GENERAL DATA PROTECTION POLICY
1. This General Data Protection Policy sets the basic data protection rules and data protection standards applied at Hamech Machinery Plants, 17-200 Hajnówka ul. Armii Krajowej 3 to ensure conformity with the Polish and European regulations on personal data protection, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: GDPR.
2. This Policy shall be applied in every case of personal data processing by "Hamech" Sp. z o.o.
The rules for personal data processing by "Hamech" Sp. z o.o.
"Hamech" Sp. z o.o. shall maintain conformity with the following rules while processing personal data:
I. Lawfulness, fairness and transparency
Personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject.
II. Purpose restriction
Personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
III. Data minimisation
The Company processes only personal data proper and adequate for a given purpose of processing, and the scope of data is limited to what is necessary for the purpose for which the personal data are processed.
IV. Storage limitation
Personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
V. Accuracy of personal data
The Company ensures that personal data are accurate, where necessary, kept up to date. The Company shall take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
VI. Intergrity and confidentiality
Personal data are processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
VII. Data subject rights
The Company respects the data subject rights, regarding the right to access, the right to restrict processing, the right to data portability, the right to erasure of personal data, the right to object to the processing and to withdraw consent on data processing at any time.
VIII. Data protection by design
The Company has implemented appropriate technical and organisational measures to implement data-protection principles in an effective manner and to integrate the necessary safeguards into the processing, in order to meet the requirements of the GDPR and protect the rights of data subjects.
IX. Data protection by design
The Company has implemented appropriate technical and organisational measures to ensure that only personal data necessary for a given purposes of processing are processed by default. The principle of data protection by design and data protection by default shall be applied in the design and purchase of new products/systems.
X. Processing security/data security
Personal data are processed in a secure manner. The Company has implemented appropriate technical and organisational measures to ensure security and protection of personal data, taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
All activities related with personal data processing are properly documented. The Company is responsible for complying with the personal data protection laws, including the GDPR, and is able to demonstrate that.
XII. Personal Data Protection Officer
Hamech Sp. z o.o. has designated a Personal Data Protection Officer having professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in the GDPR. The name and contact details of the Personal Data Protection Officer are specified in the GDPR section on the company website.