Pursuant to Article 13(1) and 13(2) of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) (hereinafter referred to as “GDPR”) we inform that:
1. Data controllerThe controller of your personal data is Polska Agencja Inwestycji i Handlu S.A. (PAIH) with its seat in Warsaw at ul. Krucza 50 (00-025 Warszawa), entered into the register of entrepreneurs of the National Court Register by the Capital City of Warsaw District Court, under the number KRS 0000109815 (hereinafter referred to as “
Controller”). The Controller can be reached through the contact form on
www.paih.gov.pl, by sending an email to:
iod@paih.gov.pl, or by traditional mail at the address of the Controller’s seat stated above.
2. Data Protection Officer
The contact person in all matters related to the protection of personal data and your rights is the Data Protection Officer. You can contact the Data Protection Officer by sending an e-mail to
iod@paih.gov.pl or by traditional mail at the address of the Controller’s seat stated above with a note saying “c/o the Data Protection Officer.”
3. Purposes and ground for processing personal dataYour personal data are processed in connection with visual monitoring in order to pursue a legitimate interest of the Controller (Article 6(1)f of the GDPR), in particular:
a) ensuring security and protection of property,
b) determination, exercising and defending claims.
Your personal data is processed in order to ensure security on the premises and protect the Administrator’s property – the legal basis for processing is the necessity of processing to implement the Administrator’s legitimate interest (Article 6(1)f of the GDPR).
The following areas are covered by visual monitoring: facility entrance, corridors and communication routes. Only the image from monitoring cameras, not the sound, is recorded. Monitoring does not extend to sanitary areas, cloakrooms, cafeterias, smoking rooms and premises assigned to the facility's trade union organisation.
The Controller marks the monitored premises and areas in a conspicuous and legible manner, using suitable signs.
Your data will also be processed to enable you to enter the building. Recording entries and exits to the building by listing in the guest book is carried out in order to ensure security in the building, protect property and prevent situations that may result in the loss of information, the disclosure of which could cause damage on the basis of the legitimate interest of the data controller (Article 6(1)f of the GDPR).
The legitimate interest of the data controller is the need to ensure the safety of persons and property located in the area covered by the monitoring, as well as to keep secret information, the disclosure of which could expose the data controller to damage.
4. Data recipients
The recipients of your personal data may be solely entities or authorities that have the right to receive your personal data in compliance with generally applicable provisions of law.
5. The time for which personal data are stored
Recorded images are processed by the Controller solely for the purposes for which they were collected and stored for a period not exceeding 3 months from the recording date. Where recorded images are used as evidence in legal proceedings or the Controller learned that they could be so used, the deadline referred to above is extended until the final termination of proceedings. After the expiry of the above period, image recordings obtained via monitoring and containing personal data are to be destroyed, unless otherwise provided for in separate provisions.
Personal data contained in the guest book will be stored for a period of 3 months from the date of complete completion of the guest book, and after this period will be destroyed. The exact storage time depends on the number of visitors.
6. Rights of data subjects
Pursuant to the GDPR, you have the following rights: the right to access data, to rectify data, to erase data, to restrict the processing of data, to object to the processing of data, to transfer data, and to file a complaint with the Chairman of the Personal Data Protection Office. You are entitled to these rights in the scope provided for in generally applicable provisions of law.
7. Information about required/voluntary submission of data
The submission of your data is voluntary, but required for your stay in the Controller’s facilities.