Get in touch
IntroductionData processingData securityCookiesCertificatesChanges
PERSONAL DATA PROCESSING

Zasada przejrzystości, rzetelności i legalności

Zasada celowości

Zasada minimalizacji danych

Zasada prawidłowości danych

Zasada ograniczenia przechowywania

Zasada integralności i poufności

Zasada rozliczalności

Purposes of collecting data through the website

Use of cookie mechanisms and other marketing tools

Contact forms, recruitment forms, and order forms

Principles of sharing and entrusting personal data (data recipients)

Rights of data subjects

Transfer of Data Outside the EEA

Retention Period of Personal Data

Automated Decision-Making and Profiling

External Websites

Privacy Policy updates

Privacy Notices

Business relations

Contact forms

Correspondence

Marketing and Public Relations

Newsletter

Obtaining data from indirect sources

People's request

Reporting violations

Shareholders

PRZETWARZANIE DANYCH

Dane osobowe i zasady ich przetwarzania

Korzystanie z witryn należących do Asseco, może wiązać się z przetwarzaniem danych osobowych użytkowników witryn.

Dane osobowe to wszelkie informacje o zidentyfikowanej lub możliwej do zidentyfikowania osobie fizycznej (osobie, której dane dotyczą). Możliwa do zidentyfikowania osoba fizyczna to osoba, którą można bezpośrednio lub pośrednio zidentyfikować, w szczególności na podstawie identyfikatora takiego jak imię i nazwisko, numer identyfikacyjny, dane o lokalizacji, identyfikator internetowy lub jeden bądź kilka szczególnych czynników określających fizyczną, fizjologiczną, genetyczną, psychiczną, ekonomiczną, kulturową lub społeczną tożsamość osoby fizycznej.

Asseco  przetwarza dane osobowe w oparciu o poniższe zasady:

Zasadę przejrzystości, rzetelności i legalności - zasadę przejrzystości, rzetelności i legalności Przetwarzamy dane osobowe uczciwie, zgodnie z prawidłowo zidentyfikowanymi, zgodnymi z RODO podstawami prawnymi, adekwatnymi dla poszczególnych czynności przetwarzania. Administrator danych osobowych identyfikuje i określa właściwą dla poszczególnej czynności przetwarzania podstawę prawną. Tylko wtedy, gdy istnieje podstawa prawna. Osoby, których dane dotyczą, są w sposób przejrzysty, przystępny i zrozumiały informowane o tym kto, na jakiej podstawie, w jakim celu, w jakim zakresie i jak długo będzie przetwarzała ich dane. Są one ponadto informowane o: odbiorcach danych, przysługujących im prawach i sposobie ich realizacji oraz o tym, czy dane będą przekazywane do krajów znajdujących się poza EOG i czy dane będą podlegały zautomatyzowanemu podejmowaniu decyzji, a jeśli tak, jaki będzie to miało wpływ na sytuację podmiotu danych. Administrator danych osobowych zapewnia, że obowiązek informacyjny spełniany będzie:

• w przypadku zbierania danych od osoby, której dane dotyczą – najpóźniej w momencie ich zbierania, adekwatnie do procesu w którym dochodzi do zbierania danych;
• w przypadku zbierania danych z innego źródła niż od osoby, której dane dotyczą – najpóźniej w ciągu 30 dni od ich pozyskania.
Zasadę celowości - przetwarzamy dane osobowe w konkretnych, wyraźnych i prawnie uzasadnionych celach i nie przetwarzamy ich dalej w sposób niezgodny z tymi celami.
Zasadę minimalizacji danych - przetwarzamy dane które są adekwatne i ograniczone do tego, co niezbędne by osiągnąć cel, dla którego są przetwarzane.
Zasadę prawidłowości danych - dbamy o to, by przetwarzane dane osobowe były prawidłowe i w razie potrzeby uaktualniane; podejmując wszelkie rozsądne działania, aby dane osobowe, które są nieprawidłowe w świetle celów ich przetwarzania, zostały niezwłocznie usunięte lub sprostowane.
Zasadę ograniczenia przechowywania - przechowujemy dane osobowe w sposób umożliwiający identyfikację podmiotu danych przez okres nie dłuższy, niż jest to niezbędne do realizacji celów, dla których te dane są przetwarzane.
Zasadę integralności i poufności - przetwarzamy dane osobowe w sposób zapewniający odpowiednie ich bezpieczeństwo, w tym ochronę przed niedozwolonym lub niezgodnym z prawem przetwarzaniem oraz przypadkową utratą, zniszczeniem lub uszkodzeniem. W tym celu stosujemy odpowiednie środki techniczne i organizacyjne, z uwzględnieniem ryzyk, na które narażone są przetwarzane dane (risk based approach).
Zasadę rozliczalności - przetwarzamy dane osobowe w sposób gwarantujący przestrzeganie przepisów RODO w związku z dokonywanymi operacjami ich przetwarzania. Jesteśmy zobowiązani do wykazania, że wdrożyliśmy odpowiednie środki organizacyjne i techniczne, które gwarantują zgodność przetwarzania z obowiązującym prawem. Wykazanie wdrożenia tych środków odbywa się w szczególności poprzez przyjęcie odpowiednich zasad, procedur i polityk opisujących sposób postępowania przy przetwarzaniu danych osobowych.
PERSONAL DATA PROCESSING

Purposes of collecting data through the website

Use of cookie mechanisms and other marketing tools

Our goal is to reach as many people as possible to whom we can offer our products and services. We want to use modern marketing tools that help us understand user preferences and prepare the most tailored offers. During a user’s visit to the website, information about the user—which may constitute personal data—can be collected automatically through services provided by modern marketing tool providers, including cookies. Such information is collected only when the website user has given consent. The user will be asked to express consent to the use of individual types of cookies when visiting the website. Before giving consent, the Controller provides access to this Privacy Policy and recommends reading it. One of the types of cookies we use are so-called strictly necessary cookies, which enable the website to function. These may be, and are, used regardless of the user’s consent. More information about cookies can be found in the Cookies section.

Contact forms, recruitment forms, and order forms

We provide tools that enable users to contact us, obtain necessary information, and provide data to make use of our offer. To ensure maximum transparency, the forms on our websites are accompanied by information on the data controller, the purpose of processing, the legal basis, recipients, storage period, and other information required by applicable law. This allows users, before providing personal data through a form, to review all the necessary information about how their data will be processed.

Principles of sharing and entrusting personal data (data recipients)

The Personal Data Controller shares (andentrusts) personal data with other entities (data recipients) on the basis of:

legislation in force
business decisions on outsourcing selected parts of the     business.

When data is shared with entities to which the Personal Data Controller subcontracts services in their name and on their behalf, a written data processing agreement is required. The decision to entrust is preceded by an analysis of the entity's credibility and reliability.

Each decision regarding outsourcing of services requires the Personal Data Controller to analyze whether it is necessary to conclude a data processing agreement

Rights of data subjects

All requests regarding the exercise of data subject rights should be submitted:

By email to: iod@asseco.pl
In writing to the following address: Asseco Poland S.A., Olchowa 14, 35-322 Rzeszów, with the note "Inspektor Ochrony Danych” [Data Protection Officer].

If we are unable to identify a person based on the data provided with the request, we will ask the applicant for additional information. Providing such data is not mandatory, but failure to do so will result in our refusal to fulfill the request.

If a request is submitted electronically, we will respond in the same form unless a different form of response is requested. In other cases, we provide responses in writing.

Below is a detailed description of data subject rights:

Right

How we fulfill it

When we fulfill it

Access to your personal data

  • We provide information on data processing.

  • We provide access to the data being processed.

  • We provide information in accordance with Article 15 GDPR.

  • Upon request of the data subject

Rectification of data

  • We correct inaccurate data.

  • Upon request of the data subject

Data portability

  • We provide data in a structured, commonly used, machine-readable format.

  • We transfer data to another controller in cases specified in Article 20 GDPR.

  • Upon request of the data subject, only if processing is based on consent or contractual necessity and carried out by automated means

Erasure of data (the “right to be forgotten”)

  • We promptly erase personal data if there is no legal basis requiring further processing.

  • Upon request of the data subject

  • Only if circumstances under Article 17 GDPR apply (e.g., fulfillment of the purpose for which the data was collected, consent withdrawn, valid objection raised, or other circumstances listed in Article 17)

Objection

  • We promptly stop processing.

  • Upon request of the data subject

  • If the person is in a particular situation and the Controller cannot demonstrate overriding legitimate grounds

  • Only if processing is based on Article 6(1)(e) or (f) GDPR

Restriction of processing

  • We promptly restrict processing of personal data.

  • Upon request of the data subject

  • Only if conditions in Article 18 GDPR apply (e.g., contesting accuracy of data, suspicion of unlawful processing, or other cases specified in Article 18)

Not to be subject to automated decision-making, including profiling

  • We do not process data in an automated manner

  • We do not profile personal data in a way that produces legal effects or similarly significant impacts on the data subject.

  • Always, unless the exemptions specified in Article 22(2) GDPR apply

Withdrawal of consent

  • We stop processing personal data; withdrawal of consent does not affect processing prior to withdrawal.

  • Upon request of the data subject, if consent was the legal basis and has been withdrawn

Information about a personal data breach

  • We inform you about the incident, potential negative consequences, and recommended actions to minimize harm.

  • Without a request, in cases where the breach involves a high risk of negative consequences for the data subject(s)

Transfer of Data Outside the EEA

We take all reasonable measures to store personal data on servers located within the European Economic Area (EEA). For this reason, in the vast majority of cases, we use tools that ensure data is located in the EEA.

However, the use of certain tools on our websites may involve cooperation with providers outside the EEA, requiring the transfer of data outside this area. In such cases, we transfer personal data outside the EEA only when necessary and with adequate safeguards, primarily through:

  • cooperation with entities located in countries for which the European Commission has issued an adequacy decision;
  • use of standard contractual clauses issued by the European Commission, provided that an adequate level of protection is ensured.

Most often, we transfer data to third countries in connection with solutions provided by entities supporting our business, including communication tools via contact forms.

Retention Period of Personal Data

The period for which we process personal data collected through the website is determined by the lifespan of the cookies used. More information on this is provided in the Cookies section. The retention period for personal data provided through contact forms on the website is specified separately in the applicable privacy notices associated with each form.

Automated Decision-Making and Profiling

Asseco does not make decisions in a fully automated manner—that is, based solely on automated processing (without human involvement) that produces legal effects or similarly significant impacts on the data subject. We also do not use profiling based on automated decision-making, that is, decisions made solely by technical means without human involvement that produce legal effects or otherwise significantly affect the profiled person.

Data may be profiled in specific cases, in line with the terms of use established by social media platform operators.

External Websites

Asseco websites may contain links to third-party websites. Asseco Poland S.A. has no influence over the privacy practices of those websites and bears no responsibility for them.

Privacy Policy updates

The Privacy Policy is updated by publishing a new version on the website.

Privacy Notices

We conduct our activities with respect for the right to privacy and control over personal data. For this reason, we provide transparent information on the purposes and methods of processing personal data. Below we present privacy notices containing detailed explanations of the rules governing personal data processing. Each notice specifies to whom it is directed and in what situation it applies.

Business relations

Notice for individuals whose data have been made available to us in connection with establishing business relations, individuals indicated for contact, or those representing parties to concluded commitments.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to perform the Contract, including conducting ongoing correspondence, documenting arrangements, monitoring the quality of services provided, and handling complaints or claims – pursuant to Article 6(1)(b) GDPR;
  2. to comply with legal obligations under applicable laws, in particular those relating to anti-money laundering and counter-terrorist financing, transaction security (including identification, verification, or assessment and monitoring of business relationships), as well as obligations under tax regulations and the Accounting Act – pursuant to Article 6(1)(c) GDPR in conjunction with relevant legal provisions;
  3. to establish, pursue, or defend against potential claims, should such claims arise – based on the controller’s legitimate interest in safeguarding its rights (Article 6(1)(f) GDPR).

Categories of Personal Data:

The controller processes the following personal data: your name, surname, job title, and business contact details.

Data Recipients:

Your personal data may be shared with: entities authorized under applicable laws, the controller’s contractors, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

As a rule, your personal data will be processed and stored on servers located in the European Union, and transfers outside the EEA are not planned. However, if necessary for the performance of the Contract, such transfers may occur. In such cases, transfers will be carried out in accordance with the mechanisms set out in Chapter 5 of the GDPR, with appropriate standards and safeguards in place.

Data Retention Period:

Your personal data will be processed for the duration of the business relationship and for as long as necessary to fulfill all related obligations and rights. Applicable laws may require the controller to retain your data for a longer period.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Source of Personal Data:

Your personal data were obtained either from the entity you represent under the Contract or directly from you.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Contact forms

Notice for individuals who wish to contact us via one of the forms available on the websites of Asseco Poland S.A., which we provide to enable inquiries about our products. Each form is accompanied by information on personal data processing so that you may review how your data will be processed before sharing it.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to handle your inquiry submitted through the contact form – pursuant to Article 6(1)(b) GDPR.

Data Recipients:

Your personal data may be shared with entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities act on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Due to the IT infrastructure and telecommunication services used by the controller, your personal data may be transferred outside the European Economic Area (EEA). Your data may be transferred outside the EEA on the basis of a mechanism legalizing Such transfers will only take place on the basis of legally recognized safeguards (standard contractual clauses or an adequacy decision of the European Commission – EU-U.S. Data Privacy Framework).

Data Retention Period:

Your personal data will be retained for the time necessary to respond to your inquiry and, where applicable, for the duration justified by the execution of the submitted offer.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. data portability, under the conditions set out in Article 20 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is voluntary, but necessary to receive a response.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Correspondence

Notice for individuals whose personal data are processed in the course of correspondence with Asseco Poland S.A., particularly in relation to responding to inquiries, continuing communication, and handling matters arising from such contact. The information obligation is also fulfilled by including a reference to this Privacy Notice in the email footer used by our organization.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to enable the effective exchange of correspondence, in particular to respond to your inquiry, send offers, manage concluded contracts, and carry out related arrangements – pursuant to Article 6(1)(b) GDPR;
  2. to perform necessary settlements in compliance with legal obligations imposed on the controller – pursuant to Article 6(1)(c) GDPR;
  3. to establish, pursue, or defend against potential claims – based on the controller’s legitimate interest in doing so (Article 6(1)(f) GDPR).

Data Recipients:

Your personal data may be shared with: entities authorized under applicable laws, the controller’s contractors, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, providers of external systems supporting the controller’s operations). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Given the global scope of the controller’s operations and the IT infrastructure and telecommunication services it uses, your personal data may be transferred outside the EEA. Your data may be transferred outside the EEA on the basis of a mechanism legalizing Such transfers will only take place on the basis of legally recognized safeguards (standard contractual clauses or an adequacy decision of the European Commission – EU-U.S. Data Privacy Framework).

Data Retention Period:

Your personal data will be retained for as long as necessary to conduct correspondence connected with the controller’s ongoing operations and cooperation, and for the period required to comply with the controller’s legal obligations. Data are periodically reviewed to ensure they remain relevant to the purposes for which they are processed.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is voluntary, but necessary in order to conduct correspondence within the scope of cooperation with the controller.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Marketing and Public Relations

Notice for individuals consenting to receive commercial information or representing entities with which we build business or institutional relations. When collecting consent or carrying out PR activities, we provide information on why and how we process personal data.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to send commercial information, including marketing about our products and services, through electronic communication – based on your consent (Article 6(1)(a) GDPR in connection with Article 398 of the Electronic Communications Law);
  2. to carry out public relations (PR) activities and to send commercial information, including marketing in non-electronic forms – based on the controller’s legitimate interest in building external relationships and promoting products and services (Article 6(1)(f) GDPR).

Data Recipients:

Your personal data may be shared with entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Due to the IT infrastructure and telecommunication services used by the controller, your personal data may be transferred outside the EEA. Your data may be transferred outside the EEA on the basis of a mechanism legalizing Such transfers will only take place on the basis of legally recognized safeguards (standard contractual clauses or an adequacy decision of the European Commission – EU-U.S. Data Privacy Framework).

Data Retention Period:

Your data will be retained only for as long as necessary to fulfill the purpose of processing, and in any case no longer than until you withdraw your consent or object to further processing. Data are periodically reviewed to ensure they remain relevant to the purposes for which they are processed.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. data portability, under the conditions set out in Article 20 GDPR;
  5. object to processing under the conditions set out in Article 21 GDPR;
  6. withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal, where processing is based on consent.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is voluntary, but necessary in order to receive up-to-date information about the controller’s current offer.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Newsletter

Privacy notice for individuals who have expressed a desire to receive one of the newsletters of Asseco Poland S.A. electronically by completing a form available on the website. Each form on our websites is accompanied by information on personal data processing so that you may review how your data will be processed before sharing it.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to send commercial information, including marketing about our products and services, through electronic communication – based on your consent (Article 6(1)(a) GDPR in connection with Article 398 of the Electronic Communications Law).

Data Recipients:

Your personal data may be shared with entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Your personal data will not be transferred outside the EEA.

Data Retention Period:

Your data will be retained only for as long as necessary to fulfill the purpose of processing, and in any case no longer than until you withdraw your consent or object to further processing. Data are periodically reviewed to ensure they remain relevant to the purposes for which they are processed.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. data portability, under the conditions set out in Article 20 GDPR;
  5. withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal, where processing is based on consent.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is voluntary, but necessary in order to receive up-to-date information about the controller’s current offer.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Obtaining data from indirect sources

Privacy notice for individuals whose data we have obtained from an indirect source, informing that we process personal data in connection with consent given to receive commercial information electronically or in connection with building business or institutional relations. When sending commercial information or carrying out PR activities, we explain why and how your personal data are processed.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to send commercial information, including marketing about our products and services, through electronic communication – based on your consent (Article 6(1)(a) GDPR in connection with Article 398 of the Electronic Communications Law);
  2. to carry out public relations (PR) activities and to send commercial information, including marketing in non-electronic forms (based on the controller’s legitimate interest in building external relationships and promoting products and services (Article 6(1)(f) GDPR).

Categories of personal data:

The controller processes the following personal data: name, surname, and business contact details.

Data Recipients:

Your personal data may be shared with entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Due to the IT infrastructure and telecommunication services used by the controller, your personal data may be transferred outside the EEA. Your data may be transferred outside the EEA on the basis of a mechanism legalizing Such transfers will only take place on the basis of legally recognized safeguards (standard contractual clauses or an adequacy decision of the European Commission – EU-U.S. Data Privacy Framework).

Data Retention Period:

Your data will be retained only for as long as necessary to fulfill the purpose of processing, and in any case no longer than until you withdraw your consent or object to further processing. Data are periodically reviewed to ensure they remain relevant to the purposes for which they are processed.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. data portability, under the conditions set out in Article 20 GDPR;
  5. object to processing under the conditions set out in Article 21 GDPR;
  6. withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal, where processing is based on consent.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Source of Personal Data:

Your personal data were obtained from specialized business partners or from publicly available sources.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

People's request

Notice for individuals submitting requests to exercise their rights. In fulfilling the information obligation, we explain the purpose and method of processing the personal data provided in connection with the submitted request.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to verify your identity, review your request, and provide a response – pursuant to Article 6(1)(c) GDPR;
  2. to archive requests in order to demonstrate the controller’s accountability for fulfilling its obligations – based on the controller’s legitimate interest in demonstrating compliance with its obligations (Article 6(1)(f) GDPR).

Data Recipients:

Your personal data may be shared with: entities authorized under applicable laws, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Your personal data will not be transferred outside the EEA.

Data Retention Period:

Your personal data will be retained no longer than is necessary to handle your request, and subsequently for the archiving period required to demonstrate the controller’s accountability.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is voluntary, but necessary in order to process your request.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Reporting violations

Notice for whistleblowers and other individuals submitting reports of potential or actual security incidents, personal data breaches, or other irregularities.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48 691 992 077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to handle reports, including their receipt, verification, and clarification, based on the controller’s legal obligations under applicable law – pursuant to Article 6(1)(c) GDPR;
  2. to handle reports, including their receipt, verification, and clarification, in accordance with internal company procedures beyond those required by law – based on the controller’s legitimate interest in ensuring compliance with the company’s internal standards and procedures (Article 6(1)(f) GDPR).

Data Recipients:

Your personal data may be shared with: entities authorized under applicable laws, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Your personal data will not be transferred outside the EEA.

Data Retention Period:

Your personal data will be retained for the period required by applicable law and for the period necessary to demonstrate the controller’s accountability in handling and recording reports.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is mandatory under the internal regulations adopted by the controller.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Shareholders

Notice for individuals whose data are processed in connection with holding shares in Asseco Poland S.A. This notice is addressed in particular to shareholders, shareholder representatives, and individuals authorized to act on behalf of shareholders.

Read more

Data Controller and Contact Details, DPO:

The Controller of your personal data is: Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów (controller). Contact in matters concerning personal data protection: Data Protection Officer of Asseco Poland S.A., e-mail: iod@asseco.pl, phone no.: +48,691,992,077.

Purpose and Legal Basis for Processing:

Your personal data will be processed for the following purposes:

  1. to comply with legal obligations related to the exercise and enforcement of shareholder rights and obligations, in particular those arising under the Commercial Companies Code, the Act on Trading in Financial Instruments, and reporting obligations applicable to joint-stock companies – pursuant to Article 6(1)(c) GDPR in conjunction with the relevant legal provisions;
  2. to organize and conduct the General Meeting, including its facilitation through electronic communication, fulfilling the obligation to provide the list of shareholders upon request, properly verifying your identity for participation in the General Meeting, enabling your right to vote, and managing and verifying proxies, as provided in §4 of the “Regulations of the General Meeting of Asseco Poland S.A." and §4 of the "Regulations on the Rules for Participation in the General Meeting of Asseco Poland S.A. using electronic means of communication" - pursuant to Article 6(1)(c) GDPR;
  3. to review requests and perform other actions related to the exercise of rights attached to shares issued by the controller – pursuant to Article 6(1)(b) GDPR, to the extent that the requirement to process such data is not determined by law (Article 6(1)(c) GDPR);
  4. to conduct analyses necessary to implement the controller’s business strategy and to establish, pursue, or defend against potential claims – based on the controller’s legitimate interests, namely the implementation of its business strategy and the ability to pursue or defend against claims (Article 6(1)(f) GDPR).

Your personal data, including your name, surname, and place of residence, have been obtained either directly from you or from the Krajowy Depozyt Papierów Wartościowych S.A.

Your personal data, including your telephone number, email address, type and identification number of your identity document, image contained on your identity document, PESEL number of both the principal and proxy, and login credentials, have been obtained directly from you.

Data Recipients:

Your personal data may be shared with: other shareholders, in accordance with the Commercial Companies Code, entities authorized under applicable laws, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Data Transfers outside the European Economic Area (EEA):

Your personal data will not be transferred outside the EEA.

Data Retention Period:

Your personal data will be processed for as long as the company exists. After its dissolution, your data will be processed for the period required under applicable laws relevant to the purposes of processing.

Your Rights:

In relation to the processing of your personal data, you have the right to:

  1. access your personal data and request rectification;
  2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
  3. request restriction of processing, under the conditions provided in Article 18 GDPR;
  4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Requirement to Provide Data:

Providing your personal data is necessary for acquiring shares and for exercising the rights and obligations arising under applicable law.

Automated Decision-Making and Profiling:

We do not make any decisions that significantly affect you through automated means, including profiling.

Let's talk about software!
Tell us about your needs and we will suggest the best solution.
Get in touch
Join our team!
We are looking for talents ready to participate in strategic projects.
Write to us
+48 17 888 55 50
info@asseco.pl
Olchowa 14, 35-322 Rzeszów
Menu
NewsCase studyDocumentsCertificatesShopping
Finance
Commercial banksCooperative banksCapital marketsBusiness Intelligence
Healthcare
HealthcareClinicsHospitals
Administration
Central administrationSocial securityUniformed services
Enterprises
CybersecurityERP solutionsCloud servicesCustoms solutionsFMCG Solutions
Energy
Energy
Telecommunications
Telecommunications
Copyright © Asseco. All rights reserved
Privacy policyViolations reportingIncidents reporting
Asseco Poland S.A. with its registered office in Rzeszów, ul. Olchowa 14, 35-322 Rzeszów, NIP (TIN): 522-000-37-82, REGON: 010334578, PKD 6201Z. District Court in Rzeszów, 12th Commercial Division of the National Court Register, KRS No.: 0000033391. The share capital of PLN 83.000.303,00 is fully paid up. Waste Database (BDO) No.: 000004848