Information on the processing of your personal data
§ 1. Definitions
Adminitrator or GENOMTEC – GENOMTEC S.A., with its registered office in Wrocław (54-066), ul. Stabłowickiej 147, entered into the register of entrepreneurs in the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, with the KRS number 0000662554; Tax Identification Number (NIP): 8992809452; share capital of PLN 815,854.00 (fully paid-up).
Shareholder – a natural person holding shares of the Administrator (and his or her attorney), whose personal data are processed in relation to the Administrator’s duties under the commercial law.
Personal Data – any information about an identified or identifiable natural person who can be identified by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including the IP of the device, location details, online identifier and information gathered using cookies or other similar technologies.
EEA – European Economic Area.
Bondholder – a natural person holding bonds of the Administrator (and his or her attorney), whose personal data are processed in relation to the provisions of the commercial law on bonds.
Data Subject – the person to whom Personal Data refer.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – the Internet site operated by the Administrator at https://genomtec.com.
Visitor – any person using the Website.
§ 2. General provisions
This Policy sets forth the principles for the protection and processing of Personal Data by the Administrator, and allows fulfilling the information duty referred to in Articles 13 and 14 of the GDPR.
§ 3. Types of Personal Data subject to the processing, purposes of the processing and grounds for the processing
- The Administrator shall process the following types of Personal Data:
- in relation to contact aimed at providing answers to any inquiries or requests, and further correspondence/contact to this end, or questions pertaining to other information and services of the Administrator: first name and surname, company, position, contact details including e-mail address or telephone number; grounds for the processing: point (f) of Article 6(1) of the GDPR;
- in relation to business and commercial relationships aimed, inter alia, at establishing the cooperation, concluding or implementing an agreement or settling agreements: first name and surname, Personal Identification Number (PESEL), contact details including residential address, e-mail address and telephone number, information on the position and professional authorisations, as well as other Personal Data provided to the Administrator in relation to the cooperation; grounds for the processing: point (b) of Article 6(1) of the GDPR;
- in relation to recruitment, for the purposes of, inter alia, evaluating candidates and conducting the recruitment process and the Administrator’s defence of potential legal claims, as well as lodging potential legal claims: first name and surname, date of birth, contact details provided by the candidate (e-mail address, telephone number), information on education, professional qualifications, employment history and other details included in the application documents provided by the candidate on a voluntary basis, including data made available in the form on the recruitment site, and for the purposes related to the assessment of the recruitment process: first name and surname or nick, e-mail address and content of the opinion of the participant of the recruitment process; grounds for the processing: points (a), (b) and (f) of Article 6(1) of the GDPR;
- in relation to registration for the newsletter: e-mail address; grounds for the processing: point (a) of Article 6(1) of the GDPR;
- in relation to investor relationships aimed, inter alia, at the performance of the agreement on the purchase/takeover of securities, and exercise of rights from securities held including rights related to convening, participation and exercising rights at the general meeting of shareholders of GENOMTEC: first name and surname, Personal Identification Number (PESEL), contact details including residential address, e-mail address and telephone number of the Shareholder/Bondholder, and details of securities and resulting rights; grounds for the processing: points (c) and (f) of Article 6(1) of the GDPR;
- in relation to access to confidential information, for the purposes of drawing up a list of persons who have access to confidential information: first name and surname, date of birth, Personal Identification Number (PESEL), private telephone numbers, residential address, business telephone number, name and address of the company, function and reasons for classifying the person as having access to confidential information, date and time of including the person in the group (section) of persons having access to confidential information; grounds for the processing: point (c) of Article 6(1) of the GDPR;
- persons fulfilling management duties (PFMD) and their relatives and close associates (RCA) for the purpose of drawing up and maintaining a list of persons fulfilling management duties and their relatives and close associates, and notifying persons fulfilling management duties of their obligations: first name and surname, position at GENOMTEC S.A. (PFMD) or reasons for classifying as RCA, business telephone number (PFMD), e-mail address (PFMD), residential address (if provided), Personal Identification Number (PESEL) (if provided); grounds for the processing: point (c) of Article 6(1) of the GDPR.
2. In relation to investor relationships, Personal Data could have been provided to the Administrator by a responsible entity recording subscriptions as part of the issue of securities, the services of which were used to this end, or by the Central Securities Depository of Poland (Krajowy Depozyt Papierów Wartościowych S.A.) – also in the case of dividend payments.
§ 4. Disclosure of Personal Data – recipients of dataRecipients of Personal Data include:
- business partners of GENOMTEC, who need access to Personal Data in order to ensure the correct functioning and maintenance of IT systems of GENOMTEC;
- entities, whose services are used by GENOMTEC, e.g. courier firms and law offices;
- other Shareholders and Bondholders in relation to making available the list of Shareholders/Bondholders (containing their surname and first name or company/name, place of residence/registered office, number, type and numbers of shares, and the number of votes to which they are entitled) at the office of the Management Board of GENOMTEC, and the right to receive a copy of this list, as well as in the case of the register of attendance at the general meeting of shareholders containing: first name and surname, as well as the number, type and numbers of shares, and the number of votes from these shares;
- Polish Financial Supervision Authority in relation to Article 70 of the Act of 28 July 2005 on public offering, conditions governing the introduction of financial instruments to organised trading, and public companies (consolidated text: Journal of Laws of 2020, item 2080);
- entities employed to support the general meeting of shareholders of GENOMTEC;
- other entities, to whom GENOMTEC is obliged to transfer Personal Data based on universally binding legal regulations.
GENOMTEC does not transfer, sell or lend collected Personal Data to other persons or institutions, unless it is based on explicit consent or at the request of the Data Subject, or at the request of the State Authorities, for the purposes of their proceedings.
§ 5. Duration of Personal Data processing
1.GENOMTEC shall process Personal Data for the period necessary to achieve the objective for which the Personal Data have been collected, i.e.:
- in the case of concluding an agreement with GENOMTEC, GENOMTEC can process Personal Data of the other party to the agreement for the period necessary to perform the agreement, and subsequently, for legitimate purposes, e.g. for the purposes of protection against potential claims, until the expiry of the claim limitation period;
- in the case of compliance with a legal obligation imposed on GENOMTEC by universally binding legal regulations – until GENOMTEC fulfils this legal obligation;
- in the case of granting the consent – until the consent is withdrawn;
- in the case of GENOMTEC pursuing its legitimate interests – until objection is registered to the processing of Personal Data.
2. In the case of granting the consent, GENOMTEC shall be entitled to process Personal Data also after the expiry of the term of the aforementioned agreement. GENOMTEC shall not process Personal Data if the previously granted consent is withdrawn. Withdrawal of the consent shall not affect the lawfulness of processing of Personal Data based on consent before its withdrawal.
§ 6. Transfer of data to third countries
- In exceptional cases, Personal Data can be transferred to business partners processing Personal Data outside the EEA, but only to the extent necessary related, e.g. to these business partners providing the Administrator with services, in particular IT services (e.g. data storage). Business partners of the Administrator may process data mainly in the United States of America (USA).
- The Administrator transfers Personal Data outside the EEA subject to ensured the adequate level of protection by applying standard contractual clauses adopted by the European Commission and additional measures to ensure protection of data in order to guarantee compliance with the level of protection adopted in the European Union.
- Data Subjects have the right to obtain information about the Administrator’s business partners referred to in section 1, and about measures applied by the Administrator, in particular by contacting the Administrator by e-mail, to the address specified in § 9 section 3.
§ 7. Rights of Data Subjects
1.Rights of Data Subjects related to the processing of Personal Data:
- right of access to information about Personal Data being processed by GENOMTEC, and to obtain a copy of these data;
- right to request rectification of Personal Data, where the data are incorrect, or to have Personal Data completed, where they are incomplete;
- right to deletion of Personal Data if:
- the Personal Data collected by GENOMTEC are no longer necessary in relation to the purposes of which the Administrator notified the Data Subjects;
- the Data Subjects withdraw consent to the processing of Personal Data;
- GENOMTEC is not entitled to process Personal Data on another legal basis;
- Personal Data have been unlawfully processed;
- Personal Data have to be erased for compliance with a legal obligation to which GENOMTEC is subjected;
d. right to Personal Data transmition, i.e. the right to request GENOMTEC to transmit the Personal Data to another entity;
e. right to restrict Personal Data processing, where the accuracy of the Personal Data is contested by the Data Subject, the processing is unlawful or GENOMTEC no longer needs the Personal Data, an objection is made to the processing thereof. The Data Subject may also request GENOMTEC to suspend any operations on his or her Personal Data and only to store these Personal Data for a specified necessary period (e.g. pending the verification of the correctness of Personal Data or defence of legal claims);
f. right to object where GENOMTEC processes Personal Data for the purposes of legitimate interests, such as, inter alia, marketing activities; in such case GENOMTEC shall cease to process Personal Data immediately after the Data Subject effectively objects to the processing thereof;
g. right to withdraw consent – the Data Subject shall have the right to withdraw his or her consent with respect to all consents to the processing of Personal Data granted by the Data Subject.
2. Requests related to the exercise of rights of Data Subject can be submitted to GENOMTEC S.A.:
- in written form by sending a letter to the address of the registered office of GENOMTEC;
- by e-mail, to the address: firstname.lastname@example.org;
- by telephone: +48 793 440 931.
3. The request referred to in section 2 should specify as precisely as possible to what the request pertains, i.e. in particular:
- what right listed in § 7 section 1 above the person submitting the request would like to exercise;
- the processing process to which the request pertains (e.g. receiving the newsletter);
- the purposes of the processing to which the request pertains (e.g. analytical purposes).
4. If the request submitted is formulated in a way that hinders determination its content or its fulfilment proves impossible for other reasons, GENOMTEC shall contact the person, who submitted the request, to provide additional information.
5. The response to the request shall be provided within 1 month of its receipt. That period may be extended by two further months where necessary, taking into account the complexity and number of requests.
6. The response will be sent to the e-mail address, from which the request was sent, and in case of request sent to the address of the Administrator’s registered office – by letter, to the address specified by the person, who submitted the request, unless the letter indicates that the response should be sent to an e-mail address, provided that such e-mail address is indicated in the request.
7. The Data Subject shall also have the right to lodge a complaint with the President of the Office for the Protection of Personal Data if the Data Subject concludes that his or her Personal Data are being processed unlawfully.
§ 8. Security of Personal Data
1. GENOMTEC conducts a risk analysis in order to ensure that Personal Data are processed in a safe manner – first of all, by ensuring that only authorised persons have access to data and only within the scope necessary, taking into account tasks performed by these persons. The Administrator ensures that all operations on Personal Data are recorded and conducted by authorised employees and partners only.
2. The Administrator takes all necessary steps in order to ensure that its subcontractors and other cooperating entities guarantee that appropriate security measures are in place whenever they process Personal Data at the request of the Administrator.
§ 9. Other provisions
1.GENOMTEC does not take decisions with respect to Data Subject based on automated processing, including profiling.
2.This Policy can be updated. In such case, the effective date specified below will change. Any previous versions of the Policy will be available at request.
3.The Administrator can be contacted by e-mail, at: email@example.com, or by telephone, at: ++48 793 440 931.