Privacy Policy

Information on the Processing of Personal Data
In connection with the entry into force on May 25, 2018, of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter “GDPR”), in compliance with the information obligation under Article 13, I inform you that:

The Data Controller is Wojciech Węgier, conducting business under the name Węgier Glass Wojciech Węgier, based in 68-200 Żary, ul. Szklarska 39, registered in CEIDG, NIP: 928-001-41-88.
The Data Controller – Węgier Glass Wojciech Węgier – has not appointed a Data Protection Officer.
For matters regarding personal data processed by the Controller, you can send an email to: dane@wegierglass.com.pl.

Your personal data will be processed for purposes necessary to:

• properly perform contracts, including all preparatory actions preceding the conclusion of a contract;

• carry out actions based on granted consent;

• respond to inquiries;

• fulfill legal obligations of the Controller, such as issuing and storing invoices and accounting documents, responding to complaints;

• pursue legitimate interests of the Controller, including the establishment, exercise or defense of legal claims;

• conduct service quality analyses and for statistical purposes for the internal needs of the Controller.

The legal basis for the processing of your personal data is Article 6(1)(a), (b), (c), and (f) of the GDPR.

Your data may be disclosed to:

• courier, transport, postal, banking, consulting, legal, financial, and insurance service providers;

• entities providing accounting and tax services to the Controller;

• subcontractors of Węgier Glass Wojciech Węgier;

• in case the headquarters of the entity receiving your data is outside the EEA, the data may be transferred there (applies to courier and transport companies).

Providing personal data is voluntary, but necessary for the conclusion and performance of a contract.

Personal data will be processed:

• for the period necessary for the proper achievement of the processing purposes and for periods resulting from civil and public law responsibilities of the Controller;

• until consent is withdrawn.

You have the right to:

• request access to your data, its rectification, deletion, restriction of processing, data portability, objection to processing, and withdrawal of consent at any time;

• lodge a complaint with the President of the Personal Data Protection Office if you believe your rights under data protection laws have been violated.

 

Personal Data Security Policy

1. List of Basic Abbreviations

---

2. List of Key Definitions

Whenever this Security Policy refers to:

• Data Controller – it means the authority, organizational unit, entity, or person that decides on the purposes and means of personal data processing;

• Data Security Officer – a person designated by the Data Controller, responsible for supervising compliance with data protection rules (per Art. 36a(2) of the DPA);

• IT Systems Administrator – a person or external entity appointed by the Data Controller, responsible for the operation and security of IT systems and networks;

• Authorized Person – a person authorized by the Data Controller to process personal data (can be an employee, contractor, volunteer, intern, etc.);

• Personal Data – any information relating to an identified or identifiable natural person;

• Personal Data Filing System – a structured set of personal data accessible according to specific criteria;

• Personal Data Processing – any operation performed on personal data (e.g., collection, storage, sharing, deletion), particularly via IT systems;

• Information System – a set of cooperating devices, software, procedures, and tools used to process data;

• Data Security in Information Systems – implementing and operating technical and organizational measures to protect personal data from unauthorized processing;

• Information Security – a set of rules ensuring authorized access to information under any circumstances;

• Data Erasure – destruction or irreversible modification of data to prevent identification of the data subject;

• Consent of the Data Subject – a voluntary, specific, informed and unambiguous indication of the data subject’s agreement to data processing (can be revoked anytime);

• Data Recipient – anyone to whom personal data is disclosed, excluding:

  • the data subject,

  • authorized processors,

  • the representative under Art. 31a of the DPA,

  • an entity under Art. 31 of the DPA,

  • public authorities when data is shared in legal proceedings;

• Third Country – a country outside the European Economic Area (EEA);

• Password – a string of characters known only to the system user;

• User ID – a unique identifier assigned to a person authorized to process data in specific system areas;

• Data Confidentiality – ensuring data is not disclosed to unauthorized persons;

• Data Integrity – ensuring data has not been altered or destroyed unlawfully;

• Data Accountability – ensuring actions can be uniquely linked to a person or entity;

• System User – a person with assigned login credentials who is authorized to process data in the IT system;

• Authentication – confirming a user’s identity to assign appropriate privileges in the IT system;

• Incident – a security breach related to confidentiality, availability, or integrity of data;

• Threat – a potential cause of an incident;

• Corrective Action – actions to eliminate the root cause of a security incident;

• Preventive Action – actions taken to eliminate the cause of a potential security threat.