On 25 May 2018, a new European regulation on data protection (GDPR / RODO) enters into force, replacing the EU Data Protection Directive of 1995.
As the administrator of your personal data
Nordglass sp. z o.o., Bohaterów Warszawy 11, 75-211 Koszalin, Poland registered by the District Court in Koszalin, IX Division of the National Court Register
KRS number 0000281814 , VAT 6690407477
we approach the issues of personal data protection of our clients with full responsibility.
RODO (GDPR) is in other words a Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The new rules will apply from 25 May 2018. The European Regulation directly and comprehensively governs the protection of personal data throughout the European Union. The assumption of the document was to limit the diversity of regulations between individual Member States. RODO brings new solutions and strengthens existing requirements. It also introduces many new rights for individuals and responsibilities for administrators.
2) Legal basis
Like many others - it enters a new era. Throughout the European Economic Area, the rules for the protection of personal data are being harmonised. From May, throughout Europe, we will observe a resolute strengthening of the rights of EU citizens by simultaneously imposing new obligations on all organisations which process personal data, and in particular on those that offer us online goods and services. From this moment on, the network will become more citizen-friendly and businesses will have to meet a number of requirements in order to increase the security of citizens with regard to the data they entrust to various organisations for processing. We also take this challenge extremely seriously and, as an organisation, we commit ourselves to comply with GDPR / RODO in all the services we provide for you. They cover all of the spheres of our operation, and we will create the right conditions for the future services we are planning to introduce. We have always worked for our clients to demonstrate that our commitment to security is very important. We are specifically aware of the security issues and your data is properly protected. We always want to make it perfectly clear for you how we use personal data and our GDPR / RODO adjustment program, and at the same time, we emphasise that you have full control to manage your privacy. We are also aware that our customers and partners as well as employees have significant responsibilities under these new regulations and therefore on a regular basis we perform audits, provide standard contract safeguards and share tools and information to help comply with them. As our goal is always to maintain data privacy and security, and to control the processing of all data entrusted to us, in the near future, we will provide updated contractual obligations which will meet the requirements of GDPR for our customers and partners, but also employees. We can ensure that we will continue to pursue our security and privacy practices on order to meet the requirements of GDPR.
3) Purpose of processing
What is the purpose and on what basis do we use your personal data? Please be advised that we will be profiling your data, that is, we will make an automated analysis of your expectations and needs as well as preferences and behaviours to be able to reach you with an optimal commercial offer. We use your personal data obtained during the conclusion of the contract and during its term for the following purposes:
a) Conclusion and performance of the agreements between us, including ensuring the correct quality of services for the duration of the contract and settlements after its termination (Article 6 of GDPR)
b) For the purpose of complying with our legal obligations such as
- issuing and storing invoices and accounting documents,
- responding to complaints on time and in the form provided for by the law,
In this situation, we will use the data:
- for the duration of our obligations, such as for the purpose of an invoice (Art.6, sec.1c of GDPR),
- for the time that the regulations require us to store the data, e.g. tax data (Art.6, sec.1c of GDPR),
- for the time when we can suffer the legal consequences of non-fulfilment of the obligation, e.g. obtaining a penalty from state offices (Art.6, sec.1f of GDPR),
c) Detecting and preventing abuse for the duration of the contract, and then for the period after which the claims under the contract expire, and in the event of us making any claims or notifying the competent authorities - for the duration of such proceedings
d) Determination of defence and redress - may involve the sale of our claims under the contract to another entity - for the period after which the claims under the contract are time-barred
e) Direct marketing - for the duration of the contract or upon your consent until its withdrawal
f) Creating reports, analyses and statistics for our internal needs, including in particular reporting, marketing research, service development planning or development work in IT systems, creating statistical models - for the duration of the contract, and then no more than for a period the claims under the contract become time-barred
g) Service support - including by informing about failures, adjusting service based, i.a. on the information about the offer you have been using or about complaints submitted so far - for the duration of the contract
4) What rights do you have?
a) Right of rectification
b) Right of deletion
c) Right of restricted processing
d) Right of access
e) Right of transfer
5) What rights do you have?
a) Right of rectification - By using this right you can let us know we need to correct the incorrect data or supplement the data resulting from an error when collecting or processing of the data.
b) Right of deletion of the data - By using this right you can submit a request to delete the data. If the application is justified, we will immediately delete the data.
c) The right of restriction of processing - By using this right you can submit a request to restrict the processing of the data, e.g. you question the correctness of the data being processed. If the application is valid, we can only store the data. Derestriction of processing may take place after the reasons justifying the restriction of processing have ceased to exist. The regulations allow for the charging of fees and the process of recovery (if it is justified), despite simultaneous execution of the right to restrict data processing.
d) Right of data access - By using this right you have the opportunity to obtain information on what data, how and for what purpose we process.
e) Right of transfer - By using this right, you have the option of transferring your data directly to another administrator, as well as receiving a copy of the data in a structured, machine-readable format in such a way that you can transfer the data yourself to another administrator.
6) Register of processing operations
As a Personal Data Administrator, we are obliged to keep a register which is to document the most important activities related to the processing of data, including to specify the methods of protecting them or the register of recipients of data. Such a register presents, in a reliable way, what actually happens with your personal data in our records and how we manage it.
7) Security of personal data
The administrator must re-assess whether it ensures the security of the data being processed. Ensuring the protection of personal data may occur by implementing encryption, pseudonymisation (that is, processing personal data in such a way that it is not possible to directly identify who it belongs to).
8) Personal data protection officer
NordGlass Sp. z o.o.
ul. Bohaterów Warszawy 11
Data Protection Officer:
e-mail address: firstname.lastname@example.org
Consent and complaint:
If the personal data we use is not related to the contract we perform, the fulfilment of the legal obligation or does not constitute our legitimate interest, we may ask for your consent to certain uses of your data. Such consent may in advance enable us to determine the actions of which you will be notified. You can of course withdraw your consent at any time (this will not affect the legality of the action before the withdrawal of consent). Of course, you also have the right to lodge a complaint with the President of the Personal Data Protection Office (formerly GIODO), if you think that the processing of your personal data is in violation of the law.