{"id":8120,"date":"2021-04-08T18:43:16","date_gmt":"2021-04-08T16:43:16","guid":{"rendered":"https:\/\/bizonfasteners.com\/?page_id=8120"},"modified":"2025-04-16T17:58:36","modified_gmt":"2025-04-16T15:58:36","slug":"polityka-prywatnosci","status":"publish","type":"page","link":"https:\/\/bizonfasteners.com\/en\/privacy-policy\/","title":{"rendered":"Polityka Prywatno\u015bci"},"content":{"rendered":"<div class=\"vc_row wpb_row vc_row-fluid\"><div class=\"wpb_column vc_column_container vc_col-sm-12\"><div class=\"vc_column-inner\"><div class=\"wpb_wrapper\">\n\t<div class=\"wpb_text_column wpb_content_element\" >\n\t\t<div class=\"wpb_wrapper\">\n\t\t\t<p class=\"wp-block-heading\"><strong>INFORMACJE DOTYCZ\u0104CE PRZETWARZANIA DANYCH OSOBOWYCH<\/strong><\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph -->Pursuant to Article 13 of Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC, we inform you that:<\/p>\n<p><strong>Administratorem Pani\/Pana danych osobowych jest BIZON INT Sp. z o.o. z siedzib\u0105: Tomice, ul. Europejska 4, 05-532 Baniocha k. Warszawy.<\/strong><\/p>\n<p>Na podstawie przeprowadzonych analiz Administrator danych nie ma obowi\u0105zku wyznaczenia inspektora. Administrator przetwarza dane osobowe zwyk\u0142e w nast\u0119puj\u0105cych kategoriach i celu, na podstawie:<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>Je\u015bli jest Pan\/Pani PRACOWNIKIEM BIZON INT Sp. z o.o. to dane osobowe zwyk\u0142e s\u0105 gromadzone w celu<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>obs\u0142ugi procesu zatrudnienia pracownik\u00f3w BIZON INT Sp. z o.o., spraw pracowniczych oraz archiwizacji dokument\u00f3w dotycz\u0105cych zatrudnienia.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Je\u015bli jest Pan\/Pani PRACOWNIKIEM KONTRAHENTA BIZON INT Sp. z o.o. dane osobowe zwyk\u0142e; dane te s\u0105 gromadzone w celu realizacji procesu ofertowania, zawierania um\u00f3w i zam\u00f3wie\u0144 oraz realizacji kontrakt\u00f3w serwisowych tzw. us\u0142ug.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Je\u015bli jest Pan\/Pani KONSUMENTEM dane osobowe zwyk\u0142e dotycz\u0105ce danych konsument\u00f3w , os\u00f3b fizycznych; dane te s\u0105 zbierane w celu realizacji zam\u00f3wie\u0144 dla os\u00f3b fizycznych.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:list {\"ordered\":true} --><\/p>\n<ol class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ol class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li>Dane osobowe b\u0119d\u0105 przechowywane przez okres zale\u017cny od obowi\u0105zuj\u0105cych przepis\u00f3w dotycz\u0105cych rodzaju realizowanej us\u0142ugi.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Pani\/Pana dane osobowe nie b\u0119d\u0105 przekazywane do pa\u0144stwa trzeciego\/organizacji mi\u0119dzynarodowej.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Pani\/Pana dane osobowe nie s\u0105 i nie b\u0119d\u0105 udost\u0119pniane innym odbiorcom poza przypadkami, gdy taki obowi\u0105zek wynika z powszechnie obowi\u0105zuj\u0105cych przepis\u00f3w prawa lub zosta\u0142a na to wyra\u017cona Pani\/Pana zgoda.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Posiada Pani\/Pan prawo dost\u0119pu do tre\u015bci swoich danych oraz prawo ich sprostowania, usuni\u0119cia, ograniczenia przetwarzania. Prawo do przenoszenia danych, prawo wniesienia sprzeciwu, prawo do cofni\u0119cia zgody w dowolnym momencie bez wp\u0142ywu na zgodno\u015b\u0107 z prawem przetwarzania (je\u017celi przetwarzanie odbywa si\u0119 na podstawie zgody), kt\u00f3rego dokonano na podstawie zgody przed jej cofni\u0119ciem, listownie na adres: BIZON INT Sp. z o.o. z siedzib\u0105: Tomice, ul. Europejska 4, 05-532 Baniocha k. Warszawy, lub e-mailowo na adres:\u00a0<a href=\"mailto:daneosobowebizon@bizea.com.pl\" target=\"_blank\" rel=\"noreferrer noopener\">daneosobowebizon@bizea.com.pl<\/a><\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Ma Pan\/Pani prawo wniesienia skargi do Prezesa Urz\u0119du Ochrony Danych Osobowych, gdy uzna Pani\/Pan, i\u017c przetwarzanie danych osobowych Pani\/Pana dotycz\u0105cych narusza przepisy og\u00f3lnego rozporz\u0105dzenia o ochronie danych osobowych z dnia 27 kwietnia 2016 r.(RODO)<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Pani\/Pana dane nie b\u0119d\u0105 przetwarzane w spos\u00f3b zautomatyzowany.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Pani\/Pana dane nie b\u0119d\u0105 podlega\u0142y profilowaniu.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Bli\u017csze informacje wraz z Polityk\u0105 Bezpiecze\u0144stwa Przetwarzania Danych Osobowych znajduj\u0105 si\u0119 na naszej stronie Internetowej oraz w siedzibie Firmy.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph -->&nbsp;<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>SECURITY POLICY FOR<br \/>\nPERSONAL DATA PROCESSING<br \/>\nin<br \/>\nBIZON INT Sp. z o.o. z siedzib\u0105: Tomice, ul. Europejska 4, 05-532 Baniocha k. Warszawy<\/strong><\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph -->&nbsp;<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Introduction<\/strong><\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><\/p>\n<p style=\"text-align: left;\">By implementing the constitutional right of every person to the protection of private life and the provisions of Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation) in order to apply technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data protected, and in particular to protect data against unauthorized access, taking by an unauthorized person, processing in violation of the aforementioned Regulation, and alteration, loss, damage or destruction, the following set of procedures is introduced.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 1<br \/>\nGeneral provisions<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 1<\/strong>. Whenever referred to in the document:<br \/>\n1) <strong>regulation<\/strong> - means Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation);<br \/>\n2) <strong>personal data<\/strong> - shall mean information relating to an identified or identifiable natural person (\"data subject\"); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;<br \/>\n3) <strong>data filing system<\/strong> - shall mean a structured set of personal data accessible in accordance with specified criteria, regardless of whether this set is centralized, decentralized or dispersed functionally or geographically;<br \/>\n4)<strong> data processing<\/strong> - shall mean an operation or a set of operations which are performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, ordering, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;<br \/>\n5) <strong>computer system<\/strong> - shall mean a set of cooperating devices, programs, information processing procedures and software tools applied for the purpose of data processing;<br \/>\n6)<strong> securing data in the computer system<\/strong> - shall mean the implementation and operation of appropriate technical and organizational measures to protect data against unauthorized processing;<br \/>\n7) <strong>erasure of data<\/strong> - shall mean the destruction of personal data or its modification in such a way that it is impossible to identify the data subject;<br \/>\n8)<strong> data controller<\/strong> - shall mean the natural or legal person, public authority, entity or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or Member State law, the data controller may also be designated by Union law or Member State law, or the specific criteria for its designation may be laid down;<br \/>\n9) <strong>consent of the data subject<\/strong> - means a freely given, specific, informed and unambiguous declaration of will by which the data subject, by means of a statement or a clear affirmative action, consents to the processing of personal data relating to him\/her;<br \/>\n10) <strong>recipients of the data<\/strong> - means any natural or legal person, public authority, body or other entity to whom the personal data are disclosed, whether a third party or not. However, public authorities, which may receive personal data in the context of a particular proceeding in accordance with Union law or Member State law, shall not be regarded as recipients; the processing of those data by those public authorities must comply with the data protection rules applicable to the purposes of the processing<br \/>\n11) <strong>third country<\/strong> - shall mean a country not belonging to the European Economic Area;<br \/>\n12) <strong>technical and organizational means<\/strong> - shall mean technical and organizational means necessary to ensure confidentiality, integrity and accountability of the processed personal data;<br \/>\n13) <strong>limitation of processing<\/strong> - shall mean the marking of stored personal data in order to limit their future processing;<br \/>\n14)<strong> profiling <\/strong>- means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular, to analyze or forecast aspects relating to that individual's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement;<br \/>\n15)<strong> pseudonymization<\/strong> - means the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is covered by technical and organizational measures which make it impossible to attribute it to an identified or identifiable natural person;<br \/>\n16) <strong>processor<\/strong> - shall mean a natural or legal person, public authority, entity or any other body, which processes personal data on behalf of the data controller;<br \/>\n17) <strong>personal data protection breach<\/strong> - means a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to personal data transmitted, stored or otherwise processed.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 2<br \/>\nData Controller<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 2<\/strong>. The Data Controller in particular:<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:list {\"ordered\":true} --><\/p>\n<ol class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ol class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">Uwzgl\u0119dniaj\u0105c charakter, zakres, kontekst i cele przetwarzania oraz ryzyko naruszenia praw lub wolno\u015bci os\u00f3b fizycznych o r\u00f3\u017cnym prawdopodobie\u0144stwie i wadze zagro\u017cenia, wdra\u017ca odpowiednie \u015brodki techniczne i organizacyjne, aby przetwarzanie odbywa\u0142o si\u0119 zgodnie z rozporz\u0105dzeniem i aby m\u00f3c to wykaza\u0107. \u015arodki te s\u0105 w razie potrzeby poddawane przegl\u0105dom i uaktualniane.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Prowadzi rejestr czynno\u015bci przetwarzania. W rejestrze zamieszcza si\u0119 nast\u0119puj\u0105ce informacje:<!-- wp:list -->\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">the name and contact details of the Data Controller and any joint controllers, as well as, where applicable, the Data Controller's representative and the DPO;<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">processing purposes,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">description of the categories of data subjects and categories of personal data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">kategorie odbiorc\u00f3w, kt\u00f3rym dane osobowe zosta\u0142y lub zostan\u0105 ujawnione, w tym odbiorc\u00f3w w pa\u0144stwach trzecich lub w organizacjach mi\u0119dzynarodowych,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">where applicable, the transfer of personal data to a third country or international organization, including the name of that third country or international organization and, in the case of transfers referred to in the Regulation, Article 49(1), second subparagraph, the documentation of appropriate safeguards,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">if possible, the planned deletion dates for each category of data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">if possible, a general description of the technical and organizational security measures referred to in Article 32(1) of the Regulation,<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 3<br \/>\nTechnical and organizational measures<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 3<\/strong>. In order to protect the data, the controller shall comply with the requirements referred to in the Regulation:<\/p>\n<p>a) conducts a data protection impact assessment,<br \/>\nb) performs risk analysis on the resources involved in each process,<br \/>\nc) only persons authorized by the data controller have been allowed to process the data (Annex 1),<br \/>\nd) Data Processing Entrustment Agreements have been entered into in accordance with Annex 2,<br \/>\ne) this security policy has been developed and implemented.<\/p>\n<p><strong>\u00a7 4<\/strong>. The following applies to the protection of personal data <strong>measures of physical protection of personal data<\/strong>:<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\" style=\"text-align: left;\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\" style=\"text-align: left;\"><!-- wp:list-item --><\/p>\n<li>personal data sets are stored in a room secured with a regular door (not reinforced, not fireproof),<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>personal data sets are stored in a room secured with a door, personal data sets are stored in a room located on the first and second floor.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>the building in which the data controller is located is equipped with a burglar alarm system<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>access to the rooms where personal data sets are processed is covered by an access control system - keys are issued at the reception only to authorized persons.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>access to the building where the controller is located is controlled by a monitoring system using CCTV cameras<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>the building in which the data controller is located is supervised by a security service around the clock,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>paper personal data sets are stored in a locked metal cabinet and in locked non-metal cabinets,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>backup\/archival copies of personal data sets are stored in a locked non-metal cabinet<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>premises, where personal data sets are processed, are protected against the effects of fire by means of a fire protection system and\/or a free-standing fire extinguisher,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>documents containing personal information are mechanically destroyed using document shredders when no longer useful.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph --><\/p>\n<p style=\"text-align: left;\"><strong>\u00a7 5<\/strong>. W celu ochrony danych osobowych stosuje si\u0119 nast\u0119puj\u0105ce \u015brodki sprz\u0119towe infrastruktury informatycznej i telekomunikacyjnej:<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\" style=\"text-align: left;\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\" style=\"text-align: left;\"><!-- wp:list-item --><\/p>\n<li>computers used to process personal data are connected to a local computer network,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>UPS, power generator and\/or dedicated power grid devices are used to protect the information system used to process personal data from power failures,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>access to a personal data set that is processed on a separate computer station\/portable computer is protected against unauthorized activation with a password<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>access to the operating system of the computer on which personal data is processed is secured through an authentication process using a user ID and password,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>measures are in place to prevent unauthorized copies of personal data processed using IT systems,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>a system for registering access to the system\/set of personal data has been applied,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>cryptographic data protection measures were applied to personal data transmitted via teletransmission,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>a disk array has been used to protect personal data from the effects of disk storage failure,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>measures are in place to protect against malware, such as worms, viruses, Trojan horses, rootkits,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>Firewall system has been used to protect access to the computer network,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>IDS\/IPS was used to protect access to the computer network,<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph --><\/p>\n<p style=\"text-align: left;\"><strong>\u00a7 6<\/strong>. W celu ochrony danych osobowych stosuje si\u0119 nast\u0119puj\u0105ce \u015brodki ochrony w ramach narz\u0119dzi programowych i baz danych:<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\" style=\"text-align: left;\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\" style=\"text-align: left;\"><!-- wp:list-item --><\/p>\n<li>measures have been applied to determine access rights to the indicated range of data within the personal data set being processed,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>access to data sets in the part processed in IT systems requires authentication with a user ID and password,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>systemic measures have been applied to define appropriate access rights to IT resources, including personal data sets for individual users of the IT system,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>a mechanism was used to force a periodic change of passwords to access a set of personal data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>screen savers were installed on workstations where personal data is processed,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>a mechanism of automatic blocking of access to the IT system has been used for processing personal data in case of prolonged user inactivity (screen savers),<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li><strong>\u00a7 7<\/strong>. W celu ochrony danych osobowych stosuje si\u0119 nast\u0119puj\u0105ce \u015brodki organizacyjne:<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">persons employed to process the data have been made aware of the data protection regulations,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">persons employed to process personal data were trained in the field of IT system security,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">persons employed to process personal data are obliged to keep it confidential,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">computer monitors on which personal data are processed are positioned in a way that prevents outsiders from seeing the processed data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">backups of the personal data set are stored in a different room than the one that houses the server where the personal data is processed on an ongoing basis,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>the data controller has defined basic security rules that apply to all employees of the Company, namely:<!-- wp:list -->\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\"><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">necessary knowledge principle - limiting access to data to only that which is necessary to perform the duties of the position,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of resource accountability - the processors are responsible for the data they process and are required to follow established security procedures in this regard,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of a closed room - not leaving outsiders alone in a room (in the absence of an authorized person), locking rooms when leaving them and not leaving keys in locks,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">clean desk rule - not leaving paper documents and data carriers (CDs, DVDs, USB flash drives, etc.) unattended on the desk,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of privacy of accounts in systems - each employee is obliged to work in ICT systems on accounts assigned to him\/her, it is absolutely forbidden to share accounts with people who have not been assigned to them,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of confidentiality of passwords and access codes - keeping passwords and access codes confidential and not disclosed to unauthorized persons, in particular, this principle applies to personal passwords for access to IT systems and protected areas,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of using official email - each person authorized to process data uses only official email in the performance of official duties; it is prohibited to use private email in this regard,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">zasada czystego ekranu &#8211; blokowanie komputera przed ka\u017cdym opuszczeniem pomieszczenia, w przypadku d\u0142u\u017cszej nieobecno\u015bci w pomieszczeniu konieczne jest wylogowanie si\u0119 z systemu,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">clean desktop rule - only icons of standard software and business applications should be placed on the computer desktop, as well as, shortcuts to folders, provided that they do not contain any data in their names, in particular, personal data that may be disclosed in an uncontrolled manner (e.g. during a presentation),<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">clean printer\/copier rule - removing documents from printers as soon as they are printed; this rule particularly applies to documents left in printers in another room,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">clean bin rule - paper documents except for promotional materials should be destroyed in shredders or by an outside company,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">zasada legalno\u015bci oprogramowania &#8211; zakaz samodzielnego instalowania oprogramowania, w tym w szczeg\u00f3lno\u015bci przechowywania na komputerze tre\u015bci naruszaj\u0105cych prawa autorskie oraz innych nielegalnych danych,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of security incident reporting - each data processor is obliged to report information security incidents, i.e. unauthorized disclosure, destruction or modification of information, in accordance with the procedure specified in Section 8,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">zasada korzystania z zasob\u00f3w Sp\u00f3\u0142ki &#8211; dane, b\u0119d\u0105ce w posiadaniu administratora danych, mog\u0105 by\u0107 przetwarzane wy\u0142\u0105cznie w \u015brodkach przetwarzania dopuszczonych do wykorzystania w Sp\u00f3\u0142ce, w szczeg\u00f3lno\u015bci zabrania si\u0119 korzystania w tym celu z prywatnych \u015brodk\u00f3w przetwarzania danych,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of not using names that contain personal information when creating files, folders, etc.<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li style=\"text-align: left;\">principle of adequate protection of the Company's hardware resources used as business equipment - laptops, phones, smartphones, tablets and other devices used by the Company's data processors for business purposes should be adequately protected against unauthorized access, and at least should be protected with a password to activate the device.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph -->&nbsp;<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 4<br \/>\nDPIA procedure<br \/>\n(Data Protection Impact Assessment)<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 8.<\/strong> Ocen\u0119 skutk\u00f3w dla ochrony danych osobowych (DPIA) przeprowadza si\u0119 dla ka\u017cdego procesu.<br \/>\n<strong>\u00a7 9<\/strong>. The DPIA is conducted whenever there is a significant change in the processing of personal data, e.g., change of service provider, change of processing method, exchange of resources involved in the process.<br \/>\n<strong>\u00a7 10<\/strong>. The DPIA shall be carried out together with a risk analysis at least once a year for processes that, as a result of a previous DPIA, have shown a high risk to the rights and freedoms of data subjects.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:paragraph -->&nbsp;<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 5<br \/>\nRisk analysis procedure and risk handling plan<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 11<\/strong>. The data controller performs risk analysis for the resources involved in the processes.<br \/>\n<strong>\u00a7 12<\/strong>. A risk analysis is conducted at least once a year and provides a basis for updating the way risks are handled.<br \/>\n<strong>\u00a7 13<\/strong>. Based on the results of the risk analysis, the data controller shall implement ways to deal with the risks on its own.<br \/>\n<strong>\u00a7 14<\/strong>. Each time a data controller chooses how to handle risk and determines which risks and in what order they will be addressed first.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 6<br \/>\nProcedure of cooperation with external entities<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 15.1<\/strong>. Ka\u017cdorazowe skorzystanie z us\u0142ug podmiotu przetwarzaj\u0105cego jest poprzedzone zawarciem umowy powierzenia przetwarzania danych osobowych<br \/>\n2. The data controller shall keep a register of external entities entrusted with the processing of personal data<br \/>\n<strong>\u00a7 16.<\/strong> Ka\u017cdorazowo przed zawarciem umowy powierzenia przetwarzania danych osobowych administrator danych weryfikuje zgodno\u015b\u0107 z rozporz\u0105dzeniem wszystkich podmiot\u00f3w przetwarzaj\u0105cych, z kt\u00f3rych us\u0142ug ma zamiar skorzysta\u0107 z wykorzystaniem procedury wsp\u00f3\u0142pracy z podmiotami zewn\u0119trznymi .<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 7<br \/>\nProcedure for default data protection<br \/>\n(taking data protection into account at the design stage)<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 17<\/strong>. W ka\u017cdym przypadku tworzenia nowego produktu lub us\u0142ug administrator danych uwzgl\u0119dnia prawa os\u00f3b, kt\u00f3rych dane dotycz\u0105, na ka\u017cdym kluczowym etapie jego projektowania i wdra\u017cania. Wdra\u017ca odpowiednie \u015brodki techniczne i organizacyjne aby domy\u015blnie przetwarzane by\u0142y tylko te dane osobowe, kt\u00f3re s\u0105 niezb\u0119dne dla osi\u0105gni\u0119cia ka\u017cdego konkretnego celu przetwarzania ( ilo\u015b\u0107 zbieranych danych, zakres i okres przetwarzanych danych oraz ich dost\u0119pno\u015b\u0107).<br \/>\n<strong>\u00a7 18<\/strong>. When a data controller intends to start processing personal data in a new process, it shall carry out a DPIA in relation to that process.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 8<br \/>\nIncident management procedure<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 20<\/strong>. W ka\u017cdym przypadku naruszenia ochrony danych osobowych, administrator danych weryfikuje, czy naruszenie to skutkowa\u0142o ryzykiem naruszenia praw lub wolno\u015bci os\u00f3b fizycznych.<br \/>\n<strong>\u00a7 21<\/strong>. Administrator danych w przypadku stwierdzenia, \u017ce naruszenie skutkowa\u0142o ryzykiem naruszenia praw lub wolno\u015bci os\u00f3b fizycznych, zawiadamia niezw\u0142ocznie organ nadzorczy, jednak nie p\u00f3\u017aniej ni\u017c w ci\u0105gu 72 godz. od identyfikacji naruszenia z wykorzystaniem procedury zarz\u0105dzania incydentami bezpiecze\u0144stwa.<br \/>\n<strong>\u00a7 22.<\/strong> Administrator danych zawiadamia osoby, kt\u00f3rych dane dotycz\u0105, w przypadku wyst\u0105pienia wobec nich narusze\u0144 skutkuj\u0105cych ryzykiem naruszenia ich praw lub wolno\u015bci w oparciu o wz\u00f3r zawiadomienia osoby, kt\u00f3rej dane dotycz\u0105, o naruszeniu, chyba \u017ce zastosowa\u0142 \u015brodki eliminuj\u0105ce prawdopodobie\u0144stwo wysokiego ryzyka wyst\u0105pienia ww. naruszenia.<br \/>\n<strong>\u00a7 23<\/strong>. Administrator danych dokumentuje naruszenia oraz prowadzi rejestr narusze\u0144 , kt\u00f3re skutkuj\u0105 naruszeniem praw i wolno\u015bci os\u00f3b fizycznych.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 9<br \/>\nProcedure for exercising the rights of persons<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 24<\/strong>. Each case of notification by a data subject of his or her wish to exercise the rights provided for in the Regulation shall be examined by the data controller individually.<br \/>\n<strong>\u00a7 25.<\/strong> Administrator danych niezw\u0142ocznie realizuje nast\u0119puj\u0105ce prawa os\u00f3b, kt\u00f3rych dane dotycz\u0105:<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:list --><\/p>\n<ul class=\"wp-block-list\" style=\"text-align: left;\">\n<li style=\"list-style-type: none;\">\n<ul class=\"wp-block-list\" style=\"text-align: left;\"><!-- wp:list-item --><\/p>\n<li>right of access to the data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>right to rectification of data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>right to erasure of data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>the right to data portability,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>right to object to the processing of data,<\/li>\n<p><!-- \/wp:list-item --><!-- wp:list-item --><\/p>\n<li>right not to be subject to decisions based solely on profiling.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><!-- wp:paragraph --><\/p>\n<p style=\"text-align: left;\"><strong>\u00a7 26<\/strong>. Where the rights of rectification, erasure and restriction of processing are exercised, the data controller shall immediately inform the recipients to whom it has disclosed the data in question, unless this is impossible or will involve a disproportionate effort.<br \/>\n<strong>\u00a7 27<\/strong>. The data controller shall refuse to exercise the rights of data subjects if the possibility to do so arises from the provisions of the Regulation, but any refusal to exercise the rights of data subjects shall require a statement of reasons stating the legal basis under the Regulation.<\/p>\n<p><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 10<br \/>\nProcedure for collecting consents and informing persons<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 28<\/strong>. 1. Whenever data is collected directly from the data subject, the data controller shall fulfill the information obligation towards the data subject.<br \/>\n2. If data is collected from an employee, the model information obligation applies.<br \/>\n<strong>\u00a7 29<\/strong>. Whenever data are collected from sources other than the data subject, the data controller shall comply with the information obligation towards the data subject without delay, but no later than at the first contact with the data subject,<br \/>\n<strong>\u00a7 30.<\/strong> W ka\u017cdym przypadku odbierania zgody od osoby, kt\u00f3rej dane dotycz\u0105, korzysta si\u0119 z klauzul.<\/p>\n<p><!-- \/wp:heading --><!-- wp:paragraph --><!-- \/wp:paragraph --><!-- wp:heading {\"textAlign\":\"center\",\"level\":3} --><\/p>\n<p class=\"wp-block-heading has-text-align-center\"><strong>Section 11<br \/>\nFinal Provisions<\/strong><\/p>\n<p class=\"wp-block-heading has-text-align-center\" style=\"text-align: left;\"><strong>\u00a7 31<\/strong>. All principles described in this document shall be observed by persons authorized to process personal data with particular regard to the welfare of data subjects.<br \/>\n<strong>\u00a7 32<\/strong>. This document is effective as of the date it is approved by the data controller.<\/p>\n\n\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"INFORMACJE DOTYCZ\u0104CE PRZETWARZANIA DANYCH OSOBOWYCH Na podstawie art. 13 Rozporz\u0105dzenia Parlamentu Europejskiego i Rady (UE) 2016\/679 z dnia 27 kwietnia 2016 roku w sprawie ochrony os\u00f3b fizycznych w zwi\u0105zku z przetwarzaniem danych osobowych i w sprawie swobodnego przep\u0142ywu takich danych oraz uchylenia dyrektywy 95\/46\/WE, informujemy \u017ce: Administratorem Pani\/Pana danych osobowych jest BIZON INT Sp. z","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/pages\/8120"}],"collection":[{"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/comments?post=8120"}],"version-history":[{"count":5,"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/pages\/8120\/revisions"}],"predecessor-version":[{"id":8339,"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/pages\/8120\/revisions\/8339"}],"wp:attachment":[{"href":"https:\/\/bizonfasteners.com\/en\/wp-json\/wp\/v2\/media?parent=8120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}