This document contains information about compliance with information disclosure obligations and the protection of natural persons with regard to the processing of personal data under the General Data Protection Regulation (hereinafter refered to as GDPR).
Who is the controller of personal data?
The controller of the provided data is The Farm 51 Group SA located in Poland, Bohaterow Getta Warszawskiego Street 15, 44-102 Gliwice. The company is represented by Robert Siejka – CEO.
Telephone: +48 32 279 03 80
What is the legal basis for processing the data?
Legal Basis for processing the personal data is determined by:
( art. 6 par. 1 lit. a GDPR) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(art. 6 par. 1 lit. b GDPR) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(art. 6 par. 1 lit. f GDPR) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
What data is being collected?
Controller is processing only the personal data allowed to be processed e.g. name, surname, address, company name, an identification number, location data, e-mail address, an online identifier, phone number, work experience history. (art. 4 lit. 1 GDPR)
Will the data be shared with any third parties?
Your personal data may be transferred to subcontractors supporting the Company in the performance of its tasks, e.g. public administration bodies, accounting offices, law offices, IT companies etc.
All subcontractors cooperating with the Company have signed a personal data entrustment agreement and meet the requirements of the GDPR.
How will the information be used?
Your personal data will be subjected to the standard process implemented by the Company, during which the data has been collected or until the withdrawal of consent for their processing.
How long will the data be stored for?
We process your personal data:
- for the duration of the contract,
- during the project you take part in,
- as long as you won’t withdraw the consent for their processing
and after those process completion for the purposes of:
- future contact
- pursuing claims in connection with fulfilling the contract,
- archival purposes
- for accountability, i.e. to prove compliance with the provisions on the processing of personal data,
we will be processing the data for the period in which the Company is required to retain data to document the fulfillment of legal requirements and enable the verification of their fulfillment by public authorities.
What rights does the data subject have?
1) Right to information
This right provides the data subject with the ability to ask a company for information about what kind of personal data (his or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of personal data processors with whom his or her subject data is shared.
2) Right to access
This right provides the data subject with the ability to access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
3) Right to rectification
This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that said data is not up to date or accurate.
4) Right to withdraw consent
This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for any purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
5) Right to object
This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario might occur in which a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
6) Right to object to automated processing
This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not take into account their particular situation.
7) Right to be forgotten
Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their personal data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
8) Right for data portability
This right provides the data subject with the ability to ask for the transfer of his or her personal data. As a part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.
How can the data subject raise a complaint?
If you want to use your rights or raise a complaint you should either:
- Send a letter to the company address with the description of the complaint
- Send an e-mail to email@example.com with a following subject: DANE OSOBOWE / PERSONAL DATA
You can be sure that we shall answer in the same manner like you contacted us without unnecessary delay. It will last no longer that one month since receiving the request.
Supervisor authority in Poland is The Personal Data Protection Office.