Privacy Policy
We inform you that the administrator of personal data is REGALUX sp. z o.o. based in Topole, NIP: 5552107218, REGON: 221971400, KRS: 0000480939, correspondence address: Topole 40, 89-600 Chojnice. Below is information about the principles of personal data processing in our company. In order to ensure the realization of your rights, please familiarize yourself with this Privacy Policy.
I. What is personal data?
Personal data is defined as information about an identified or identifiable natural person to whom the data relates. An identifiable natural person is someone who can be identified directly or indirectly based on identifiers such as name and surname, identification number, location data, internet identifier, or one or more factors specific to the physical, genetic, mental, economic, cultural, or social identity of that natural person.
II. Who are we in the context of GDPR:
Are we the administrator?
An administrator is defined as: a natural or legal person, public authority, unit, or other entity that determines the purposes and means of processing personal data, either alone or in conjunction with others. Its basic duties include:
• Implementing appropriate technical and organizational measures to ensure that only personal data necessary for a specific processing purpose are processed.
• Ensuring the security of personal data processing through pseudonymization and encryption, continuous assurance of confidentiality, integrity, availability, and resilience of processing systems and services, capability to restore availability and access to personal data promptly in the event of a physical or technical incident, and regularly testing, measuring, and evaluating the effectiveness of technical and organizational measures to ensure processing security.
• Recording personal data processing activities.
• Cooperating with the supervisory authority.
• Reporting personal data breaches to the supervisory authority.
• Informing the affected person about the breach unless appropriate technical and organizational measures have been implemented to eliminate the likelihood of a high risk to rights and freedoms, or the individuals whose data has been breached have been informed through a public communication or by another effective means.
• Appointing a data protection officer in cases provided for by GDPR.
III. What data do we process?
In our company, we have the following departments: HR, accounting, paint shop, mechanical workshop, warehouse, project department, production department, sales department, and secretariat. Each department processes the following personal data:
• The HR department processes the following personal data:
• Employee recruitment – identification data, address data, education data, work history.
• Employed workers – data on duties, absences (leave, medical leave, rehabilitation, training, and others), salary rate, penalties and rewards, and other data required by the Labor Code.
• Reporting employees and their family members to ZUS (Social Insurance Institution), updating reports, and providing data on leave.
• The accounting department processes the following personal data:
• Personal data of employees and companies processed in the Optima program.
• The paint shop and mechanical workshop process the following personal data:
• Personal data of contractors, suppliers, and recipients of goods processed in the Optima program.
• The warehouse processes the following personal data:
• Personal data of contractors, suppliers, and recipients of goods processed in the Optima program.
• The project department processes the following personal data:
• Personal data of contractors, suppliers, and recipients of goods processed in the Optima program.
• The sales department processes the following personal data:
• Personal data of clients and service providers, personal data of clients processed in the Optima program, personal data of employees.
• The secretariat processes the following personal data:
• Personal data of clients, employees, and contractors.
IV. How do we process personal data?
The HR department of our company processes personal data in the following ways:
• Employee recruitment – identification data, address data, education data, work history.
• Employed workers – data on duties, absences (leave, medical leave, rehabilitation, training, and others), salary rate, penalties and rewards, and other data required by the Labor Code.
• Reporting employees and their family members to ZUS, updating reports, and providing data on leave.
The accounting department of our company processes personal data in the following ways:
• Entering invoices into the accounting program.
• Accounting.
• Making transfers.
• Settling delegations.
• Collecting and storing accounting evidence and other documentation.
The paint shop and mechanical workshop of our company process personal data in the following ways:
• Access to phone numbers, emails (personal ones voluntarily provided by employees).
• Contacting employees via phone, SMS, and email.
• Access to employee personal files.
• Creating attendance lists, accounting for working hours, completing leave requests, accepting medical leaves.
• Personal information received from client inquiries, processing them in preparation for offers, issuing delivery notes (data such as phone numbers, emails, address data, NIP, REGON).
The project department of our company processes personal data in the following ways:
• Access to employees’ phone numbers and emails.
• Contacting employees via phone, SMS, and email.
• Access to employee personal files.
• Creating attendance lists, accounting for working hours, completing leave requests, accepting medical leaves.
• Personal information received from client inquiries, processing them in preparation for offers, issuing delivery notes (data such as phone numbers, emails, address data, NIP, REGON).
The warehouse of our company processes personal data in the following ways:
• Access to employees’ phone numbers and emails.
• Contacting employees via phone, SMS, and email.
• Access to employee personal files.
• Creating attendance lists, accounting for working hours, completing leave requests, accepting medical leaves.
• Personal information received from client inquiries, processing them in preparation for offers, issuing delivery notes (data such as phone numbers, emails, address data, NIP, REGON).
The production and assembly department processes personal data in the following ways:
• Access to phone numbers and emails.
• Contacting employees via phone, SMS, and email.
• Access to employee personal files.
• Creating attendance lists, accounting for working hours, completing leave requests, accepting medical leaves.
• Personal information received from client inquiries, processing them in preparation for offers, issuing delivery notes (data such as phone numbers, emails, address data, NIP, REGON).
The sales department processes personal data in the following ways:
• Contacting contractors by phone and email.
• Issuing offers from clients.
• Receiving inquiries from clients.
• Forwarding inquiries from clients within the sales department or directly to other departments.
The secretariat processes personal data in the following ways:
• Conducting traditional and electronic correspondence in Polish and foreign languages and recording incoming and outgoing letters in the correspondence journal.
• Receiving clients and providing them with information, as well as conducting phone conversations in Polish and foreign languages.
• Maintaining a meeting schedule, notifying interested parties about meetings, and maintaining an address database.
• Organizing the flow of information and documents between the employer and the company’s departments.
• Based on the actual processing activities, we have created a Register of Processing Activities.
V. On what basis do we process personal data?
Most of the data is processed based on the consents obtained from the data subjects. In other cases, the possibility of processing data is based on a clear legal provision or the right to pursue or protect legitimate economic interests.
VI. What is our purpose in processing personal data?
Personal data is processed for the purpose of concluding and executing contracts, fulfilling the legally justified interests of the administrator, and fulfilling legal obligations incumbent upon the administrator.
VII. What documents do we use regarding personal data protection?
The main document concerning personal data protection is this document, which contains the basic principles of the Personal Data Protection Policy. In addition, we apply a number of other procedures compliant with legal requirements aimed at protecting the personal data provided to us and minimizing the risk of unauthorized access to users’ data and the risk of their disclosure. The personal data protection policy is established by the data administrator in consultation with the management of the individual departments of the enterprise. To ensure our actions are transparent, we have published this policy describing the principles of personal data processing on our main website. Each of our clients can familiarize themselves with it and submit their comments to us through the Data Protection Officer. This is a very important person, and we will discuss them below. Additionally, to maintain the consistency of procedures, we apply internal regulations and a number of clauses in contracts with contractors.
VIII. What rights do individuals whose data we process have?
All individuals whose data we process have certain rights. These can be realized particularly through the administrator or the data protection officer. These rights include:
• The right to access the content of their personal data, that is, the right to obtain confirmation of whether the administrator is processing data and information regarding such processing.
• The right to rectify data if the data processed by the administrator is incorrect or incomplete.
• The right to request the administrator to delete data.
• The right to request the administrator to restrict data processing.
• The right to data portability, meaning the right to receive personal data provided to the administrator and to send it to another administrator.
• The right to object to data processing based on the legitimate interests of the administrator or to data processing for direct marketing purposes.
• The right to withdraw consent at any time (without affecting the lawfulness of processing carried out based on consent before its withdrawal).
• The right to obtain intervention from the administrator, express their position, and contest decisions based on automated data processing.
Moreover, in the case of suspected data processing violations, individuals to whom this data relates have the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another EU member state, competent due to the place of habitual residence or work of the individual whose data is concerned or due to the place of the alleged violation of GDPR.
IX. The organizational structure of our company in the Personal Data Protection Policy
In our company, we know exactly who has the right to process personal data and maintain special care for its protection. For this purpose, we have created an organizational structure, which we cannot publish here.
X. Data Protection Officer
The Data Protection Officer is an employee of the Administrator or a person performing the tasks of the Officer based on separate agreements, possessing qualifications and expertise in the area of personal data processing. The Officer is responsible for informing the administrator, data processors, or their employees about the obligations related to personal data processing, providing advisory functions in this area, monitoring compliance with applicable data protection regulations, offering recommendations regarding the effects of personal data protection, and controlling its implementation. The Officer collaborates with the supervisory authority and is the contact person for the supervisory authority regarding data protection audits.
The Data Protection Officer appointed in our company can be contacted at the email address: iod@regalux.pl