top of page

INFORMATION CLAUSE

Administrator

The administrator of your personal data is STM Cyber Sp. z o.o., located in Warsaw, 02-092, Żwirki i Wigury 16a, registered in the National Court Register kept by the District Court for the Capital City of Warsaw under the KRS number 872288, with NIP 5272677191.

In matters related to the processing of your personal data, you can contact us via email at: [email protected] or by mail at the address Żwirki i Wigury 16a, 02-092 Warsaw.

Source of Data

You have provided your personal data to us in connection with establishing a contractual relationship. Additionally, the premises of our workplace are monitored, so we also process your image recorded by the surveillance system.

Purpose and Legal Basis for Processing and Retention Period of Personal Data

Your personal data will be processed for:

  • Entering and performing the contract and conducting necessary settlements related to its conclusion (Article 6(1)(b) GDPR) – for the time necessary to perform the contract. After its conclusion, the personal data will be processed for the time required to demonstrate the proper execution of obligations arising from it;

  • Performing statutory obligations:

    • Tax obligations arising from tax regulations, particularly the Tax Ordinance and the Personal Income Tax Act (Article 6(1)(c) GDPR) – for 5 years from the end of the tax year;

    • Accounting obligations under the Accounting Act, Tax Ordinance, and Corporate Income Tax Act (Article 6(1)(c) GDPR) – for 5 years from the end of the year in which the event occurred;

    • Occupational health and safety obligations under the Labor Code and other legal regulations (Article 6(1)(c) GDPR and Article 9(1)(b) GDPR) – for the period required by law, with respect to accident documentation (including the accident report), this period is 10 years;

    • Obligations toward ZUS (Social Insurance Institution) – for pension and health insurance payment obligations under the Social Insurance System Act and the Public Healthcare Benefits Act (Article 6(1)(c) and Article 9(2)(b) GDPR) – for 10 years regarding the retention of documents that determine the basis for pension or disability benefits.

  • Pursuing our legitimate interests (Article 6(1)(f) GDPR) including:

    • Protection of property and safety of people, specifically regarding images recorded by surveillance;

    • Enforcement of our rights or protection against claims, in accordance with the Civil Code;

    • Protection and prevention of fraud;

    • Creating statistics and ensuring accountability, for the time necessary to fulfill our legitimate interest, but no longer than until you effectively object to the processing. Surveillance data is stored for a period not exceeding 3 months.

  • Based on your consent (Article 6(1)(a) GDPR) – until it is withdrawn. Consent is voluntary and can be withdrawn at any time.

Providing personal data is mandatory as required by applicable law. Providing other data is voluntary, but necessary for the purpose of concluding and executing the contract. If you refuse to provide data, the execution of certain goals listed above will not be possible.

Rights Related to the Processing of Personal Data

You have the following rights:

  • The right to access data and receive a copy of personal data being processed (Article 15 GDPR);

  • The right to rectify data if it is inaccurate or incomplete (Article 16 GDPR);

  • The right to erase data when they are not processed lawfully, or are no longer necessary for the purposes for which they were collected, or if you object to their processing (Article 17 GDPR);

  • The right not to be subject to automated decision-making, including profiling (Article 22 GDPR);

  • The right to restrict processing (Article 18 GDPR);

  • The right to data portability (Article 20 GDPR) when processing is based on a contract or consent and is automated;

  • The right to file a complaint with the President of the Personal Data Protection Office;

  • The right to withdraw consent at any time, without affecting the lawfulness of prior processing;

  • The right to object to the processing of personal data when it is based on a legitimate interest or for statistical purposes, if the objection is justified by a specific situation of the data subject.

Recipients of Data

In connection with the processing of your personal data, it may be shared with or entrusted to the following entities:

  • Outsourcing, accounting, IT service providers, and entities maintaining IT infrastructure for the Administrator and the insurer;

  • Entities related to the Administrator in the country and abroad;

  • The Administrator's Partners.

LIST OF OUR PARTNERS:

  • Hackingdept Sp. z o.o.

  • STM Cyber Academy Sp. z o.o.

Additionally, your personal data may be shared with public authorities or entities authorized by law to access data, such as courts, law enforcement agencies, or public institutions, when requested based on a legal basis.

 

Transfer of Personal Data to Third Countries and International Organizations

The Administrator does not plan to transfer your personal data to recipients outside the European Economic Area or to international organizations.

Information on Automated Processing

Your personal data is not subject to decisions based solely on automated processing, including profiling, that could have legal effects or similarly significant impacts on you.

bottom of page