lawfulness. The Controller ensures that the processing of personal data lawful, i.e. art. 6 sec. 1, art. 9 sec. 2 or art. 10 of GDPR,
  • Storage limitation. The Controller ensures that personal data is processed only for the period necessary to achieve the purposes of processing,
  • Fairness and transparency. The Controller ensures the fair and transparent manner of processing of personal data, informs about the processing of personal data at the time of their collection,
  • purpose limitation. The Controller ensures that personal data is collected only for specified, explicit and legitimate purposes,
  • Regularity. The Controller ensures that the personal data processed are correct and, if necessary, updated,
  • data minimization. The Controller ensures that it processes data only to the extent necessary to achieve its processing purpose,
  • The Controller ensures that all Employees, Associates and subcontractors of the Controller comply with the Policy,
  • Integrity and confidentiality. The Controller ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage,
  • Accountability. The Controller, through appropriate technical and organizational measures, provides the ability to demonstrate the compliance of personal data processing with the GDPR and other provisions on Personal Data,
  • Compliance with the principle of continuity. The Controller ensures compliance of the organization’s operation with the requirements of Personal Data protection. For this purpose, it monitors, inter alia, changes in legal provisions, guidelines introduced by national and international data protection authorities, courts and tribunals jurisprudence, and takes into account best market practices in this respect.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES:

The Controller does not transfer your Personal Data to any third country, however, if necessary, the Controller ensures that data transferred gets the appropriate level of protection.

MAKING AVAILABLE AND ENTRUSTING PERSONAL DATA:

The controller makes available your Personal Data to another controller only if one of the conditions referred to in art. 6 sec. 1 or in art. 9 sec. 2 GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC). However, entrusting the Controller with processing of your personal data takes place on the basis of a data processing entrustment agreement or other legal instrument referred to in art. 28 GDPR.

CONTACT:

The Controller provides information to the Data Subjects in writing, or by other means, including, where appropriate, by electronic means. The Controller shall facilitate the exercise of data subject rights under Articles 15 to 22 of GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC).

EXERCISING THE RIGHTS OF DATA SUBJECT:

  • right to request access to, rectification or erasure of personal data, right to obtain a copy of data or right to restriction of processing, as well as to data portability,
  • rise an objection to the processing of personal data,
  • the right to lodge a complaint with a supervisory authority. In Poland, it is the President of the Personal Data Protection Office (Personal Data Protection Office).

 

PERSONAL DATA BREACH:

The Controller ensures that the notification of Personal Data breach will be sent to the Supervisory Authority, unless the personal data breach is unlikely to result in a risk to the rights or freedoms of natural persons. The Controller shall investigate the breach and if any, implements appropriate organizational and technical corrective measures.