Select region
en

Privacy Policy

Introduction

Technology for business, solutions for people.

Our mission is to improve the quality of life by providing solutions for people and technology for business.

Asseco is everywhere where technology and business connect with everyday life. Our experience gained in all market sectors allows us to create reliable, advanced products. We operate globally, but we never lose sight of the human and social dimension of our work. We know that someone's life and financial future may depend on our solutions. We take full responsibility for the projects we carry out. In this way we have been building trust and prestige of our brand for years.

Asseco makes every effort to meet the highest standards of management, communication and transparency. The pillars of our business are, among others, compliance with applicable laws on privacy and personal data protection. We attach particular importance to respecting the privacy of visitors to our sites (hereinafter referred to as the "Users").

 

Policy objective

We would like to inform you that the principles contained in this Policy shall apply whenever you use the websites of Asseco Poland S.A. (e.g. websites in the global domain www.asseco.com, owned by Asseco Poland S.A. and other websites, hereinafter referred to as the "Asseco Websites"), as well as in any other case when you contact our Company, including in the framework of activities conducted by Asseco Poland S.A. for the entities of the Asseco Group, hereinafter referred to as the "Processes".

Asseco Poland S.A. declares that both the websites and other tools used by the Company in its day-to-day operations are developed and selected with the utmost care, the latest technical knowledge and the principles of professionalism, and meet the requirement of compliance with the applicable laws, in particular those that protect the privacy of natural persons, including website users:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. OJ EU. L. 2016 No. 119/1 (GDPR).
  • Act of July 18, 2002 on the provision of electronic services, i.e. Journal of Laws of 2020, item 344, as amended.
  • Act of July 16, 2004. Telecommunication Law, i.e. Journal of Laws of 2019, item 2460, as amended.

 

Data collection - Security

The right to respect personal data and control information is an important part of everyday work for Asseco, therefore security is crucial. Asseco selects security measures based on the continuous process of risk and threat assessment and analysis of the latest market solutions.

Tools - sites, applications, programs, devices are equipped with both technical and organizational security measures to protect the information under our control from loss, misuse or modification. We protect any information disclosed to us in accordance with laws, regulations, and good practice standards to protect security and confidentiality. Asseco has implemented the Information Security Management System based on the international standard ISO/IEC 27001:2014.

Asseco has appointed the Data Protection Inspector (DPO) to ensure compliance with the rules related to personal data protection.

Contact us about privacy or personal data protection issues: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55

 

Collection of data - Personal data protection

The information about you that Asseco may collect and process includes:

  • name and address, e-mail address and telephone number;
  • demographic data, when linked to personally identifiable information;
  • photographs and opinions;
  • transaction data, including products and services ordered, financial data and payment methods used;
  • company data such as company name, size and location and your role in the company;
  • survey data and publicly available information, such as posts from social networking sites;
  • unique identifiers, such as mobile device identifiers or cookie identifiers in your browser;
  • IP address and information that may be determined by the IP address, such as geographical location;
  • information about the device you are using, such as your web browser, device type, operating system, presence or use of "applications", screen resolution and preferred language;
  • data about the behavior of a computer connected to the Internet or a device used to access websites, such as clicks on ads or their display, sites and their content, dates and times of activity or searches to locate and visit websites.

 

Notwithstanding the above, there may be circumstances in which other information than that indicated above will be necessary to provide the service or process requested by you. In such cases, you will be informed of the need to provide certain information, including personal data, with an indication of the purpose of its use. You have the opportunity to make a voluntary decision on whether or not to provide access to your data. Nevertheless, providing personal data may be required in a situation where it is necessary to provide the service or process specified each time within the framework of the website, the regulations of Asseco (e.g. receiving information about the product, organized event, offer, demo download, launching an internship program, recruitment process). In such cases, you may be asked to fill in and send a form/ questionnaire, which will clearly indicate what kind of personal data will be collected and for what purpose.

The data provided will be processed for the time necessary to achieve the purpose of providing access, unless the law requires it to be kept for a longer period.

If you disclose the personal data of a third party in a form/questionnaire, direct relations, you will be deemed to have the consent of the third party whose data you disclosed.

You have the right to inspect as well as the right to correct and complete any incorrect or incomplete personal data. You also have the right at any time to demand that the processing of your personal data be discontinued (that the data is deleted). The form of making this request is given when collecting the data or, if not given, you can submit your request to the e-mail address [email protected].

It shall be reserved that the Asseco websites do not to collect, monitor or verify information about the age of the Users who visit them, or other information the collection of which would make it possible to determine whether the User (including the recipient and user of e-mailing lists, survey participant and person participating in contests organized through them) has legal capacity.

Persons who do not have full legal capacity should not order or subscribe to services provided under the Asseco Websites unless their legal representatives give their consent, if such consent is sufficient under applicable law.

Below we present the principles of processing of personal data by Asseco in order to achieve the objective related to the indicated area of Asseco's operations. Please be informed that Asseco may process data as a controller or a processor on behalf of another controller.

Marketing and Public Relations

Any and all information, including personal data provided by you on the Asseco Websites and provided in connection with your participation in various types of meetings organized by the Asseco Group companies, may be used for marketing and public relations purposes in the undertakings conducted by the Asseco Group companies, if you give your consent. Your consent shall be tantamount to accepting receipt of information via electronic means of communication (in particular commercial information).

 

Information clause for persons who have given their marketing approval or who have relations with Asseco related to Public Relations and marketing

 

Data controller and contact details:

The controller of your personal data is Asseco Poland SA with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your data will be processed on the basis of your consent for the purposes of: marketing of the controller's products and services; marketing and public relations; and - to the extent of the controller's legitimate interest - to establish, pursue or defend claims, pursuant to Articles 6(1)(a) and 6(1)(f) of the GDPR respectively.

 

Categories of personal data:

The Controller processes the following categories of personal data: contact data; image - in case of participation in events that are registered (ordinary personal data).

 

Period for which data will be processed:

Your personal data will be processed for the time necessary to achieve the purpose as well as for the time necessary to ensure that any civil law claims that might arise in connection with the subject of your consent can be processed.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law;
  • to persons authorized by the controller;
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors, in particular to marketing agencies - such entities process data on the basis of an agreement with the controller and only on the controller's instructions,
    • o providers of external systems supporting the activities of the controller;

  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred under the standard data protection clauses - to a third country in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to access your data, to request its correction, deletion or restriction of processing and the right to object to the processing of your personal data. If we process your data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that took place before your consent was withdrawn. In order to exercise these rights, please contact the data controller or the data protection officer. You also have the right to lodge a complaint with the data protection supervisory authority.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

Providing personal data is voluntary.

Recruitment

The recruitment of new employees, trainees, interns, apprentices, partners for Asseco Poland S.A. or other entities of the Asseco Group may be carried out through the Asseco's websites, social media portals or in direct contact. The personal data obtained in this way is used exclusively for the purposes of current and future recruitments with the consent of the person taking part in them. Such consent applies to all documents submitted during the recruitment processes.

 

Information clause for people involved in recruitment processes

Data controller and contact details:

The controller of your personal data is Asseco Poland SA with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your personal data will be processed for the purposes related to:

  • the implementation of recruitment processes with your participation, including receiving information about job or cooperation offers - the basis for processing is Article 6(1)(b) of the GDPR, in connection with the relevant provisions of the Labour Code and/or Civil Code, and for the rest, the basis for processing is your consent - Article 6(1)(a) of the GDPR and/or
  • sending commercial information by e-mail - if you agree - Article 6(1)(a) of the GDPR and/or
  • contact you via telecommunication terminal equipment for the purposes of direct marketing - if you agree - Article 6(1)(a) GDPR.

If the documents contain the special categories of data referred to in Article 9(1) of the GDPR, you will need to consent to their processing in accordance with Article 9(2)(a) of the GDPR.

 

Categories of personal data:

The Controller processes the following categories of personal data:

  • for the purposes of participation in the recruitment procedure under the Labour Code: first name(s) and surname(s); date of birth; contact details indicated by such a person; education, professional qualifications and course of previous employment. (when it is necessary to perform a job or services of a specific type or position);
  • on the basis of consent: CV and other data provided voluntarily by the candidate.

 

Period for which data will be processed:

Your personal data will be processed for 12 months from the date of your application as well as for the period necessary to ensure that any civil law claims that might arise in connection with the subject of your consent can be processed.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law;
  • to persons authorized by the controller;
  • entities supporting recruitment processes;
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors,
    • o providers of external systems supporting the activities of the controller;

  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred - on the basis of standard data protection clauses - to a third country in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to access your data, to request its correction, deletion or restriction of processing and the right to object to the processing of your personal data. If we process your data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that took place before your consent was withdrawn. In order to exercise these rights, please contact the data controller or the data protection officer. You also have the right to lodge a complaint with the data protection supervisory authority.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

Providing your personal data within the scope resulting from Art. 221 of the Labour Code is necessary to participate in the recruitment process on the basis of the Labour Code. Providing other data by you is voluntary.

Providing your personal data in other recruitment procedures is voluntary but necessary to conduct them.

Employment/cooperation record - Asseco personnel

The "Asseco Personnel" comprises of Asseco employees hired under employment contracts as well as Asseco employees with whom civil law contracts have been concluded.

Personal data of the Asseco Group's personnel shall be disclosed in business relations to contractors and entities of the Asseco Group for the purposes and to the extent necessary to fulfil their obligations and comply with legal regulations. The scope of the processed personal data of the Asseco Personnel in business relations shall not exceed the information necessary to identify and to provide information related to the qualifications of the Asseco Personnel, in particular to document their competence within the framework of offers submitted by the Asseco Group companies.

 

Information clause for Asseco personnel

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your personal data will be processed for the following purposes:

  • the performance of obligations arising from the concluded contract of employment or for the purposes related to the performance of mutual obligations of the civil law contract, including its settlement - the basis is art. 6(1)(b) of the GDPR in connection with the relevant provisions of the Labour Code and the Civil Code;
  • the implementation of legal obligations, in particular the performance of health and safety at work, running the Company's Social Benefits Fund, settling accounts receivable, reporting to the relevant offices, archiving documentation - the basis is art. 6(1)(c) of the GDPR in connection with the relevant provisions of the Labour Code and the Civil Code;
  • conducting marketing activities of proprietary products and services with the use of electronic communication means - the basis is art. 6.1.f of the GDPR, however, these activities, due to other regulations in force, in particular the Telecommunication Law and the Act on Provision of Electronic Services, are carried out only on the basis of the permissions held;
  • keeping records of working time, carrying out analyses, statements and statistics, as well as handling benefits, programs or business or personal strategies, protecting and securing property, defending rights or determining and asserting claims, or the need to fulfil a special legal obligation imposed on the Controller by applicable laws - the basis is Article 6(1)(f) of the GDPR in connection with the relevant provisions of the Acts.

The employer reserves the right to process the image of the Personnel, in a way that ensures respect for the dignity and protection of the personal rights of the employee, in the following cases: processing of the employee's image in documents voluntarily submitted by the employee and stored by the employer; processing of the employee's image on his/her ID (access card) in order to verify the identity and identification of the employee at the place of work and processed in the electronic security system; processing of the employee's image together with the company's contact data, posted on the intranet in order to improve the internal management and communication process functioning in Asseco; processing of the employee's image, date and time of his/her stay at the employer's premises, as part of the video monitoring system in order to ensure safety of persons and property, and only in the area covered by the monitoring at the employer's premises - the basis for processing is Art. 6 (1) (f) of the GDPR in connection with the provisions of the Personal Data Protection Act.

 

Categories of personal data:

The Controller processes the following categories of personal data:

  • for the purposes of the performance of the employment contract - data specified in the law, necessary for the purposes of processing;
  • for the purposes of the implementation of the civil law contract - data necessary for the purposes of processing.

Period for which data will be processed:

Your personal data will be processed for the period indicated by law as well as for the period necessary to ensure that any civil law claims that may arise in connection with the subject of your consent can be processed.

If you are employed on the basis of an employment contract, your data will be kept for the duration of your employment and the maintenance of personal records in this connection, as well as for the duration of the controller's legal duties, such as the maintenance of files and employee records, storage, or other activities required by applicable law.

Within the scope of cooperation on the basis of a civil law contract (contract of mandate, for a specific task or other form of cooperation), your data will be stored for the duration of the contract and for the period during which it may be necessary to secure, establish, defend or pursue claims, conduct and conclude proceedings before the competent authorities or in connection with the protection of the Controller's property and interests, as well as for the period after which the claims arising from the contract become time-barred.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law,
  • to persons authorized by the controller,
  • to banks, in case of necessity of settlements,
  • entities enabling us to perform remote payment operations,
  • to the entities, partners (Contractors) of our business execution and your contractual obligations,
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors,
    • o providers of external systems supporting the activities of the controller,

  • entities conducting postal or courier activities,
  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred - on the basis of standard data protection clauses - to a third country in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to access your data, to request its correction, deletion or restriction of processing and the right to object to the processing of your personal data. If we process your data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that took place before your consent was withdrawn. In order to exercise these rights, please contact the data controller or the data protection officer. You also have the right to lodge a complaint with the data protection supervisory authority.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

Providing your personal data is obligatory in the scope resulting from the binding legal regulations, in particular those indicated in Article 22[1] of the Labour Code. The provision of the remaining personal data is voluntary, but necessary for the conclusion and execution of the agreement.  

Business relations - Contractors (Partners, Customers, Suppliers)

Personal data and information provided through the Asseco websites may be used in business relations of the Asseco Group companies.

In particular, such processing activities may be carried out as: making available, sending commercial, product and marketing information or information on partner programs and communication within the framework of the obligations binding the Parties.

The Asseco Group companies reserve the right to disclose such information and personal data of a person representing the Contracting Party to other related entities in order to provide services or Processes, provided such disclosure is legally permissible.

 

Information clause for persons representing contractors, partners, suppliers

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your personal data will be processed for the following purposes:

  • to perform the obligations between the Parties, in particular those resulting from the concluded contract, order, agreement, and - to the extent of the legally justified interest of the controller - to establish, pursue or defend against claims, pursuant to Article 6(1)(b) and Article 6(1)(f) of the GDPR respectively
  • to meet the obligations arising from the prevention of money laundering and terrorist financing and to meet the obligations relating to the maintenance of security of transactions, carrying out in this regard the duties of identification and verification or evaluation and monitoring of economic relations, pursuant to Article 6(1)(c) of the GDPR in conjunction with the relevant provisions, in particular the Act on Prevention of Money Laundering and Terrorist Financing.

 

Categories of personal data:

The Controller processes the following categories of personal data: contact data and other ordinary data necessary for the purposes of processing.

In case the data was obtained in a way other than from the data subject, the personal data is transferred through other persons or obtained from publicly available sources.

 

Period for which data will be processed:

Your personal data will be processed for the period indicated by law as well as for the period necessary to ensure that any civil law claims that may arise in connection with the subject of your consent can be processed.

To the extent resulting from the processing under the law, your data will be processed for a period of 5 years, counting from the 1st day of the year following the year in which the business relationship with the client was terminated or in which occasional transactions were carried out.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law,
  • to persons authorized by the controller,
  • to banks, in case of necessity of settlements,
  • entities enabling us to perform remote payment operations
  • to the entities, partners (Contractors) of our business implementations
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors,
    • o providers of external systems supporting the activities of the controller,

  • entities conducting postal or courier activities,
  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred under the standard data protection clauses - to a third country in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to access your data, to request its correction, deletion or restriction of processing and the right to object to the processing of your personal data. If we process your data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that took place before your consent was withdrawn. In order to exercise these rights, please contact the data controller or the data protection officer. You also have the right to lodge a complaint with the data protection supervisory authority.

 

Profiling:

 Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

Providing personal data is necessary to fulfil the obligations of the parties.  

Portals/Social Media

Asseco's social media are conducted for image and recruitment purposes. They are used to promote the company, including its experts, products, events and business successes. They constitute one of the external communication channels of Asseco.

Asseco uses such portals as: Twitter, LinkedIn, Facebook, Instagram, YouTube.

Using our profiles, pages, social media channels also gives you the opportunity to connect to non-Asseco websites, social networking sites, applications and other features. Using them will result in your personal data being processed by entities independent of Asseco, in particular the operators of the aforementioned websites, over which Asseco has no control and responsibility. We make every possible effort to properly secure your personal data, thus we recommend prudent use of unknown functionalities, applications, and we encourage you to read the privacy policy of these entities before using them.

 

Information clause for visitors to our social media channels

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your personal data will be processed for the purpose of maintaining profiles, websites, channels, in particular for the purpose of advertising, market research and user behavior and preferences, as well as to establish possible cooperation, promotion and presentation of Asseco on social networking sites. The undertaken cooperation is based on the terms and conditions set by the operators. On this basis, we inform about our activities and promote the events we organize, our brand, products and services. The activity on profiles serves the purpose of building and maintaining the community connected with us through communication through the available functionalities of social networking sites (comments, chat, messages, likes, etc.) - within the scope of the legally justified interest of the controller and in order to establish, pursue or defend claims, pursuant to Article 6(1)(a) and Article 6(1)(f) of the GDPR respectively. The basis for the processing of your personal data is your consent in most cases expressed in an implicit form by attaching to your profile, the Asseco website on social networking sites.

 

Categories of personal data:

The Controller processes the following categories of personal data: data provided by you on the social network, according to the profile settings, data provided voluntarily in messages.

 

Period for which data will be processed:

Your personal data will be processed for the time necessary to achieve the purpose as well as for the time necessary to ensure that any civil law claims that might arise in connection with the subject of your consent can be processed.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law;
  • to persons authorized by the controller;
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors,
    • o external suppliers supporting the controller's activities

  • to social network operators in accordance with the terms and conditions set by them;
  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred by the controller - on the basis of standard data protection clauses, decisions issued by the European Commission - to a third country, in particular in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses applied by Microsoft, in accordance with the templates approved by the European Commission, are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to access your data, to request its correction, deletion or restriction of processing and the right to object to the processing of your personal data. If we process your data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that took place before your consent was withdrawn. In order to exercise these rights, please contact the data controller or the data protection officer. You also have the right to lodge a complaint with the data protection supervisory authority.

 

Profiling:

Please be advised that we do not make decisions in an automated manner. Your data may be profiled in accordance with the assumptions resulting from the regulations of operators using social profiles.

 

Information about the data requirement:

Providing personal data is voluntary.

Asseco Group

Protection of information, including personal data and technical, organizational and legal security is crucial for each and every entity of the Asseco Group. Each of the Asseco Group companies is an independent controller. The provision of personal data between Asseco and the Asseco Group companies that may be processed outside the EEA shall be governed by a signed agreement, the integral part of which are standard contractual clauses approved by the European Commission.

Shareholders

The information is addressed to natural persons whose personal data we process in connection with identification of Shareholders, participation in the General Meeting of Shareholders, communication of corporate events or exercise of rights attached to shares which are or will be issued by the Company. Within the meaning of this information, a 'Shareholder' is also a person who is a proxy or statutory representative of the Shareholder or who represents him or her or is otherwise a person entitled to exercise rights from the Company's shares.

 

Information clause for shareholders of Asseco Poland S.A.

Data controller and contact details:

The controller of your personal data is Asseco Poland SA with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your personal data will be processed for the purpose:

  • to perform obligations arising from the provisions of Community law (European Union law) or Polish law applicable to the Company or the Bank as the issuer of securities, in particular the Code of Commercial Companies, the provisions of the Act on Trading in Financial Instruments, Public Offering or other provisions of law binding the Company as the issuer of securities; to perform other obligations provided for by law, including drawing up lists of Shareholders, performing recording, reporting or reporting duties, including towards KDPW, the Stock Exchange, NBP or KNF,
  • to consider an application or perform other activities related to the exercise by the Shareholders of rights from shares issued by the Company,
  • to exercize rights arising from the Company's legitimate interests such as

    • ensuring safety of persons and property, primarily related to the organization of General Meetings, including the possibility of remote participation in the General Meeting. This also applies to video monitoring - preserving the privacy and dignity of individuals,
    • to assert any rights, including claims by the Company or to defend its rights or the entity which the Company represents,
    • shareholder identification – processing of personal data of shareholders obtained from the KDPW on the basis of the Act on Trading in Financial Instruments,
    • opportunities for involvement in the Company's affairs, communication of corporate events.

The basis for processing is Article 6(1)(c) in conjunction with the legal provisions indicated and Article 6(1)(f) of the GDPR.

The Company may process data for other secondary purposes, in particular such as

  • transferring data to the archive,
  • audits or investigations,
  • implementation of business and management control mechanisms,
  • other statistical research or research, historical or scientific,
  • business, economic or legal advice that is provided to the Company.

 

Categories of personal data:

The controller processes the data:

  • which is related to identification or verification of rights to shares (securities issued by the Company), i.e. data included in share documents or documents confirming rights to shares (securities) regardless of the form of their preparation, the share book, powers of attorney, minutes, excerpts from relevant registers or other documents related to the General Meeting or exercise of rights to shares by Shareholders,
  • obtained upon request from the KDPW, enabling the identification of Shareholders and determining the number of the Controller’s shares held by them or direct communication with them, including: the Shareholder ID (PESEL number for natural persons, KRS, REGON or another number for legal persons), name or first and last name of the shareholder, address information, e-mail address, number of shares held, date from which the shares have been held and name or first and last name of a third party appointed by the shareholder to make investment decisions on his/her behalf,
  • audiovisual, in particular recordings related to the security of property or assets.

In addition, the Company may process other personal data provided by the Shareholder, the Stock Exchange, KDPW or any other authorized body or entity, as long as is cannot be classified in any of the above groups and the processing is done for the purposes described in this information.

 

Period for which data will be processed:

Your personal data will be processed for the time necessary to achieve the purpose, as well as for the time necessary to ensure that any civil law claims that may arise in connection with the subject of your consent can be processed.

The Company processes data in the period when a given person is a Shareholder and for the archiving period not shorter than the claims limitation period. The basic archiving period is 6 years, however, the period ends on the last day of the calendar year, unless the legal regulations provide for another period. The controller shall cease processing the Shareholder's personal data obtained from the KDPW not later than 12 months after becoming aware that the person concerned has ceased to be a shareholder of the controller, unless the controller has another basis for the processing. If there is a dispute, court trial or other proceedings (especially criminal ones) in progress, the archiving period will be counted from the date of the final settlement of the dispute, and in the case of many proceedings of final settlement of the last one - regardless of the method of its settlement. The Company's documentation, including the documentation of General Meetings containing personal data, is kept for the period of the Company's existence, and then may be transferred to the entity designated to keep the documents. The period of storage of data processed on the basis of consent is indicated in the statement of consent, in each case - if the Company processes data for this purpose - until the withdrawal of consent.

 

Recipients of data:

Your data can be transferred:

  • state authorities or other entities authorized by law, in particular KDPW,
  • to entities or bodies of other Shareholders in the performance of their duties under the law,
  • entities or bodies to which the transfer of data is necessary to perform a specific action, e.g. a payment transaction to which the Shareholder is a party or another action concerning the Shareholder,
  • to entities or bodies to which the data may also be transferred on the basis of consent or authorisation,
  • entities or bodies which are clearing houses or other entities carrying out clearing or settlement, institutions or payment schemes, or entities which such entities represent, if it is related to an action carried out by or for the Shareholder,
  • entities processing personal data on behalf of the controller in order to fulfil the controller's obligations, among others: suppliers of external systems supporting the controller's activity on the basis of concluded contracts,
  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.

 

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may, under the standard data protection clauses, be transferred to a third country in connection with the data controller's use of cloud solutions provided by Microsoft as part of its Microsoft Office solutions. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at the address: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right to request access to and rectification or erasure of personal data or restriction of processing.

To the extent that the basis for the processing of your personal data is the premise of the legitimate interest of the controller, you have the right to object to the processing of your personal data.

To exercise these rights, please contact the data controller or the data protection officer. 

You also have the right to lodge a complaint to the data protection supervisory authority.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

Providing the data is necessary to achieve the objectives of the law.

Management Board and Supervisory Board

This information is addressed to the members of the Supervisory Board and Management Board of Asseco Poland S.A., whose data we process in connection with the corporate services provided to the Company's governing bodies.

 

Information clause for members of the Supervisory Board and Management Board of Asseco Poland S.A.

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your data will be processed for the purposes related to your membership in the Management Board, the Supervisory Board, in particular consisting in the performance of the duties of a member of the Management Board / Supervisory Board, ensuring your participation in the Supervisory Board, the Management Board and recording its course with the use of sound and image recording. The legal basis for the processing of personal data is art. 6(1)(f) of the GDPR, i.e. the legally justified interest of the controller.

Your data may also be processed for the purpose of pursuing other legitimate interests of the controller, for which the controller considers, in particular, the possibility of asserting and defending claims and serving the Company's corporate bodies, including in particular duties:

  • resulting from the Commercial Companies Code (e.g. for the purposes of drawing up the minutes of the Supervisory Board/Management Board meeting, adopting in particular by the General Meeting of Shareholders a resolution on granting a vote of approval or a resolution on election);
  • resulting from the Act on the National Court Register (e.g. for the purpose of making an entry in the register of entrepreneurs of the National Court Register);
  • resulting from the Act on Public Offering and Conditions Governing the Introduction of Financial Instruments to Organized Trading and Public Companies and the Regulation of the Minister of Finance of March 29, 2018 on current and periodic information provided by issuers of securities and on conditions under which information required by legal regulations of a third country may be recognised as equivalent (e.g. to publish a regulatory filing on the appointment of a new member of the Supervisory Board);
  • resulting from Regulation (EU) No 596/2014 of the European Parliament and of the Council of April 16, 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC and the Commission’s Implementing Regulation (EU) 2016/523 of March 10, 2016, setting executive technical standards as regards format and model for the notification of transactions by persons discharging managerial responsibilities and for making such transactions public in accordance with Regulation (EU) No 596/2014 of the European Parliament and of the Council (e.g. for the purpose of notification of a transaction subject to notification);
  • related to making financial settlements (among others, payment of remuneration for the function performed);
  • related to making personal income tax settlements (PIT returns);
  • related to accounting and reporting;
  • fulfiling the obligations towards state/authority bodies/offices (e.g. inspections of the Tax Office, requests from the police and other law enforcement agencies, preparing responses to letters/requests from entities authorized by law to share personal data);

 

Categories of personal data:

The Controller processes the following categories of personal data:

  • for the purpose of ensuring your participation in the Supervisory Board, the Management Board: name, surname, business contact details;
  • for the needs of providing services to the Company's corporate bodies with the use of image and sound recording: the image and statements of persons participating in the Supervisory Board, the Management Board;
  • other data necessary for the purposes of processing resulting from the law.

 

Period for which data will be processed:

Personal data will be stored until the legitimate interests of the controller underlying the processing have been fulfiled or until any objections to such processing have been raised or for the period necessary to fulfil the obligations imposed by law. In justified cases (e.g. for evidential purposes), recordings or data recorded through the use of image and sound recording may be stored for a longer period of time for the purposes necessary to fulfil a legal obligation incumbent on the Company or to conduct internal investigations or other proceedings, e.g. court proceedings.

 

Recipients of data:

Your data can be transferred:

  • to state authorities or other entities authorized by law,
  • to persons authorized by the controller,
  • banks, in case of the need to carry out settlements and to enable them to fulfil their statutory obligations,
  • entities enabling us to perform remote payment operations,
  • to the entities, partners (Contractors) of our business implementations,
  • entities processing personal data on behalf of the controller in order to perform the controller's duties, among others

    • o to subcontractors,
    • o providers of external systems supporting the activities of the controller,

  • entities conducting postal or courier activities,
  • to the Asseco Group entities - https://pl.asseco.com/o-asseco/grupa-kapitalowa/.
     

Transfer of personal data outside the EEA:

Personal data will be stored on servers located in the European Union and may be transferred by the controller - on the basis of standard data protection clauses, decisions issued by the European Commission - to a third country, in particular in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses applied by Microsoft, in accordance with the templates approved by the European Commission, are available at: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

You have the right of access to your data and the right to request its correction, deletion or restriction of its processing. Upon your request, the controller will provide you with a copy of the personal data to be processed, as long as the provision of a copy does not adversely affect the rights and freedoms of others.

To the extent that the processing of your personal data is based on the legitimate interest of the controller, you have the right to object to the processing of your personal data for reasons relating to your particular situation.

To exercise these rights, please contact your data controller or data protection officer. Contact details are indicated above.

You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.

 

Profiling:

Please be advised that we do not make decisions in an automated manner.

 

Information about the data requirement:

The data is necessary to ensure the corporate service of the Company's bodies and your participation in the Supervisory Board, the Management Board.

Monitoring

We take care of our safety as well the safety of our guests, therefore we conduct video monitoring of people in our offices within the range of monitoring cameras and keep records of people entering our offices.

 

Information clause for guests of Asseco Poland. S.A.

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller). Contact in matters concerning privacy protection or personal data protection: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your data may be processed for the purpose of:

  • protection of the Company's facilities, rooms and equipment against access by unauthorized persons - the basis for processing is Article 6(1)(f) of the GDPR, i.e. the legally justified interest of the controller, which is to ensure the safety of persons and protection of property located on the Company's premises, as well as protection of information and secrets protected by law, including through the use of video surveillance.
  • realization of other legally justified interests of the Company, which the Company considers, in particular, the possibility of pursuing and defending claims, preventing fraud and economic crimes.

 

Categories of personal data:

The Company processes the following types of personal data:

  • for the purposes of keeping a register of persons entering the Company's premises: name and surname, name of the represented entity,
  • for the needs of video surveillance: the image of people in the Company's premises within the range of surveillance cameras. The monitoring includes public spaces (such as: entrance lobbies, guest service areas) and special spaces (rooms to which only authorized persons have access).

 

Period for which data will be processed:

The recordings and copies of the monitoring are stored for 90 days and then overwritten with newer events or destroyed. The data contained in the entry records is stored for 12 months and then destroyed. In justified cases (e.g. for evidential purposes), the recordings or data contained in the entry register may be stored for a longer period of time for the purposes necessary to fulfil a legal obligation incumbent on the Company or to conduct internal explanatory or other proceedings, e.g. court proceedings.

 

Recipients of data:

Your data may be disclosed to entities processing personal data on behalf of the Company (e.g. entities providing physical protection services and IT support services, and in the case of persons within the range of video surveillance cameras also to entities responsible for supervision over the operation of video surveillance, including system maintenance), where such entities process data on the basis of an agreement with the controller only in accordance with the controller's instructions and only to the extent necessary.

 

Data subject's rights:

You have the right of access to your data, the right to request its correction, deletion or restriction of processing, as well as the right to object to the processing of your personal data for reasons related to your specific situation. You also have the right to lodge a complaint with the supervisory authority.

 

Transfer of personal data outside the EEA:

Your personal data will not be transferred to a third country / international organization.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

 

Information about the data requirement:

The provision of data is voluntary, but is necessary in order to gain access to the Company's premises, facilities or premises under access control.

Requests of data subjects concerning the processing of their personal data

Requests of data subjects concerning the processing of their personal data

We respect the rights of the data subjects pursuant to art. 7 and 15-22 of the GDPR, i.e. the right of access to data, rectification, deletion, restriction of processing, obtaining a copy, transfer of data, withdrawal of consent, objection to processing, not being subject to decisions based solely on automated processing (data is collected in connection with a request made by a person) - we fulfil the information obligation pursuant to art. 13 of the GDPR (data collected directly from the data subject).

 

Information clause for persons exercising data subjects' rights

Data controller and contact details:

The controller of your personal data is Asseco Poland S.A. with the seat at 14 Olchowa St., 35-322 Rzeszów (controller).

Contact us about privacy or personal data protection issues: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: [email protected], phone: +48 17 888 55 55.

 

Processing objectives and legal basis for processing:

Your data will be processed for the purpose:

  • to answer and consider your request - the basis for the processing is the law, in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC,
  • the realization of other legitimate interests of the controller, which the controller considers in particular the possibility of pursuing and defending claims.

 

Period for which data will be processed:

Your personal data will be kept no longer than until you withdraw your consent.

 

Recipients of data:

Your data may be disclosed to:

  • entities processing personal data on behalf of the controller (e.g. providing IT support services), where such entities process data on the basis of an agreement with the controller and only in accordance with the controller's instructions, entities processing your personal data as controllers,
  • However, the disclosure of these data will only take place to the extent necessary and only on the basis of a valid legal basis for such disclosure in accordance with the above-mentioned processing purposes.

 

Transfer of data outside the European Economic Area:

Personal data will be stored on servers located in the European Union and may be transferred - on the basis of standard data protection clauses - to a third country in connection with the controller's use of cloud solutions provided by Microsoft. The standard contractual clauses used by Microsoft in accordance with the templates approved by the European Commission are available at the address: www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

 

Data subject's rights:

To the extent that the processing of your personal data is based on the legitimate interest of the controller, you have the right to object to the processing of your personal data for reasons relating to your particular situation.

To exercise the above rights, please contact the Data Controller or the Data Protection Officer. Contact details are indicated above.

You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.

 

Information about the data requirement

The provision of data is voluntary, but is necessary in order to process your request and answer.

If you do not provide the data, it may not be possible to process your application and answer.

 

Profiling:

Please be informed that we do not make decisions in an automated way and your data is not profiled.

Collection of Information - Cookie Policy

According to the established practice of most websites, we store HTTP queries addressed to our server. This means that we know the public IP addresses from which you can view the information content of our service. The resources you are viewing are identified by their URLs. We also know about:

  • time of the inquiry,
  • time of sending the answer,
  • client station name - identification implemented by the HTTP protocol,
  • information about errors that occurred during the execution of HTTP transactions,
  • The URL of the page previously visited by the user (referer link) - in case the page was accessed via a link, information about the user's browser.

The above information is saved in the so-called "cookies" files.

We use "cookies" for the following purpose:

  • adjusting the content of the Service's websites to the User's preferences and optimizing the use of websites; in particular, these files allow to recognize the Service User's device and properly display the website, adjusted to their individual needs
  • create statistics that help to understand how Service users use the web pages to improve their structure and content
  • maintaining the Service User session (after logging in), thanks to which the User does not have to re-enter their login and password on each subpage of the Service.
  • improve security by controlling abuse in the use of the Websites,
  • obtain aggregate, anonymous statistical data to improve the functionality of the Websites,
  • maintain your session (applies to Sites with login options) so that you do not have to re-enter your login and password on each page of the Site,
  • enable the basic functionality of the Websites (e.g., remembering the pages you visit in turn to restore them on your "request")
  • The website is designed to adapt the content of advertisements and texts displayed on the Asseco Sites as well as outside them to the User's preferences.

 

We use the following types of cookies on the Asseco Websites:

Session cookies (temporary) - stored on your device only while you are using the Websites, i.e., until you log out, turn off the Website or turn off your browser,

Permanent cookies - remain on the User's device until the end of their life (operating time parametrized for the cookie) or until the User removes them.

The cookie settings are individual for each web browser. The default option is to allow cookies.  However, you can disable this option completely or restrict the reception of cookies on your device to some extent. We would like to inform you that this may affect the convenience of using the pages, and may cause most websites to be missing or incorrectly displayed. In some cases it is possible to set your browser to ask for your consent to cookies in each case. This gives you the possibility to control the cookies, but may slow down your browser.

To easily manage cookies, select your preferred browser and follow the instructions:

If you use a different browser than the above mentioned, please refer to the cookie documentation on the website of the solution provider.

If you do not change your cookie settings, it means that they will be placed in your end device and thus the Asseco Group will store information in your end device and access it.

 

Cookies of independent companies used on Asseco websites

Google Analytics - web analytics cookies collect information about your use of our website, the type of website from which you have been redirected, the number of visitors and the duration of your visit to this site. This information does not record any specific personal data of the user, but is used to compile statistics on the use of the website on an aggregate basis.

YouTube - the websites operated by the operator include videos and links to videos from YouTube. As a result, when browsing through a page with embedded content from YouTube or links, you may be exposed to cookies from these sites. More information: www.youtube.com

Adobe Flash Player - the website uses animations in Flash technology. Flash Player software uses local shared objects or Flash cookies to enable the user to use features such as automatic restoration or saving of user preferences. Flash cookies are stored on the user's device in the same way as normal cookies, but are managed differently from the browser. More information: www.adobe.com

Chatbot - Virtual Advisor placed on the website, communicating with users in natural language, providing them with general information about the company and working conditions in Asseco Poland, as well as searching for job offers based on criteria chosen by the user. The Virtual Advisor processes the IP address and collects cookies. This information is used to create statistics that help to understand what kind of information about the company and work in Asseco Poland users are looking for, how many people are interested in this form of conversation and how long each conversation with the advisor lasts.

 

Sharing sites

Asseco websites may contain links to websites of other entities. Asseco Poland S.A. has no influence on the privacy policy of those entities' websites and is not responsible for it.

 

Changes to the Privacy Policy

The policy is reviewed and, if necessary, updated on an ongoing basis. The current version of the Policy has been adopted and is effective as of September 11, 2020.