erisk demo

en

Privacy Policy

I. Introduction

Personal data protection and information security have always been a priority in the activities of SDPK Sp. z o.o. As an example of a responsible and conscious organization, we care about properly informing you about matters related to the processing of personal data, especially in view of the content of the new provisions on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). We are aware that information has a specific value that needs to be protected in an appropriate way. Bearing in mind the security of your data, in this document we present key information on the legal basis for the processing of personal data, their use and acquisition.

II. SDPK Sp. z o.o.

SDPK Sp. z o.o. with its registered office at ul. Szyperska 14, Poznań 61-754, hereinafter referred to as the “Company”. We have been dealing with operational risk management for 8 years, we help companies implement ERM systems, and we train risk managers and managerial staff of the largest Polish companies. We have already cooperated with over 300 clients from both public administration and business. We also offer our clients the erisk software, which allows for the computerization of the entire process.

III. When does this Privacy Policy apply?

This privacy policy applies to all cases in which SDPK Sp. z o.o. is the administrator of personal data and processes personal data. This applies to both personal data obtained directly from the data subject and cases where we have obtained personal data from other sources. SDPK Sp. z o.o. fulfills its information obligations in both of the above situations, specified respectively in art. 13 and Art. 14 GDPR in accordance with these provisions. SDPK Sp. z o.o. is the administrator of marketing processes (including managing accounts on social networking sites), IT (including IT systems in which personal data is collected, including those of counterparties), security incidents, and coordinates employee recruitment processes. The company also operates the website www.sdpk.pl, therefore it coordinates the processing of personal data sent via the forms contained on the website (e.g. as part of the contact form).

IV. Scope, ways and purposes of data processing

We want all information on the methods and legal grounds for processing personal data, as well as the purposes for which we process them, to be understandable. We encourage you to read the list of personal data processing operations presented below.

IV.1. The processing of personal data of visitors to websites run by SDPK Sp. z o.o. or using services provided electronically
1. General information
Each of the natural persons using the services provided by us electronically, or visiting our website, has control over the personal data that they provide to us. We hereby inform you that the user data obtained in this way is limited to the minimum necessary to provide services at the expected level.
2. Cookies
The website does not automatically collect any information, except for information in cookie files. Cookies are data, in particular text files, stored on the Website User’s device. They are intended for using the website pages. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique pair of key-value attributes. Cookies are used for the following purposes:

a) adapting the content of the Website pages to the User’s preferences; in particular, these files enable the recognition of the Website User’s device and the correct display of the website;
b) creating statistics, which allows the improvement of the structure and content; The website uses two types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User.

The website uses the following types of cookies:
a) “essential” cookies, enabling the use of services available on the website;
b) cookies used to ensure security;
c) “performance” cookies, enabling the collection of information on how websites are used;
d) “functional” cookies, enabling “remembering” the settings selected by the User and personalizing the User’s interface.

In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the User’s end device by default. Website users may change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about each time they are placed on the Website User’s device. Detailed information on the possibilities and ways of handling cookies is available in the software (web browser) settings. Please be advised that restrictions on the use of cookies may affect some of the functionalities available on the website. Cookies placed on the Website User’s end device may also be used by advertisers and partners cooperating with us.

4. Online applications and forms
Visitors to the website of SDPK Sp. z o.o. have the option of contacting the company by filling out the contact form. In order to use the abovementioned possibilities, it is necessary for the contact person to provide us with their personal data. Please be advised that they will only be used for the purpose for which they were given.
5. Photos
The photos and icons presented on the website are the property of SDPK Sp. z o.o. or they come from photo and icon banks, i.e. Freepik, Flaticon, or were purchased from agencies as materials for the website.

IV.2. Processing of personal data of persons contacting SDPK Sp. z o.o. in order to obtain information about the offer or share comments regarding services, as well as those contacting to conclude a contract From natural persons contacting SDPK Sp. z o.o. to obtain information about the offer, share their opinion or comments, or to conclude a contract, we collect the following personal data: name and surname, e-mail address and telephone number. Transfer of the above The provision of data is voluntary, however, necessary for the purpose of providing information about the offer. We ask you not to provide information containing specific categories of personal data, listed in art. 9 (1) GDPR (information on race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information on physical or mental health, genetic data, biometric data, information on sex life or sexual orientation or criminal past). If you provide such information for any reason, you will expressly consent to our collection and use of such information as set forth herein or as specified where the information is disclosed.

IV.3. Processing of personal data of clients and potential clients SDPK Sp. z o.o. processes personal data of its clients and potential clients. Among them, there may also be data of contact persons on the part of clients and potential clients (their employees). This type of personal data is processed in IT systems used by SDPK Sp. z o.o., including in the CRM system. Personal data processed for these purposes include, among others: name and surname, name of the employer, position of the contact person, telephone number, e-mail address or other business contact details.

IV.4. Processing of data of visitors to the business profile of SDPK Sp. z o. o. SDPK Sp. z o.o. and Facebook are co-administrators of the data of Users who liked the business profile of SDPK Sp. z o.o. available at: https://www.facebook.com/sdpkpoznan/?ref=br_rs Therefore, SDPK Sp. z o.o., as a business profile administrator, may generate anonymous statistical data on website visitors using the function provided by Facebook. These data are collected thanks to cookies, each of which contains a unique user code (they are active for two years and saved by Facebook on the computer’s hard drive or on any other data carrier of visitors to the fan page). The user code, which can be linked to the connection data of users registered on Facebook, is retrieved and processed when the business profile is opened. Although these are anonymous data, SDPK Sp. z o.o. may ask Facebook to process them in the following areas: – demographic data (including trends in age, gender, marital status and professional status), – information on lifestyle and interests, – geographical data that allow the determination where special promotions or events should be held, how best to target our information offer.

At the same time, the data of people who like the business profile may be processed in a non-anonymized form in the case of: – Communication with SDPK Sp. z o.o. via Messenger available on Facebook, – Commenting on posts made available on the business profile of SDPK Sp. z o.o.

Under no circumstances will the data of people who like the business profile of SDPK Sp. z o.o. be used for any purpose other than the one for which they were provided. Their processing will be carried out only on Facebook and in accordance with the general principles of using the portal. Personal data may be transferred outside of Poland, the European Union and the European Economic Area within the scope of the functioning of this social networking site.

Additional information in relation to electronic correspondence: If you send us an e-mail, please note that unencrypted e-mails that are sent over the Internet are not sufficiently protected against unauthorized access by third parties.

V. Legal grounds for processing

Processing of data of visitors to the website run by SDPK Sp. z o.o., using services provided electronically or posting on the business profile of SDPK Sp. z o.o., in social networks, it is based on various legal grounds for processing depending on the category of personal data that we process and the purpose of processing.

a) We process the personal data of visitors to our websites on the basis of the legitimate interest of the data controller (Article 6 (1) (f) of the GDPR) or on the basis of consent in the event that we have asked the data subject for such consent (Article 6 (1) (a) of the GDPR).
b) We process the data of persons who fill in the online/ contact form, because it is necessary for the purpose of performing the contract or taking steps to conclude this contract, at the request of the person providing their data (Article 6 (1) (b) of the GDPR), or on the basis of the legitimate interest of the controller, which is to answer the question asked (Article 6 (1) (f) of the GDPR).
c) The data of visitors to our fanpage are processed in accordance with the rules of using Facebook, based on the User’s consent (Article 6 (1) (a) of the GDPR).
d) The processing of personal data of natural persons who are potential clients is based on the justified interest of SDPK Sp. z o.o. as a data controller (especially in the field of creating a database, direct marketing of own products); (Article 6 (1) (f) of the GDPR); or consent (including, in particular, consent to e-mail marketing or telemarketing); (Article 6 (1) (a) of the GDPR),
e) In connection with the use of Facebook ADS, LinkedIn ADS and Google ADS services on our website, we would like to inform you that your data may be subject to profiling in order to display personalized advertisements to you if you consent to their display (Article 6 (1) (a) of the GDPR).

VI. Data processing period

SDPK Sp. z o.o. processes personal data and stores them for a period of time depending on the legal basis constituting the legal condition for the processing of personal data. Please be advised that SDPK Sp. z o.o. processes personal data on the basis of
1. consent, the processing period lasts until the consent is withdrawn by the data subject or the purpose of processing has been achieved;
2. justified interest of the data controller, the processing period lasts until the cessation of the above-mentioned interest (e.g. the limitation period for civil law claims, until the answer to the question asked in the contact form) or until the data subject objects to further processing – in situations where such objection is legal;
3. the applicable law, the periods of data processing for this purpose are determined by these provisions. In the absence of specific legal or contractual requirements, the basic data retention period for records and other documentary evidence drawn up during the performance of the contract is a maximum of 6 years;
4. based on the concluded contract, the processing period lasts until its expiry or termination.

VII. Data recipients

We transfer personal data to other entities on the basis of legal requirements or in connection with the implementation of the purpose for which they were provided to us. At the same time, we declare that we use only the services of proven entities, known on the local market and guaranteeing data security. Agreements under which we entrust the processing of personal data contain provisions on the protection measures required by us, ensuring confidentiality, integrity and availability of the transferred data. We may transfer personal data to companies or other trustworthy business partners who provide services on behalf of the Company and entities with whom we cooperate. In addition, data may be transferred to providers of such services as debt collection, tax, legal and accounting services. Personal data is transferred to these entities and other third parties only if it is necessary to perform services that the data subjects have requested or authorized to protect rights, property or safety, or if the Company is obliged to do so under applicable laws, court or other government regulations, or if disclosure of personal information is otherwise necessary to support a legal or criminal investigation or legal process. The company co-controls your personal data with business partners, the list of which can be found on the Partners page. In addition, access to personal data will be granted to authorized employees of the company.

VIII. Rights related to the processing of personal data

The rights of individuals with regard to the processing of personal data include:

a) The right to access your personal data.
b) The right to correct data.
c) The right to limit data processing.
d) The right to request deletion of data.
e) The right to transfer data to another data controller.

The rights referred to above can be exercised by contacting us at the e-mail address iod@sdpk.pl or by post to the following address: SDPK Sp. z o.o. ul. Szyperska 14, Poznań 61-754.

Natural persons have specific rights regarding their personal data, and SDPK Sp. z o.o. as their administrator is responsible for the implementation of these rights, in accordance with applicable law. We would also like to inform you that each natural person has the right to object to the processing of their personal data. In the case of personal data based on a legitimate purpose, a natural person has the right to object for reasons related to their particular situation. If it exercises this right, the Company will cease processing data for this purpose unless it demonstrates the existence of legally valid grounds for processing, overriding the interests of the natural person, their rights and freedoms or the grounds for establishing, investigating or defending claims. Moreover, if the processing of your personal data is based on your consent, you have the right to withdraw it at any time without affecting the compliance of the processing carried out on its basis prior to its withdrawal. The right to object may be submitted to the e-mail address: iod@sdpk.pl or by post to the following address: SDPK Sp. z o.o. ul. Szyperska 14, Poznań 60-101.

IX. Changes to this Privacy Policy. We undertake to review this Privacy Policy on a regular basis and amend it when it proves necessary or desirable due to: new legal provisions, new guidelines of authorities responsible for supervising the processes of personal data protection, best practices applied in the area of personal data protection.