Labin Polska Sp. z o.o.
FREQUENTLY ASKED QUESTIONS RELATING TO THE RODO
- What is RODO?
The General Data Protection Regulation (RODO) is a new EU-wide legal act replacing the previous ones implementing the existing Data Protection Directive. European countries also have their own additional legal acts about data protection, which should be considered independently of the RODO. In Poland, the Act of 29 August 1997 about the protection of personal data is in force.
(Journal of Laws of 2016 No. 922 and from 2018, item 138), however, according to the Constitution of the Republic of Poland and the Treaty of the European Union, the acts of the ROD0 are applied directly in EU countries and there are over national regulations.
2. When the RODO comes into force?
The RODO comes into force on May 25, 2018r.
3. Who is affected by the RODO ?
The Rodo will not only affect organizations located in the Union, but will also apply to non-EU organizations if they offer goods or services to EU data subjects, and possibly monitor the behavior of EU data subjects. RODO applies to all companies that process and have personal data of data subjects who lives in the European Union, regardless of the location of the company. This includes both data controllers and data processors (the difference between these two types of organization is explained below).
4. What is personal data?
All information about a natural person, like "data subject," who can be used directly or indirectly to identify a person. These may include your name, photo, e-mail address, bank details, entries on social media websites, medical information or computer IP address
5. What is the difference between the data processor and the data controller?
The administrator is the subject that sets the purposes, conditions and ways to process personal data, and the processor shall mean the entity that processes personal data on behalf of the administrator. Labin Polska is always an administrator in relation to the data of its employees and clients
6. What does Labin Polska do to fulfill its obligations to employed people?
We have prepared for Employees notification about the requirements of informing employees about how we use and share personal data and employees' rights in relation to their personal data. We also make every effort to ensure that all of our co-operators that process personal data of employees fulfill the obligations of personal data protection on the basis of contracts concluded with them.
7. What should we know to make sure we protect our customers' personal information?
If necessary, we will organize training about the RODO, facilitating the understanding of obligations regarding the protection of personal data of our employees and clients. For customers, we have prepared Personal Data Protection Notifications, which will be part of our terms and will be available on our websites. We also make every effort to ensure that all our employees and business partners who process customer personal data respect the obligation to protect the personal data of clients.
8. What is the scope of the rights of the data subjects?
The RODO provides for the following rights for natural persons:
(a) the right to obtain information;
(b) the right of access to data;
(c) the right to rectify the data;
(d) the right to delete data;
(e) the right to limit data processing;
(f) the right to data transfer;
(g) the right to object; and
(h) the rights associated with automated decision-making and profiling.
Notifications about the Protection of Personal Data contain detailed explanations regarding the above rights. You should be aware that these rights are not absolute rights and are subject to restrictions set out in the RODO and in other applicable data protection laws.
9. Do the data processors need "clear" or " unequivocal" consent of the data subject - what is the difference?
The new legal status limits the possibility of obtaining consent to the processing of personal data in an implicit or indirect way. Consent should be understandable and clear, and include the purpose of data processing. This means that consent must be unambiguous, fully conscious and voluntary, and the purposes of data processing necessary and necessary to achieve the intentions of consenting and receiving consent. Withdrawing consent must be as easy as expressing it. Clear consent is only required for the processing of sensitive, i.e. specific categories of personal data such as health, racial or ethnic data. In the case of our employees and clients, we also have another legal basis for the processing of personal data if the activity concerns the employment or supply of goods or the provision of services to clients. We may also have legal obligations to process personal data arising from applicable law.
- What is the situation of the peoples data subjects, under 16 years of age?
The consent of the person having parental authority will be required to process personal data of children under the age of 13 in the context of online services. However, the validity of an obligation taken by a minor requires the consent of its legal representative.
11 What safety rules does the GDPE introduce?
RODO requires the processing of personal data in a way that ensures their safety. Ensuring security includes protection against unauthorized or unlawful processing and accidental loss, destruction or damage. This requires the use of appropriate technical or organizational measures. Labin Polska protects personal data collected in relation to our employees and clients. We will implement stable IT security systems appropriate to the risks we face. We will review risks and adjust our activities accordingly based on their results.
- What are the sanctions for failure to comply with obligations?
For breach of the RODO’s laws, organizations are subject to financial penalties of up to 4% of the total annual global turnover or EUR 20 million (with a use of a higher amount) eg. due to the lack of a sufficiently legal basis for processing customers' personal data or employees or violation of the rights of data subjects. It should be noted that these rules apply to both administrators and entities processing personal data entrusted to them.
13. How RODO affects data breach?
A breach of data protection should be reported to the competent supervisory authority without delay, if possible not later than 72 hours, unless it is unlikely to compromise that these breach the privacy rights of data subjects or other rights or freedoms they enjoy. If the violation may cause a high risk of violation of the rights or freedoms of the data subjects, we must notify them without undue delay.
- Who can I turn to with further questions about the GDP?
An employee has been appointed in Labin Poland, whose scope of responsibilities includes ensuring compliance by the company with the provisions of the GDPR and other provisions on the protection of personal data. If you have further questions, please contact us at: firstname.lastname@example.org or Labin Polska Sp. z o. o. ; ul. Poleczki 23; 02-822 Warsaw.