PRIVACY POLICY IN KGHM ZANAM S.A.
On 25 May 2018, Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) entered into force. The Regulation imposes a number of new requirements on all entities that collect, process, and use personal data.
In KGHM ZANAM S.A., we treat the protection of personal data as a top priority. Below we present the Personal Data Processing Policy, in which we give you information on the purpose of collecting personal data, the obligations of the Data Controller, and your rights related to the processing of personal data.
-
DEFINITIONS
Controller: KGHM ZANAM S.A. (Company)
Personal data: any information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including device IP, location data, an online identifier or information collected by cookies and other similar technology.
Policy: this Personal Data Processing Policy.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
-
DATA PROCESSING BY THE CONTROLLER
The Controller shall collect and process personal data in accordance with relevant provisions of law including, in particular, GDPR requirements and the data processing rules provided for therein.
The Controller shall ensure the transparency of personal data processing, in particular shall always provide information about the processing of personal data upon their collection, including the purpose of and legal basis for the processing (e.g. when concluding contracts for the sale of goods or services). The Controller shall ensure that data are collected only to the extent necessary to achieve the indicated purpose and processed only for the period of time necessary.
When processing personal data, the Controller shall ensure their safety and confidentiality as well as access to information about the processing for data subjects. If, despite the security measures in place, there is a violation of personal data protection (e.g. a data leak or loss thereof), the Controller shall inform the data subjects of such an event in accordance with the applicable regulations.
-
PURPOSES, BASES, AND PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
-
-
PERSONAL DATA OBTAINED FROM VIDEO SURVEILLANCE
-
Below we present information regarding the operation of the video surveillance system used in KGHM ZANAM S.A.
Due to the operation of video surveillance on the premises of KGHM ZANAM S.A., we would like to inform you that:
-
-
-
The Controller of Personal Data – in the form of image – is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Video surveillance is used to protect property, ensure safety on the Company’s surveilled area, control production, and ensure the confidentiality of information which, if disclosed, could prejudice the Company, serving as the basis for the processing of personal data, i.e. the legitimate interest of the Controller – point (f) of Article 6(1) of the GDPR.
-
Video surveillance covers persons on the premises of the Company or persons in its immediate vicinity. Video surveillance cameras automatically record video without sound but with time stamp and place of recording.
-
Video surveillance does not include sanitary rooms, dressing rooms, canteens, smoking areas, and rooms available to company trade union organisations.
-
There are boards with the camera pictogram at the entrance to buildings or near areas under video surveillance.
-
Video surveillance operates 24/7.
-
Video surveillance recordings shall be stored until overwritten for a maximum of 30 days or until the final termination of proceedings conducted under law – this refers to cases where video recordings are evidence in the proceedings conducted under the law or the Controller has acquired information that video surveillance recordings may be evidence in the proceedings.
-
The recipients of personal data shall be companies providing services of property protection or video surveillance equipment servicing and, in justified cases, law enforcement and administrative bodies in accordance with applicable laws.
-
The following persons shall have access to video and recordings: the administrator of systems, authorised Controller employees, and persons providing services of property protection or video surveillance equipment servicing. They shall be obliged to maintain confidentiality and comply with the legal provisions on the protection of personal data and information confidentiality.
-
Data from video surveillance recordings may be made available only in justified cases to authorised bodies within the scope of proceedings conducted after submitting a written request to the Controller. In such cases, data shall be saved to an interchangeable medium (USB flash drive, DVD) and given to authorised bodies only against confirmation of data receipt.
-
For recordings and data processed in the video surveillance system, there are appropriate measures in place that secure the processing of such data, in particular those that prevent their loss or illegal distribution as well as those that prevent unauthorised persons from accessing them.
-
The person recorded by video surveillance shall have the right to:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of data.
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
The person recorded by the video surveillance system shall have the right to lodge a complaint with a supervisory authority, the President of the Personal Data Protection Office, if there is a data protection infringement.
-
-
-
-
PROCESSING OF PERSONAL DATA OF PERSONS ON THE PREMISES OF THE COMPANY/ENTERING THE PREMISES OF THE COMPANY IN POLKOWICE AND LEGNICA
-
In connection with entering the premises of KGHM ZANAM S.A., we would like to inform you that:
-
-
-
The Personal Data Controller is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Personal data (first name and surname, ID card number, and the body issuing the card) shall be processed in order to protect property and ensure security on the premises of the Company, serving as the basis for the processing of personal data, i.e. the legitimate interest of the Controller – point (f) of Article 6(1) of the GDPR.
-
Providing personal data shall be required to enter the premises of KGHM ZANAM S.A. in Polkowice and Legnica.
-
Personal data shall be processed for a period of 1 year from their collection.
-
The recipients of personal data shall be companies providing services of property protection and, in justified cases, law enforcement and administrative bodies in accordance with applicable laws.
-
Persons shall have the following rights related to the processing of personal data:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of data.
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
You shall have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the Controller has infringed personal data protection regulations.
-
-
-
-
PROCESSING OF PERSONAL DATA OF PERSONS CONTACTING THE COMPANY’S EMPLOYEES BY PHONE OR SUBMITTING AN INQUIRY TO THE COMPANY BY POST OR EMAIL
-
If correspondence not related to the services provided to the sender, not related to other services for which contracts have been concluded, or otherwise not related to any relationship with the Controller is provided to the Controller by email or post, personal data contained therein shall be processed only in order to communicate and handle the case to which the correspondence relates. The Controller shall process only personal data that are relevant to the case to which the correspondence relates. The entire correspondence shall be stored in a way ensuring the security of personal data (and other information) contained therein and disclosed only to authorised persons.
Therefore, we would like to inform you that:
-
-
-
The Personal Data Controller is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Personal data shall be processed in order to conduct correspondence addressed to the Controller in relation to its business activity, serving as the basis for the processing of personal data, i.e. the legitimate interest of the Controller – point (f) of Article 6(1) of the GDPR.
-
Providing personal data shall be required to contact the sender, handle the case, and reply to the inquiry.
-
Disclaimer regarding unsolicited correspondence: We would like to inform you that we will not reply to all correspondence (both in paper and electronic form) addressed to the Controller.
-
Personal data shall be processed for the time necessary to fulfil the purpose of the processing indicated above and then stored for archiving purposes for a period of 1 year.
-
The recipients of personal data shall be companies providing IT and post/courier services.
-
Persons shall have the following rights related to the processing of personal data:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of personal data, in which case we will no longer process your personal data for the purpose described above unless we can demonstrate compelling legitimate grounds for the processing of such data which override your interests, rights and freedoms or we can demonstrate that such data are required by us for the establishment, exercise or defence of legal claims.
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
You shall have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the Controller has infringed personal data protection regulations.
-
-
If the Controller is contacted by phone for matters not related to the contract concluded or the execution of orders, the Controller may require the provision of personal data only when it is necessary to handle the matter to which the contact relates. In this case, the legal basis shall be the legitimate interest of the Controller (point (f) of Article 6(1) of the GDPR), involving the necessity of considering the matter related to the Controller’s business activity.
-
-
RECRUITMENT
-
As part of recruitment processes, the Controller shall except that personal data are to be provided only to the extent specified in labour law provisions (point (c) of Article 6(1) of the GDPR in relation to Article 221 sec. 1 of the Labour Code, i.e.: name(s) and surname, date of birth, contact details, education, professional qualifications, previous jobs); therefore, any additional information is not required. In this case, the legal basis for the processing of personal data shall also be the legitimate interest of the Controller, which is to verify qualifications and skills of job candidates and to specify the conditions of possible cooperation (point (f) of Article 6(1) of the GDPR). If job applications include additional data, which go beyond the scope indicated in labour law provisions, their processing shall be based on the candidate’s consent (point (a) of Article 6(1) of the GDPR), expressed by an unambiguous affirmative act of sending the application documents by the candidate. If job applications include information that are inadequate for the purpose of recruitment, it shall not be used or considered during the recruitment process.
Therefore, we would like to inform you that:
-
-
-
The Personal Data Controller is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Personal data shall be processed for the purposes of:
-
-
-
-
-
-
evaluating the candidate’s qualifications in respect of a specified job position,
-
evaluating the candidate’s abilities and skills needed to work on a specified job position,
-
selecting the right job candidate.
-
-
-
-
-
-
Providing personal data shall result from Article 22 sec. 1 of the Labour Code. Failure to provide these data shall result in the lack of ability to consider your application in the recruitment process conducted by the Controller. Providing personal data to a broader extent than indicated in labour law provisions shall be voluntary.
-
Personal data shall be processed for the time necessary to complete the recruitment process and if you consent to the processing of your personal data for future recruitments – for a period of 1 year specified by the Controller.
-
The recipients of personal data shall be companies providing the service of being the IT service administrator.
-
Persons shall have the following rights related to the processing of personal data:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of personal data on grounds relating to your particular situation – in cases in which personal data are processed on the basis of the Controller’s legitimate interest,
-
transfer personal data, i.e. the right to receive personal data in a structured, commonly used, and machine-readable IT format. You can transfer these data to another data controller or request that the Controller transfer them to another controller; however, the Controller shall transfer them only when this is technically possible – the right to transfer data is only granted for those data that are processed on the basis of consent,
-
withdraw your consent at any time, without affecting the lawfulness of the processing which was carried out on the basis of the consent prior to its withdrawal.
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
You shall have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the Controller has infringed personal data protection regulations.
-
-
-
-
PROCESSING OF PERSONAL DATA OF PROXIES OR REPRESENTATIVES IN CONNECTION WITH PARTICIPATION IN THE TENDER PROCEDURE CARRIED OUT BY KGHM ZANAM S.A. OUTSIDE THE PROCUREMENT SUPPORT SYSTEM
-
As part of tender procedures conducted outside the Procurement Support System, the Controller shall process the following personal data categories: first name and surname, official position, professional qualifications, official contact details: email, landline and mobile phone numbers, name of entity and organisational unit, ID card number.
Therefore, we would like to inform you that:
-
-
-
The Personal Data Controller is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Personal data shall be processed for the purpose of conducting a tender procedure.
-
The legal basis for the processing of personal data is the Controller’s legitimate interest, involving the selection of the most advantageous commercial offer (point (f) of Article 6(1) of the GDPR).
-
Personal data shall be processed until the tender/purchasing procedure is completed and then stored for archiving purposes for a period of 5 years. However, if a contract is concluded as a result of the selection of an offer, they shall be stored for a period of 5 years until the fiscal year, in which the contract is completed, ends, but not earlier than the expiry of the limitation period for contractual claims.
-
Providing personal data shall be voluntary but also be a prerequisite to participate in the tender procedure.
-
The recipient of the personal data shall be the Investor for which the works are performed.
-
Persons shall have the following rights related to the processing of personal data:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of data;
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
You shall have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the Controller has infringed personal data protection regulations.
-
-
-
-
COLLECTION OF PERSONAL DATA IN CONNECTION WITH THE PERFORMANCE OF CONTRACTS
-
When personal data are collected for the purposes of performing a given contract, the Controller shall provide the Data Subject with detailed information on the processing of their personal data upon the conclusion of the contract or upon the reception of personal data if such processing is necessary so that the Controller can take measures requested by the Data Subject before the contract is concluded.
-
-
PROCESSING OF PERSONAL DATA OF CUSTOMERS OR COUNTERPARTIES COOPERATING WITH THE CONTROLLER
-
In connection with concluding commercial contracts as part of its business activity, the Controller shall obtain personal data of persons involved in the performance of such contracts (e.g. contact persons, persons placing or performing orders, etc.) from counterparties/customers. Personal data provided shall always be limited to the extent required to perform the contract and shall usually not include information other than the first name and surname and official contact details. In such cases, personal data shall be processed in order to pursue the legitimate interest of the Controller and its counterparty (point (f) of Article 6(1) of the GDPR), involving the proper and effective performance of the contract. These data may be disclosed to third parties involved in the performance of the contract as well as to entities obtaining access to data on the basis of regulations on public information disclosure and proceedings conducted under public procurement law to the extent provided for by these regulations. Data shall be processed for a period necessary to pursue the aforementioned interests and fulfil the obligations arising from applicable regulations.
Therefore, we would like to inform you that:
-
-
-
The Personal Data Controller is KGHM ZANAM S.A. with its registered office at ul. Kopalniana 7.
-
The Data Controller has designated a Data Protection Officer who you can contact by email at iod@kghmzanam.com or by post, adding “to the Data Protection Officer”.
-
Personal data (first name and surname and name of the employing entity, phone number, email) shall be processed in order to identify persons authorised to perform contractual tasks, including those persons having access to the Confidential Information of KGHM ZANAM S.A.
-
Therefore, personal data shall be processed on the basis of the legitimate interests of the Controller associated with the aforementioned purpose, i.e. to ensure the proper performance of the contract and the security of confidential information (business secrets). – point (f) of Article 6(1) of the GDPR.
-
Providing personal data for the aforementioned purpose shall be voluntary; however, their provision is required to allow a given person to perform contractual tasks.
-
Personal data shall be processed for a period required to perform and settle the contract and then stored for a period resulting from the limitation period, the confidentiality obligation (if a separate declaration was signed), and tax regulations.
-
Personal data may be disclosed to entities authorised under legal provisions and to entities and their employees who provide services for us that require access to your data – including legal, financial, accounting, and IT services.
-
Persons shall have the following rights related to the processing of personal data:
-
-
-
-
-
-
access their personal data,
-
request that personal data are rectified,
-
erase personal data,
-
limit the processing of their data,
-
object to the processing of personal data on grounds relating to your particular situation – because we process personal data on the basis of the aforementioned legitimate interest.
-
-
-
-
-
-
In relation to matters related to exercising your rights, you can contact the Data Protection Officer in KGHM ZANAM S.A.
-
You shall have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the Controller has infringed personal data protection regulations.
-
-
-
-
COLLECTION OF PERSONAL DATA IN OTHER CASES
-
In connection with its business activity, the Controller shall also collect personal data in other cases, mainly including the establishment and use of permanent mutual business contacts during business meetings, at industry events, or by exchanging business cards – for the purposes related to the initiation and maintenance of business contacts. In this case, the legal basis shall be the legitimate interest of the Controller (point (f) of Article 6(1) of the GDPR, involving the creation of a contact network related to its business activity. Personal data collected in such cases shall only be processed for the purpose for which they have been collected, while the Controller shall ensure their appropriate protection.
COOKIE POLICY
-
-
The website may collect automatically only information contained in cookies.
-
Cookies are text files that are stored in the terminal equipment of the website user. They are intended for using the website. First of all, they contain the name of the website of their origin, their unique number and the storage time on the terminal equipment. Cookies may make it easier to use the website, for example by remembering user preferences when users return to the website. The website does not use cookies to obtain personal information from the user’s computer, which were not sent by the cookie.
-
The user may, at any time, change web browser settings in such a way that cookies support is disabled or that they receive information about placing cookies in their equipment. Other available options may be checked in the web browser settings. It should be remembered that accepting cookies in the terminal equipment is a default setting in the majority of browsers.
-
Information about web browser settings is available in the web browser menu (help) or on the developer’s website.
-