1. Personal Data Protection Act of 29 August 1997 (Dz. U. [Journal of Laws] of 2002 No. 101, item 926, as amended)
2. Polish Labour Code of 26 June 1974 (Dz. U. of 1998 No. 21, item 94, as amended)
3. Ordinance by the Minister of Labour and Social Policy of 28 May 1996 on the scope of keeping documentation on matters related to an employment relation by the employers and the way employee personal files shall be kept (Dz. U. of 1996 No. 62, item 286, as amended)
Whenever a reference is made in this Policy to:
1. Data file – it shall mean any structured set of personal data file accessible according to specific criteria, whether dispersed or decentralised on a functional basis.
2. Data processing – it shall mean all operations which are performed upon personal data, such as collection, recording, storage, development, alteration, making available and erasure, especially those performed by means of IT systems.
1. SOWA TRANSLATIONS HOUSE shall collect personal data for the following purposes:
a) keeping records on employment and remuneration for employees and business partners and their families;
b) collection of job offers;
c) participation in tenders;
d) translation and certification of documents;
e) participation of third parties in the agency’s projects, including the projects financed with public funds, EU funds, etc.
2. Each employee, business partner, supplier and client of SOWA TRANSLATIONS HOUSE has the right to the protection of personal data concerning him or her.
3. Personal data may be processed in the public interest, the interest of the data subject or the interest of third parties, to the extent and in the manner set forth in the Policy.
4. Personal data shall mean any information concerning an identified or identifiable natural person.
5. The obligation to inform and to obtain the personal data processing consent statement shall be treated collectively with reference to groups whose data is collected and processed by SOWA TRANSLATIONS HOUSE.
6. In the case of minors, the obligation referred to in section 5 shall be deemed fulfilled after signing the above-mentioned form by the parents (legal guardians).
1. The following personal data files are created in SOWA TRANSLATIONS HOUSE:
a) employee personal files;
b) employee payrolls;
c) sick leave records;
d) registration in the IT system.
2. Data is collected and stored in the manual system and processed by the computer system.
1. The Director shall be the Personal Data Controller in SOWA TRANSLATIONS HOUSE.
2. The Controller that processes personal data shall make all efforts to protect the interests of the data subjects, particularly, the Controller shall ensure that the data is:
a) processed to the extent necessary for the performance of tasks assigned to the employees and business partners of SOWA TRANSLATIONS HOUSE;
b) processed in line with the law in force;
c) factually correct and relevant for the purposes for which it is processed;
d) stored in the form which makes it possible to identify the data subjects for no longer than it is necessary to achieve the purpose of the processing.
3. Data may be processed for a purpose other than the purpose for which it has been collected only if it does not infringe the rights and freedoms of the data subject.
4. The Controller shall implement technical and organisational measures to protect the processed personal data to ensure a level of security appropriate to the risks and category of the personal data to be protected. Such measures shall be taken in particular to protect personal data against unauthorised access, being taken away by an unauthorised person, processing against the Act as well as alteration, loss, damage or destruction.
1. The Controller may authorise the employees and business partners of SOWA TRANSLATIONS HOUSE or at their request grant authorisation to process personal data in SOWA TRANSLATIONS HOUSE.
2. Data shall be processed only by persons that have been granted authorisation by the Controller.
3. The employees referred to in section 1 shall collect and process personal data only for the purposes referred to in § 1.
4. All employees collecting and processing personal data shall strictly comply with the provisions of the Act referred to in the introduction and of this Policy.
5. Persons authorised to process personal data manually or by means of IT systems shall protect this data against unauthorised access, being taken away by an unauthorised person, damage or destruction.
6. The authorisation referred to in section 2 shall include the name and surname of the authorised person and shall be granted in writing for a specified period or for an indefinite period – until the granted authorisation is revoked.
7. Each authorisation shall be kept on the employee personal files.
8. The Controller shall control what personal data has been entered into the data files, at what times and by whom, as well as to whom it is communicated.
9. The Controller shall keep a list of persons authorised to process personal data, which shall include the following:
a) name and surname of the authorised person;
b) authorisation granting and validity date;
c) the scope of the authorisation to process personal data.
10. Access to personal data shall be granted by the employees only on the basis of a written instruction given by SOWA TRANSLATIONS HOUSE.
11. Persons authorised to process personal data shall keep confidential this data and the ways it is secured. The above-mentioned obligation shall survive the termination of employment.
12. The following employees and business partners shall be authorised to process personal data in SOWA TRANSLATIONS HOUSE:
b) sales and customer service employees;
c) PR and marketing employees;
d) employees responsible for the recruitment of human resources and translators;
e) employees in charge of individual sections of the Agency;
f) H&S Coordinator;
g) QMS Representative, Internal Auditor;
h) Information Security Administrator and IT System Administrator;
i) subcontractors: accounting, legal, H&S and other services providers, translators, consultants, proofreaders, reviewers etc.
1. Personal data shall be processed by means of computers at the following locations:
a) SOWA TRANSLATIONS HOUSE;
b) registered offices of subcontractors.
2. Unauthorised persons may be present at the locations referred to in section 1 only in the presence of persons engaged in the processing of personal data and with the consent of the Controller.
3. The Controller shall specify the rules for entering and using the passwords to computers used for personal data processing.
4. The work commencement and end procedure:
a) the monitor screens at the workstations where personal data are processed shall be positioned so as to prevent unauthorised persons from gaining access to the displayed information;
b) a correct password shall be required to boot the computer;
c) always make sure that unauthorised persons are not able to access the data;
d) if work is stopped, the system shall activate a screen saver and log out the user;
e) always make sure that the data has been recorded to avoid data loss due to failure;
f) in the absence of persons engaged in the processing of personal data by means of IT systems, the rooms where data is processed shall not be made accessible to any third party without the consent of the Controller;
g) work related to the processing of personal data shall comply with all data security rules.
5. Soft copies and hard copies shall be made as needed and stored in the manner prescribed in the regulations.
6. The backup copies shall be stored in line with the law in force and periodically checked in order to verify whether they are useful.
7. Data carriers and hard copies that are not intended to be made available shall be stored in a lockable cabinet to which access is limited to authorised persons.
8. The Controller shall check the condition of the equipment, the content of personal data files and the extent to which they have been tampered with.
9. The data shall be supplemented using the backup copies.