Policy privacy

Personal data processing policy of Continental Opony Polska Sp. z o. o.

Definitions

1) Policy:

this document, Personal data processing policy of Continental Opony Polska Sp. z o. o.

2) Administrator, Continental:

Continental Opony Polska Sp. z o. o. based in Warsaw, 02–092, ul. Żwirki i Wigury 16C.

3) Personal data:

information about an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4) GDPR:

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

5) Data subject, data subject, person:

any natural person whose personal data are processed by the Administrator in connection with his business.

Information on processing personal data by the Administrator

The Administrator processes personal data in accordance with applicable law, in particular the GDPR.

The Administrator applies the principle of ensuring transparency in the processing of personal data. Data subjects are informed about data processing at the time of collection. Information clauses specifying the principles of personal data processing constitute an annex to this Policy.

The Administrator respects the principle of personal data minimization. Data is collected to the extent necessary for a given processing purpose and processed only for the required and justified retention period.

In each case (in individual information clauses), the Administrator informs data subjects about the voluntariness or requirement of providing personal data.

Security of personal data

The procedures in force at Continental ensure an appropriate level of confidentiality and integrity of the processed data. Only persons familiar with the regulations and having appropriate authorizations have access to personal data.

The Administrator uses appropriate organizational and technical solutions to ensure an appropriate level of security, integrity and confidentiality of the personal data processed by him.

The Administrator conducts ongoing risk analysis and monitors the adequacy of the data security measures used to address the identified threats. If necessary, the Administrator implements additional measures to increase data security.

Data recipients

Data may be transferred to entities belonging to the Continental Group and trusted recipients, such as IT service providers, accountants, marketing agencies or law firms (who provide services to Continental Opony Polska).

The Administrator takes the necessary steps when selecting processors and only uses suppliers guaranteeing an appropriate level of security of the processed data. data.

Transfer of data outside the EEA

The Continental Group has adopted global, uniform and internal data protection principles (Binding Corporate Rules), based on which data may be transferred within the Group outside the European Economic Area.

Rights

Data subjects have the following rights in justified cases:

1. Right to information about processing data,

2. The right to obtain a copy of the data,

3. The right to rectification,

4. The right to delete data,

5. The right to limit processing.

6. The right to transfer data.

7. The right to withdraw consent.

8. The right to object to the processing of personal data in the cases specified in art. 21 of the GDPR.

If it is found that the processing of personal data violates the provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.

Requests related to the exercise of the rights of data subjects may be submitted via the following contact channels provided below.

Responses to notifications should be provided within one month of receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for such extension.

Contact the administrator in matters related to the protection of personal data

In matters related to the protection of personal data, you can contact
the data administrator:

• by e-mail to the following address: [email protected]

• by correspondence to the following address: ul. Żwirki i Wigury 16C, 02–092 Warszawa (with the note "personal data protection").

Information clauses

Information on the circumstances of the processing of personal data for particular categories of persons constitutes annexes to this Policy.