Data protection information clause

Who is the Personal Data Administrator?

The administrator of your personal data is MYISO Sp. z o.o. with its headquarters at Sycowska 38B/2, 60-003 Poznań.

Why do we need personal information?

MYISO identifies the purpose, the legal basis for processing, and the retention period of the data each time before we start processing activities. When we are bound by a contract, we process your personal data for the purpose of fulfilling the contract or for the purpose of entering into the contract, and we will process your data for at least 6 years after the contract ends due to tax law requirements. We may also process your data due to legal requirements imposed on us by Polish or European law, e.g. if there is an accident at work at one of our facilities, we will process the personal data of the accident participants due to legal requirements in the area of health and safety at work, and we will process it for the period required by them. There are also times when we process your personal data in our legitimate interests, such as to ensure the security of persons and property on MYISO premises.

We will make every effort to ensure that you are informed of the purpose of the processing of your personal data, the legal basis for this processing, the data retention period and all other information required by the RODO as part of the implementation of the information obligation.

What issues does the Data Protection Officer handle?

The Data Protection Officer has been appointed at MYISO pursuant to Article 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the Regulation or RODO. The Data Protection Officer verifies the accuracy of the processing of personal data in the organization where he has been appointed. As part of his activities, he is also the point of contact for any reports related to possible irregularities in their processing. The DPO can therefore be approached, for example, if you want to exercise one of your rights under the RODO.

These rights, with the limitations indicated in the RODO, relate specifically to:

1) the right of access to personal data,
2) the right to rectify personal data,
3) the right to erasure of personal data (“right to be forgotten”),
4) the right to restrict processing,
5) the right to portability of personal data,
6) right to object to further processing,
7) the right to object to automated decision-making, including profiling,
8) right to notify the occurrence of a breach to the supervisory authority (www.uodo.gov.pl Stawki 2 Street, Warsaw).

What is the procedure for your proposal?

The request can be submitted through MYISO Employees and Associates or directly to the Data Protection Officer. We will process it immediately and respond within one month. If the verification of the possibility of satisfying your request takes more than a month, you will be informed of the extension of the deadline for responding by a separate letter. Such an extension is possible due to the complexity of the request or the number of requests submitted. If the request does not allow you to be uniquely identified or is unclear, the Data Protection Supervisor will make a request to you to supplement it within one month of receipt of the request. If the request is submitted electronically, further correspondence will also be conducted in this form, if possible. In other cases, you will be informed about the processing of the application in writing, by registered letter with acknowledgment of receipt. Consideration of the request is free of charge. However, if the request is obviously unreasonable or frequently repeated, the Personal Data Administrator may:

  • impose a reasonable fee, taking into account the reasonable administrative costs of recognizing the application, communicating or carrying out the requested operations, or
  • refuse to consider the request.

How do I contact the Data Protection Officer?

Electronically to the e-mail address: info@myiso.pl or in writing to: Data Protection Supervisor at MYISO, Sycowska 38B/2, 60-003 Poznań.

What are the principles of personal data processing at MYISO?

For the sake of security, respect and fulfillment of your rights in MYISO, personal data is:

  • processed lawfully fairly and transparently,
  • collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,
  • adequate, relevant and limited to what is necessary for the purposes, i.e. the principle of data minimization is applied,
  • correct and updated as necessary,
  • kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed,
  • processed in a manner that ensures adequate security of personal data: protection against unauthorized or unlawful processing and accidental loss, destruction or damage by means of appropriate technical and organizational measures.

At MYISO, based on the risk estimation process, we have also implemented safeguards that minimize the likelihood of a personal data protection breach. The safeguards that we have implemented cover both the area of personal security (e.g., we implement training on personal data protection), physical security (e.g., we keep documentation in supervised rooms and additionally place them in locked cabinets) and ICT security (e.g., we encrypt the hard drives of our computers).

Will we transfer your data?

As part of the processing activities carried out, your personal data may be transferred to our trusted partners. Recipients of your personal data may include:

  • suppliers of IT systems and services with which the Administrator cooperates,
  • companies providing security services for our facilities,
  • external consulting companies,
  • companies providing courier services,
  • other authorized entities upon documented request.

Data transfer outside the European Economic Area and profiling

As a rule, your personal data will not be transferred outside the European Economic Area and no profiling will be carried out on its basis.

If you do not find an answer to your questions arising in this information, please contact me via the indicated email address: info@myiso.pl

FULFILLMENT OF THE INFORMATION OBLIGATION

In accordance with Article 13 (1) and (2) of the General Data Protection Regulation of April 27, 2016, I inform you that the Administrator of your personal data is MYISO Sp. z o.o. with its headquarters at Sycowska 38B/2, 60-003 Poznań.

Contact to the Data Protection Inspector: info@myiso.pl.

Your personal data will be processed for the realization of the legitimate interests of the administrator (Article 6(1)(f) RODO) in order to respond to messages received and to defend against possible claims. Your personal data will be processed until your question is answered, and then until the statute of limitations for claims under the law.

Your personal data may be transferred to suppliers of IT systems and services with which the Administrator cooperates, law firms, and may be made available to authorized entities upon documented request, e.g. the police, courts.

To the extent arising from the RODO and with the limitations indicated therein, you have the right to access the content of your data and the right to rectification, erasure, restriction of processing, the right to transfer da