DATA ADMINISTRATOR The Administrator of your personal data is KBJ S.A. with its registered office in Warsaw (01-161), at Obozowa 57, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register under the number 0000387799, NIP: 7262571799.
All inquiries regarding the processing of personal data should be sent to the following e-mail address: email@example.com or by traditional mail to the address of the Administrator's seat. The Administrator declares that he is the owner of the website www.kbj.com.pl, whose resources are made available to users (i.e. any natural person visiting a given website) interested in using the Administrator's services.
The processing of collected personal data takes place in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. data and repealing Directive 95/46 / EC (hereinafter: GDPR).
COLLECTION AND PROCESSING OF PERSONAL DATA In connection with the conducted activity, the Administrator collects and processes personal data in accordance with the relevant provisions, including in particular the GDPR.
The Administrator ensures transparency of data processing, in particular, always informs about data processing at the time of collection, including the purposes and legal basis of processing.
The Administrator ensures that personal data is collected to a minimum extent, adequately to the indicated purpose and processed only for the period in which it is necessary.
Using the Administrator's website In connection with the use of the website www.kbj.com.pl by users, the Administrator collects personal data to the extent necessary to provide individual services offered, as well as information about users' activity on the website.
The Administrator processes personal data of website users: a. The administrator processes the personal data of website users: provided via the provided contact forms, including: recruitment forms and dedicated forms (e.g. for marketing events organized by the Administrator); b. collected via cookies or other similar technologies (including IP address or other identifiers).
E-mail and traditional correspondence If a query is sent to the Administrator via e-mail or traditional mail, the personal data contained in the above-mentioned correspondence, if it does not concern services provided to the sender, are processed solely for the purpose of handling the communication and resolving the matter to which the correspondence relates.
Recruitment As part of recruitment processes, the Administrator processes personal data of job candidates (e.g. in a CV or cover letter, contact form) only to the extent specified in the provisions of labor law. In connection with the above, applicants should not provide information to a greater extent than required by the administrator contained in the job advertisement and provided for by law. If the candidate also provides other data not required by the Administrator, it is considered that he has consented to their processing.
To the extent that personal data are processed based on the consent given, it can be withdrawn at any time, but without affecting the lawfulness of the processing carried out before its withdrawal. In a situation where the submitted applications contain information inadequate to the purpose of recruitment, they will not be used or taken into account in the recruitment process. The full content of the information obligation towards candidates can be found here.
Investor Relations The administrator, as a public entity listed on the WSE, processes the personal data of the company's shareholders who are party to the contract, as well as in connection with the performance of public and legal obligations resulting from concluded contracts, the company's status and the regulations governing the operation of companies on the public market. The full content of the shareholders' disclosure obligation is available here
PERSONAL DATA TRANSFER The Administrator does not transfer personal data outside the European Economic Area (EEA) without prior notification and obtaining the consent of the data subject, and only when it is necessary for the performance of the contract to which the Administrator and the data subject are parties. The transfer takes place with an adequate level of protection, in particular in accordance with the provisions of Art. 45, 46, 47 GDPR.
Personal data may be transferred to third countries to the extent necessary for the use by KBJ S.A. from cloud services provided by global providers of such services, the transfer will take place in accordance with the relevant legal provisions regulating the principles of personal data protection, in particular on the basis of standard contractual clauses, in accordance with the templates approved by the European Commission.
PERSONAL DATA STORAGE PERIOD The period of personal data processing depends on the legal obligations incumbent on the Administrator, as well as the purposes for which they were collected. As a rule, personal data is processed for the period of service provision or the time needed to perform the order / contract, until the consent is withdrawn or an effective objection is raised. Withdrawal of consent for processing does not affect the lawfulness of the processing that was carried out before its withdrawal. a) In the case of consent to the processing of data for the purposes of future recruitment processes, personal data is deleted after twelve months - unless the consent has been withdrawn previously or consent for further storage has not been obtained. b) In the case of consent to the processing of data for marketing purposes, personal data is processed until the consent is withdrawn or an effective objection is raised. c) In the case of data processing on the basis of the Controller's legitimate interest (e.g. for security reasons), the data is processed for a period enabling the implementation of this interest or until an effective objection to data processing is raised. If the processing is based on consent, the data is processed until it is withdrawn. The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against them, and after this period - only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
DATA RECIPIENTS Personal data may be made available to external entities that process data on behalf of the administrator on the basis of contracts, for the purposes and to the extent necessary to implement the above-mentioned contracts, in particular: suppliers responsible for the operation of IT systems, other entities providing IT, consulting, legal, accounting services or transport companies.
Personal data processed by the administrator may also be disclosed to entities related to the Administrator, i.e. KBJ Services Sp. z o.o., Albit Software Sp z o.o., BTech Sp. z o.o., JRH Consulting, Roemer & Szczepkowski Group Sp. z o.o., Softy Labs Sp. z o.o.
AUTOMATED PROCESSING OF PERSONAL DATA The collected personal data will not be used for the purpose of automated decision-making (including profiling), i.e. no decisions will be made as a result of processing, causing legal effects for persons who are the subject of personal data.
RIGHTS OF PERSONS WHO THE DATA CONCERNS Persons whose personal data is processed by the Administrator have the following rights: a)the right of access - each person whose data is processed has the right to obtain information on the processing, in particular: about the purposes and legal grounds, the scope of the data held, entities to which they are disclosed, and the planned date of data deletion; b)the right to obtain a copy of the data; c)the right to rectify - the Administrator is obliged to remove any possible inconsistencies or errors in the processed personal data and update and supplement them if they are incomplete; d)the right to delete data - if, in certain situations, the data cannot be permanently deleted due to the administrator's obligations, e.g. resulting from legal provisions, the Administrator will inform the person who is the subject of personal data about this fact, providing all necessary information regarding the processing; e)the right to limit processing - in the event of such a request, the Administrator ceases to perform operations on personal data, with the exception of operations for which the data subject has consented - and their storage, in accordance with the adopted retention rules or until the reasons for limiting data processing (e.g. a decision of the supervisory authority is issued authorizing further processing of the data); f)the right to data portability; g)the right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection; h)the right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data, which takes place on the basis of the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property); objection in this respect should contain a justification; i)the right to withdraw consent - if the data is processed on the basis of expressed consent, the data subject has the right to withdraw it at any time; the withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal; j) the right to lodge a complaint - if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.