""

Statement of Privacy Systemics

Statement of Privacy

Personal Data Administrators: Systemics-PAB Ltd. Based in Poland and Apave SA and Apave International SAS, based in France, ensure:

Data security is one of our priorities. We use effective information technology, physical and organizational security measures to ensure an adequate level of protection while adhering to applicable laws and regulations.

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) has been in force in the European Economic Area since May 25, 2018. This regulation introduces uniform rules for the protection of personal data throughout the European Union.

“Personal data” means information on an identified or identifiable individual (natural person). We process such data only for purposes associated with our company’s and our group’s business operations. In most cases, the personal data we use is limited to the following: first and last name, e-mail address, phone number, company name and position, and (where applicable) other contact details.
Personal data is processed in order to enable or facilitate our business operations and growth. The provision of personal data is voluntary, and our processing practices do not involve any information pertaining to behaviors or personal life, or any other types of data used for profiling.

When processing personal data, we follow the main principles of the GDPR?

  • Lawfulness: we need to have at least one legal basis to be able to process the data.
  • Purpose limitation: we do not use the personal data we have collected for any purposes other than those previously communicated and legally justified.
  • Data minimization: we only process data which is necessary to fulfill our objectives; no redundant data is collected.
  • Accuracy: we work to ensure that the data we keep is accurate and up-to-date.
  • Storage limitation: we only keep the data for as long as there is a purpose and a legal basis; after that time, the data is erased.
  • Integrity and confidentiality: we safeguard the data against unauthorized access, loss or destruction by using technical (IT) and organizational measures.
  • Transparency: we make our best efforts to communicate with the data subjects in a clear and understandable manner.
  • Accountability: our activities are documented so that we can demonstrate (as required by the law) that we use adequate personal data protection practices and measures and take them into consideration when planning and implementing new solutions.

Depending on our objectives, we rely on different legal bases for processing. The most common ones are: performance of a contract; data subject’s consent; and controller’s legitimate interest (e.g. development of service/commercial operations, direct marketing of products and services by the company and members of the group of companies, data archiving, risk management, etc.).

 

We mainly use personal data to:

  • Maintain and develop business relationships.
  • Provide services, sell products and solutions, and identify prospective customers.
  • Purchase services, solutions, goods and products.
  • Analyze market developments, needs and offerings.
  • Pursue marketing and promotional activities.
  • Develop competencies and research/technology relationships.
  • Organize and attend conferences, training courses, trade shows and exhibitions.

The GDPR grants certain rights to individuals whose personal data is being processed. We are prepared to assist data subjects in exercising these rights upon request.

 

Rights of data subjects

  • Right of access: at the request of the interested individual, we will provide information as to whether or not we are processing his/her data and, where applicable, what categories of data are being processed.
  • Right to rectification: we will rectify data without undue delay if it is inaccurate or incomplete.
  • Right to withdraw consent: at the request of the data subject, we will stop using the data for the purposes stated in the request.
  • Right to erasure (right to be forgotten): we will erase the data when the purpose of processing is no longer valid, or when there is no longer any legal basis for processing.
  • Right to restriction of processing: at the request of the data subject, we will restrict the processing to storage only until the data is rectified, until legal concerns are clarified, or until the objection made by an individual on grounds relating to his/her particular situation is resolved.
  • Right to data portability: at the request of the data subject, we will provide a copy of the data for transmission to another controller.
  • Right to object: any individual may object to the processing of his/her personal data, especially for direct marketing or profiling purposes.
  • Right not to be subject to profiling: any individual may refuse to be subject to profiling (i.e. making decisions based on automated processing with respect to such individual) unless it is required for the execution of a contract.

 

The above rights can be exercised by submitting a request to  dane_osobowe@syspab.eu.

While we make every effort to remain compliant, if the manner in which we process personal data is believed to violate the provisions of the GDPR, data subjects have the right to lodge a complaint with the supervisory authority (currently www.giodo.gov.pl).

Transferring data to third parties


In the course of our business, we work with members of our group of companies and use services provided by various entities. As a result, depending on the situation and context, we may sometimes transfer selected personal data which we control to such parties. This is always done in compliance with the applicable data security, confidentiality and protection principles, and only to the extent permitted by the law.

Depending on the situation and purposes, the personal data that we keep may be received by: individuals and entities that collaborate with us, such as our employees and associates, our customers, suppliers, service providers, subcontractors, and postal and courier companies, and our accounting, legal, auditing, consulting and financial service providers; supervisory bodies acting in their official capacity; and members of the Apave Group.

The GDPR covers the European Economic Area (EEA) and considers the level of personal data protection in the countries covered to be adequate. However, any transfer of personal data to non-EEA countries which are not deemed to provide an adequate level of personal data protection requires additional safeguards. For that reason, whenever it is necessary to transfer personal data to countries outside the EEA, we use legally required solutions to ensure the security of such data.

For example, in the case of Apave Group companies located outside the EEA, personal data will be transferred under agreements the incorporate relevant UE requirements, such as standard contractual clauses approved by the European Commission.

Retention of data


Personal data will be kept until consent is withdrawn (if such consent is the only basis for processing) or for the time required to achieve the objectives or fulfill the obligations that arise from contracts or laws and regulations. In addition, personal data may be retained in order to clarify potential disputes (until such disputes are clarified).

Information obligations


“Controller” means the entity that determines the purposes and means of the processing of personal data. Personal data processing includes all operations performed on such data manually or automatically, such as recording, storage, erasure, alteration, transfer, sharing and elaboration.

The individuals whose data we acquire are notified as soon as possible (and in no event later that within 30 days) of the principles under which Systemics controls and processes their data by delivering an appropriate information clause by e-mail, by regular mail, in person, by phone or through a website.

The controller of your personal data is Systemics-PAB Sp. z o.o. with its registered office in Warsaw at ul. Wołodyjowskiego 46B, 02-724 Warszawa. If you have any questions or comments, please contact us at dane_osobowe@syspab.eu


Personal data controller general clause

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27,  2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) has been in force since May 25, 2018. Due to the fact that we have received personal data from you, pursuant to Article 13(1) of the GDPR we would like to inform you that:

The controller of your personal data is Systemics-PAB Sp. z o.o. with its registered office in Warsaw at ul. Wołodyjowskiego 46B, 02-724 Warszawa. If you have any doubts concerning the processing of your data, please contact us by e-mail at dane_osobowe@syspab.eu or by regular mail. The security of your data is very important to us, and we will use our best efforts to ensure that it is processed in a secure and lawful manner.

 

Your personal data will be processed in order to establish or maintain business contacts, provide information on Systemics Group’s products and services, and conduct marketing and promotional activities on the basis of your consent. In addition, it will be used to pursue our legitimate interests, take steps in connection with the execution and performance of contracts, and fulfill legal obligations. We process the following types of data: first name, last name, e-mail address, phone number, company name and position, and (where applicable) other contact details.
Depending on the tasks being carried out, your personal data may be received by individuals and entities that collaborate with us, such as our employees and associates, members of our group of companies, our clients, suppliers and service providers, and postal and courier companies, but only to the extent required to carry out the tasks specified by us as the data controller and within the framework of the applicable laws and regulations. In addition, the following entities may access the data in the performance of their responsibilities: our accounting, legal, auditing, consulting and financial service providers, and supervisory bodies acting in their official capacity.

 

Your personal data will not be transferred to entities based outside the European Economic Area, with the possible exception of Systemics Group companies. When transferring data to third countries, we will take the steps recommended by applicable laws and regulations in order to safeguard the data being transferred (e.g. by using contractual clauses approved by the European Commission).
Your personal data will be kept until your consent is withdrawn or for the time required to achieve the objectives or fulfill the obligations that arise from contracts or laws and regulations.
Individuals have the right to access their data, the right to rectify, restrict processing, erase or move such data, the right to withdraw consent (at any time, but without affecting the lawfulness of earlier processing) and the right to object (provided that pursuant to Article 21(1) of the GDPR, when submitting an objection, grounds relating to one’s particular situation must be stated). The above rights can be exercised by contacting us at dane_osobowe@syspab.eu .

 

We hope that this will not be necessary, but if you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

The provision of personal data is voluntary and enables us to establish and maintain business contacts, deliver marketing materials, notices, invitations and offers, and prepare and perform contracts. We do not collect information pertaining to behaviors or personal life, and the data we process will never be subject to profiling.