Privacy Policy

GENERAL PRINCIPLES SET OUT IN THE GDPR REGULATIONS

  1. The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (hereinafter referred to as the “Charter of Fundamental Rights”) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to protection of personal data concerning him or her.
  2. Principles and rules on the protection of individuals with regard to the processing of their personal data should ensure, irrespective of their nationality or residence, respect for their fundamental rights and freedoms, in particular their right to protection of personal data. Efforts should be made to promote an area of freedom, security, and justice, an economic union, progress in economic and social cohesion, the strengthening and convergence of economies in the internal market, and the well-being of individuals.
  3. The purpose of Directive 95/46/EC of the European Parliament and of the Council is to harmonise the protection of fundamental rights and freedoms of individuals in relation to processing activities and to ensure the free movement of personal data between Member States.
  4. Personal data processing should be organized in a way that serves humanity. The right to protection of personal data is not absolute; it should be considered in the context of its social function and balanced against other fundamental rights, in accordance with the principle of proportionality. The GDPR does not infringe the fundamental rights, freedoms, and principles recognized in the Charter of Fundamental Rights – as enshrined in the Treaties – especially the right to respect for private and family life, home, and communications, protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, right to an effective remedy and access to an impartial court, and cultural, religious, and linguistic diversity.

DEFINITIONS FOR GDPR PURPOSES

  1. Personal data means information relating to an identified or identifiable natural person based on an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  2. Processing means the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  3. Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
  4. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  5. Pseudonymisation means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information.
  6. A data set means any structured set of personal data accessible according to specific criteria.
  7. The controller means a natural or legal person, public authority, agency, or another body that, alone or jointly with others, determines the purposes and means of processing personal data.
  8. Processor means a natural or legal person, public authority, agency, or another body that processes personal data on behalf of the controller.
  9. Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  10. Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  11. Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person that give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
  12. Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, such as facial image or dactyloscopic data.
  13. Data concerning health means personal data related to the physical or mental health of a natural person.

BASIC PRINCIPLES OF DATA PROCESSING

  1. The controller of personal data of the service users are SBM sp. z o.o. sp. k. and SBM Sp. z o.o., both based at Klecińska 123, 54-413 Wrocław, contact: sbm@sbm-rail.com, +48 71 798 56 00 (hereinafter referred to as the “Controller”).
  2. Personal data is obtained by the Controller only in connection with business activities through voluntary consent.
  3. The data mentioned in point 2 are processed in accordance with the law, fairly, transparently, and observing the principle of processing purpose limitation. First, the purpose is defined, and then data is processed. Data is not processed excessively or beyond the defined purpose.
  4. Data processing does not violate their integrity and confidentiality, meaning the data is not scattered, remains in the same set in which it was initially qualified when collected. Data is not disclosed to unauthorized persons, meaning it’s secured in a way that ensures its confidentiality.
  5. The Controller does not process data in an automated manner and does not engage in profiling.

PROCEDURE IN CASE OF DATA BREACH

  1. In the event of a security breach in data processing, the Controller should be notified immediately by phone at 071 798 56 00 or by email at sbm@sbm-rail.com.
  2. When reporting a breach, provide who and under what circumstances detected the data breach; also, provide the known circumstances, place, time, and manner of the breach, whether any remedial measures were taken, and if the effects of the breaches can be assessed.

Note: All of the capitalized sections in your text were underlined in this English translation to maintain consistency with your instruction.