Privacy policy

Information clause regarding the processing of personal data

 Solar Energia Sp. z o.o. Sp. k.

1. Piastów 10M 66-600 Krosno Odrzańskie, NIP:9261685102

hereinafter referred to as the Controller introduces this Personal Data Protection Policy, hereinafter referred to as: the Privacy Policy. The purpose of this Protection Policy is to ensure the implementation and application of appropriate technical and organizational measures allowing the processing of personal data in accordance with the requirements contained in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: the Regulation.

 

In the matter of protecting your personal data, you can contact us at the following e-mail address: biuro@solarenergia.pl or in writing to the address of our registered office.

BASIC DEFINITIONS

 

The terms used in the Protection Policy mean:

 ?Controller? means Solar Energia Sp. z o.o. Sp. k. which determines the purposes and means of the processing of personal data;

?Personal data? means any information relating to an identified or identifiable natural person (?data subject?); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 ?Processing? means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

?Filing system? means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

?Processor? means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

?Recipient? means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the 4.5.2016 EN Official Journal of the European Union L 119/33 framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;

?Third party? means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data

?Consent? of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

?Personal data breach? means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

?User? means a person authorized to process personal data.

?Informatic system? means devices cooperating with each other, programs, software tools used for data processing.

 ?Data security? (in particular, personal data) is the protection of data against unauthorized processing. The purpose of security is to prevent the loss of integrity, confidentiality and availability of the processed data.

 

 

SCOPE OF PERSONAL DATA PROTECTION

 

The privacy policy applies to the processing of all personal data, in particular to data processed in a traditional way (in books, files, lists, indexes, files, etc.), as well as in IT systems.

The protection covers:

• personal data processed in IT systems and personal data stored on IT data carriers,
• personal data collected in documents,
• information on personal data security, in particular passwords to access data systems,
• register of persons authorized to process personal data,
• computer hardware and all carriers and devices containing personal data,
• buildings and rooms in which personal data is processed.
• The protection policy applies to the currently existing as well as planned and implemented in the future systems involving the processing of personal data.

 

All persons employed by the Controller and cooperating with the Controller are obliged to apply this policy, regardless of the nature of the legal relationship between the parties, if they have access to personal data.

 

OBLIGATIONS OF THE CONTROLLER IN THE SCOPE:

Confidentiality, integrity and accountability in data processing

 

 

• Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor  implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, such as data minimization, and in order to provide the processing with the necessary safeguards to meet the requirements of this Regulation and to protect the rights of data subjects.
• The controller  implements appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.

 

• The purpose of the Safety Measures is to ensure:

accountability

integrity

confidentiality

Division of Security Measures:

physical

organizational

technological

 

BASIC PRINCIPLES OF DATA PROCESSING

 

Personal data is:

1. a) processed lawfully, fairly and in a transparent manner for the data subject (lawfulness, fairness and transparency)
2. B) collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes;
3. c) adequate, used and limited to what is necessary for the purposes for which they are processed (“data minimization”);
4. d) correct and, if necessary, kept up to date; obsolete should be removed or corrected as soon as possible;
5. e) kept for no longer than is necessary for the purposes for which the data are processed; may be stored for a longer period, as long as they are processed solely for archiving purposes in the public interest, for the purposes of scientific or historical research and statistics;
6. f) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures, which constitute Integrity and confidentiality;

 

If the processing is based on consent, the data subject expresses it in a written statement.

The data subject is informed about the possibility of withdrawing consent.

The consent is voluntary and may not be dependent on the performance of the contract, including the provision of the service, if the processing of personal data is not necessary for the performance of this contract.

In accordance with the regulation  (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ((hereinafter referred to as GDPR), we would like to inform you that:

 

 

1. Purposes and legal grounds for processing. We will process your data:

 

• for contact and audit purposes based on the consent granted (GDPR provisions);
• in order to execute the accepted order in accordance with the art and its proper purpose, in accordance with the concluded contract and the Polish Civil Code;
• in order to obtain basic information and data necessary to perform the service in accordance with The Commission Regulation (EU) 2016/631 of 14 April 2016 establishing a network code on requirements for grid connection of generators(RfG NC)
• in order to legally formalize the cooperation between the Controller and the Ordering Party in accordance with the Polish Civil Code and the Act of 6 March 2018 Entrepreneurs Law (Journal of Laws of 2018, item 646) and Art. 4 of the Act on renewable energy sources;
• to conclude an agreement on behalf of the investor in accordance with the Act of March 6, 2018 Entrepreneurs Law (Journal of Laws of 2018, item 646) and Art. 4 of the Act on renewable energy sources
• for billing purposes, to issue an accounting document in accordance with the VAT Act, Tax Ordinance and other tax regulations;
• In order to provide financing other than cash in accordance with the Act of 12 May 2011 on consumer credit, art. 105 sec. 4d) The Act of August 29, 1997 Banking Law
• for archival (evidence) purposes, which are the implementation of our legitimate interest in securing information in the event of a legal need to prove it;
• in order to possibly establish, investigate or defend against claims being the implementation of our legitimate interest in this interest in accordance with the provisions of the GDPR

 

2. The period of data storage. We will store your data for the period of:

 

• Your personal data resulting from the conclusion of the contract will be processed for the period in which claims under the contract may be revealed, but not longer than 5 years.
• Until the purpose for which they were downloaded is achieved.
• The data processed on the basis of the consent granted may be processed until the consent is withdrawn or if the data has become obsolete.

3. Data recipients

Your personal data may be transferred to:

• our partners such as Tauron Energia, Alior Bank, companies cooperating with us in connection with the provision of our services, entities involved in the project implementation process, institutions specified by law, eg the Tax Office, Social Insurance Institution, or others.
• our subcontractors (processors), e.g. accounting, legal, IT, marketing and debt collection agencies with whom we have concluded Entrustment Agreements so that the data is adequately protected.

4. Monitoring

Our company does not use monitoring.

5. Your rights in accordance with the GDPR:

1.at any time, request access to personal data being processed,

2. correct incorrect personal data,

3.demand that the administrator stop processing and delete personal data,

4.demand that the processing of personal data be restricted,

5.use the right to data portability,

6.to withdraw consent to specific processing (if such consent is given)

7. to object to the processing of your personal data.
8. you are entitled to lodge a complaint with the competent supervisory authority at any time, if your personal data has been processed in violation of applicable data protection regulations.

 

6. The controller processes the data only in accordance with the law in such a way that the fundamental rights of the data subject are not violated. Data processing in our facility is allowed when:

1.the data subject consents to the processing for one or more specific purposes;

2. processing is necessary for the performance of the contract;

3.processing is necessary to fulfill a legal obligation or an international agreement;

4.processing is necessary for the purposes of the legitimate interest of the administrator.

7. We do not use automated profiling.
8. We do not send data to Third Countries
9. We have implemented technical and organizational measures in our company so that the data is protected at the highest level.