Information clause for the "report abuse" form
Basic information on the processing of your personal data by a KRUK Group entity pursuant to Article 13(1) and (2) and Article 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").
Personal Data Controller
KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8, is the controller of your personal data. You may address your query to any of the above-mentioned Controllers by sending
it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address info@kruksa.pl.
Data Protection Officer
We have appointed a Data Protection Officer whom you may reach for all matters concerning the processing of your personal data and your rights in this regard. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8, 51-116 Wrocław, or contact by
e-mail: info@kruksa.pl.
What data are we talking about and where did we get the data from?
The use of the online form to report violations/abuses is voluntary, so the data provided to us by the form comes directly from the notifier, i.e. you.
The information you provide to us determines what data we will process. We regularly process the following information:
- Your name and contact details, if you provide them to us.
- information about possible employment with us, if provided to us,
- names of persons and other personal data that may be obtained depending on the application.
The online form for reporting breaches/abuses has been created to report observed breaches/abuses, in particular with respect to ensuring compliance of KRUK S.A.'s operations with applicable laws, internal regulations, market and ethical standards. It allows you to communicate information about possible compliance violations that can have serious consequences for your business. This includes the consequences of criminal liability.
Why and on what basis do we process your personal data?
Your personal data will be processed for the following purposes
- its legitimate interest in receiving, verifying and investigating reports of breaches of the law in accordance with Article 6(1)(c) of the GDPR and also in relation to Article 9(2)(g) of the GDPR.
How long do we keep your personal data?
The data is stored for as long as it is necessary to fulfill the purposes listed above or to complete the processing of the breach/abuse report, within the framework of applicable law. The criteria are, for example, the complexity of the case, the length of time it has been processed and the subject matter of the complaint.
Who can we share your personal data with?
Your data may be shared with entities that support our activities, such as entities that provide legal services, entities that support our IT infrastructure, our advisors or auditors and law enforcement authorities, as well as other authorities and entities where the obligation to provide data arises from legal provisions. The data provided will be processed by employees of the Compliance Department of KRUK S.A. who are authorised to do so.
As a matter of principle, we do not transfer data to third parties. However, it may happen that we transfer the provided data to other departments of the controller or to KRUK Group companies in accordance with Article 28 of the GDPR if it is necessary to clarify the matter.
As a general rule, we are required by law to inform the accused persons or witnesses named in the report that we have received a notification about them, as long as such information does not impede further investigation of the report. The identity of the notifier will not be disclosed to the extent permitted by law.
Do you have to provide us with your personal data?
Providing data is voluntary.
From whom may we receive your data?
In principle, we receive your data directly from you as a result of you providing it in the relevant contractual provisions. In some situations, we obtain your personal data by means other than directly from you, e.g. someone else provides you as a contact person for the conclusion and performance of a contract. This could be your supervisor or a co-worker.
Profiling and automated decision making
Please be informed that in the course of our activities your data will be not processed by automated means, including profiling. We do not make automated decisions in relation to you.
Transfer of your personal data outside the European Economic Area (EEA)
We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
What rights do you have in relation to your data and how can you exercise them?
In our activities, we guarantee the possibility of exercising the rights arising from the GDPR.
Pursuant to the GDPR, you have the right to:
- receiving information regarding our data processing and copies thereof (Article 15 of the GDPR),
- rectification of data when it is incorrect, e.g. out of date or incomplete (Article 16 of the GDPR),
- deletion of data ("right to be forgotten") in the situations described in Art. 17 GDPR,
- restrictions on data processing (Article 18 of the GDPR),
- raise an objection (Article 21 of the GDPR),
- submit a complaint to the supervisory authority responsible for the protection of personal data, i.e. the President of the Personal Data Protection Office (Article 77 of the GDPR).
If your consent is the basis for the processing of personal data, you can withdraw it at any time. However, this will not affect the lawfulness of the Company's use of your data before such consent is withdrawn.
If you wish to exercise the above rights, you may submit a request to us by:
- e-mail to: info@kruksa.pl
- telephone by calling: 800 700 020
- post to the following address: KRUK S.A., ul. Wołowska 8, 51-116 Wrocław
- in person, when contacting our advisor or at KRUK S.A.'s registered office in Wrocław at ul. Wołowska 8.
