https://rednt.eu/privacy-policy.phphttps://rednt.eu/

Privacy Policy

  1. The Privacy Policy at REDNT sp. z o.o., with its registered office in Katowice, ul. Pod Młynem 1C, hereinafter referred to as the "Policy", defines the technical and organizational measures applied by the Controller to ensure the protection of personal data, as well as the procedure to be followed in the event of a personal data breach in an IT system or filing systems, or in the event of suspected such a breach.
  2. The purpose of this Privacy Policy is to implement the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter also referred to as GDPR).
  3. Supervision over compliance with the principles described in this Policy and with data protection regulations is exercised by the Management Board.
  4. Definitions and appendices:
    1. Controller - means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

      The controller of personal data is the Company.
    2. information security – maintaining the confidentiality, integrity and availability of information; additionally, other properties may be taken into account, such as authenticity, accountability, non-repudiation and reliability;
    3. personal data - means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    4. special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
    5. password – means a string of alphanumeric characters known only to the user;
    6. identifier – means a string of letters uniquely identifying a person authorized to process personal data in an IT system;
    7. personal data security incident – an event or series of undesirable or unexpected events creating a significant probability of disrupting business operations and threatening the protection of personal data.
    8. personal data breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise processed.
    9. data processing area – means the buildings and premises designated by the Controller, constituting the area in which personal data and other legally protected information are processed.
    10. recipient - means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
    11. data subject - means an identified or identifiable natural person;
    12. processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    13. policy means this Privacy Policy;
    14. risk management – the process of planning and implementing actions affecting risk; Risk – the uncertainty of achieving intended objectives;
    15. confidentiality – means the property ensuring that information is not made available or disclosed to unauthorized individuals, entities, or processes; risk assessment – the process of identifying, analyzing and evaluating risk;
    16. profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
    17. Record of Processing Activities means the record maintained pursuant to Article 30 of the GDPR.
    18. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
    19. service technician – means a company or an employee of a company dealing with the sale, installation, repair and maintenance of computer equipment;
    20. the Controller's IT system – means computer hardware, software, and data operated within a set of cooperating devices, programs, information processing procedures and software tools; this system includes at least one central computer and forms the Controller's ICT network;
    21. teletransmission – means the transmission of information via a telecommunications network;
    22. authentication – means an action intended to verify the declared identity of an entity;
    23. user – means a person authorized to process personal data, who has been assigned an identifier and granted a password;
    24. consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  5. In order to increase the effectiveness of personal data protection, various safeguards have been combined in a way that enables the creation of several layers of protection. Personal data protection is implemented through: physical safeguards, organizational procedures, system software, applications, and by users.
  6. The safeguards applied are intended to achieve the following objectives and ensure:
    1. accountability – meaning the property ensuring that actions of a user can be traced uniquely to that user;
    2. integrity – meaning the property of safeguarding the accuracy and completeness of personal data;
    3. confidentiality – meaning the property ensuring that information is accessible only to those authorized to have access;
    4. system integrity – understood as the inviolability of the system, preventing any manipulation, whether intentional or accidental.
  7. Users are responsible for complying with the principles of data protection and security.
  8. The implementation of the above objectives should be guaranteed by the following assumptions:
    1. Assigning users specific attributes allowing their identification (passwords, identifiers).
    2. Taking the necessary actions to eliminate weaknesses in the security system.
    3. Periodic verification of users' compliance with the implemented procedures for processing personal data.
  9. A personal data breach shall include in particular:
    1. unauthorized access or an attempt to gain access to personal data or to premises in which such data are located;
    2. a breach or attempted breach of data integrity understood as any modification, destruction or attempt thereof by unauthorized persons or authorized persons acting in bad faith, or as an error in the operation of an authorized person (e.g. alteration of data content, loss of all or part of the data);
    3. a breach or attempted breach of system integrity;
    4. alteration or loss of data stored in backup copies;
    5. a breach or attempted breach of confidentiality;
    6. unauthorized access (a signal indicating illegal login or another indication of an attempt or action related to illegal access to the system);
    7. disclosure of personal data to unauthorized persons;
    8. destruction, damage or any attempts of unauthorized interference with the IT system aimed at disrupting its operation or obtaining, in an unauthorized manner or for purposes inconsistent with its intended use, the data contained in the system;
    9. a condition of the IT system or premises different from that in which they were left by the user after completion of work.
  10. A personal data breach shall also include a break-in to the building or premises in which personal data are processed, or attempts at such actions.
  11. The following organizational measures have been implemented to ensure the security of data and information:
    1. Each person acting under the authority of the Controller and having access to personal data shall process them only to the extent necessary to perform the assigned tasks.
    2. Each employee and associate should exercise particular caution when transferring data.
    3. Data should be protected against access by unauthorized persons.
    4. Premises in which personal data are processed should be properly secured against access by unauthorized persons.
    5. In the case of premises to which unauthorized persons also have access, they may remain in such premises only in the presence of authorized persons and only for the time required to perform the necessary activities.
    6. Cabinets in which data are stored should be kept locked.
    7. Cabinets containing data should be opened only for the time necessary to access the data, and should then be locked again.
    8. Data in paper form may remain on desks only for the time necessary to perform official duties, and must then be stored in cabinets.
    9. Only authorized employees and associates have access to computers on which data are processed.
    10. Computer monitors on which data are processed are positioned in such a way that unauthorized persons cannot view the data.
    11. If it is necessary to remove a portable device (e.g. a notebook) containing personal data or other protected information from the premises, such computer must be additionally secured in an appropriate manner, and the data must be encrypted.
    12. Devices containing personal data should not be made available to unauthorized persons.
    13. The computer network should be protected against unauthorized external access.
    14. Incorrect or outdated printouts and paper versions containing personal data or other protected information shall be destroyed using a shredder or by another mechanical method preventing their reconstruction.
    15. Detailed conditions for securing IT systems are specified in the instruction for managing IT systems used to process personal data.
  12. In the event of detecting a breach of:
    1. the security of the IT system,
    2. the technical condition of equipment,
    3. the contents of the personal data set,
    4. disclosure of the working method or the mode of operation of the program,
    5. the quality of data transmission in the telecommunications network which may indicate a breach of the security of such data,
    6. other events that may affect a personal data breach (e.g. flooding, fire, etc.), every person employed in the processing of personal data is obliged to immediately notify the Controller thereof.
  13. Any person who, in the event of a breach of the security of the IT system or a justified suspicion of such a breach, fails to take the action specified in this document, and in particular fails to notify the appropriate person in accordance with the specified rules, shall be subject to disciplinary or order proceedings.

    Cases of unjustified failure to perform the obligations arising from this document may be treated as a serious breach of employee duties.
  14. Access to personal data:
    1. The processing, including disclosure, of personal data is lawful if it is necessary for compliance with a legal obligation to which the controller is subject.
    2. Where personal data are disclosed for purposes other than inclusion in a register, the Controller shall disclose the information held to persons or entities entitled to receive it under the law.
    3. Personal data may be used only in accordance with the purpose for which they were disclosed.
    4. An entity requesting disclosure of information should indicate the legal basis authorizing it to receive such data or a legitimate need to request their disclosure. Only in such a situation can an assessment be made as to whether, in a given case, the disclosure of data is lawful and whether it will not constitute a breach of information protection principles.
    5. The processing, including disclosure, of personal data for a purpose other than that for which they were collected is lawful if it does not violate the rights and freedoms of the data subject and takes place for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
    6. Data may be disclosed only with the consent of the Controller and should be duly documented.
  15. Rights of data subjects.
    1. Every data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information:
      1. obtain confirmation as to whether personal data concerning him or her are being processed and information about the identity and the contact details of the Controller;
      2. obtain information on the purposes of the processing, the categories of personal data concerned and the period for which the personal data will be stored;
      3. obtain information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;
      4. obtain information on the source from which the personal data originate;
      5. the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject;
      6. the right to request rectification, erasure or restriction of processing of personal data, if they are inaccurate, incomplete, outdated, or have been collected in breach of the law, or are no longer necessary for the purpose for which they were collected.
  16. Users are obliged to familiarize themselves with the content of the Policy.
  17. In matters not regulated by this Policy, the currently applicable data protection law shall apply.
  18. Users are obliged to comply with the provisions contained in this Policy when processing data. In the event of provisions different from those contained in this Policy appearing in other procedures applicable at the Controller, users are obliged to apply the more stringent provisions, the application of which will ensure a higher level of information protection.

© All rights reserved

REDNT S.A. company logo

This website uses cookies | Information on potential threats and recommended precautionary measures

REDNT S.A. registered with the District Court Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register, KRS: 0000756235, REGON: 240277862, NIP: 5482463036,
Share capital (fully paid): PLN 123,000.00