RODO - Kuukivi

Personal Data Protection Policy

Loombera Slings Kamil Komarow

1. The Personal Data Protection Policy of Loombera Slings Kamil Komarow, hereinafter referred to as the “Policy”, sets out the principles and actions that the Administrator undertakes in connection with the implementation of the objectives of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: RODO).

2. According to recital 171 of the RODO, where the processing is based on consent in accordance with Directive 95/46/EC, the data subject does not need to give his or her consent again if the original consent corresponds to the terms of this Regulation. On this basis, the company union organization (hereinafter: SCA), as the controller of SCA member data, may continue processing from membership declarations that were signed before May 25, 2018.

3. Definitions used for data protection under the RODO:

a. “personal data” means any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

b. “Processing” means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c. “dataset” means a structured set of personal data accessible according to specific criteria, whether that set is centralized, decentralized, or functionally or geographically dispersed;

d. “controller” means the natural or legal person, public authority, entity or other body which alone or jointly with others determines the purposes and means of the processing of personal data;

e. “Processor” means a natural or legal person, public authority, entity or other body that processes personal data on behalf of a controller;

f. “Recipient” means a natural or legal person, public authority, entity or other entity to whom Personal Data is disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a particular proceeding in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities must comply with the data protection rules applicable pursuant to the purposes of the processing;

g. “Consent” of a data subject means a freely given, specific, informed and unambiguous demonstration of intent by which the data subject, by means of a statement or a clear affirmative action, consents to the processing of personal data concerning him or her;

h. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to Personal Data transmitted, stored or otherwise processed;

i. “health data” means personal data about an individual’s physical or mental health – including the use of health care services – that reveals information about the individual’s health status;

j. “Sensitive data” means data listed in Art. 9 Act. 1 RODO, tj. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data;

k. “union activists performing elected union functions” – persons elected in accordance with the Act of May 23, 1991. on trade unions, to perform a union function outside the workplace with the election.

l. “password” means a string of at least 6 characters containing numbers or letters, known only to the user;

m. “protected room” shall mean a room or a separate room in which personal data are stored;

n. “Authorized” shall mean a person authorized to process Personal Data.

o. ”user” means visitors to the www.textilworld.pl website.

The President and owner of Loombera Slings Kamil Komarow supervises compliance with the principles described in this Policy and data protection regulations.

5. Personal data may be processed with the consent of the data subjects, except as provided in act. 6.

6. It is lawful to process without the consent of the data subject (Article 6, Act.1 RODO) when:

a. processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;

b. processing is necessary for compliance with a legal obligation of the controller;

c. the processing is necessary to protect the vital interests of the data subject or another natural person;

d. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

e. processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party.

7. the Administrator shall take necessary actions to ensure that all users of the www.kuukivi.com website and persons authorized to process personal data are familiar with the Policy and comply with its principles.

8. The Administrator shall maintain a register of persons authorized to process personal data.

9. The Controller designates the datasets it processes and lists those datasets under the Data Protection Policy.

10. The Administrator shall maintain a register of processing activities.

11. The personal data processed by Loombera Slings Kamil Komarow will not be profiled or subject to automated decision-making.

12. The data protection policy of Loombera Slings Kamil Komarow and should be implemented, among other things. By:

a. Familiarize users of www.kuukivi.com and persons authorized to process personal data, with the Data Protection Policy;

b. Improve knowledge of security and data protection;

c. Effective implementation of procedures;

d. Reliably maintain records of data sets;

e. Secure access to computers with a password;

f. Proper data security;

13. Data protection policy of Loomber Slings Kamil Komarow

used at the administrator’s site, including laptop computers:

a. Computer equipment used to process personal data shall be protected by a password of at least 5 string characters. The password is changed no less frequently than every 30 days,

b. Portable computers taken off-site at Loomber Slings Kamil Komarow must be secured against unauthorized access to data in the same manner as permanently housed computers.

14th Transmission of personal data in e-mail messages of Loombera Slings Kamil Komarow, is allowed only by persons authorized by the administrator, who must take care to anonymize e-mail addresses by entering recipients’ addresses, in group e-mails, as an option available in the mail “hidden copy” “UDW”.

15. The administrator ensures that anti-virus software is kept up to date.

16. Repairs and maintenance of computer equipment shall be performed in the presence of authorized persons.

17. With respect to each data subject, the controller has a duty of information;

18. The Data Subject has the right to control the processing of his/her personal data at any time, and in particular the right to review:

a. Identity and current contact information;

b. IOD contact information;

c. The purposes of the processing of personal data, and the legal basis for the processing;

d. Where processing is carried out in connection with legitimate interests (based on Article 6 Act.1 lit. f of the RODO) – Legitimate interests pursued by the controller or by a third party;

19. The Data Subject shall at all times obtain information about:

a. Recipients of personal data or categories of recipients, if any;

b. Information about the intention to transfer personal data to a third country or international organization (where applicable);

c. The period for which the personal data will be kept, where it is possible to determine this period;

d. Information about the right to request from the Controller access to personal data concerning the data subject, their rectification, erasure or restriction of processing, or the right to object to processing, as well as the right to data portability;

e. If the processing is based on consent (Article 6(1)(a) of the RODO), the data subject shall be informed of the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal;

f. the right to lodge a complaint with a supervisory authority;

20. Employees of Loombera Slings Kamil Komarow and authorized persons confirm in writing that they are familiar with the Data Protection Policy.

21. TEMPLATES/ATTACHMENTS:

a. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, so-called RODO), (OJ EU. L. 2016 No. 119, p. 1 as amended);

a. Law of May 23, 1991. on trade unions (i.e., Journal of Laws 2015, item 1881);

b. Cookies Policy

c. Regulamine strony www.kuukivi.com

d. Sample acknowledgement of reading the Data Protection Policy;

e. Information Clause Template;

f. Model consent form;

g. Authorization to process personal data;

h. Register of Processing Activities;

i. Register of users who process personal data;

j. Data Breach Register;

k. Dataset Registry;

Data Protection Policy adopted and implemented on 01/01/2021.