The policy is based on four fundamental principles.
We are committed to consistently meeting applicable requirements and continuously improving our security management system and enhancing our security measures.
Each employee is personally responsible for maintaining the confidentiality, availability, and integrity of the data entrusted to them. The management of the company bears responsibility for maintaining, evaluating, and setting the directions for continuous improvement of the security management system.
We acquaint our employees and collaborators with the principles of the information security management system and personal data protection, as well as the objectives of this policy.
This policy is accessible to our employees, collaborators, clients, and interested parties.
The administrator of your personal data processed within the below mentioned processes is INTER-DIAMENT Kacprzycki Spółka jawna, registered in the National Court Register under KRS number 0000006622, with Tax Identification Number (NIP) 5290008253, and Statistical Identification Number (REGON) 010678496, located at 30 Chełmońskiego Street, 05-825 Grodzisk Mazowiecki, Poland. You can contact us in writing, via email at agnieszka.ganc@www.inter-diament.com.pl/en, or by phone at +48 692 776 619.
Purpose of processing. | Legal Basis | Legitimate interest | Planned duration of processing |
Recruitment of employees | Art. 6 ust. 1 lit. a) oraz b), c), f) RODO Statutory regulations/laws: Labor Code |
Defense and enforcement of claims | For the duration of the recruitment process or until consent is withdrawn, statute of limitations on claims, and for the period for which data remain relevant for the purpose for which they were collected. |
Business contact (email, telephone, web forms) | Art. 6 ust. 1 lit. b) i f) RODO | 1. Defense and enforcement of claims 2. Response to inquiries and further correspondence |
For as long as the data remain relevant for the purpose for which they were collected. |
Processing data of representatives of contractors or clients. | Art. 6 ust. 1 lit. c) i f) RODO | Execution of a contract involving a third party who is the employer or principal of the representative. | For the duration of the agreement, the statute of limitations for claims arising from it, as well as for the period specified by law (typically 5 years), and for the period during which the data remain relevant for the purpose for which they were collected. |
Cookies and server logs. | Art. 6 ust. 1 lit. a) i f) Art. 173 Telecommunications law |
Security assurance, statistics and records, research and development, marketing | For the period during which the data remain relevant for the purpose for which they were collected. |
Sending commercial information | Art. 6 ust. 1 lit. a) andf) RODO Art. 10 ust. 2 Act on the provision of electronic services |
Marketing of own products and services, brand building (PR) | Until consent is withdrawn. |
The recipients of your personal data will be authorized employees and collaborators of the data controller, entities authorized to obtain data under applicable law, subcontractors of the data controller where processing requires their involvement (e.g., IT solution providers), as well as service providers for the company (banks, telecommunications companies, law firms, auditors).
The GDPR regulations grant the right to:
1) the right of access to one's data and to obtain a copy thereof
2) the right to rectify (correct) one's personal data;
3) the right to restrict the processing of personal data;
4) the right to erasure of personal data;
5) the right to object to processing based on legitimate interest;
6) The right to lodge a complaint with the President of the Personal Data Protection Office (at the address of the Office for Personal Data Protection, Stawki 2, 00-193 Warsaw));
7) The right to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal.
However, these rights are not absolute and may not apply in certain circumstances (e.g., the right to object or delete data does not apply when data processing is necessary for defense or assertion of legal claims). Articles 12-22 of the GDPR specify the circumstances under which you can exercise specific rights.
We do not transfer your personal data to third countries. However, when using certain tools (especially IT tools), we may transfer some of your data to countries outside the European Economic Area (EEA). The level of data protection in these countries may be lower than in EEA countries. The legal instrument securing such data transfers are standard contractual clauses adopted by the European Commission (their content is available on the website http://eur-lex.europa.eu, and they can also be obtained by contacting us).
We use third-party plugins. The processing of personal data is governed by the terms and conditions of these service providers:
1. Google remarketing code
2.Facebook plugin
Providing personal data is a condition for entering into a contract or participating in recruitment. To the extent required by law, providing data is a legal obligation (e.g., providing data for invoicing purposes). Providing data processed based on consent (e.g., additional data in a job candidate application) is always voluntary. We obtain essential data from the individuals to whom the data pertains. In some situations, we may obtain it from institutions represented by you (e.g., in connection with entering into a contract with an institution represented by you).