Personal data at Asseco Data Systems S.A. is processed on the basis of applicable laws, in particular the European Parliament and the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (hereinafter: "RODO") and the Law of May 10, 2018 on the Protection of Personal Data (hereinafter: "the Law").
PERSONAL DATA CONTROLLER
- The administrator of the Personal Data processed in the company for various purposes related to the company's business activities is Asseco Data Systems S.A., seated in Gdańsk, ul. Jana z Kolna 11, 80 - 864 Gdańsk, entered in the Register of Entrepreneurs of the National Court Register under the number KRS 0000421310, kept by the District Court of Gdańsk - North in Gdańsk, VII Commercial Department of the National Court Register, NIP 517-03594-58, REGON 180853177, whose share capital amounts to PLN 120,002,940.00 (paid in full);
- You can contact us:
- by letter (snail mail), writing to the address indicated above,
- via email at [email protected],
- By phone at +48 58 550 95 00.
- Data Protection Officer
We have appointed a Data Protection Officer whom you can contact:
- by letter (snail mail), writing to: Asseco Data Systems S.A., Office in Lodz, 136 Narutowicza St., 90-146 Lodz,
- via e-mail at: [email protected],
- By phone at +48 42 675 63 60.
- Asseco Data Systems S.A. complies with all privacy and processing rules set forth in the RODO also with respect to data entrusted by other Administrators or Entrustors.
WHAT IS PERSONAL DATA AND ACCORDING TO WHAT PRINCIPLES DO WE PROCESS IT?
- Personal data - all information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet ID and information collected through cookies and other similar technology.
- The Personal Data Administrator processes data in accordance with the following principles:
- Reliability and lawfulness - meaning that data will be processed fairly, in accordance with correctly identified, RODO-compliant legal bases that are adequate for each processing activity. The Personal Data Controller identifies and determines the appropriate legal basis for each processing activity.
- Transparency - meaning that data subjects are informed in a transparent, accessible and understandable manner about who will process their data, on what basis, for what purpose, to what extent and for how long. Data subjects are further informed about: the recipients of the data, their rights and how to exercise them, and whether the data will be transferred to countries outside the EU and whether the data will be subject to automated decision-making and, if so, what impact this will have on the data subject. The Personal Data Controller ensures that the information obligation will be fulfilled:
- in the case of collection of data from the data subject - at the latest at the time of collection,
- in the case of collection of data from a source other than the data subject - no later than within 30 days of their acquisition;
- Purpose limitation - meaning that personal data is collected and processed for specific, explicit and legitimate purposes and that it is not further processed in a manner incompatible with those purposes.
- Data minimization - meaning that data is adequate and limited to what is necessary to achieve the purpose for which it is processed.
- Correctness - meaning that the processed data are correct, truthful and are subject to updates when necessary.
- Storage limitations - meaning that data will be stored in a way that allows the data subject to be identified for no longer than necessary to fulfill the purposes for which the data are processed.
- Integrity and confidentiality - which means that the data are processed in a manner that ensures their adequate security and, in particular, in a manner that ensures protection against: accidental or unauthorized loss, modification, damage or destruction. The Personal Data Administrator shall ensure data security through the use of adequate technical and organizational measures. The Personal Data Controller shall develop a personal data protection system taking into account the risks defined in his organization to which the processed data are exposed (risk-based approach). A description of the measures used is included in this document.
- Accountability - meaning that the Personal Data Controller processes personal data in a manner that ensures compliance with the provisions of the RODO in connection with their processing operations, and that it will be able to demonstrate the implementation of organizational and technical measures to ensure data processing in accordance with applicable laws. Demonstration of the implementation of these measures will take place in particular through the implementation of appropriate rules, procedures and policies describing the rules of conduct for data processing.
- The Data Controller strives to ensure that every process, solution or business idea, as early as in the design phase, should be analyzed for the use of personal data in that solution and take into account the protection of that data. This analysis should be carried out further, including already during the processing itself (privacy by design).
WHAT PERSONAL DATA MAY BE COLLECTED BY THE WEBSITE.
- During a User's visit to the Website, the following information is collected, automatically using Google Analytics or Cookies mechanisms:
- IP address and domain name,
- the type of web browser used,
- Data related to the device, e.g.: operating system.
- The Website automatically collects geographic data, as well as data on the activities performed by the User, which will serve only for marketing or statistical analyses. The Administrator does not conduct any activities aimed at identifying individuals using the data collected on the Website.
- Asseco Data Systems S.A. in part of the Websites applies mechanisms for profiling a given User within a given Website. These Websites collect data on User activity, namely: search histories, clicks, visits to a given Website and its sub-sites, User login and registration dates, data on the use of certain services. Profiling of the aforementioned information may result in receiving personalized information related to the User's activity on the Website.
- When using the Website, Double Click Cookies are stored in the storage of the device used by the User:
- collect information on how you use the content of the Website (they include a randomly generated 18-digit unique identifier assigned to web browsers installed on specific User devices),
- are used to store data of a logged-in User to a given Website (active sessions) concerning, among others, the selected language of the Website, search filter settings, User data (login or name) used to log in to a given Website, or authorization token in a given Website.
- The ID of a particular device stored in the Double Click Cookie is added to a remarketing list, which is stored on Google's servers and then grouped by specific categories.
- The information stored in cookies, located in the storage of the User's device, is later used for remarketing.
- Remarketing involves the use of data collected in cookies, by third-party vendors, to display advertisements based on data collected during the User's use of the Website content.
- The user can manage cookies himself in his browser by selecting the Privacy and Security tab in the browser options. The user can also opt out of receiving advertisements, using the option to disable Google ads or on the Network Advertising Initiative website.
- Cookies do not in any way modify other data in the storage of the User's device, as well as do not affect the proper operation of the operating system.
PRINCIPLES OF SHARING AND ENTRUSTING PERSONAL DATA
- The Personal Data Administrator shares (including entrusts) personal data with other entities (data recipients) on the basis of:
- legislation in force
- Business decisions on outsourcing selected parts of the business.
- In the case of sharing data with entities to which the Personal Data Controller subcontracts services in its name and on its behalf, a written entrustment agreement is required. The decision to entrust is preceded by an analysis of the credibility and reliability of the entity.
- Any decision to outsource services, requires it to be analyzed by the Personal Data Controller also in terms of entering into an entrustment agreement for processing.
IMPLEMENTATION OF THE RIGHTS OF DATA SUBJECTS
Asseco Data Systems, in its role as a controller of personal data, ensures that the rights of the persons whose data it processes can be realized. Requests arising from the rights of data subjects can be realized:
- by submitting an application at https://www.daneosobowe.assecods.pl,
- by writing to the Data Protection Officer's email address: [email protected]ds.pl,
- by reporting directly to one of the administrator's offices and making the request in person.
PROVIDING INFORMATION TO DATA SUBJECTS
Asseco Data Systems S.A., as controller, provides each individual with information about the processing of his/her personal data. The Data Controller, upon the request of an individual, shall respond whether it processes his/her personal data. If he/she processes his/her data, he/she grants access to personal data and provides information about:
- person and contact information of the administrator,
- Person and contact information of the Personal Data Inspector,
- purpose of processing,
- The legal basis for processing,
- information about the recipients or categories of recipients to whom the data will be disclosed,
- The planned period of storage of personal data,
- The right to request rectification, erasure or restriction of data processing, data portability, and to object to such processing (the rights due to data subjects depend on the basis of processing applied in a given case),
- The right to lodge a complaint with the supervisory authority for the protection of personal data,
- information about the intention to transfer data outside the EU,
- Information about the obligation to provide data and the consequences thereof,
- information about whether the data will be processed by automated means and whether it will be subject to profiling,
- the categories of data involved and the source from which the person's data was obtained - in case it did not come directly from the person.
The information specified above is, in accordance with the implementation of the principle of transparency, provided to data subjects in information clauses.
Asseco Data Systems makes every effort to ensure that the data processed in its enterprise are protected to the highest standards. It conducts a risk analysis for the processing activities for which it is the administrator and for the processing of data it has been entrusted with in order to select optimal technical and organizational means by which to ensure confidentiality, integrity and availability of personal data.
The Personal Data Administrator will regularly test, measure and evaluate the effectiveness of technical and organizational measures to ensure the security of processing and adjust security measures according to the results of the measurements.
Asseco Data Systems regularly conducts internal audits and undergoes independent assessments by external auditing firms for standards: ISO 9001, ISO 27001, ISO 22301.
We develop software, services and solutions for the digitisation of business and central and local government.
Trusted Economy Forum 2023: Business can't choose between user experience and security
UN Commission for Africa will use experience of Asseco-trained experts
Asseco won in 14 categories of the "ITwiz Best100" report
LEO System® 4.0 the best software for financial institutions according to Gazeta Finansowa
The solution developed by Asseco Data Systems for leasing companies has been included in the "Best Software for Financial Institutions" list prepared by Gazeta Finansowa. According to the editors, the awarded systems take into account the specific needs that companies in the financial sector have.