EPRD Biuro Polityki Gospodarczej i Rozwoju Regionalnego Sp. z o.o. with its registered office in Kielce, as the Controller of your personal data, with a view to adapting to the new obligations regarding the processing of personal data (Regulation (EU) 2016/679 of the European Parliament and of the Council, so-called GDPR), is sending mandatory information about the processing of your personal data. EPRD Sp. z o.o. also informs that you have the right to access, correct, limit the scope or request removal of your data from the personal data file of EPRD Sp. z o.o. at any time. In order to exercise the above rights, please contact us by e-mail.

Information clause
for associates (experts), project participants and subcontractors of the company
EPRD Biuro Polityki Gospodarczej i Rozwoju Regionalnego Sp. z o.o.

in accordance with Art. 13 of the General Data Protection Regulation (GDPR) of 27 April 2016 (OJ L 119, 4.5.2016)

Please, be advised that:

  1. The Controller of the data indicated in the consent for the processing of personal data expressed above is EPRD Biuro Polityki Gospodarczej i Rozwoju Regionalnego Sp. z o.o. with its registered office at 36A Szkolna Street, in Kielce (postal code: 25-604), tel: +48 41 345 32 71, e-mail address: iod@eprd.pl (hereinafter “EPRD”)
  2. The purpose of collecting your data is to process it for:
    • Implementation of contracts, orders and agreements;
    • Submission of tender proposals;
    • Consultation process with consortium partners;
    • Consultation process with experts involved in the preparation of tender proposals;
    • Insurance during business trips and representing EPRD.
    • Implementation of agreements – in accordance with Art. 6, para. 1, letter b, of the General Data Protection Regulation of 27 April 2016
  3. EPRD, based on Art. 6, para. 1, letter c, will be processing your data for the purpose of publishing the image / transferring data to other entities, e.g. on the Controller’s website eprd.pl or on social media profiles.
  4. Your personal data will be stored for the period of 8 years, from the moment of its acquisition or its last update made by you, which is justified by the need to keep the data related to skills and competences up-to-date, as well as by suitability of this data to be used as part of business processes. After the expiration of the aforementioned period, your personal data will be permanently deleted from the IT systems, and the data in paper form will be destroyed. The data will also be deleted after the business reasons have ceased to exist and until the consent is withdrawn.
  5. EPRD, based on Art. 6, para. 1, letter f, will be processing your data as necessary for the purposes arising from rightfully justified interests pursued by the Controller (visual monitoring, monitoring of IT systems, internal visual identification of employees, use of access control system)
  6. The recipients of your personal data will be the entities listed below provided that the Controller signs a data processing agreement with them:
    • Occupational medicine entities;
    • External accounting office (personnel and payroll service)
    • Commercial health care entities;
    • Entities providing ‘social package’ services (e.g. pension programs, group insurance, sports cards for employees)
    • Travel agencies (for business trips)
    • Insurance companies (for foreign trips)
    • External security services
  7. You have the right to access your data and to correct and/or remove it – unless it collides with other regulations – or to limit processing, as well as the right to object, demand discontinuation of processing and transferring of data, the right to withdraw consent at any time, and the right to lodge a complaint to the supervisory body of the President of the Office for Personal Data Protection (before 25 May 2018, the Inspector General for Personal Data Protection).
  8. EPRD secures all data in its possession against unauthorised access by third parties. In relation to computer files, EPRD uses methods of cryptographic protection or logging and access passwords. Access to documentation containing personal data is only available to authorised persons to the necessary extent. Documents in paper form are stored in places physically protected from access by unauthorised third parties.
  9. EPRD does not make automatic decisions based on the profiling of personal data. Each decision regarding specific candidates for experts is made on the basis of a detailed analysis conducted by the employees of EPRD.
  10. Your personal data may be processed by cooperating companies on the condition of concluding a data processing agreement between EPRD and a third party – e.g. accounting office, advertising agency, etc. In the event of concluding such an agreement you will be informed by e-mail about the intention to entrust your personal data to a third party.
  11. The data provided by you will not undergo profiling.