Due to the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC, hereinafter referred to as ” GDPR “and the Act on the Protection of Personal Data of May 10, 2018, in order to fulfill the obligations imposed on us, below we present the key issues related to the processing of your personal data by us. Detailed information clauses can be found at the following links:
- Contractors
- Participants in the public or non-public procurement procedure
- Participants in the administrative proceedings in the SEZ
- Candidates applying for a managerial position or for a supervisory board position
- Candidates for work at ARP S.A.
- Employees of companies from the ARP Group
CONTACT DETAILS OF THE DATA PROTECTION OFFICER AT AGENCJA ROZWOJU PRZEMYSŁU S.A.
- Name and surname of the IOD: Krzysztof Radtke
- E-mail address: iod@arp.pl
- Correspondence address: Agencja Rozwoju Przemysłu S.A., ul. Nowy Świat 6/12 Centrum Bankowo Finansowe – entrance “C” 00-400 Warsaw
I. Introduction
Personal data protection and information security have always been prioritized in the activities of Agencja Rozwoju Przemysłu S.A. As a responsible organization that is aware that information has a specific value and constitutes a resource that requires proper protection, we want to properly inform you about matters related to the processing of personal data, especially in relation to the obligations arising from the provisions on the protection of personal data, including the GDPR. For this reason, in this document, we present key information about the legal grounds for the processing of personal data, the methods of their collection and use, as well as the rights of data subjects related to it.
II. When does this Privacy Policy apply?
This privacy policy applies to all cases in which ARP S.A. is the administrator of personal data and processes personal data. This applies both to cases in which we process personal data obtained directly from the data subject and cases in which we have obtained personal data from other sources. ARP S.A. performs its information obligations in both of the above cases, set out in Art. 13 and art. 14 GDPR in accordance with these provisions.
The flow of personal data between individual companies results from the relations between them in the ARP Group and the need to centralize the management of individual processes. It does not infringe the law in any way. As part of individual data processing operations, the managing or coordinating company is obliged to fulfill the information obligation towards the data subject, and is also responsible for the implementation of the rights of the data subjects.
III. Contact point
ARP S.A. appointed the Data Protection Officer. It is a person with whom you can contact in all matters relating to the processing of personal data and the exercise of rights related to data processing. The contact details of the Data Protection Officer can be found at the beginning of this policy.
IV. Scope, methods and purposes of data processing
We want to be transparent about the methods and legal grounds for processing personal data, as well as the purposes for which we process personal data. In order to make our explanation of these issues as clear as possible, we present the following list of personal data processing operations.
At the same time, we would like to ensure that whenever we process personal data on the basis of the legitimate interest of the data controller, we try to analyze and balance our interest and the potential impact on the data subject (positive and negative) and the rights of that person. We do not process personal data when we come to the conclusion that the impact on the data subject would outweigh our interests, unless we have a different legal ground, e.g. we have the appropriate consent or it is required or permitted by law.
Processing of personal data of visitors to websites operated by ARP S.A. or using services provided electronically
1.1. General information
Natural persons visiting our websites or using the services provided by us electronically have control over the personal data they provide to us, and we ensure that the collection and use of information about users is limited to the minimum necessary to provide services to them the expected level.
1.2. Log files
Each time the website is called up, our system automatically collects data and information from the computer system of the computer that opens the website. The following data is downloaded:
- information about the type of browser and the version used,
- user’s operating system,
- user’s IP address,
- date and time of calling the page,
- websites from which the user’s system passed to our website (the so-called referrer),
- websites that were called up by the user’s system through our website.
The data is also saved in the log files of our system. There is no storage of the data together with other personal data of the user. From this data, the person cannot be identified as the IP address is only available in masked form. The data provided is also stored and processed for error analysis and for statistical purposes in a log file.
The temporary storage of the IP address by the system is necessary to enable the website to be made available to the user’s computer. For this purpose, the user’s IP address must be saved for the duration of the session. Saving in log files is to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. Data analysis for marketing purposes therefore does not take place.
1.3. Cookies
To a limited extent, we may collect your personal data automatically via cookies on our websites. Cookies are small IT data files saved and stored on a computer, tablet or smartphone intended for the use of websites. Cookies usually contain the name of the website they come from, their storage time on the device and a unique number.
The entity that places cookies on the Website User’s end device and obtains access to them is the Website operator Agencja Rozwoju Przemysłu S.A. with headquarters at ul. Nowy Świat 6/12, 00-400 Warsaw.
Cookies are used for the following purposes:
- adjusting the content of the Website pages to the User’s preferences and optimizing the use of websites; in particular, these files allow to recognize the device of the Website User and properly display the website, tailored to his individual needs;
- creating statistics that help to understand how Website Users use websites, which allows improving their structure and content, e.g. using Google Analytics tools;
- maintaining the Website User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on every subpage of the Website;
- conducting marketing and advertising as part of cooperation with ARP S.A. with social networks (Facebook, Twitter, Linkedin, YouTube)
The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). time of their removal by the User.
The Website also uses the following types of cookies:
- “necessary” cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services that require authentication on the Website,
- cookies used to ensure security, e.g. used to detect fraud in the field of authentication on the Website,
- “performance” cookies, enabling the collection of information on the use of the Website’s pages,
- “functional” cookies, enabling “remembering” the settings selected by the User and personalizing the User’s interface, e.g. in terms of the selected language or region of the User’s origin, font size, website appearance, etc.
In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the User’s end device by default. The Website Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about their every posting on the Website User’s device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
The website operator informs that restricting the use of cookies may affect some of the functionalities available on the website pages.
Cookies placed on the Website User’s end device may also be used by advertisers and partners cooperating with the Website operator.
More information on cookies is available in the “Help” section in the browser’s menu.
2. Processing of personal data of persons contacting ARP S.A. in order to obtain information about the offer or to share comments on services, as well as contacting in order to conclude a contract and to grant funding
From natural persons who contact us in order to obtain information about the offer or share comments regarding our services, as well as contact in order to conclude a contract, we collect, among others, the following personal data: name and surname, position, e-mail address and Phone number.
We would like to ask you not to provide information containing specific categories of personal data, listed in art. 9 sec. 1 GDPR (information on race or ethnicity, political views, religious or philosophical beliefs, trade union membership, information on physical or mental health, genetic data, biometric data, information about life and in sexual and sexual orientation and criminal past). If you provide such information for any reason, it will constitute your express consent to the collection and use of such information by us as set out herein or as specified in the place where the information was disclosed.
3. Additional information regarding electronic correspondence
If you wish to write an e-mail to us, please note that unencrypted e-mails that are sent over the Internet are not sufficiently protected against unauthorized access by third parties.
4. Processing personal data of customers and potential customers
ARP S.A. processes personal data of its clients and potential clients. This data may also include the data of contact persons on the part of customers and potential customers (their employees or representatives). Personal data of this type are processed in IT systems used by ARP S.A., including the Electronic Document Management System (EZD). Personal data processed for these purposes include, among others: name and surname, name of the employer, position of the contact person, telephone number, e-mail address or other business contact details.
5. Processing of personal data of end users of online tools
In a situation where we provide customers with certain products or services online (internet networks), we process the personal data of end users of such products and services. Please note that the information on cookies and access logs provided by us earlier also applies to the processing of data of natural persons using products or services offered online.
6. Processing of personal data on social networks
Trying to reach the widest possible group of people interested in the activities of ARP S.A. we run profiles and interact with you on social networks. For this reason, we jointly manage personal data together with the providers of these portals. More information about data processing on the part of these providers can be found on the websites:
- Facebook: https://pl-pl.facebook.com/privacy/explanation
- Twitter: https://twitter.com/en/privacy
- Linkedin: https://www.linkedin.com/legal/privacy-policy
- YouTube: https://policies.google.com/privacy?hl=pl
V. Legal grounds for processing
Processing of data of visitors to websites operated by ARP S.A. (including: www.arp.pl, www.bip.arp.pl, www.katowice.arp.pl, www.europark.arp.pl, www.tsse.arp.pl, www.baranow.com. pl, www.krasiczyn.com.pl, www.strefainwestycji.arp.pl), using electronic services, is based on various legal grounds for processing depending on the category of personal data that we process and the purpose of processing. We process the personal data of people visiting our websites on the basis of the legitimate interest of the data controller or on the basis of consent in the event that we have asked the data subject for such consent. We process the data of people who fill in the online / contact form because it is necessary to provide information about our products and services or to take steps to conclude a contract, at the request of the person providing their data.
Sometimes the law requires us to process certain personal data for archiving, tax, reporting or accounting purposes.
Processing of personal data of persons contacting ARP S.A. in order to obtain information about the offer or to share comments regarding the services, as well as contacts in order to conclude the contract, it is based on the consent expressed by the user making the above request to ARP S.A. or in order to perform the contract (fulfill the request) submitted by a given person. The data provided may also be processed on the basis of the legitimate interest of the data controller.
The processing of personal data of natural persons who are our clients is based on:
- the legitimate interest of IDA S.A. as a data controller (e.g. in the field of database creation, analytical activities, including activities regarding the analysis of product use, direct marketing of own products, securing documentation for the purpose of defending against possible claims or for the purpose of pursuing claims);
- consent (including, in particular, consent to e-mail marketing or telemarketing);
- performance of the concluded contract;
- obligations under the law (e.g. tax law, accounting regulations, archiving, etc.).
The processing of personal data of natural persons who are potential clients is based on:
- the legitimate interest of IDA S.A. as a data controller (especially in the field of creating a database, direct marketing of own products);
- consent (including in particular consent to e-mail marketing or telemarketing).
If end users are also clients of ARP S.A. the legal grounds for processing their data are the same as for the clients of ARP S.A. described above. If they are not customers, the legal basis for the processing of their personal data is, depending on the situation and type of personal data, the consent of the natural person (including, in particular, consent to e-mail marketing or telemarketing) or the legitimate interest of ARP S.A. as a data controller (e.g. in the field of providing a service ordered by the customer, in the field of analytical and profiling activities, including activities regarding the analysis of product use, direct marketing of own products, securing documentation for the purpose of defending against possible claims or for the purpose of pursuing claims) .
VI. Data processing period
The time during which we can process your personal data depends on the legal basis constituting the legal condition for the processing of personal data by ARP S.A. Accordingly, we would like to inform you that in the event that ARP S.A. processes personal data on the basis of:
consent, the processing period lasts until the data subject withdraws this consent or the purpose of processing is completed;
the legitimate interest of the data controller, the processing period lasts until this interest ceases (e.g. the period of limitation of civil law claims) or until the data subject objects to further processing – in situations where such objection is entitled to legal provisions;
applicable law, the periods of data processing for this purpose are determined by these provisions.
VII. Data recipients
We transfer your personal data to other entities on the basis of legal requirements or in connection with the purpose for which they were provided to us. At the same time, we declare that we only use the services of proven entities, known on the local market and guaranteeing the security of your data. Agreements under which we entrust the processing of personal data contain provisions on the protection measures we require, ensuring the confidentiality, integrity and availability of the data provided.
We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf, for example to provide technical support, to assess the suitability of the website for marketing or other types of service provision. Your personal data is transferred to these entities and other third parties only if it is necessary to perform the services you have requested or authorized, to protect you and our rights, property or security, or if we are required to do so under applicable law, or if the disclosure of personal data is otherwise necessary to support legal arrangements (including criminal law arrangements) or a court trial.
In connection with the above, we indicate that the recipients of personal data that ARP S.A. processes as a data controller may be:
- above entities processing personal data under contracts for entrusting the processing of personal data (so-called processors);
- entities providing hosting services;
- subcontractors of ARP S.A., providing services in the field of software delivery, software or hardware maintenance services that we use, as well as service providers that we use;
- entities providing services in the field of survey research;
- debt collection companies;
- auditors and statutory auditors, legal advisers, tax advisers;
- law enforcement authorities, regulatory authorities and other public administration bodies.
Your data will not be transferred to entities processing personal data based outside the European Economic Area (EEA).
VIII. Rights related to the processing of personal data
Natural persons have specific rights regarding their personal data, and ARP S.A. as the data controller, he is responsible for the implementation of these rights in accordance with applicable law. In case of any questions and requests regarding the scope and implementation of rights, as well as in order to contact us precisely in order to exercise a specific right in the field of personal data protection, please contact our Data Protection Officer. We reserve the right to exercise the following rights after positive verification of the identity of the person applying for a given activity.
You have the following rights related to the processing of personal data:
- the right to withdraw consent to the processing of data at any time, if we process your personal data on the basis of consent;
- the right to access your personal data and obtain a copy of it;
- the right to request the rectification of personal data;
- the right to request the deletion of personal data;
- the right to request the restriction of the processing of personal data;
- the right to object to the processing of data due to your special situation – in cases where we process data on the basis of our legitimate interest;
- the right to transfer your personal data, i.e. the right to receive personal data from us, in a structured, commonly used, machine-readable IT format. You can send this data to another data controller or request that we send it on your behalf to another data controller. However, we will only do so if such a message is technically possible. The right to transfer personal data applies only to the data that we process on the basis of a contract or on the basis of your consent;
- the right to lodge a complaint with the supervisory body dealing with the protection of personal data, i.e. the President of the Personal Data Protection Office.
IX. Changes to this Privacy Policy
We undertake to review this Privacy Policy on a regular basis and amend it when it proves necessary or desirable due to: new legal provisions, new guidelines of authorities responsible for supervising the processes of personal data protection, best practices applied in the area of personal data protection. We also reserve the right to change this Privacy Policy in the event of changes in the technology with which we process personal data (if the change affects the wording of this document), as well as in the event of changes in the methods, purposes or legal grounds for processing personal data by us.
This document was last updated on October 28, 2022.