Please find below a description of your rights in relation to our processing of your personal data.
- THE RIGHT TO WITHDRAW THE CONSENT FOR PERSONAL DATA PROCESSINGi
- In the event of processing of your personal dataii on the basis of your consent, you shall have the right to withdraw your previously given consent to the processing of your personal data at any time pursuant to Article 7(3) of the GDPRiii. The Controlleriv should make it possible to withdraw the consent as easily as it was given. The withdrawal of the consent to data processing does not necessarily always imply the complete cessation of the processing of your personal data, which depends on whether there are other purposes and other legal grounds for processing your data.
- ACCESS RIGHTS OF THE DATA SUBJECT
- Pursuant to Article 15 of the GDPR, you have the right to obtain information from the Controller whether your personal data is processed. If it is processed, you have the right to obtain access to the data and to information such as:
- the purposes of the processing,
- the categories of personal data,
- information concerning the recipients to whom the personal data has been or will be disclosed, including recipients in countries or international organisations outside the EEAv,
- the intended period of storage of the personal data, if possible, and if not - the criterion for determining that period,
- information on the right to request from the controller rectification, erasure or restriction of the processing of personal data concerning the data subject,
- the source of the data, if the personal data has not been collected from the data subject,
- automated decision-making, including profilingvi,
- If your personal data is transferred to the EEA or outside the EEA, you have the right to be informed of the safeguards in place as described in Article 46 of the GDPR relating to the data transfer.
- In exercising the right of access, the Controller shall provide you with a copy of the personal data subject to processing. It should be noted that for any further copies you may request, the Controller may charge a reasonable fee resulting from administrative costs. If you request a copy by electronic means and do not stipulate another form of information provision, the Controller will provide information by electronic means.
- Pursuant to Article 15 of the GDPR, you have the right to obtain information from the Controller whether your personal data is processed. If it is processed, you have the right to obtain access to the data and to information such as:
- THE RIGHT OF RECTIFICATION AND ERASURE OF DATA
- Pursuant to Article 16 of the GDPR, you have the right to request the immediate rectification of your personal data, as well as the right to request the completion of any incomplete personal data, including by providing an additional statement, taking into account the purposes of the processing.
- The Controller will inform you of the rectification of your personal data and any recipient to whom your personal data has been disclosed, unless this proves impossible and requires disproportionate effort.
- THE RIGHT OF DATA ERASURE (RIGHT TO BE FORGOTTEN)
- Pursuant to Article 17 of the GDPR, you have the right to request from the Controller the immediate erasure of personal data concerning you, and the Controller is obliged to erase it without undue delay, but only when one of the circumstances listed below occurs:
- the personal data collected about you is no longer necessary or processed for the purposes for which it was collected,
- you have withdrawn your consent to the processing of your personal data and there are no legal grounds to continue the processing,
- you object to the processing and in this case there are no legitimate grounds for the processing,
- your data has been unlawfully processed,
- your personal data must be erased in order to comply with a legal obligation to which the Controller is subject under Union or Member State law,
- your data has been collected in connection with the offering of information society services directly to a child. (According to the GDPR, the processing of a child's personal data can take place once the child has reached the age of 16. At a lower age, the processing may take place when the legal guardian has given his or her consent to the extent designated by him or her).
- If the Controller deletes your personal data, it is obliged to delete also all links to such data, any copies and replications.
- The Controller will inform you and any recipient to whom your personal data has been disclosed of the erasure of your personal data, unless this proves impossible and requires disproportionate effort.
- Pursuant to Article 17 of the GDPR, you have the right to request from the Controller the immediate erasure of personal data concerning you, and the Controller is obliged to erase it without undue delay, but only when one of the circumstances listed below occurs:
- THE RIGHT TO RESTRICT THE PROCESSING
- Pursuant to Article 18 of the GDPR, the data subject has the right to request the controller to restrict the processing in the following cases:
- the data subject disputes the accuracy of the personal data - for a period allowing the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of the processing, but the data is needed by the data subject to establish, assert or defend a claim;
- the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject's objection.
- Where processing has been restricted pursuant to paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of claims, or for the protection of the rights of another natural or legal person, or for important grounds of public interest of the Union or of a Member State.
- Before waiving the restriction on processing, the controller shall inform the data subject who requested the restriction under paragraph 1.
- Pursuant to Article 18 of the GDPR, the data subject has the right to request the controller to restrict the processing in the following cases:
- THE RIGHT OF DATA PORTABILITY
- Pursuant to Article 20 of the GDPR, you may request the Data Controller to provide you with your personal data. The Controller is obliged, in response to your request, to transmit all data that you have provided and the data that has been generated and collected up to the time of your request in the form of a copy. You may indicate in your request that you wish the Controller to whom you are making the request to forward the information to another Controller you have specified.
- THE RIGHT TO OBJECT AND TO AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES
- Pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data when it is processed by the Controller for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, as well as when your data is processed for the purposes of the Controller's legitimate interests, including profiling. Upon lodging the objection, you must demonstrate your particular situation in which the Controller should not process your data. This means that your objection will be considered on a case-by-case basis, which obviously includes the possibility of refusing to take your objection into account.
- THE RIGHT TO TAKE DECISIONS ON AUTOMATED PROCESSING, INCLUDING PROFILING
- Pursuant to Article 22 of the GDPR, you have the right not to be subject to a decision which is based solely on automated processing, including profiling and generates legal effects on you or similarly significantly affects you.
- THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
- Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data violates the provisions contained in the GDPR.
- THE RIGHT TO INFORMATION ON CATEGORIES OF RECIPIENTS
- 1. If you request information about the recipients of your data, the Controller is obliged to respond. With regard to the right to information on categories of recipients, you may also request exact information on the entity that is the recipient of your data.
- THE RIGHT OF ACCESS TO THE RESULTS OF THE BALANCING TEST
- If your personal data is processed on the basis of the Controller's legitimate interest under Article 6(1)(f) of the GDPR, you have the right to access the results of the balancing test.
- THE RIGHT TO FUNDAMENTAL ARRANGEMENTS BETWEEN
CO-CONTROLLERSvii
- Pursuant to Article 26 of the GDPR, you have the right to be informed about the essential arrangements for the purposes and means of processing of personal data between the Joint Controllers.
Glossary:
iPersonal data processing - shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
iiPersonal data - shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
iiiGDPR - means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). The text of the Regulation is available at www.tauron.pl/rodo.
ivController- means a natural or legal person, a public authority, an agency or other entity which, independently or jointly with others, determines the purposes and means of the personal data processing; if the purposes and means of such processing are determined by the law of the European Union or a Member State, the controller or the specific criteria for its nomination may be also provided in the law of the European Union or the Member State.
vEEA - European Economic Area
viProfiling - means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects relating to that individual's performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
viiCo-Controller - an entity that determines the purposes and methods of personal data processing jointly with at least one other Controller - Article 26(1) of the Regulation.