Data protection policy FORMAT Sp. z o.o.
1. Who is FORMAT Sp. z o.o.
FORMAT Sp. z o.o. is a comprehensive provider of IT solutions. The company provides services in the field of design and delivery of advanced ICT solutions. In accordance with European regulations, Format is the Administrator of personal data.
Contact details below Format:
FORMAT Sp. z o.o.
ul. Czereśniowa 130, 02-456 Warszawa
tel.: +48 22 463 52 00
The Administrator can be contacted via the e-mail address: rodo@format.com.pl, by phone at: +48 22 463 52 00 or in writing to the address indicated above.
2. What is the purpose and legal basis for the processing of personal data by Format
Personal data will be processed in particular by:
1) pursuant to art. 6 sec. 1 lit. b) and lit. c) GDPR * in order to:
a) taking action before concluding the contract at the request of the data subject or performance of the contract to which the data subject is a party (data necessary to conclude the contract)
b) fulfillment of the legal obligation incumbent on the Administrator;
2) on the basis of the legitimate interest of Format Sp. z o.o. [i.e. based on Article. 6 sec. 1 lit. f) GDPR] in order to:
a) marketing of own products or services, including those personalized based on the customer profile
b) organizing and conducting competitions and other marketing campaigns
c) pursuing or securing claims
d) conducting technical quality analyzes of the services and equipment provided;
3) on the basis of a separate consent [i.e. based on Article. 6 sec. 1 lit. a) GDPR] in order to:
a) verify the customer’s payment credibility based on information from economic information bureaus or contained in the Administrator’s database
b) providing the customer with information about the proposed changes to the Agreement and the Price List, about changing the name (company), address or registered office, confirming the acceptance of the complaint and responding to it to the indicated e-mail address (e-mail)
c) analyzes of customer preferences or interests, analyzes of the development of services provided based on automated processing by the Administrator of data from devices that the customer uses when using audiovisual services (e.g. from a set-top box, mobile devices or other telecommunications end devices). Based on the created customer profile, the Administrator propose a personalized commercial offer.
For the above-mentioned purposes, the Administrator will process data on:
1) use of services provided by electronic means (eg Licenses).
d) direct marketing of Format Sp. z o.o.
e) direct marketing of products or services of entities cooperating with Format Sp. z o.o., but the customer’s personal data will not be shared with third parties, and the information will be provided by Format Sp. z o.o.
f) direct marketing based on the analysis of transmission data regarding, for example, telephone calls made and received or data transmission on the Internet, in connection with the use of telecommunications services provided to the customer by the Administrator.
Direct marketing referred to in points d) -f) above may be carried out by Format Sp. z o.o. by means of electronic communication (e.g. SMS, e-mail), telecommunications end devices (e.g. server, computer, tablet) and automatic calling systems (e.g. devices for automatic initiation of telephone calls).
3. What categories of data are processed by Format
The format processes the following categories of personal data: (name, surname, address, telephone number, e-mail address). The administrator will not process special categories of data referred to in art. 9 GDPR.
4. Who can be the recipient of personal data?
The recipients of personal data may be the following categories of recipients (entities processing personal data on behalf of Format Sp.z o.o.):
business partners (e.g. agents, call centers, sponsors), telecommunications companies, debt collection companies, entities providing advisory, consulting, auditing services, legal, tax and accounting assistance, banks, postal operators, carriers, companies printing correspondence or handling correspondence received from clients, business information offices, document archiving companies, companies dealing with customer opinion research, partners providing technical services (e.g. developing and maintaining IT systems and websites).
The above-mentioned recipients have been duly authorized by the Format and obliged to keep confidential all information related to personal data.
5. What is the period for which personal data will be stored
The period for which personal data will be stored:
1) personal data processed in order to conclude or perform the contract and fulfill the Administrator’s legal obligation will be kept for the duration of the contract, and after its expiry for the period necessary to:
a) after-sales customer service (e.g. handling claims for security or pursuing any claims due to Format Sp. z o.o.
b) fulfillment of the Administrator’s legal obligation (e.g. resulting from tax or accounting regulations);
2) personal data processed for the purposes of marketing of Format Sp. z o.o. based on a legitimate legal interest, will be processed until the data subject objects to it;
3) personal data processed on the basis of a separate consent will be kept until its revocation. In the event of consent to the processing of data by the Administrator for the purposes of marketing the Administrator’s digital services, the data will be processed only for the duration of the contract.
6. The method of data protection
Personal data processed by Format is stored on secured servers and computers at the company’s headquarters.
Access to servers and computers on which data is processed is limited. Only authorized persons are allowed access.
The format takes technical and organizational measures (in particular: securing access to the rooms where servers and computers are located, securing access to servers and computers, backup system, monitoring, review and maintenance, management of security incidents) to protect personal data against unlawful or unauthorized access or use by third parties, as well as against accidental destruction, loss or breach of integrity.
In the case of personal data processed in paper form, the data is stored in separate secure rooms, to which only authorized persons have access. The format takes technical and organizational measures (in particular: securing access to these rooms, monitoring, review and maintenance, management of security incidents) to protect personal data against illegal or unauthorized access or use by third parties, as well as against accidental destruction, loss or breach of integrity.
7. Rights of the data subject
1) the right to access your personal data, i.e. the right to obtain confirmation whether the Administrator processes data and information regarding such processing
2) the right to rectify data if the data processed by the Administrator is incorrect or incomplete
3) the right to request the Administrator to delete data
4) the right to request the Administrator to limit data processing
5) the right to transfer data, i.e. the right to receive personal data provided to the Administrator and to send them to another administrator;
6) the right to object to the processing of data on the basis of the Administrator’s legitimate interest or to processing for direct marketing
7) the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another European Union Member State competent for the place of habitual residence or work of the data subject or the place of the alleged violation of the GDPR
8) the right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal)
9) the right to obtain human intervention on the part of the Administrator, to express one’s own position and to challenge the decision based on automated data processing.
The rights listed in points 1) -6) and points 8) -9) above can be exercised by contacting the Administrator (address provided in point 1, with the annotation: “Personal data protection”).
* Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).