REGULATIONS ON THE PROTECTION OF PERSONAL DATA OF USERS OF ADVY LLC
1. Terms and definitions.
1.1. Personal data is any information
pertaining to a specific or defined
on the basis of such information to an individual (subject
personal data), including his last name, first name,
patronymic, year, month, date and place of birth, address, address
email, phone number, family,
social, property status, education,
profession, income, other information.
1.2. Processing of personal data - actions
(operations) with personal data, including collection,
systematization, accumulation, storage, clarification
(updating, changing), use, distribution (in
including transmission), depersonalization, blocking.
1.3. Confidentiality of personal data -
mandatory for compliance with the designated responsible
person who has access to personal data,
the requirement not to allow their distribution without the consent
subject or other legal basis.
1.4. Dissemination of personal data - actions,
aimed at the transfer of personal data
a certain circle of persons (transfer of personal data)
or to get acquainted with personal data
an unlimited number of persons, including disclosure
personal data in the media,
placement in information and telecommunication networks
or providing access to personal data to any
or otherwise.
1.5. Use of personal data - actions
(operations) with personal data performed for the purpose of
making decisions or taking other actions,
giving rise to legal consequences in relation to
personal data subjects or otherwise
affecting their rights and freedoms or the rights and freedoms
other persons.
1.6. Blocking personal data - temporary
cessation of collection, systematization, accumulation,
use, dissemination of personal data, including
number of transmissions.
1.7. Destruction of personal data - actions, in
as a result of which it is impossible to restore the content
personal data in the information system
personal data or as a result of which
material carriers of personal data are destroyed.
1.8. Depersonalization of personal data - actions, in
as a result of which it is impossible without the use
additional information identify ownership
personal data to a specific subject.
1.9. Publicly available personal data - personal
data, access of an unlimited circle of persons to which
provided with the consent of the subject or to which in
does not apply under federal law.
confidentiality requirement.
1.10. Information - information (messages, data)
regardless of the form in which they are presented.
1.11. User (subject of personal data) —
natural person, consumer of the services of ADVY LLC, hereinafter
"Organization".
1.12. Operator - state body, municipal
body, legal or natural person, independently
or jointly with other persons organizing and (or)
processing personal data, as well as
determining the purposes of processing personal data, composition
personal data to be processed, actions
(operations) performed with personal data. AT
within the framework of these Regulations, the Operator is recognized
Limited Liability Company "ADVY";
2. General provisions.
2.1. This Regulation on the processing of personal
data (hereinafter referred to as the Regulation) was developed in accordance with
the Constitution of Poland, the Civil Code of Poland,
Federal Law "On information, information
technologies and information protection", Federal Law
152-FZ "On Personal Data", other federal
laws.
2.2. The purpose of developing the Regulations is to determine the order
processing and protection of personal data of all
Users of the Organization whose data is subject to
processing, based on the authority of the operator; security
protection of the rights and freedoms of man and citizen in the processing
his personal data, including the protection of rights to
privacy, personal and family
secrecy, as well as establishing the responsibility of officials
individuals who have access to personal data
failure to comply with the requirements of the rules governing the processing and
protection of personal data.
2.3. The procedure for putting into effect and changing the Regulations.
2.3.1. This Regulation shall enter into force from the moment of its
approval by the Director General of the Organization and
is valid indefinitely, until it is replaced by a new Regulation.
2.3.2. Changes to the Regulations are made on the basis of
Orders of the General Director of the Organization.
3. Composition of personal data.
3.1. The composition of personal data of Users includes
including:
3.1.1. Full Name.
3.1.2. Date of Birth.
3.1.3. Place of Birth.
3.1.4. Passport data.
3.1.5. Registration address.
3.1.6. E-mail address.
3.1.7. Phone number (home, cell).
3.2. Organizations can create (are created,
collected) and stored the following documents and information, in
including in electronic form, containing data on
Users:
3.2.1. Questionnaire (profile), User's Personal Account.
3.2.2. Application for registration - an individual.
3.2.3. Agreement (public offer).
3.2.4. Confirmation of accession to the contract.
3.2.5. Copies of identification documents, as well as
other documents provided by the User, and
containing personal data.
3.2.6. Data on payments for goods/services containing
payment and other details of the User.
3.2.7. Recordings of telephone conversations and electronic
correspondence.
4. Purpose of personal data processing.
4.1. The purpose of processing personal data is the implementation
a set of actions aimed at achieving the goal, in
including:
4.1.1. Providing consulting, information and
intermediary services.
4.1.2. Other transactions not prohibited by law, but
also a set of actions with personal data,
necessary for the execution of the above transactions.
4.1.3. In order to comply with legal requirements
Poland.
4.1.4. Providing notification information or
of a marketing nature, including new services,
ongoing promotions, events (for which there is
prior consent of the User to receive them).
4.1.5. Processing requests/complaints of Users.
4.2. The condition for terminating the processing of personal data
is the liquidation of the Organization, as well as the corresponding
user request.
5. Collection, processing and protection of personal data.
5.1. The procedure for obtaining (collecting) personal data:
5.1.1. All personal data of the User should be
receive from him personally with his consent (obtained in
written and/or electronically), unless
defined in clauses 5.1.4 and 5.1.6 of these Regulations and other
cases provided for by the laws of Poland.
5.1.2. User's consent to use it
personal data is stored in the Organization in paper and /
or electronic form.
5.1.3. Consent of the subject to the processing of personal data
valid for the entire duration of the contract
(public offer), as well as within 5 years from the date
termination of the contractual relationship of the User
with the Organization. After the expiration of the specified period
consent is considered renewed for every next five
years in the absence of information about its withdrawal by the User.
5.1.4. If the User's personal data is possible
obtain only from a third party, the User must
be notified of this in advance and must be
consent has been received. Third party providing
personal data of the User, must have
consent of the subject to the transfer of personal data
Organizations. The organization is required to verify
from a third party transferring personal data
User that personal data is transferred from
his consent. The organization must, when interacting with
third parties to enter into an agreement with them on
confidentiality of information relating to personal
User data.
5.1.5. The Organization is obliged to inform the User about the purposes,
alleged sources and methods of obtaining
personal data, as well as the nature of the subject
obtaining personal data and the consequences of refusal
Give the user of personal data a written
consent to receive them.
5.1.6. Processing of personal data of Users without them
Consent is made in the following cases:
5.1.6.1. Personal data is public.
5.1.6.2. At the request of the authorized state bodies
in cases stipulated by the federal law of Poland.
5.1.6.3. The processing of personal data is carried out on
on the basis of a federal law establishing its purpose,
conditions for obtaining personal data and the circle of subjects,
whose personal data is subject to processing, as well as
defining the authority of the operator.
5.1.6.4. The processing of personal data is carried out in
for the purpose of concluding and executing the contract, one of the parties
which the subject of personal data is -
User.
5.1.6.5. The processing of personal data is carried out for
statistical purposes and in order to improve the quality of service
operator subject to mandatory depersonalization
personal data.
5.1.6.6. In other cases provided by law.
5.1.7. The organization is not authorized to receive and process
personal data of the User about his racial,
nationality, political views,
religious or philosophical beliefs, condition
health, intimate life.
5.2.2. To the processing of personal data of Users may
have access only to employees of the Organization admitted to
work with personal data of Users and
signatories of the non-disclosure agreement
User data.
5.2.3. The right to access the User's personal data in
Organizations have:
Director General of the Organization;
Operating room staff
work (Accounting, Finance Department).
Employees of the Department for work with Partners
(Commercial director, managers).
Marketing department employees.
Legal Service employees.
IT workers (Technical Director, System
administrator).
User as a subject of personal data.
5.2.3.1. Name list of employees of the Organization,
having access to personal data of Users,
determined by the order of the General Director
Organizations.
5.2.4. The processing of the User's personal data may
carried out solely for the purposes set out
Regulations, and compliance with laws and other regulatory
legal acts of Poland.
5.2.5. When determining the scope and content,
processed personal data Organization
be guided by the Polish Constitution, the law on
personal data, and other federal laws.
5.3. Protection of personal information:
5.3.1. Under the protection of the User's personal data
refers to a set of measures (organizational
administrative, technical, legal) aimed at preventing unauthorized or accidental access to
them, destruction, modification, blocking, copying,
dissemination of personal data of subjects, as well as from
other illegal actions.
5.3.2. Protection of the User's personal data
carried out at the expense of the Organization in the manner
established by Polish federal law.
5.3.3. Organization in the protection of personal data
Users accepts all necessary organizational and
administrative, legal and technical measures, including
including:
Encryption (cryptographic) means.
Antivirus protection.
Security analysis.
Intrusion detection and prevention.
Access control.
Registration and accounting.
Ensuring integrity.
Organization of regulatory and methodological local acts,
governing the protection of personal data
Users.
5.3.4. General organization of personal data protection
Users are carried out by the General Director
Organizations.
5.3.5. Access to the User's personal data is
employees of the Organization to whom personal data
necessary in connection with the performance of their labor
responsibilities.
5.3.6. All employees involved in receiving, processing and
protection of personal data of Users, are obliged
sign an agreement on non-disclosure of personal
User data.
5.3.7. The procedure for obtaining access to personal
User data includes:
Acquaintance of the employee against signature with the present
Regulation. If there are other regulations
(orders, orders, instructions, etc.),
regulating the processing and protection of personal data
User, with these acts is also made
familiarization under the painting.
Claim from an employee (with the exception of
Director General) a written commitment to
respect for the confidentiality of personal data
Users and compliance with the rules for their processing in
in accordance with internal local acts
Organizations that regulate security issues
security of confidential information.
5.3.8. An employee of the organization who has access to
personal data of Users in connection with the execution
job responsibilities:
Provides information storage
personal data of the User, excluding
access to them by third parties.
In the absence of an employee at his workplace should not
be documents containing personal data
Users.
When going on vacation, during a business trip and
in other cases of prolonged absence of an employee for
his workplace, he is obliged to hand over the documents and
other media containing personal data
Users to the person to whom the local act
Society (by order, order) will be entrusted
performance of his job duties.
If no such person has been appointed, the documents and
other media containing personal data
Users are transferred to another employee, having access to personal data
Users as directed by the CEO
Organizations.
Upon dismissal of an employee who has access to
personal data of Users, documents and other
media containing personal data
Users are transferred to another employee,
having access to personal data
Users as directed by the CEO.
In order to fulfill the assigned task and on the basis of
memo with a positive resolution
CEO, access to personal data
The user may be granted to another
employee. Access to personal data
The user of other employees of the Organization, not
with proper access,
prohibited.
5.3.9. The Human Resources Manager provides:
Acquaintance of employees against signature with this
Regulation.
Requesting a written commitment from employees
on respect for the confidentiality of personal
User data (Non-Disclosure Agreement) and
compliance with the rules for their processing.
General monitoring of employee compliance
Organization of measures to protect personal data
User.
5.3.10. Protection of personal data of Users,
stored in the electronic databases of the Organization, from
unauthorized access, distortion and destruction
information, as well as from other illegal actions,
provided by the System Administrator.
5.4. Storage of personal data:
5.4.1. Personal data of Users on paper
media are stored in safes.
5.4.2. Personal data of Users in electronic
form are stored in the local computer network of the Organization,
in electronic folders and files in personal computers
General Director and employees admitted to
processing of personal data of Users.
5.4.3. Documents containing personal data
Users are stored in lockers (safes),
providing protection against unauthorized access. AT
at the end of each working day, all documents containing
personal data of Users are placed in cabinets
(safes), providing protection against unauthorized
access.
5.4.4. Protection of access to electronic databases,
containing personal data of Users,
provided:
Using licensed anti-virus and
anti-hacker programs that do not allow
unauthorized access to the local network
Organizations.
Differentiation of access rights using an account
records.
Two-step password system: at the level
local computer network and at the database level.
Passwords are set by the System Administrator
Organizations and communicated individually to employees,
having access to personal data of Users.
5.4.4.1. Unauthorized login to a PC in which
contains personal data of Users,
locked with a password set by the System
administrator and is not subject to disclosure.
5.4.4.2. All electronic folders and files containing
personal data of Users are protected by a password,
which is set by the employee responsible for the PC
Organization and reported to the System Administrator.
5.4.4.3. Changing Passwords by the System Administrator
performed at least once every 3 months.
5.4.5. Copy and extract personal data
The user is allowed exclusively in service
purposes with the written permission of the Director General
Organizations.
5.4.6. Responses to written inquiries from other organizations and
institutions about the User's personal data are given
only with the consent of the User, unless otherwise
established by Polish law. Answers
in writing, on the letterhead of the Organization, and in
to the extent that allows not to disclose excessive
the amount of personal data of the User.
6. Blocking, depersonalization, destruction
personal data
6.1. The procedure for blocking and unblocking personal
data:
6.1.1. Blocking the User's personal data
is carried out with a written application of the User.
6.1.2. Blocking the User's personal data
implies:
6.1.2.1. Prohibition of editing personal data.
6.1.2.2. Prohibition of the dissemination of personal data
by any means (e-mail, cellular communication, material
carriers, etc.).
6.1.2.3. Prohibition of the use of personal data in
mass mailings (sms, e-mail, mail, etc.).
6.1.2.4. Seizure of paper documents relating to
to the User and containing his personal data, from
internal document flow of the Organization and prohibition of their
use.
6.1.3. Blocking the User's personal data may
be temporarily removed if required to comply
Polish legislation.
6.1.4. Unblocking the User's personal data
carried out with his consent (if necessary
obtaining consent) or statements of the User.
6.1.5. Repeated consent of the User to its processing
personal data (if necessary)
entails the unblocking of his personal data.
6.2. The procedure for depersonalization and destruction of personal
data:
6.2.1. Depersonalization of the User's personal data
occurs at the written request of the User, with
provided that all contractual relationships are completed and from the date
at least 5 years have passed since the end of the last contract.
6.2.2. When depersonalizing personal data in
information systems are replaced by a set of characters, according to
which cannot be identified
personal data to a specific User.
6.2.3. Paper carriers of documents for depersonalization
personal data are destroyed.
6.2.4. The organization is required to maintain confidentiality in
regarding personal data, if necessary
testing information systems for
developer's territory and depersonalize
personal data transmitted to the developer
information systems.
6.2.5. Destruction of the User's personal data
implies the termination of any access to its
personal data.
6.2.6. When destroying the User's personal data
employees of the organization cannot access
personal data of the subject in information systems.
6.2.7. Paper documents containing personal
User data, when personal data is destroyed
are destroyed, personal data in information
systems are depersonalized. Personal Information
are not recoverable.
6.2.8. The operation of the destruction of personal data
irreversible.
6.2.9. The period after which the destruction operation is possible
the User's personal data is determined
by the end of the period specified in paragraph 7.3 of this
Provisions.
7. Transfer and storage of personal data
7.1. Transfer of personal data:
7.1.1. Under the transfer of the User's personal data
refers to the dissemination of information through communication channels and
on physical media.
7.1.2. When transferring personal data, employees
Organizations must comply with the following requirements:
7.1.2.1. Do not provide personal data of the User in
commercial purposes.
7.1.2.2. Do not provide personal data of the User
third party without the consent of the User, for
with the exception of cases established by federal law
Poland, as well as cases when the User himself posted
your personal data as publicly available.
7.1.2.3. Warn persons receiving personal data
User that this data can be used
only for the purposes for which they are communicated, and require these
persons confirming that this rule is observed;
7.1.2.4. Allow access to personal data
Users only to specially authorized persons,
at the same time, these persons should have the right to receive
only those personal data of Users that
required to perform specific functions.
7.1.2.5. Transfer personal data
User within the Organization in accordance with
by this Regulation, normative and technological
documentation and job descriptions.
7.1.2.6. Provide the User with access to their
personal data when contacting or upon receipt
user request. The organization is required to report
Provide the user with information about the availability of personal data about him, as well as provide the opportunity to familiarize himself with them
within 10 (ten) working days from the date of application.
7.1.2.7. Transfer the User's personal data
representatives of the User in the manner prescribed
legislation and regulatory and technological
documentation and limit this information to those
personal data of the subject, which is necessary for
performance by the said representatives of their functions.
7.1.2.8. Ensure the maintenance of a register of issued
personal data of Users, in which
information about the person to whom personal information was transferred
User data, date of transfer of personal data
or date of notification of refusal to provide
personal data, as well as indicating which
information has been transmitted.
7.2. Storage and use of personal data:
7.2.1. The storage of personal data means
the existence of records in information systems and
material media belonging to the Organization.
7.2.2. Personal data of Users are processed
and stored in information systems, as well as on paper
carriers in the organization. Personal Information
Users are also stored electronically: in
local computer network of the Organization, in electronic
folders and files in the PC of the General Director and employees,
allowed to process personal data
Users.
7.2.3. The storage of the User's personal data may
carried out no longer than required by the goals
processing, unless otherwise provided by federal
the laws of Poland.
7.3. Terms of storage of personal data:
7.3.1. Terms of storage of documents containing personal information
User data, as well as documents related to
their conclusion and execution - 5 years from the date of termination
relationship between the User and the Organization.
7.3.2. During the storage period, personal data is not
may be depersonalized or destroyed.
7.3.3. After the expiration of the storage period, personal data
can be anonymized in information systems and
destroyed on paper in the manner prescribed
in the Regulations and current legislation of Poland.
8. Rights of the personal data operator
The organization has the right:
8.1. Defend your interests in court.
8.2. Provide personal data of the User
third parties, if it is provided for by the current
legislation (tax, law enforcement and
etc.) or by agreement with the User.
8.3. Refuse to provide personal data in
cases provided for by Polish law.
8.4. Use the User's personal data without his
consent, in cases provided for by law
Poland.
9. User rights
The user has the right:
9.1. Require clarification of your personal data, their
blocking or destruction in the event that personal
data is incomplete, outdated, unreliable,
illegally obtained or not necessary for
the stated purpose of the processing, as well as to take
legal measures to protect their rights;
9.2. Demand to provide him with a list of personal
data processed and held by the Organization, and
as well as information about the source of their receipt.
9.3. Receive information about the terms of processing personal
data, including the retention period.
9.4. Require notification of all persons who were previously
provided incorrect or incomplete personal data,
about all the exceptions made in them, corrections
or additions.
9.5. Complain to the authorized body for the protection of rights
subjects of personal data or in a judicial proceeding
illegal actions or omissions in processing
personal data of the User.
10. Responsibility for violation of the norms governing
processing and protection of personal data
10.1. Employees of the Organization guilty of violating the norms,
regulating the receipt, processing and protection of personal
data bear disciplinary, administrative,
civil or criminal liability in
in accordance with the current legislation of Poland and
internal local acts of the Organization.
Made on
Tilda