We publish this document to explain the reasons why we collect and process personal data as part of our business.
1. What is personal data?
This is all the information that allows, without much effort, to distinguish one person from the rest. They can relate both directly to that person (such as their name, identification number, and sometimes even an email address or online account), as well as those that do not directly describe them. For example, they relate to her characteristics, health status, views, place of residence, addictions, race or religion.
2. What personal data are we talking about in our case?
These are data that our Customers, Users, Contractors and our Employees provide to us in connection with the use of our services, cooperation with us or employment. This data is processed by us.
3. What does data processing mean?
Processing is any action that we can perform with personal data — both related to its active use, such as collecting, downloading, recording, combining, modifying or sharing, as well as passive, such as storing, restricting, deleting or destroying it.
4. Who is the Data Controller (that is, has an impact on their processing and security)?
The administrator of your data is Fobos One sp. z o.o. with its registered office in Sztum, ul. Żeromskiego 6F, entered in the national court register maintained by the Gdańsk — Północ District Court in Gdańsk, VII Commercial Division of the National Court Register under number KRS 0000750082, share capital PLN 50.000, REGON 381507732, NIP 579-226-77-37.
The Controller has appointed a contact person for data protection, who can be contacted via the following address: daneosobowe@fobos-one.com.pl. Contact in matters related to the Protection of Personal Data is also possible by traditional mail to the address: Fobos One sp. z o.o., ul. Żeromskiego 6F, 82-400 Sztum.
5. On what legal basis and for what purpose do we process your data?
Any processing of your data must be based on an appropriate legal basis, in accordance with applicable regulations. Such a basis may be your consent to the processing of data or other legal provisions allowing it, in accordance with the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and repeal Directive 95/46/EC (referred to as “GDPR”)
Your data may be processed by us for several different purposes, for example:
• if you are our Customer or a person interested in using the services we provide. We process your data in connection with a contract concluded with you or in preparation for concluding such a contract - Art. 6 (1) lit. b GDPR. This is always done with your knowledge and will. When you express your intention to conclude a contract, you know what personal data will be needed to sign it, and after signing it, you know what data you have provided for this purpose or will transfer in a later period.
• if you are our Client, Contractor or Collaborator, your data may be processed by us on the basis of a legal provision allowing us to do so, it may also be related to the letter or request you have sent to us and the processing is necessary to fulfill a legal obligation incumbent on the controller - Art. 6 (1) lit. c GDPR. In this case, we comply with a legal obligation imposed on us by a provision of at least the rank of regulation or law. This provision clearly defines the type and scope of data that we may collect and process in accordance with the letter of the law.
• we may also process your data in connection with the need to ensure the security of persons and facilities or the security of networks and information. This is our legitimate interest — Article 6 (1) (f) GDPR. If video surveillance is used for this purpose, you will be informed about this in the form of appropriate information plates or pictograms.
• if you are interested in working with us, your data contained in the application or CV are processed in paper or electronic form. The legal basis here is the fulfillment of the legal obligations incumbent on the Administrator arising from Article 221 § 1 of the Labor Code of June 26, 1974, and is carried out in accordance with Article 6 (1) (c) of the GDPR and in order to take action at your request before concluding an employment contract — in accordance with Article 6 (1) (b) of the GDPR. Your personal data, other than those mentioned in Article 221 § 1 of the Labour Code of 26 June 1974, may be processed in accordance with Art. 6 (1) lit. a GDPR on the basis of your consent, which you can withdraw at any time. In this case, your application will not be considered by us and we will immediately delete all data provided by you. On the other hand, upon employment with us, the further rules of data processing and the mandatory scope of their transfer and further processing by us are determined by the provisions of labor law.
6. To whom do we transfer your data?
In accordance with applicable law, we may transfer your data to entities that process them on our behalf, e.g. entities cooperating with us. We are also obliged to make them available to certain authorities, such as the Tax Office or at the request of entities entitled to do so under other legal provisions, e.g. courts or law enforcement agencies. In some cases, however, access will only occur if they ask us about it, indicating the law that allows them to make such a request.
We do not provide for the transfer of your data to third countries or international organizations, that is, outside the economic area of the European Union. In the European Union, thanks to the GDPR, the text of which is available at: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=OJ:L:2016:119:TOC you are guaranteed the same level of protection of your data in all Member States.
7. How long will we process your data?
We pay great attention to limiting the amount of data we collect as well as the processing time to the minimum necessary. For this purpose, we carry out systematic reviews of paper and electronic documents in our possession, removing unnecessary ones, the expiration date of which has passed. Please note that the processing time of your data, depending on the basis on which we obtained it, may be determined by separate legal provisions, independent of us, which may impose on us the obligation to store your data, regardless of your will or desire. Examples include employment law, social security law or accounting regulations.
If the data held by us should be used for a purpose other than that for which it was collected, you will always be informed by us and you will be able to object to this.
8. What rights do you have in relation to your data?
If we process your personal data, you always have the right to:
• requests for access to data — within the limits of Article 15 of the GDPR,
• their rectification — within the limits of Article 16 GDPR
• requests for deletion — within the limits of Article 17 of the GDPR,
• or restriction of processing activities — within the limits of Article 18 GDPR,
• to object to the processing of data — within the limits of Article 21 of the GDPR,
• transfer of data, including obtaining copies thereof — within the limits of Article 20 of the GDPR.
All these rights are discussed in detail in Articles 15 to 21 of the GDPR, the text of which is available at the address indicated above.
You can also withdraw your consent to the processing of your personal data, in which case we will delete your personal data immediately, unless there is a legal obligation requiring us to continue processing them, for example, for the period specified in the requirements of the Act of 14 July 1983 on the National Archival Resources and Archives.
If you believe that in any way — which we obviously do not want — we have violated your rights or failed to ensure the security of your personal data, you have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
9. Automated decision making and profiling information.
Based on your data, we do not make any decisions that would be automated, that is, they would take place without human participation. We also do not take any action that aims to profile you.
10. How do we protect your data?
In order to ensure the security of your data, we use organizational and technical measures required by law. At our headquarters, we have installed the necessary physical security to prevent access to data by unauthorized persons. Our employees have the required authorizations and may process data in a limited way, i.e. only to the extent necessary for the proper performance of their official duties.
