Introductory information
This privacy policy has been developed with the security of your personal data in mind. The protection of personal data and all the information being processed or produced is a priority for PGZ Stocznia Wojenna Sp. z o.o.. We are active in many fields, and our tools and software are used by multiple processes, enterprises and entities. We make every effort to provide top quality services. We feel responsible for the security of the personal data we process in doing our business. Our principal objective is to fulfil the information obligation related to the processing of personal data at the highest level and in line with the current regulations, that is the Personal Data Protection Act of 10 May 2018 (Polish Journal of Laws 2019, item 1781) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). This policy is to inform you on the legal grounds for personal data processing, the methods of collecting and using personal data, and the rights of data subjects.
Respecting the right to privacy of persons who entrusted PGZ Stocznia Wojenna Sp. z o.o. with their personal data, including people using our services, our contractors and their employees, and subscribers of the newsletter, we would like to declare that we process the obtained data in accordance with national and European regulations. laws and in conditions that guarantee their safety.
Data Controller
- PGZ Stocznia Wojenna Sp. z o.o. is Data Controller, based in Gdynia, Śmidowicza 48 Street.
- Data Protecion Officer: Paweł Łuczkiewicz, e-mail address: iod@pgzsw.pl; phone number: +48 695 110 402
Obtaining data and the purpose of their processing.
The purpose of processing:
|
Legal grounds and period of personal data storage
|
Legitimate interest:
(article 6 paragraph 1 letter f GDPR):
|
Activities aimed at concluding and implementing a contract with a client or contractor.
|
article 6 paragraph 1 letter b GDPR
(applies to customers);
article 6 paragraph 1 letter f GDPR
(applies to cooperating persons on behalf of the client).
|
The need to contact employees / associates of clients and contractors in connection with actions taken to conclude a contract or its implementation.
|
Consideration of complaints and claims
|
article 6 paragraph 1 letter b, c and f GDPR
For the duration of the contract or until the warranty expires or the complaint is settled.
For the period of limitation of claims under the contract – in accordance with applicable law.
|
Processing data of clients or contractors and their employees / associates in connection with the establishment, investigation of complaints and defense of claims.
|
Keeping accounting and financial reporting.
|
article 6 paragraph 1 letter c GDPR
Until the data storage obligations resulting from legal provisions expire, in particular the storage of accounting documents (as a rule, for 5 years after the year in which the legal event that required the issuance of the accounting document occurred).
|
– |
Conducting marketing activities (including using electronic means of communication).
|
article 6 paragraph 1 letter f GDPR
In the case of marketing using a telephone number or e-mail address, the administrator will obtain consent for the communication channel in accordance with the Act on the provision of electronic services or the Act – Telecommunications Law. Until the objection is raised, i.e. you show us in any way that you do not want to stay in touch with us or receive information about our actions, or until the claims are time-barred.
|
Conducting marketing activities.
|
Monitoring on the premises of the data controller in order to increase the safety of employees and protect property as well as to keep information confidential.
|
article 6 paragraph 1 letter f GDPR
Data processing in connection with the control of access to the data processing area and the security of the property and facilities of the data controller.
Video surveillance with the use of industrial cameras records only the image, including separate communication routes and locations. The recordings are kept for a period not exceeding three months, in particular:
– monitoring of the secretariat (2nd floor, building A-206A) – storage of the recordings for 3 months;
– monitoring of the room in front of the entrance to the secret office (4th floor, building A-206A) – storage of the recordings for a period of 3 months;
– monitoring of the entrance room to the office building (ground floor, building A-206A) – storage of the recordings for a period of 14 days;
– monitoring of the entrance to the IT department rooms (2nd floor, building A-206B) – storage of the recordings for a period of 14 days;
– monitoring of the entrance to the cloakroom (2nd and 3rd floor, building A-210) – storage of the recordings for a period of 3 months;
– monitoring outside the buildings and structures and around the employer’s premises – storing the recordings for 30 days (monitoring and supervision carried out by SUFO for PGZ SW under the concluded contract).
The monitoring of the IT system consists in the use of NVISION software that enables the control of end devices (i.e. monitoring of employees’ activity while working on business computers), network traffic, printouts, e-mail, blocking external media (pendrives), etc., in particular:
– e-mail monitoring – for a period of 30 days;
– monitoring activity in the IT network – for a period of 30 days;
– activity monitoring (data retention – system logs, hardware inventory, license inventory) – for a period of 30 days.
|
Conducting access control for persons residing at the premises of PGZ Stocznia Wojenna is our legitimate goal, and in the case of employees, it results from the law (Article 221 of the Code of Commercial Companies).
|
Data processing on social networks
|
article 6 paragraph 1 letter f GDPR
The data are co-administrated and controlled by PGZ Stocznia Wojenna and the YouTube /LinkedIn portal.
The data will be processed until an objection to data processing is raised. |
Conducting current correspondence using the tools provided by the portal.
|
Processing cookies.
|
article 6 paragraph 1 letter f GDPR
The data will be processed for the periods specified in the cookie policy or until an objection to data processing is raised.
The objection may only be made by changing the end user’s browser settings, which will prevent the collection of information using cookies.
|
Adapting the content of websites to the needs of users, including for marketing purposes, optimizing the use of websites.
|
Keeping statistics
|
article 6 paragraph 1 letter f GDPR
Until another processing operation indicated in this table is carried out. We do not store personal data for statistical purposes only. Having information about the statistics of the activities conducted by the Administrator allows for the improvement of the conducted activity.
|
Streamlining our business with conclusions drawn from statistical activities.
|
Human resource management – employees and associates, including sub-processes:
– reporting data to ZUS (Department for Work and Pensions) and Urzad Skarbowy (the Tax Office)
– a sub-process related to occupational health and safety and health protection
– sub-process related to employment in the license to manufacture and trade in explosives, weapons, ammunition as well as products and technology for military or police purposes
– sub-process of calculating and paying wages
– sub-process of training and participation in conferences
– documentation archiving sub-process
|
article 6 paragraph 1 letter a, b, c and f GDPR;
article 9 paragraph 2 letter b RODO
In accordance with applicable regulations
– employee documents are kept for 50 years;
– documents of costs of examinations of an occupational medicine doctor and costs of periodic training are kept for a period of 5 years, counting from the end of the calendar year in which the tax payment deadline expired;
– Civil law contracts will be kept until the expiry of the limitation periods for the resulting claims;
– payrolls are kept for 50 years.
|
PGZ Stocznia Wojenna collects personal data resulting from:
• from the provisions on the universal duty of defense (including the ordinance of 15 June 2004 on notifying military commanders of supplements on persons subject to compulsory active military service and issuing by employers, schools and other organizational units certificates in matters of universal defense obligation and the regulation of September 21, 2004 on advertising against the obligation to perform active military service in the event of mobilization and during the war;
-
provisions of the Act of June 13, 2019. on the performance of economic activity in the field of production and trade in explosives, weapons, ammunition, as well as products and technology for military or police purposes.
|
Company Social Benefits Fund
Data processing for the purpose of processing applications for social benefits
|
article 6 paragraph 1 letter a, b, c GDPR;
– employee documents are kept for 50 years
– documents regarding applications, data of family members, health condition, incurred expenses and other information necessary to grant the benefit are for a period of 5 years from the end of the calendar year in which the tax payment deadline expired
– payrolls for benefit payment are kept for 50 years
|
|
Keeping internships and practices.
Data processed for the purpose of:
• conclusion and implementation of a contract or agreement concluded with a person or other entity regarding the internship or internship
• fulfillment of the legal obligation and the right related to the internship or internship resulting from the provisions on the internship or internship.
• fulfillment of the obligation resulting from the provisions on taxes and accounting.
• ensuring security, including information security, through access control or monitoring.
|
article 6 paragraph 1 letter a, b, c and f GDPR;
Legal grounds for processing
1) the data is necessary for the conclusion and implementation of the contract or agreement regarding the internship or internship;
2) due to the law:
• the Act of 14 December 2016 Educational Law,
• the Act of 27 July 2005 – Law on Higher Education,
• the Act of 17 July 2009 on graduate internships,
• the act of 20 April 2004 on employment promotion and labor market institutions,
• the Act of August 29, 1997 – Tax Ordinance,
• the act of July 26, 1991 on personal income tax,
• the Accounting Act of September 29, 1994;
3) our legitimate interests;
4) consent of the trainee / apprentice
The data will be stored until the data storage obligations resulting from legal provisions expire, in particular for the storage of tax documents (as a rule, for 5 years after the year in which the legal event that required the issuance of the document occurred).
|
Conducting access control for persons residing at the premises of PGZ Stocznia Wojenna is our legitimate goal. |
Recruitment.
|
article 6 paragraph 1 letter a and c GDPR
(applies to candidates for employees);
article 6 paragraph 1 letter a and b GDPR
(applies to candidates for associates)
At 6 months after the end of the recruitment process and in the case of consent for further recruitment processes no longer than a year.
|
– |
The recipient.
Your data may be transferred to the entities which process personal data on behalf of the Controller, such as PGZ Group companies, IT service providers, marketing agencies, and entities providing advisory, consulting, audit, training, organisational, legal, tax or accounting services. These entities process personal data under a contract made with the Controller and only according to their instructions. In such cases, the third parties are required to maintain the confidentiality and security of the information, and we verify whether they ensure adequate measures for personal data protection. The list of PGZ Group companies is available on www.grupapgz.pl
Your data may also be made available to the entities authorised to acquire them under applicable laws, for example law enforcement authorities. To the extent allowed by applicable laws, we may also make your personal data available to entities involved in debt collection and trading in receivables.
Your personal data made available in the website browsing history are processed under a voluntary consent, by trusted entities, for marketing purposes (which cover automated analysis of your activity on the website, including the placement of Internet flags, such as cookies, on your devices and the readout of such flags); the said data may be made available to our trusted partners
List of trusted partners:
- Google Analytics (for more information and a browser extension for blocking Google Analytics, see: tools.google.com);
- Youtube (more information on www.youtube.com)
Data processing rights and the voluntary nature of their provision
- In accordance with applicable regulations, you have the following rights related to the processing of your personal data by PGZ Stocznia Wojenna, other PGZ Group companies and our trusted partners:
the right of access to your data, including the right to obtain a copy thereof;
- the right to demand rectification;
- the right to erasure (the right to be forgotten);
- the right to lodge a complaint with a supervisory authority competent for personal data protection; in Poland this is the President of the Personal Data Protection Office – https://www.uodo.gov.pl/pl (if you have any comments or doubts, please contact us first);
- the right to restriction of processing;
- the right to object (objection against the processing or direct marketing, including profiling, or a reasoned objection against the processing of data in a legitimate interest of the Controller).
If the data are processed under a consent or within a service (if they are necessary to provide such a service), you may additionally use the following rights:
- the right to withdraw consent. The withdrawal is, without prejudice to the lawfulness of the processing, made under your consent prior to such a withdrawal. If your data are processed under your consent or in order to perform a contract (if they are necessary to provide a service);
- the right of data portability, that is the right to receive your personal data from the Controller, in a structured, commonly used and machine-readable format, in order to transmit those data to another controller.
To exercise the foregoing rights, you must contact us using the Contact tab, complete the appropriate form and send your message to iod@pgzsw.pl
If you demand rectification, erasure or restriction of the processing of your personal data, we will notify the recipients to whom the data have been disclosed, unless it proves to be impossible or would involve a disproportionate effort, and we will additionally identify those recipients upon your request.
For more information on the rights of data subjects, see article 12-23 GDPR.
Are you obliged to provide to PGZ Stocznia Wojenna your personal data?
Providing data is necessary to: conclude contracts and settle the business as well as fulfill the legal requirements by PGZ Stocznia Wpjenna This means that if you want to use the services we offer, become our contractor (supplier) or employee / associate, you are obliged to provide your personal data.
If your employer or another entity has indicated you as a contact person in connection with the conclusion / performance of the contract with PGZ Stocznia Wojenna, your data will be processed to the extent disclosed by this entity (usually name, surname, position, e-mail address and telephone number) . In the remaining scope, providing data is voluntary.
Data transfer to third countries
Your personal data can be transferred to a third country / international organization, to IFS Sri Lanka LTD 501 Galle Road Colombo 06 Sri Lanka – this entity meets the technical and organizational requirements approved in model contractual clauses approved by the European Commission. This entity deals with the service of the ERP system.
Processing of personal data in an automated manner
Your personal data will not be used for the purpose of automated decision-making (including in the form of profiling), that means as a result of such an automated processing, any decisions could be made that would have legal effects or would similarly affect any effects on clients, contractors, their employees or associates, as well as employees or associates of the administrator or job candidates.