The following information is prepared in accordance with art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”) and the Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000) in order to present the purposes and methods of data processing by the Companies.
The Administrator of personal data is Ventor Energi Sp. o.o., Ventigros Sp. o.o., located in Dębica (ul. Drogowców 7, 39-200 Dębica) and Ventor Energi Norge AS and Ventor Constuction AS based in Verven 42, 4014 Stavanger, NORWAY, which may be hereinafter referred to as “Ventor Companies”.
Contact with the Administrator is possible via the contact form on the website www.ventor.com.pl. and the contact form on the Ventor Portal for its users. In addition, the Administrator can be contacted by email: firstname.lastname@example.org and by phone: Secretariat: +48 14 681 80 10.
Personal data is being processed:
- in order to execute an employment/other contract concluded with the Administrator, including to determine and pay remuneration for work and other benefits, in accordance with art. 6 sec. 1 (b) GDPR;
- in order to fulfil other legal obligations imposed on the Administrator by the provisions of the Labour Code, in accordance with art. 6 sec. 1 (c) GDPR – for the period of employment;
- in order to fulfil legal obligations imposed on the Administrator with respect to the Social Insurance Institution and the Tax Office, consisting in making mandatory notifications and registration of the Administrator’s employees, as well as establishing, collecting and paying social security contributions and income tax advances, in accordance with art. 6 sec. 1 (c) GDPR – for a period of 50/10 years in terms of storing documents on the basis of which the basis for the retirement or disability pension is calculated;
- in order to fulfil the employer’s obligations to ensure safe and hygienic working conditions, to conduct the necessary training, medical examinations, in accordance with art. 6 sec. 1 (c) GDPR – for a period of 10 years after termination of employment;
- in order to fulfil the employer’s legal obligation to ensure equality and non-discrimination in employment, pursuant to art. 6 sec. 1 (f) GDPR – for the period of employment;
- to the extent to which Ventor Companies use video monitoring in order to implement the Administrator’s legitimate interest, which is the organization of the work process, protection of persons staying on the premises managed by the Administrator, protection of property and information belonging to the Administrator, pursuant to art. 6 sec. 1 (f) GDPR – for a maximum period of up to 1 month;
- in order to implement the Administrator’s legitimate interest in establishing, investigating or defending against claims, in accordance with art. 6 sec. 1 (f) GDPR – for a period of 3 years from the termination of employment, and in the case of pending proceedings, for the period of its duration until the final termination and limitation of claims;
- with regard to contact details of persons providing such data in order to facilitate communication and document circulation between that person and the Companies, in accordance with art. 6 sec. 1 (f) GDPR (legitimate interest consists in ensuring contact by electronic means) and alternative contact details, in order to ensure the reliability of electronic communication upon voluntary consent of the person, in accordance with art. 6 sec. 1 (a) GDPR – for the period of employment or rights to claims;
- with regard to contact details of persons interested in the Ventor Companies’ offer in order to provide answers to inquiries, upon voluntary consent of the person, in accordance with art. 6 sec. 1 (a) GDPR;
Personal data of Counterparties is processed for purposes related to the preparation, signing and execution of a contract, in accordance with art. 6 sec. 1 (b) GDPR and for the purposes of establishing, investigating or defending against claims, pursuant to art. 6 sec. 1 (f) GDPR for the duration of the contract and pursuing claims.
Contact details of persons indicated for cooperation in the implementation of contracts, in accordance with art. 6 sec. 1 (f) GDPR, i.e. the legitimate interest of the Administrator, which is to conduct ongoing arrangements with a counterparty for the term of the contract and pursuing claims.
Data of the Ventor Portal users is processed for the purposes of job search and possible employment in accordance with art. 6 sec. 1 (c) GDPR (in terms of information required by the provisions of the Labour Code) and in terms of other data, in accordance with art. 6 sec. 1 (a) GDPR (upon consent of the person concerned).
The Administrator informs that the cameras of the monitoring system installed at the headquarters of the Companies do not record the image in sanitary rooms, cloakrooms, canteens and smoking rooms, unless the use of monitoring in these rooms is necessary to achieve the goal set out above and does not violate the dignity and other personal rights of natural persons. The cameras of the monitoring system are not installed in the premises of trade unions.
Ventor Companies may be data recipients, based on joint arrangements of the administrators, in accordance with art. 26 GDPR (co-administration). Another group of recipients are the Administrator’s Counterparties, including foreign ones, carriers, travel agencies participating in the organization of employees’ travel, entities providing transport and accommodation and service providers of the Companies on the basis of data processing agreements signed pursuant to art. 28 GDPR.
The processed personal data is made available to authorized entities, such as tax offices and social security authorities, national labour offices, local trade unions, entities providing occupational medicine services, on the basis of legal provisions.
The provisions of the GDPR define the rights of natural persons with regard to the processing of personal data of natural persons. Such rights include:
The right to access personal data. At any time, the person whose data is processed by the employer may request access to their data.
The right to rectify and supplement data. The person whose data is processed by the Companies may request immediate rectification of personal data if it is incorrect, as well as request supplementing incomplete personal data.
The right to delete data. The person whose data is processed by the Companies has the right to demand immediate deletion of their personal data in any of the following cases:
- when personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- when the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- when personal data is processed unlawfully;
- when personal data must be removed in order to comply with a legal obligation provided for in European Union law or Polish law.
This request is not an absolute right, because the Administrator will not be able to remove it to the extent that its processing is necessary: to exercise the right to freedom of expression and information, or to fulfil a legal obligation requiring its processing under European Union law or law Polish, or for statistical purposes on the terms set out in the GDPR, or to establish, assert or defend against claims.
The right to limit data processing. The data subject has the right to request limitation of processing in cases where: the correctness of personal data is questioned – for a period allowing the Administrator to check the correctness of such data; or when the processing is unlawful and the natural person opposes the deletion of personal data and requests limitation of its use instead; or the Administrator no longer needs personal data for the purposes of processing, but it is needed by the data subject to establish, assert or defend against claims.
The right to object. The data subject has the right to object to the processing of their personal data. The Administrator may disregard the objection if they demonstrate the existence of legally valid grounds for processing that override the interests of that person, their rights and freedoms, or the grounds for establishing, investigating or defending against claims.
The right to withdraw consent. To the extent that the processing of personal data is based on consent, the person providing the data has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The right to transfer data. To the extent that the data is processed in order to conclude and execute a contract or processed on the basis of consent, and the data processing is carried out in an automated manner, the person who provided the data has the right to receive their data in a structured, commonly used machine-readable format, provided before or during the cooperation with Ventor Companies from the Administrator. A person exercising this right may send this personal data to another administrator.
The right to lodge a complaint. The person whose data is processed by Ventor Companies has the right to lodge a complaint against the processing of personal data by the Administrator to the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw), fax 22 531 03 01, office hours: 8.00 – 16.00). Submitting complaints to the Personal Data Protection Office in the form of an electronic document via the Electronic Inbox is possible using dedicated forms available on the biznes.gov.pl platform. This platform produces an official confirmation of receipt of electronic documents, in accordance with applicable law.
Contact to the DPO. In the case of exercising the above-mentioned rights and inquiries related to the protection of their personal data, persons whose data is processed by Ventor Companies may ask questions or submit an application to the Data Protection Officer (DPO) appointed by the Companies, sending it to the following-mail address: email@example.com.