Personal Data

1. Personal data: basic information

• What is personal data?

Personal data is any information that relates to an identified or identifiable living individual.

• What is GDPR?

GDPR is the basic legal act regulating protection of personal data of natural persons in the territory of the European Union.

GDPR is Regulation 2016/679 of the European Parliament and of the Council (EU) of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

• How long has GDPR been in force?

GDPR has been in force as of 25 May 2018.

• What is the purpose of GDPR?

GDPR was adopted to:

• exercise every man’s right to protect his/ her personal data, which belongs to fundamental rights and freedoms;
• regulate the principles and enable the free flow of personal data in the European Union in a manner that the protection of individual's rights is not an obstacle with respect to it;
• put the protection of personal data in the entire European Union on the same level and to make it governed by the same principles.
• Who does GDPR refer to?

GDPR refers to all entities and companies which operate in the European Union, irrespective of the fact whether the processing of data takes place in the European Union or not.

This also refers to companies outside of the EU, if they sell goods or provide services in the area of the European Union or perform ongoing monitoring of the European Union citizens, irrespective of the fact whether the processing of data takes place in the European Union or not.

• Do I have to perform any activities in relation to GDPR?

Safety of your personal data is of key importance to us. Your data is safe with us. You do not have to perform any activities or contact us. However, if you wish to contact us, please send your message via post to the following address:

Nexera Sp. z o.o.

Atrium Plaza, 4^th floor

Jana Pawła II 29

00-867 Warsaw, Poland

or electronically to the following e-mail address: dane.osobowe@nexera.pl.

You are also welcome to become acquainted with the information available on our website.

 

2. NEXERA: Your Personal Data Controller

 

The data controller of your personal data is Nexera Sp. z o.o.

As the controller of your personal data, we determine the purpose and the mode of processing your personal data and we are responsible for making the processing compliant with legal provisions, the concluded agreement and safety regulations.

Our registered office is located at:

Atrium Plaza, 4^th floor

Jana Pawła II 29, 00-867 Warsaw, Poland.

Our entry number in the National Court Register is KRS 0000637244 and our VAT Reg. No. (NIP) is 522307164.

 

3. Processor

 

Your personal data are processed in relation to the business activity pursued by us. To do it effectively and safely with respect to the personal data, we are using services of other companies, which we entrust with personal data for processing. These are companies responsible for building and maintaining our network, IT companies and ICT operators. These companies are called processors. Processors are bound by the same principles pertaining to the personal data protection as we are as the data controller. Your data is safe with our processors.

 

 

4. Data Protection Officer (DPO)

 

The Data Protection Officer (DPO) is Filip Turyk.

In particular, DPO:

• monitors compliance with GDPR, other data protection regulations and internal provisions of the data controller, which refer to the protection of personal data;
• cooperates with a supervisory authority, i.e. the President of the Personal Data Protection Office;
• acts as a contact point for the supervisory authority.

You can contact the DPO via post at the following address:

Data Protection Officer (DPO)

Nexera Sp. z o.o.

Atrium Plaza, 4^th floor

Jana Pawła II 29

00-867 Warsaw, Poland

or electronically to the following e-mail address: dane.osobowe@nexera.pl.

 

5. Your rights

 

Your rights pertaining to the protection of your personal data are regulated in GDPR. GDPR gives you the right to:

1. rectify (correct) your data: if we process your data which is incorrect, e.g. not up-to-date, you have a right to inform us about it and we will correct or update your data;
2. access your data: i.e. to be informed by us which of your personal data are processed;
3. “be forgotten”: i.e. to remove data in case the processing of your data by us is no longer necessary. It is not always possible to exercise such rights, in particular in situations when you and Nexera are bound by an agreement, when we need your data to seek claims or when we have to process your data on account of the applicable law;
4. limit the processing of data: you can apply to us to limit the processing of your personal data, in particular when you are not certain whether we are processing your data correctly. In such case, we will mark your data as assigned exclusively for storage and will examine the legitimacy of processing. You can also file the application when we intend to remove your data and you want us to store them, e.g. for evidence purposes;
5. transfer data: i.e. to receive your personal data which we process or to designate another data controller to whom we should provide your data, provided it is technically possible;
6. object against the processing of data on the basis of legitimate interest of the data controller or a third party, including profiling, due to causes related to special circumstances;
7. object against the processing of data for direct marketing purposes, including profiling: if such objection has been filed, we will cease to process and also profile, your data for marketing purposes;
8. withdraw your consent at any moment: you may withdraw the consent you have granted at any moment. As of the moment of withdrawing the consent for the processing of your personal data, we will not process the data for the purpose specified by you. Processing which took place until the moment of consent withdrawal remains fully valid and legal.

Exercise of such rights by Nexera depends on the possibility of identifying the person filing the request in order to be sure that it has been filed by an authorised person. The scope of every right and the situations in which they may be exercised result from legal provisions. The exercise of such rights by the Provider depends, in particular, on the legal basis and the purpose of data processing.

 

6. Information obligation

• Information obligation towards persons making their properties available to Nexera.

You are making your property available to us to allow us to build our network or to connect your house or apartment to our network.

When making your property available, you conclude a relevant agreement with us. When you conclude or intend to conclude such agreement with Nexera Sp. z o.o., you provide us with personal data. In the agreement and here we inform you about the processing of your data on the basis of the so-called information obligation.

Your personal details, as owner, perpetual user or manager of the property, contained in the document that is the motion for conclusion of agreement to access the property, and entered into the document, were acquired from territorially adequate land and property records (based on art.24 act 5 section 2a of legislation from May 17, 1989 Geodetic and Cartographic Law, i.e. Journal of Laws 2017, section 2101 and later revisions):

Who will process your personal data and how to contact them?

1. Your personal data will be processed by Nexera Sp. z o.o. (data controller).
2. With respect to any issues related to personal data, please contact us via post at the following address: Nexera Sp. z o.o.

Atrium Plaza, 4^th floor

Jana Pawła II 29

00-867 Warsaw, Poland

or electronically at the following e-mail address: dane.osobowe@nexera.pl.

3. The Data Controller has appointed a Data Protection Officer (DPO) who may be contacted via post or e-mail at addresses specified above with a note: Data Protection Officer (DPO).
   
   

Which data are processed?

 

Nexera will process the following personal data: first name and surname; address of residence; number of ID, telephone number, e-mail address, optionally the number of land and mortgage register and number of plot from the register of land.

What are the purposes and bases of personal data processing?

1. Provision of personal data by the person making the real property available is voluntary, yet necessary for the conclusion of the agreement on the basis of which the real property is made available. Failure to provide such data makes conclusion of the agreement impossible.
2. Personal data of the Provider will be processed in order to:
3. exercise the agreement on making the real property available;
4. perform maintenance activities;
5. determine, defend from and seek claims;
6. archive data and documents;
7. provide answers to letters and applications.
   
   

Who can personal data be transferred to?

1. Data may be transferred to the following categories of entities:
2. courier companies or post operators;
3. ICT operators;
4. law firms;
5. tax offices;
6. processing entities, i.e. contractors cooperating with Nexera (construction of ICT network, servicing and maintenance of ICT networks and IT systems);
7. entities or bodies authorised on the basis of legal provisions (including courts, prosecution attorneys, regulatory and supervisory bodies);
8. Nexera does not intend to transfer the personal data of the Provider to the so-called third countries (i.e. outside of the European Economic Area, encompassing the European Union, Norway, Lichtenstein and Iceland). However, if such necessity arises, Nexera can do it ensuring proper level of protection and complying with relevant legal provisions.
   
   

How long are personal data processed?

The period of storing the personal data of the Provider depends on the purpose for which the data is processed. It results from legal provisions (which impose the obligation of storing data for a specific period of time) or is necessary for the agreement performance or legitimate interests pursued by the data controller or by a third party. Sample periods for which the personal data of the Provider may be stored:

1. data pertaining to the agreement performance: during the term of the agreement;
2. determination, defence from and seeking of claims: up to 6 years.

Notably, your details will be processed over the duration of the agreement, and in case of not entering the agreement - over period necessary to execute, inspect and audit Project "Universal access to high-speed internet," Action 1.1 as part of Operational Programme Polska Cyfrowa 2014-2020 Priority Axis no.1. 

What rights do you have in reference to personal data?

You have a right to:

1. rectify (correct) your data;
2. request access to the data of the Provider processed by Nexera;
3. remove data or limit the processing of data;
4. file an objection against the processing of data;
5. transfer data, which means the right to receive data processed by Nexera or request their transfer to another entity;
6. withdraw the consent for the processing of personal data.

Compliance with such rights on the part of Nexera depends on the possibility of identifying the person filing the request in order to be sure that it has been filed by an authorised person. The scope of every right and the situations in which they may be exercised result from legal provisions. The exercise of such rights by the Provider depends, in particular, on the legal basis and the purpose of data processing.

Contact with the President of the Personal Data Protection Office

If you have doubts whether your data are processed correctly by Nexera, you can file a complaint to the President of the Personal Data Protection Office.

Profiling and automatic data analysis

 

Nexera does not use personal data for profiling and does not make decisions based on automatic analysis of personal data.

 

• Information obligation towards employees, contractors, proxies, employees of business partners, contact persons, interns, candidates for work.

When concluding an employment agreement, a cooperation agreement, when accepting a power-of-attorney from Nexera and when cooperating with Nexera on behalf of your employer, when doing internship in Nexera or applying for a job in Nexera, you provide us with your personal data. In the agreement and here we inform you about the processing of your data on the basis of the so-called information obligation.

Who will process your personal data and how to contact them?

1. Your personal data will be processed by Nexera Sp. z o.o. (data controller).
2. With respect to any issues related to personal data, please contact us via post at the following address: Nexera Sp. z o.o.

Atrium Plaza, 4^th floor

Jana Pawła II 29

00-867 Warsaw, Poland

or electronically at the following e-mail address: dane.osobowe@nexera.pl.

3. The Data Controller has appointed a Data Protection Officer (DPO) who may be contacted via post or e-mail at addresses specified above with a note: Data Protection Officer (DPO).
   
   

Which data are processed?

 

Nexera will process the following personal data: first name and surname; address of residence; number of ID, telephone number, e-mail address, PESEL and VAT Reg. No. (NIP).

 

 

What are the purposes and bases of personal data processing?

1. Provision of personal data is voluntary, yet necessary to conclude an employment agreement or cooperation agreement, granting a power-of-attorney, starting or continuing cooperation.
2. Personal data of the Provider will be in particular processed to:
3. conclude and perform the agreement (employment agreement, commission contract, contract for specific work);
4. grant a power-of-attorney;
5. archive HR files and documents;
6. provide additional benefits, including medical, for employees and family members;
7. participate in trainings conducted by third parties;
8. provide medical benefits to employees and family members; determine, defend from and seek claims;
9. OHS;
10. recruitment;
11. determine, defend from and seek claims;
12. provide answers to letters and applications.

Detailed information about the purpose of processing is provided individually in the concluded agreements, prior to granting a power-of-attorney or before the start of a recruitment process.

 

 

Who can personal data be transferred to?

1. Data may be transferred to the following categories of entities:
2. Social Insurance Company (ZUS), tax offices;
3. banks;
4. cooperating entities ensuring benefits from the Company Social Benefits’ Fund;
5. cooperating entities providing OHS servicing, organising trainings and conferences, trips, transport services;
6. cooperating entities in the area of insurance cover, medical services or additional benefits;
7. courier companies or post operators;
8. ICT operators;
9. law firms;
10. tax offices;
11. processing entities, i.e. contractors cooperating with Nexera (construction of ICT network, servicing and maintenance of ICT networks and IT systems);
12. entities or bodies authorised on the basis of legal provisions (including courts, prosecution attorneys, regulatory and supervisory bodies);
13. Nexera does not intend to transfer the personal data of the Provider to the so-called third countries (i.e. outside of the European Economic Area, encompassing the European Union, Norway, Lichtenstein and Iceland). However, if such necessity arises, Nexera can do it ensuring proper level of protection and complying with relevant legal provisions.
    
    

How long are personal data processed?

 

The period of storing the personal data of the Provider depends on the purpose for which the data is processed. It results from legal provisions (which impose the obligation of storing data for a specific period of time) or is necessary for the agreement performance or legitimate interests pursued by the data controller or by a third party. Sample periods for which the personal data of the Provider may be stored:

1. data pertaining to the agreement performance: during the term of the agreement;
2. HR files: up to 50 years;
3. data pertaining to the agreement performance: up to 7 years;
4. data necessary to issue an invoice and accounting documents: 5 years from the end of the tax period;
5. data of candidates for work: 2 years from the moment of filing an application;
6. data of contractors, employees of contractors, contact persons - up to 7 years;
7. determination, defence from and seeking of claims: up to 6 years.
   
   

What other rights do you have in reference to personal data?

 

You have a right to:

1. rectify (correct) your data;
2. request access to the data of the Provider processed by Nexera;
3. remove data or limit the processing of data;
4. file an objection against the processing of data;
5. transfer data, which means the right to receive data processed by Nexera or request their transfer to another entity;
6. withdraw the consent for the processing of personal data.

Compliance with such rights on the part of Nexera depends on the possibility of identifying the person filing the request in order to be sure that it has been filed by an authorised person. The scope of every right and the situations in which they may be exercised result from legal provisions. The exercise of such rights by the Provider depends, in particular, on the legal basis and purpose of data processing.

 

 

Contact with the President of the Personal Data Protection Office

 

If you have doubts whether your data are processed correctly by Nexera, you can file a complaint to the President of the Personal Data Protection Office.

 

 

Profiling and automatic data analysis

 

Nexera does not use personal data for profiling and does not make decisions based on automatic analysis of personal data.