SGR-Pro Sp. z o.o., with registered office at ul. Złota 61 room 203, 00-819 Warsaw
NOTIFICATION ON THE PROTECTION OF DATA OF EMPLOYED PEOPLE
This Notice of Personal Data Protection ("Notification") is intended to inform members of the management board, employees, operators or associates, contractors, consultants or other persons conducting business, performing work or providing services on behalf of SGR-Pro sp. z o.o., inscribed in the National Register Court proceedings under the number KRS 0000243910, with its registered office in Warsaw, regarding issues related to the collection, use, disclosure, transfer and other processing of information enabling the identification of natural persons ("Personal Data"). In accordance with the applicable European provisions on the protection of personal data, including implementing regulations to the general data protection regulation 2016/679 (GDPR) (jointly called "Data Protection Regulations"), SGR-Pro sp. z o.o. is a data controller.
1. Personal data
We collect and process certain Personal Data about you throughout your entire employment relationship or cooperation with the Company
(a) for the purposes required under applicable law, labor law or concluded contracts,
(b) to enable the Company to meet its economic needs and to fulfill its legal obligations, and
The Personal Data collected and processed by us includes the following categories (regarding the employment or cooperation relationship):
- Contact information: such as name, address of the workplace, business fax number, business email address, number of the company's mobile phone, location of the workplace, job title and position code, employee IDs;
- HR data: such as position, detailed information about the contract, information about education, biography, nationality, citizenship, identity documents, passport number and information about its issuance, tax identification number, PESEL, REGON, residence status, date and place of birth, gender, marital status, information about the spouse / partner, mother tongue, foreign language skills, type of visa and visa information (permission for work / business / etc.), home address and home phone number, private cellphone number, emergency contact information accidents, information about the closest family, information on maternity / paternity protection, including date of notification of pregnancy, expected date of delivery, actual date of birth and type of birth, location of the workplace, change of employment (employment / re-employment / solution), reason for change employment relationship, leave, membership in religious communities (only if needed for the settlement of free time on religious holidays), attitude to military service, military service, appearance in court, information about payments and entitlements to benefits, workflow (department, region, market, projects, manager, detailed information on business trips, costs employee, history of training in the company, history of performance evaluation, competences, development areas, work schedule and time worked, information on attendance, absence, replacement, type of contract other than a contract of employment, date of employment, employment period, contract duration and contact information, information on obtained authorizations, information about the company's leased property, period of notice, all personal data required to ensure data subjects, (1) access to company system computers and networks, and (2) tools and devices for electronic communication, ex. IP address and username.
- Wage data: such as the identity card number / social security number, bank details necessary to make payments to the data subject, pay information, leave data, details about dependents (name and surname, address, date) and place of birth, type of relationship, education, employer), information on marital status and type of relationship, payroll and payroll administrator, payments for seniority and acquired entitlements, basic pay, annual salary, type of remuneration, deductions, classes, currency, tax identification number and other tax information regarding remuneration, advance payment for employee tax (collected by the employer), social security contributions, allowances, overtime pay, bonuses, rewards, other variable components of remuneration, holiday allowances, equivalent for unused holidays holiday, all costs covered by the company, other services (incl. pension benefits due to disability, survivors' pensions), benefits from the social benefits fund, health benefits, traveling allowances, car or commuting allowances, other allowances, detailed information about long-term incentive systems, severance pay, corrections and decreases of remuneration, payments on for third parties.
- Information about training and assessment of results: such as professional experience, education, achievements, mobility, career goals, development plans, potential, results at work, information on the promotion plan, information about the results of the review as part of the professional development analyzes.
- Information about the candidate for the job: such as details about the candidate, status, rating, e-mail address, current employer, employment history, business and corporate title, education, qualifications, references, checking information from the national criminal record (if required ), the position and job sought, permits, certificates, professional experience, information on the resume.
- Information on health status: state of health, information on disability, information about the insurance system and contributions, including deductions, scope of protection, data on sick leave, sick leave and information on disability. Also information about people closest to you, if it is required by law, in order to provide those people with due benefits.
- Video monitoring. The company supervises key areas and premises only to ensure the safety of persons and property. The method of making a record does not consist in registering your image. The image is saved and stored for a period of 30 days. We do not use personal identification software. We do not use monitoring records for profiling. Monitoring information is provided in places where monitoring is used. Data from monitoring are available only for specific persons in the performance of their official duties. In the event of occurrence of security-threatening events, monitoring records may be made available at the request of law enforcement authorities and the judiciary.
2. We may collect Personal Data from the following sources:
- directly from you, eg by entering data in our human resources and accounting systems, as part of the procedure of applying for a job or establishing cooperation with the Company;
- through your activities performed as part of employment or cooperation;
- from third parties, if it results from the requirements of applicable law.
2. Information on dependents / contact persons
If you provide us with Personal Information about members of your family and / or dependents or beneficiaries (eg contact in an emergency or for the purposes of managing benefits), you are responsible for informing those people of your rights in relation to such information. You are also responsible for obtaining the express permission of these people (unless you can give such consent on their behalf, as their statutory representatives) for the processing (including transfer) of such Personal Data for the purposes set out in this Notice.
3. The purposes of processing Personal Data
- We will not use your Personal Data for marketing purposes unless you consent to it.
- exercise of rights vested in SGR-Pro on the basis of law, fulfillment of obligations (also in the framework of appropriate investigations); filing lawsuits and complaints or defending against lawsuits and complaints.
- findings of controls carried out;
- disciplining employees, conducting internal company and / or external investigations in connection with suspected violation of official duties;
- management of disease documentation, bodily injury and / or disability;
- administration of holidays, time off work, health leave, sick leave;
- admission of new people to health and medical services systems as well as administration, pension benefit systems;
- HR administration;
- activities related to performance evaluation, career advancement and development, retirement planning, monitoring of training and development;
- remuneration administration, incl. preparation of payroll, administration, approval and processing of bonuses, commissions and bonuses, monitoring, settlement, administration and planning of benefits, analysis of competitive remuneration, determination of job grade;
- tracking and budgeting of business trips and expenses;
- managing the course of processes such as assigning tasks, managing and administering projects or trainings;
- managing the employment relationship or other contract;
- The Company collects, processes and otherwise uses your Personal Data (a) for the purposes required by applicable law or contracts, (b) to meet the economic needs and legal obligations of the Company, (c) to take decisions by the Company every to establish an employment relationship or enter into another contract; and (d) to perform or terminate your employment or other contract. These goals include, among others:
4. Disclosure of Personal Data
Your Personal Data will be disclosed within the Company only to persons to whom access to your Personal Data is necessary for the performance of their official duties for the purposes mentioned in Item 4 above or in cases required or permitted by law.
The information will be disclosed on a limited access basis. The disclosure may also take place through designated human resources systems and databases or business applications. All employees of SGR-Pro will have access to the internal address book of employees, subject to access limited to information necessary to perform a specific job.
The Company may also disclose your Personal Data to third parties providing pay-roll, book-keeping, IT support or technical and organizational services in connection with activities related to human resources management or legal services, research or other advisors of the Company for purposes of referred to in this Notice. The Company will act with due diligence in the selection of external service providers, and will also require such service providers to maintain appropriate technical and organizational security measures to secure your personal data and process them solely at the Company's request and for any other purpose.
The Company may also disclose your Personal Data to state authorities to the extent required or permitted by law; public and private social security and insurance agencies, consultants in connection with extraordinary economic operations (eg mergers, acquisitions, etc.), business partners, intermediaries and clients, external consultants and professional entities, associations, including trade unions and company councils employees, courts and prosecutors. Your personal data will only be disclosed to the extent required or permitted by law or with your consent.
5. International transfer of Personal Data
Employees' personal data is not transferred abroad. In the event that the transfer of such data proves necessary, you will be notified and the Company will take appropriate steps to ensure that the recipients of the data comply with the applicable law. If the Company transmits your personal data to recipients from outside the European Union or the European Economic Area, we will ensure in the concluded agreements an appropriate level of protection of your personal data, including appropriate technical and organizational security measures.
Legal basis for processing Personal Data
The Company's obligations under the employment relationship and contractual and legal obligations as well as the legitimate business interests of the Company provided for by the Personal Data Protection Regulations constitute the legal basis for the processing described in this Notice. If you are an employee or co-worker of the Company, then we must process your personal data for these purposes. Legitimate interests of us or third parties include the requirement to use your personal data in litigation or other legal purposes regarding the Company and entities associated with the Company.
We maintain physical, technical and organizational security measures to ensure the protection of Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, disclosure or access, regardless of whether they are processed in Poland or anywhere else.
Retention and correctness of Personal Data, access to Personal Data
We intend to store your correct and current Personal Data. We also strive to retain your Personal Information no longer than is necessary to achieve the purposes set out in this Notice or required by law. The Company retains your Personal Data for a period of 3 to 10 years from the completion of the business relationship that connects us in accordance with applicable law, and in the case of data on employee pension rights - up to 50 years after the termination of your employment. These periods result from provisions specifying the time at which a dispute may arise regarding such individual types of claims that may arise as part of the legal relationships between us.
If changes in Personal Data are necessary, then you must immediately notify us (see below) in writing. In accordance with applicable law, you have the right to: (i) check whether we have your personal data in our possession and you have the right to access such data (subject to applicable law); (ii) request correction or deletion of your personal data that is incorrect; and (iii) determine information related to the Company's policies and practices with respect to personal data. In certain circumstances, you may also have the right to demand a restriction or, for legitimate reasons, object to the processing of your personal data in accordance with applicable regulations. In addition, you have the right to send your Personal Data to third parties pursuant to art. 20 RHODE.
You also have the right to withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on the consent expressed earlier. However, we may still have other legal grounds for further processing of your personal data, e.g. in the event of a court dispute.
In the event of a material change to our practices regarding Personal Data or the content of this Notice, we will issue a revised Notice and / or take other steps to inform you of any changes in accordance with applicable law.
6. Rights to object
The competent supervisory body for the Company is from 25 May 2018. The President of the Office for Personal Data Protection.
This Notice shall be issued on 21 May 2018.
I confirm that I have received this Personal Data Protection Notice ("Notification") on 25 May 2018.
I understand its content, including the provisions regarding the collection, use, storage and processing of my personal data in another way by SGR-Pro.
I also understand that I have an obligation to provide my family members, dependents and beneficiaries (if any) with any information regarding the processing of their personal data and the rights they are entitled to as referred to in the Notice, and I am obliged to explicit consent of these persons, if necessary, to the processing of their personal data in accordance with this Notification.
Date, Name and Surname
SGR-Pro Sp. z o.o. the owner of the Spanish School Academia Españoles
SGR-Pro Sp. z o.o. collects and processes your personal information provided by you as our clients or potential customers or generated by you when using our website www.espanoles.pl, using offers or other services. We provide you with this Privacy Notice in connection with applicable privacy laws, including in accordance with the provisions of the General Data Protection Regulation 2016/679 (RODO) ("Data Protection Regulations"). It applies only to residents of the European Economic Area who use our services and explains what personal information you provide us and how we use your information to provide our services.
SGR-Pro provides services to our clients. For this reason, we are the data controller based on the applicable Data Protection Regulations. In this Notice, we present a summary of your rights to control how we use your personal information. We will inform you of any updates that may affect the processing of your personal data. This Notification may be updated. If you use our services, this means that you acknowledge the content of this Notice in the current wording.
Your personal information
- Your personal data includes any information about you that identifies you or allows to identify you. These include your name, address, contact information, payment information, transaction history, detailed information about the recipient, as well as information about your workplace.
- If you visit a school or an office, you must be aware that the Company oversees key areas and premises of the business (and not people) only to ensure the safety of persons and property. The method of making a record in registering does not consist your image. The image is saved and stored for a period of 10 days. We do not use personal identification software. We do not use monitoring records for profiling. Monitoring information is provided in places where monitoring is used. Data from monitoring are available only for specific persons in the performance of their official duties. In the event of occurrence of security-threatening events, monitoring records may be made available at the request of law enforcement authorities and the judiciary.
We collect various types of personal data from various sources, e.g.
- Information provided to us directly by you when using the services we provide;
- Information collected by us about your use of our services, offers and promotions;
- Information resulting from your use of our website, applications and any related promotional activities;
- Information provided when payments are made via banking systems
We do not process specific categories of personal data, i.e. sensitive data.
What do we do with your personal data?
All personal data collected by us from you is used only to fulfill our obligations to provide you with services. Please note that your refusal or objection to provide personal information necessary for these purposes may prevent us from performing a specific service.
In addition, we process your data as part of our legitimate business interests to ensure that any technical matters are dealt with or your requests are processed, our obligations and requirements are met, and our requirements are met based on legal provisions and agreements. In addition, legitimate interests of us or third parties may include the requirement to use your personal data in litigation or other purposes relating to SGR-Pro and affiliates, and may include the need to transfer your data abroad. In this case, we will take necessary actions to ensure the protection of your Personal Data in accordance with the regulations in force in Poland and the EU.
In our business, we do not use customer profiling.
We also use your personal data for marketing purposes if you have agreed to receive marketing information. You have the right to notify us that you do not wish to receive such information at any time.
Your personal data are processed by us in Poland and are stored on servers provided by Home.pl and Smarthost sp. O.o.
We do not allow any third-party access to your personal data unless required or permitted under applicable law or in accordance with this Notice. We may disclose your personal information to our subcontractors, brokers or suppliers that we use in providing our services, provided that any subcontractor or broker must agree in writing to comply with the privacy and security standards set out in this Notice.
In some cases, we may disclose your personal information to other parties:
- to ensure compliance with the law or the applicable legal procedure (e.g. a search warrant or court order) or obtain information from the regulatory authority for legal purposes;
- to check or enforce compliance with the rules governing the provision of services; or
- to protect the rights, property or safety of business partners or clients or other entities in the legitimate business interest of SGR-Pro and / or entities associated with us.
We may share your personal data with other business entities in connection with the sale, transfer of rights and obligations, merger or other transfer of all or part of the SGR-Pro enterprise to such business entity. It may also disclose your personal data to state authorities if it is lawful. In any case in which we must disclose your personal data, we will limit the type and categories of information to the extent necessary.
How we protect your personal information?
We understand that storing data in a secure manner is essential. We store personal data and other information using appropriate physical, technical and administrative security measures to protect them from foreseeable risks, eg unauthorized use, access, disclosure, destruction or modification. While we act in good faith to store the information we collect in a secure operational environment that is not publicly available, we cannot guarantee absolute security. In addition, while we work to ensure the integrity and security of our network and systems, no one can guarantee that the security measures taken will prevent "hackers" from obtaining such information unlawfully.
How long we keep the information?
We store your personal data regarding the use of our services for the duration of the relationship with a given customer and for 7 years after the transaction due to the requirements of the tax law. In addition, your personal data may be stored for a period not longer than 10 years (ie until the prescription of possible claims). After this period, data about you and the use of services by you will be deleted. All information that you have provided to us for marketing purposes will be kept until you notify us that you no longer wish to receive information from us or for three years after your last contact with us.
Notifications about other SGR-Pro services and products
We would like to use your name and e-mail address in order to inform you about our future or new services, offers, with your consent. If you agree to receive marketing information, you will have the right to withdraw it as an option in any email. In addition, you can withdraw your consent at any time also via email.
What are your rights?
You have the rights set out below regarding your personal data, which are based on the Personal Data Protection Regulations:
- you have the right to access your data and to ensure the accuracy of your personal data;
- you have the right to withdraw your consent at any time with regard to personal data processed with consent (withdrawal does not affect the lawfulness of processing with consent prior to its withdrawal);
- you may object to the processing of your personal data, including for all purposes of direct marketing,
- you have the right to request the correction of your personal data or the removal of your data by us;
- you have the right to request the restriction of the processing of your personal data (this may, however, negatively affect our ability to provide you services);
- You also have the right to send your personal data to another service provider if they are processed with your consent, and upon receipt of your written request we will provide you with the relevant data in a machine-readable format to be sent to another service provider.
If you want to complain about the way we treat your personal data, you can contact us and we will investigate the matter and answer you immediately.
If you are not satisfied with our response, you can complain to the President of the Office of Personal Data Protection.