Privacy policy

Please note that the personal data administrator is Krzysztof Sutowski, running a business under the name REGALUX Krzysztof Sutowski with headquarters in Topole, NIP: 7392295932, correspondence address: Topole 40, 89-600 Chojnice. Below you can find information about the principles of personal data processing in our company. In order to ensure the implementation of your rights, please read this Privacy Policy.

 

I. What are personal data?

Personal data is: information about an identified or identifiable natural person to whom the data relates. An identifiable natural person is one who can be identified, directly or indirectly, on the basis of identification data such as name, identification number, location data, internet identifier or one or more factors determining physical, genetic, psychological, economic, cultural or the social identity of a natural person.

 

II. Who we are at GDPR:

Are we an administrator?

The administrator is: a natural or legal public body, an entity or other entity that independently or together with others sets the purposes and means of processing personal data.

His basic duties are:

  • implementation of appropriate technical and organisational measures to process only personal data that are necessary to achieve a specific processing purpose,
  • ensuring the security of personal data processing by pseudonymisation and encryption of personal data, continuous assurance of confidentiality, integrity, availability and robustness of processing systems and services, the ability to quickly restore the accessibility and access to personal data in the event of a physical or technical incident, regularly testing, measuring and evaluating the effectiveness of technical and organisational measures to ensure the security of processing,
  • registering the processing of personal data,
  • cooperation with the supervisory body,
  • reporting a personal data breach to the supervisory body,
  • notify the person whose data violation is about the occurrence of the violation, unless appropriate technical and organisational measures have been implemented, measures to eliminate the likelihood of a high violation of rights and freedoms, or the people whose data have been violated were informed by public communication or in another effective manner
  • appointing an inspector of personal data in the cases provided for in the GDPR

 

III. What kind of data are we processing?

In our company we have the following departments: human resources, accounting, paint shop and mechanical workshop, warehouse, project department, production department, sales department, secretary office.

The individual departments process the following personal data:

The human resources department processes the following personal data:

  • Recruitment of employees - identification data, address data, data on education, work experience.
  • Employed employees - data on the scope of duties, absences (holidays, sick leave, rehabilitation, training and other), rate of pay, penalties and prizes, and other data required in accordance with the Labor Code,
  • Reporting employees and their family members to the Social Security Office, updating applications and providing data on redundancies

The accounting department processes the following personal data:

  • personal data of employees and companies processed in the Optima program

The paint shop and mechanical workshop department processes the following personal data:

  • personal data of contractors, suppliers and recipients of goods processed in the Optima program,

The warehouse processes the following personal data:

  • personal data of contractors, suppliers and recipients of goods processed in the Optima program

The project department processes the following personal data:

  • personal data of contractors, suppliers and recipients of goods processed in the Optima program

The sales department processes the following personal data:

  • personal data of clients and service providers, personal data of clients processed in the Optima program, personal data of employees

The secretary office processes the following personal data:

  • personal data of clients, employees and contractors

 

IV. How do we process personal data?

The HR department of our company processes personal data in the following way:

  • Recruitment of employees - identification data, address data, data on education, workflow.
  • Employed employees - data on the scope of duties, absences (holidays, sick leave, rehabilitation, training and other), rate of pay, penalties and prizes, and other data required in accordance with the Labor Code,
  • Reporting employees and their family members to the Social Security Office, updating applications and providing data on redundancies

The accounting department of our company processes personal data in the following way:

  • Entering invoices to the accounting programme,
  • Accounting,
  • Making transfers,
  • Settlement of the delegation,
  • Collection and storage of accounting documents and other documentation,

Our company's painting shop and technical workshop processes personal data in the following way:

  • Access to phone numbers, emails, (private, which I received from employees voluntarily).
  • Contact by phone, text and email with employees.
  • Access to employees' personal files.
  • Creation of attendance lists, settlement of working time, filling in holiday applications, accepting sick leave
  • Personal information received in the form of an inquiry from the customer, processing it as part of the preparation of the offer, issuing a GM (data such as telephone numbers, emails, address details, tax identification number, Regon).

Our company's project department processes personal data in the following way:

  • Access to telephone numbers, employee emails
  • Contact by phone, text and email with employees.
  • Access to employees' personal files.
  • Creation of attendance lists, settlement of working time, filling in holiday applications, accepting sick leave.
  • Personal information received in the form of an inquiry from the customer, processing it as part of the preparation of the offer, issuing a GM (data such as telephone numbers, emails, address details, tax identification number, Regon).

Our company's warehouse processes personal data in the following way:

  • Access to telephone numbers, employees’ emails
  • Contact by phone, text and email with employees.
  • Access to employees' personal files.
  • Creation of attendance lists, settlement of working time, filling in holiday applications, accepting sick leave.
  • Personal information received in the form of an inquiry from the customer, processing them as part of the preparation of the offer, issuing a GM (data, i.e., telephone numbers, e-mails, address data, NIP, Regon numbers).

The production and assembly department processes personal data in the following way:

  • Access to phone numbers, emails,
  • Contact by phone, text and email with employees.
  • Access to employees' personal files.
  • Creation of attendance lists, settlement of working time, filling in holiday applications, accepting sick leave.
  • Personal information received in the form of an inquiry from the customer, processing them as part of the preparation of the offer, issuing a GM (data, i.e., telephone numbers, e-mails, address data, NIP, Regon nmbers).

The sales department processes personal data in the following way:

  • contact by phone, email with contractors,
  • issuing offers from clients,
  • receiving inquiries from customers,
  • forwarding inquiries from clients inside the sales department or directly to other departments

The secretary office processes personal data in the following way:

  • Conducting traditional and electronic correspondence in Polish and foreign languages ​​as well as recording incoming and outgoing letters in the correspondence journal.
  • Accepting and providing information to clients and conducting telephone conversations in Polish and foreign languages.
  • Keeping a meeting schedule, notifying about meetings of interested people and running a database of addresses.
  • Organising the flow of information and documents between the employer and company departments.

Based on the actual data processing activities we have created, the Registry of processing activities.


 

V. On what kind of basis do we process personal data?

Most of the data we process is based on consents to the processing of data received from the personal data subjects.

In other cases, the option of data processing is based on a clear provision of the law or on the right to implement or protect legitimate business interests.

 

VI. What is the purpose of personal data processing?

Personal data is processed for the purpose of entering into and performing contracts, fulfilling the legitimate interests of the administrator and fulfilling the legal obligations incumbent on the administrator.

 

VII. What documents do we use for the protection of personal data?

The basic document in the field of personal data protection is this document containing the basic assumptions of the Personal Data Protection Policy. In addition, we use a number of other procedures in accordance with the requirements set by law, which are designed to protect the personal data we provide to us and minimise the risk of unauthorized access to users' data and the risk of disclosure.

The personal data protection policy is determined by the data controller in consultation with the management of individual departments of the company. In order of our activities to be transparent, we have published this Policy describing the principles of processing personal data on the main website. Each of our clients can read them and submit their comments to us through the Personal Data Protection Inspector. This is a very important person, we write about him below.

Additionally, in order to maintain the consistency of procedures, we also apply in-company regulations and a number of clauses in contracts with contractors.

 

VIII. What are the rights of the people whose data we process?

All people whose data we process have certain rights. They can be implemented in particular through the administrator or data protection officer. These rights include:

  • the right to access the content of your personal data, i.e. the right to obtain confirmation whether the administrator processes data and information regarding such processing,
  • the right to rectify data if the data processed by the administrator is incorrect or incomplete,
  • the right to request the administrator to delete data,
  • the right to request the administrator to restrict data processing,
  • the right to data transfer, that is the right to receive personal data provided to the administrator and to send it to another administrator,
  • the right to object to the processing of data based on the legitimate interest of the administrator or to the processing for the purpose of direct marketing,
  • the right to withdraw consent at any time (without affecting the legality of the processing, which was made on the basis of consent before its withdrawal),
  • the right to obtain intervention from the administrator, expressing their own position and to challenge the decision based on automated data processing.

In addition, in case of suspected violations of data processing, the data subjects have the right to lodge a complaint with the Polish supervisory body or supervisory body of another European Union Member State competent for the place of habitual residence or work of the data subject or for reasons of place of alleged violation of the GDP.


 

IX. The organisational structure of our company in the policy of personal data protection

In our company, we know who has the right to process personal data and we take special care of their protection. For this purpose, we have created an organisational chart that we can not publish here.

 

X. Inspector of Personal Data Protection

The Inspector of Personal Data Protection is an employee of the Administrator or a person performing the tasks of the Inspector on the basis of separate agreements, possessing qualifications and expertise in the field of personal data processing. The inspector deals with, among others informing the administrator, the data processor or their employees about the obligations related to the processing of personal data, and performs advisory functions in this respect, monitors compliance with applicable data protection law, provides recommendations on the effects of personal data protection and controls its performance, and cooperates with supervisory body and is a person with whom the supervisory body should contact in relation to the control of the protection of personal data.

You can contact the Inspector of Personal Data Protection established in our company at the following email address: iod@regalux.pl

return to the main page