1. The hereby personal data protection policy for contractors of the Instytut Monitorowania Mediów (hereinafter referred to as “Policy”) defines the rules of processing of personal data by the Instytut Monitorowania Mediów S.A., with its registered office in Warsaw (hereinafter referred to as “Personal Data Controller”), concerning:
a) physical persons who are contractors of the Personal Data Controller (PDC) or who intend to enter into cooperation with the Personal Data Controller within the frames of their business activity;
b) physical persons who are employees of the contractors (regardless of the employment nature), whom the contractor have assigned to cooperate with the Personal Data Controller or to establish such cooperation,
– hereinafter referred to collectively as “Representatives”.
2. This Policy concerns personal data collected by the Personal Data Controller (or on behalf of PDC), both from the Representative’s employer or directly from the Representative (further referred to as “Personal Data”).
3. This Policy constitutes a fulfilment of duties defined in the Art. 13 and Art. 14 of the Resolution of the European Parliament and the Council of the European Union 2016/679 from 27 April 2016, concerning the protection of physical persons in relation to the processing of personal data and the free flow of such data, and the repeal of the Directive 95/46/EEC (general data protection regulation), hereinafter referred to as “GDPR”.
4. From the moment of collecting Personal Data, the Personal Data Controller assumes the role of the Controller of Personal Data of the Representatives under GDPR.
5. Personal Data Controller is authorized to process the following data of the Representatives: first name, second name, place of work, the official position in the company, contact data (the address for correspondence, phone number, e-mail address, social media accounts).
6. A legitimate interest of Personal Data Controller serves as grounds for processing of the Personal Data of the Representatives – the ability to start and continue the cooperation or contact the contractor through the intermediary of the Representative (Art. 6 § 1 item “f” GDPR).
7. Personal Data of the Representatives will be processed until the moment of ultimate termination of cooperation between the Personal Data Controller and the contractor. Personal Data can be removed earlier when PDC had previously received a complaint from the Representative against the processing of Personal Data and also when PDC had decided that he did not need the Personal Data any more for achieving the legitimized objective (contact with the contractor).
8. Personal Data will not be removed by Personal Data Controller as stipulated above, if their storage and processing results from binding regulations by law or if they are indispensable for performing calculations or claiming damages in relation with cooperation with the contractor or the contractor’s Representative.
9. Personal Data Controller is allowed to render the Personal Data available to entities which provide services to PDC (e.g. the third-party providers of IT services, courier services, HR services, accounting services and servicing contractors). Personal Data may also be forwarded to other stakeholders (also parties independent of Personal Data Controller), if the Representative rendered them available in such a form, which clearly suggests that they be used by third parties for contacting the Representative for business purposes.
10. Every Representative is entitled to:
– receive the information about the processing of Personal Data, including categories of the processes Personal Data and possible recipients of Personal Data,
– request that the improper Personal Data are corrected or that incomplete Personal Data are completed,
– request the removal or limiting the processing of Personal Data – in which case the request will be fulfilled if legal requirements had been fulfilled for such request,
– to object – in the case of processing of Personal Data on the basis of legitimate interest of the Personal Data Controller (Art. 6 § 1 item “f” GDPR),
– migrate personal data – through receiving the data from Personal Data Controller in a format which enables their portability to a chosen third party,
– file a complaint to the supervision authority – Inspector General for the Protection of Personal Data, ul. Stawki 2, 00-193 Warszawa – in case it is stated that the personal data are processed in violation of the law.
11. Any quires, motions and requests related with the processing of Personal Data shall be addressed at firstname.lastname@example.org.
12. Each of the contractors of Personal Data Controller is obliged to inform its Representatives of the present Policy.