Out of care for the highest quality of the processes of personal data processing, the Management Board of Stadion Miejski Sp. z o. o. in Białystok would like to inform you that personal data contained in our IT resources are stored in accordance with the highest security standards and procedures and that their protection is our priority.
Controller (formerly: personal data controller) – Management Board of Stadion Miejski Sp. z o. o. in Białystok, ul. Słoneczna 1, 15-323 Białystok, phone: 85 654 86 80, e-mail: firstname.lastname@example.org
In all matters related to the processing of personal data, you can contact our Data Protection Officer, who is available at the email address: email@example.com
The legal bases for the collection, storing and archiving of personal data and the purposes of their processing
Personal data are all information related to an identified or identifiable natural person. We collect and use these data only within the scope arising from the applicable provisions of the law. Personal data are stored for a period no longer than the period provided for in the Polish law, i.e. the Act of 14 July 1983 on national archival resources and archives, and the uniform factual list of files, constituting Appendix to the Regulation of the President of the Council of Ministers of 18 January 2011 regarding the office instructions, uniform factual lists of files and instructions on the organisation and scope of operation of company archives.
The legal basis and the purpose of personal data processing and the source of personal data:
- Consent for the processing of personal data, Article 6(1)(a) of the GDPR – personal data processing is performed only within the limits of the voluntary consent given to us. The consent may be withdrawn at any time by the person who has given it. The consent is withdrawn with immediate effect.
- The implementation of contractual obligations, Article 6(1)(b) of the GDPR – we process personal data within the scope necessary for the implementation of the existing or future contracts concluded between us and data subjects or persons who will be implementing the contract. This legal basis also refers to pre-contractual relations.
- Legal obligation, Article 6(1)(c) of the GDPR – if the legal basis for personal data processing is a legal obligation incumbent upon us, this obligation forms a basis for the processing.
- Legal obligation, Article 6(1)(e) of the GDPR – the processing is necessary for the implementation of the task implemented in public interest.
- Legal obligation, Article 6(1)(f) of the GDPR – the processing is necessary for the purposes arising from legitimate interests pursued by the controller or by a third party, except for situations in which the interests or fundamental rights and freedoms of a data subject override those interests and require the protection of personal data, in particular, if the data subject is a child.
The personal data that we collect and store (process) come from data subjects; personal data obtained in another manner than from data subjects come from publicly available sources or from customers or business partners with whom we cooperate.
Recipients of personal data and automated decision making, including profiling.
Personal data may be disclosed to other public administration bodies, entities authorised under the separate provisions of the law, entities providing services to the controller which are necessary for the implementation of the statutory tasks, entities providing legal, advisory and technical support.
At present, personal data are transferred outside the European Economic Area or to international organisations, e.g. Facebook Inc. and Google LLC.
Personal data are not subject to automated decision making, including profiling.
The rights of data subjects
Each data subject has the following rights:
- the right to access their data and to receive a copy thereof (Article 15 of the GDPR),
- the right to rectify their data (Article 16 of the GDPR),
- the right to erase their data (Article 17 of the GDPR),
- the right to limit the processing of their data (Article 18 of the GDPR),
- the right of data portability (Article 20 of the GDPR),
- the right to object to the processing of their data (Article 21 of the GDPR),
- the right not to be subject to decisions taken in the conditions of automated data processing, including profiling (Article 22 of the GDPR),
- the right to lodge a complaint with the supervisory body (President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw) supervising the compliance of data processing with the provisions on personal data protection.
Each person has the right to submit a request pertaining to the rights arising from the GDPR in the electronic form or directly in the registered office of the controller. We are obliged to examine such a request according to the following rules:
- within 30 days, calculated from the date of receipt of the request,
- within 90 days, calculated from the date of receipt of the request, unless the request or a number of requests is of a complex nature, the date of response,
- we respond to the submitted requests in writing, by registered mail with acknowledgement of receipt or by electronic means to the email address indicated in the request.
If you have any questions pertaining to the request, please contact us at the email address: firstname.lastname@example.org