In view of the applicability of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC hereinafter referred to as "GDPR" and the Data Protection Act of 10 May 2018, in order to comply with the obligations imposed on us, we set out below the key issues relating to our processing of Your personal data.
You will find detailed information clauses at the links below:
Contact details of the Data Protection Officer at the Industrial Development Agency JSC
Name and surname of DPO: Maciej Nartowski
Address: Agencja Rozwoju Przemysłu S.A., ul. Nowy Świat 6/12 Centrum Bankowo-Finansowe - wejście „C”, 00-400 Warszawa
Personal data protection and information security have always been a priority in the activities of the Industrial Development Agency JSC. As a responsible organisation that is aware that information has a certain value and constitutes a resource that requires appropriate protection, we are committed to duly informing You on matters related to personal data processing, especially in view of the obligations arising from personal data protection regulations, including GDPR. Therefore, in this document we present key information about the legal basis for processing personal data, the ways in which it is collected and used, as well as the rights of Data Subjects related thereto.
IDA JSC has appointed a Data Protection Officer. This is the person You can contact on all matters relating to the processing of Your personal data and the exercise of Your rights in relation to data processing. The contact details of the Data Protection Officer can be found at the beginning of this Policy.
We wish to be transparent about the means and legal basis for processing personal data, as well as the purposes for which we process personal data. In order to make our explanation of these issues as clear as possible, we provide the following summary of the personal data processing operations. At the same time, we would like to assure You that whenever we process personal data on the basis of a legitimate interest of the controller, we try to analyse and balance our interest and the potential impact on the Data Subject (positive as well as negative) and the rights of the Data Subject. We do not process personal data where we conclude that the impact on the Data Subject would outweigh our interests, unless we have another legitimising ground, e.g. we have the relevant consent or it is required or permitted by law.
1.1. General information
Individuals who visit our websites or use the services we provide electronically are in control of the personal information they provide to us, but we ensure that we limit the collection and use of Your information to the minimum required to provide You with the level of service You expect.
1.2. Log files
Every time You call up a website, our system automatically collects data and information from the computer system of the computer that opens the website. The following data is collected:
The data is also saved in the login files of our system. A storage of the data together with other personal data of the user does not take place. A person cannot be identified from this data, as the IP address is only available in masked form. The data transmitted is also stored and processed for error analysis and statistical purposes in a log file.
The temporary storage of the IP address by the system is necessary to make the website accessible to the user's computer. For this purpose, the user's IP address must be saved for the duration of the session. The saving in the log files is to ensure the functionality of the website. Furthermore, we use the data to optimise the website and to ensure the security of our IT systems. Data analysis for marketing purposes does not take place in this connection.
To a limited extent, we may collect Your personal data automatically via cookies on our websites. “Cookies” are small IT data files that are saved and stored on Your computer, tablet or smartphone for use on websites. "Cookies" usually contain the name of the website they come from, the time they are stored on Your device and a unique number. Entity placing cookies on Service User's terminal device and accessing them is Service's operator Industrial Development Agency JSC with headquarters at ul. Nowy Świat 6/12, 00-400 Warszawa. “Cookies” are used in order to:
Within the Service there are two basic types of cookies used: "session" (session cookies) and "permanent" (persistent cookies). Session" cookies are temporary files that are stored in the final device of the User until logging out, leaving the website or switching off software (web browser). "Permanent" cookies are stored in the User's terminal equipment for the time specified in the parameters of cookies or until they are deleted by the User.
The following types of cookies are also used within the Website:
1) "necessary" cookies enabling use of services available within the Website, e.g. authentication cookies used for services requiring authentication within the Website,
2) cookies used to ensure safety, e.g. used for detecting abuses in the scope of authentication in the Service,
3) "efficiency" cookies enabling collection of information on the manner of use of the Website's websites,
4) "functional" cookies enabling "remembering" the settings selected by a User and personalising the User's interface, e.g. in the scope of a chosen language or region from which a User comes from, font size, appearance of the website etc.
2. Processing of personal data of persons contacting IDA JSC in order to obtain information on the offer or to share comments regarding services, as well as those contacting in order to conclude an agreement
From natural persons who contact us in order to obtain information about an offer or to share comments concerning our services, as well as those contacting in order to conclude a contract, we collect, among other things, the following personal data: name and surname, position, e-mail address and telephone number.
We request that You do not provide, via e-mail, information containing special categories of personal data listed in Article 9(1) of the GDPR (information about race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information concerning physical or mental health, genetic data, biometric data, information about sex life or sexual orientation and criminal history). If You provide such information for any reason, it will constitute Your express consent to our collection and use of such information as set out herein or as set out where the information is disclosed.
3. Additional information with regard to e-mail correspondence
If You wish to write us an e-mail, please note that unencrypted e-mails that are sent over the Internet are not sufficiently protected against unauthorised access by third parties.
4. Processing of personal data of customers and potential customers
IDA JSC processes personal data of its customers and potential customers. This data may also include data of contact persons on the side of customers and potential customers (their employees or representatives). Personal data of this type are processed in the IT systems used by IDA JSC, including the Electronic Document Management System (EDMS). Personal data processed for these purposes include, inter alia: name and surname, name of the employer, position of the contact person, telephone number, e-mail address or other business contact details.
5. Processing of personal data of end users of on-line tools
Where we make certain products or services available to customers on-line (web-based), we process personal data about the end users of such products and services. Please note that the information on cookies and access logs provided by us earlier also applies to the processing of data of natural persons using the products or services offered on-line.
a) the legitimate interest of IDA JSC as a data controller (e.g. in terms of creating a database, analytical activities, including activities concerning the analysis of the use of products, direct marketing of own products, securing documentation for the purpose of defence against possible claims or for the purpose of asserting claims);
b) consent (including, in particular, consent for e-mail marketing or telemarketing);
c) performance of a concluded contract;
d) obligations arising from law (e.g. tax law or accounting regulations).
5. The processing of personal data of individuals who are potential customers is based on:
a) the legitimate interests of IDA JSC as a data controller (in particular in terms of database creation, direct marketing of own products);
b) consent (including, in particular, consent to e-mail marketing or telemarketing).
6. If the end users are also customers of IDA JSC the legal basis for the processing of their data is the same as for the customers of IDA JSC described above. If, on the other hand, they are not customers, the legal basis for the processing of their personal data is, depending on the situation and the type of personal data, the consent of the individual (including, in particular, consent to e-mail marketing or telemarketing) or the legitimate interest of IDA JSC as a data controller (e.g. with regard to the delivery of the service ordered by the customer, with regard to analytical and profiling activities, including activities concerning the analysis of the use of products, direct marketing of own products, securing documentation for the purpose of defence against possible claims or for the purpose of asserting claims).
The period for which we may process Your personal data depends on the legal basis constituting the legal premise for the processing of personal data by IDA JSC. Accordingly, we inform You that in case IDA JSC processes personal data on the basis of:
VII. Recipients of data
1) the above-mentioned entities processing personal data under entrustment agreements of personal data processing (“processors”);
2) entities providing hosting services;
3) subcontractors of IDA JSC providing services in the scope of software delivery, services of servicing the software or hardware we use, as well as service providers we use;
4) entities providing services in the scope of surveys;
5) debt collection agencies;
6) auditors and statutory auditors, legal advisers, tax advisers;
7) law enforcement, regulatory and other public administration bodies.
4. Your data will not be transferred to personal data processors located outside the European Economic Area (EEA).
1) the right to withdraw consent to processing at any time where we process Your personal data on the basis of consent;
2) the right to access Your personal data and to obtain a copy of it;
3) the right to request rectification of Your personal data;
4) the right to request erasure of Your personal data;
5) the right to request restriction of processing of Your personal data;
6) the right to object to the processing of Your data due to Your particular situation - in cases where we process Your data on the basis of our legitimate interest;
7) the right to portability of Your personal data, i.e. the right to receive Your personal data from us, in a structured, commonly used, machine-readable computer format. You may send this data to another controller or request that we send it to another controller on Your behalf. However, we will only do this if such a transmission is technically possible. The right to data portability only applies to those data that we process under contract or on the basis of Your consent;
8) The right to lodge a complaint with the supervisory authority dealing with personal data protection, i.e. the Presidentof the Personal Data Protection Office.
This document was last updated on 13th April, 2021.