1. Information on personal data processing

 

This privacy policy describes the way and scope of processing personal data referring to persons whose personal data was processed, the period of processing data and recipients of personal data according to union regulations referring to personal data protection – the Regulation of the European Parliament and Council (EU) 2016/679 of 27th April 2016 on natual persons protection in reference to personal data processing and free inflow of such data and waiving directive 95/46/EC and act on personal data protection of 10.05.2018.

 

  1. Dictionary of concepts

 

  1. Praxi Software– shortened name of the firm Praxi Software Sp. z o.o.
  2. Personal Data – information on the basis of which direct or indirect natural persons identification is possible, especially the Personal Data is: name and surname, identification number, e-mail, telephone, internet ID, company’s name, in which this person is employed, position. Praxi Software does not process, so-called: particular personal data including: one or many particular factors specyfing physical, physiologic, genetic, physic, economic, cultural or social identity of natural persons; date disclosing race or ethnic origin, political opinion, religion or philosophic beliefs, affiliation to the trade unions and data referring to to health and sexual life;
  3. Client – external firm for which; Praxi Sofware provides Services, during which employees, co-employees, contractors Personal Data may be processed.
  4. Business Partner – external firm with which Praxi Software stays in business relation directly or indirectly and which may have given Personal Data on the basis of frame confidentiality agreement.
  5. GDPR Regulation – European Parliament and Council Regulation (EU) 2016/679 of 27th April 2016 on natural persons protection in reference to personal data processing and free flow of such data and repealing the directive 95/46/EC;
  6. Realization agreement – one-time agreement signed with the Client for realization of a specified Service;
  7. Frame Agreement – agreement specifying cooperation rules with the Client, way of making order and collection of work within the frames of realized advisory Services;
  8. NDA Agreement – non-disclosure agreement covering the way of processing, security and protection of personal Data and the way of performance in case of the risk appearing of dislosure of transferred personal Data by the Client;

 

  1. Who processes such data

 

The Administrator of Personal Data is the firm Praxi Software Sp. z o.o. with its registered office in Kraków Plac Szczepański 3, 31-011 Kraków (hereinafter referred “PD Administrator”). Contact with PD Administrator is possible by mail: administrator.danych@praxisoftare.pl or by correspondence at the above-mentioned address with a note “Personal Data”.

 

  1. Purpose and scope of personal data processing

 

  1. Praxi Software processes personal data within the following scope:
  2. undertaking actions before realization Agreement or frame Agreement conclusion within the frames in which Personal data of contact persons may be processed or employees Personal data necessary to prepare the offer of agreement may be entrusted [6 it. 1 let., b. GDPR Regulation];
  3. in order to perform the realization Agreement or orders within the scope of frame Agreement, within the frames of which personal Data of contact persons, employees and co-employees of Client necessary to realize the agreement or order subject is processed [6 it. 1 let. b of the GDPR Regulation];
  4. for the purpose of cooperation with the business Partners within the frames of provided Services, within the frames of which personal Data of contact person, employees and co-employees of the Client necessary to realize the agreement or order subject is processed [6 it. 1 lit. b. GDPR Regulation];
  5. fulfilling legal obligation by the PD Administrator [6 it. 1 let. c of the GDPR Regulation];
  6. on the basis of legally justified interest [6 it. 1 let. f of the GDPR Regulation] in order to realize:
  7. own services direct marketing,
  8. guarantee, complaint during project course and after its completoon within 12 months
  9. monitoring and improving quality of provided services, including: research of client’s satisfaction of provided services,
  10. risk management and internal control,
  11. vindication or securing of claims, including:
  12. verification of payment credibility of the client on the basis of data from National Debt Register Bureau of Economic Information S.A.,
  13. conducting analysis of technical quality of provided services and equipment.
    Moreover, on the basis of separate agreement Praxi Software may process personal data [6 it. 1 let. a. of the GDPR Regulation] in order to:
  14. organize and conduct courses and marketing events,
  15. marketing products or services of subjects cooperating with Praxi Software, whereby personal data of the client will not be disclosed to third parties;
  16. Marketing referred to in point b) above may be realized by Praxi Software through electronic communication means, i.e. SMS, e-mail, MMS and communication through telephone communcation.

 

  1. Period of processing personal data

 

  1. A period of processing personal data was specified due to division for processing purposes:
  2. Undertaking actions before concluding realization or frame Agreement, processing period ends:
  3. at the time of signing the realization Agreement, frame Agreement or NDA agreement, because personal Data processing is covered with one of these agreements;
  4. at the time of completing the offer action with a negative result.
  5. Performance of the realization Agreement or orders within the frames of frame Agreement, period of storing ends:
  6. 3 months from One-time Agreement completion for the purposes of giving to the Clients the explanations due to realized Services,
  7. at the time of terminating the frame Agreement,
  8. at the time of terminating NDA Agreement,
  9. after receiving information from the Client, that a given employee whose personal Data is processed is not longer his employee, unless the scope of realization of the Agreement or the Order excludes this;
  10. Contact service with business Partners. Period of storing ends:
  11. at the time of expiring the Cooperation Agreement with the business Partner;
  12. upon clear Client’s request.
  13. Realization of legally justified interest by the PD Administrator, a period of storing ends:
  14. at the time of submitting an objection to the PD Administrator by a person whose data refers to, unless legal provisions allow to do it.
  15. Organization and conducting competitions and marketing campaigns, period of processing ends:
  16. at the time of submitting an application to PD Administrator to stop or limit personal data processing by the person to whom the data refers.
  17. Marketing of products or services of the entities cooperating with Praxi Software, period of processing ends:
  18. at the time of submitting an application to PD Administrator to stop or limit personal data processing of a person to whom the data refers.
  19. Complaints’ service. Period of storing ends:
  20. after completion of the complaint process and during guarantee period;

 

  1. Recipients of personal data

 

  1. Sourced personal Data is disclosed, if it necessary to:
  2. The entities participating in the processes necessary to realize one-time Agreements or Orders including:
  3. IT services providers;
  4. outsourcing employees providers;
  5. permanent co-employees;
  6. Business partners
  7. Entities realizing telecommunication services;
  8. Entities realizing vindication services and antities acquiring receivables – in case of failure to pay the bills and invoice on time;
  9. Entities realizing courier and postal services;
  10. Entities realizing transport services;
  11. Entities printing correspondence and servicing correspondence from clients;
  12. Entities archivizing documents;
  13. Entities providing clients opinions research;
  14. Entities providing advisory, consulting, audit, financial, accountancy services, legal support for Praxi Software.

 

  1. Rights referring to personal data processing.

 

  1. Rights of persons, to whom the data refers:
  2. the right of access to processed personal data i.e.: the right to obtain a confirmation through the PD Administrator whether and in which scope personal data is processed;
  3. the right to correct data, if there is a reasonable suspicion that processed data is improper or incomplete;
  4. the right to limit processing data, including:
  5. the right to revoke previously approved consents (revoke of the consent does not have an influence on data processing right consistency, which was given on the basis of the consent before its revoking);
  6. a person, to whom the data refers, lodged an appeal against personal data processing – until establishing whether this appeal against processing is justified towards justified interest of PD Administator;
  7. the right to cancel personal data in the case, when:
  8. data is not more necessary for the purpose due to which it was gathered or is processed in other way;
  9. the person, to whom the data refers, made an appeal against data processing;
  10. the person, to whom data refers, retreated a consent to process data and there is no another legal basis to process;
  11. data is processed not in accordance with applicable law;
  12. data must be removed in order to fulfill an obligation resulting from legal provisions;
  13. the right to transfer data through PD Administrator to another administrator, unless processing is made on the basis of the agreement concluded with another person, to whom the data refers or on the basis of the consent given by such person;
  14. the right to make an appeal against personal data processing on the basis of reasonable interest of the Administrator or against processing for direct marketing purposes;
  15. the right to make an appeal to the proper supervisory body in case of considering that the personal data processed by Praxi Software breaches the provisions of GDPR Regulation and the Act on personal data protection;
  16. the right to obtain an intervention from PD Administrator side, express own position and to question the decision based on an automated data processing.

 

  1. Personal data security

 

  1. Processed personal data is secured by application of proper technical and organizatonal means aiming at monitoring an access to personal Data and application of data securities to unable an access to data by third parties;
  2. Applied organizational means include application of personal data Rules approved by Management Board of Praxi Software and minimalization of personal Data processing, a pseudonymisation of data where necessary, all employees and co-employees as well as Business Partners have NDA Agreement signed, which specifies a way of Confidential Information protections and the way of processing and protecting Client’s Personal Data;
  3. Applied technical means to protect personal Data processing allow to precisely determine who has an access to particular data category, to whom and for how long personal Data was disclosed. Applications and IT solutions of third firms used by Praxi Software meet requirements of GDPR Regulation within the scope of Personal Data protection.

 

  1. Who to contact with in case of questions referring to personal data processing

 

  1. In order to ask a question due to processing personal Data by Praxi Software you should send a question at the following address:
    osobowe@praxisoftware.pl.
  2. To exercise your rights (a right to access to your personal data, a right to correct data, a right to limit personal data, a right to remove personal data, a right to transfer personal data) you can direct your application at the address of PD Administrator using an application pattern available here: (Link: https://praxisoftware.pl/wp-content/uploads/2018/05/PRAXI-Zgłoszenie-żądania-dotyczącego-danych-osobowych-1.pdf)