Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”), we would like to inform you that:

1. The data controller (hereinafter: the Controller) is: LPP S.A. with its registered office in Gdańsk, ul. Łąkowa 39/44, KRS No. 0000000778.

2. The Data Protection Officer (hereinafter: DPO) can be contacted by writing an email to: dataprivacy@lpp.com or a letter to the Controller’s address specified above.

3. The purpose and legal grounds of personal data processing:

The use of dedicated applications of technical or organisational nature rendered accessible only for internal use within the organisational structures of the companies from the LPP Group. The use of applications by employees is connected with performing the tasks assigned to them and is necessary for fulfilling their relevant job position’s duties, pursuant to Article 6(1)(b) of the GDPR.

4. The recipients of personal data will be:

a. Silky Coders sp. z o.o and other entities from the LPP Group engaged in the processing of employees’ data on behalf of the Controller; particularly for the purpose of granting the employees access to technical applications necessary for completion of specific tasks.
b. The entities providing maintenance and technical support for technical devices used by the Controller, e.g. supporting and maintaining systems utilised for personal data processing.
c. Selected business partners (offerors, providers, contractors) with whom the Controller collaborates.
d. The Controller can share your data with the providers of services or products acting on the Controller’s behalf by virtue of a personal data processing agreement and requires such providers to act on documented Controller’s instructions, provided that such providers keep your personal data confidential and safe.

5. In connection with our processing of your data, you have the following rights:

a. the right of access to personal data,
b. the right of data rectification,
c. the right of data deletion, provided that conditions from Article 17(3) of the GDPR are not met,
d. the right to raise an objection against data processing.

6. Data processing period:

a. Personal data will be processed for the whole duration of your employment, and when it expires, they will be stored for the period required by the law.
b. With regard to legitimate interest, the data will be processed until an objection against data processing is accepted.

7. Your personal data can be transferred to a country outside of the European Economic Area (EEA) or to any other country cooperating with the Controller, if a need arises due to the nature of the work you perform or the tools this work entails. Proper securing of the processed personal data outside of the EEA is guaranteed by external contracts regarding data processing based on standard contractual clauses which meet the requirements of the GDPR.

8. The Controller does not use automated data processing.

9. You have a right to lodge a complaint with the President of the Polish Personal Data Protection Office in the aspect concerning the data processing performed by the Controller.