Privacy policy

The Privacy Policy sets out the rules for the processing and protection of personal data provided / shared by Users in connection with their use of services provided by the Website.

The administrator of personal data contained in the Website is Fib.Code Sp. z   o.o. localized in Olkusz, 32-300 Olkusz, ul. Rynek 29, NIP: 637-220-84-21, entered into the National Court Register - Register of Entrepreneurs kept by the District Court for Kraków-Śródmieście in   Kraków under the number:   0000804872, running the Website via the Internet.

Website address of the Service: https://pecluban.whistleblower.pl/

  • What personal data do we process?

    The form is fully anonymous. We do not process personal data or other metadata allowing the identification of a natural person.

    Users are offered (only with their voluntary, informed consent) the option of sending the form along with their personal data - in this case, the data subject will receive notifications about the progress in the process of resolving the submitted report.

    In the case of using the tool in the role of Compliance Officer, the Website Administrator processes personal data in a form that allows for the identification of a person. The action is necessary to perform the contract between the Parties - the Website Administrator and the Employer (Principal).

  • Categories of personal data processed

    Personal data processed within the Website (only in the form of reporting with informed and voluntary consent to provide personal data - to the Website Administrator and the Employer) for the purpose of processing the report: name, surname, e-mail address.

    W przypadku korzystania z narzędzia w roli Compliance Officera, Administrator Serwisu przetwarza dane osobowe w postaci: imię, nazwisko, adres poczty e-mail, stanowisko, adres IP.

    The Website Administrator processes personal data for the purpose of performing the contract. Providing personal data in the role of Compliance Officer (marked on the Website as mandatory) is a contractual requirement, failure to provide them results in the inability to provide the service. Personal data (marked as optional) are made available voluntarily to the Website Administrator and the Employer (Principal) with the consent of the User.

    Personal data will be subject to automated processing. Personal data will not be subject to profiling processes.

  • Legal basis for the processing of personal data

    The legal basis for data processing is:

    • preparation and conclusion of a service contract between the Website Administrator and the Employer (Principal) - art. 6 sec. 1 point b of the General Regulation on the Protection of Personal Data of April 27, 2016 (GDPR);
    • fulfillment of legal obligations incumbent on the Website Administrator (provisions on warranty, tax regulations) - art. 6 sec. 1 point c of the GDPR;
    • consent to the processing of the User's personal data (submission of the report along with the provision of personal data) - art. 6 sec. 1 point a GDPR;
    • legitimate interest of the Website Administrator (providing personal data to external entities supporting the provision of the service - IT, Hosting) - art. 6 sec. 1 point f GDPR.

  • How long is data (including personal data) stored?

    Data about a specific report will be stored for a maximum period of 6 years, in order to consider any claims under the warranty and for the purposes resulting from tax regulations.

    Personal data may be processed for a longer period than indicated above, if it is required by mandatory provisions of law.

  • Provision of personal data

    The User's personal data may be transferred to other entities which, on the basis of relevant contracts signed with the Website Administrator, process personal data at the request of the Website Administrator or as a separate Data Administrator (Employer / Principal) for the purpose of providing the service.

  • What rights do you have over your own data?

    You have the rights to:

    • obtain information on data processing, including categories of data processed and possible recipients of data;
    • request the correction of incorrect data or supplementing incomplete data;
    • request deletion of data - by objecting to their processing;
    • requests to limit data processing - if the legal requirements justifying such a restriction are met;
    • transferring data - by receiving data in a format that allows them to be transferred to a third party selected by the User;
    • withdrawal of consent, without affecting the compliance with the law of processing, which was made on the basis of consent before its withdrawal;
    • submit a complaint to the supervisory body - the President of the Office for Personal Data Protection, ul. Stawki 2, 00 - 193 Warsaw - in the event that it is found that the data is being processed contrary to the law.

  • How do we protect data?

    In the interest of the security of the data entrusted to us, we have developed internal procedures and recommendations to prevent disclosure of data to unauthorized persons. We control their performance and constantly check their compliance with the relevant legal acts - GDPR, the Act on the Protection of Personal Data, the Act on the provision of electronic services, as well as all types of implementing acts and Community law. The data is protected by technical and organizational measures in accordance with applicable regulations. The Administrator does not collect data from third parties or from publicly available sources and only processes data provided by Users. The data will not be transferred to third parties or third countries.

  • Any questions regarding the protection of personal data

    All requests, questions and requests related to data processing should be directed to the Website Administrator at the following e-mail address: [email protected]

  • Profiling

    The website does not perform profiling processes based on information provided or made available by Users.

  • Policy changes

    In the event of changes to the Policy, the Data Administrator will inform the Users by publishing the changes on the Website's website.

    Changing the Administrator's data or contact details does not require the Administrator to use the procedure described in this paragraph. However, the Administrator is obliged to notify Users about such changes.

  • Final Provisions

    The Policy comes into force on the day it is published on the Website.

    In matters not covered by the Policy, the relevant provisions of Polish law shall apply.

  • Cookies

    In order to enable an anonymous user to get to know the status of the report created by him, the Website Administrator stores a unique code entered by that user in cookie files. This code was generated when creating the ticket.

    In the case of using the tool in the role of Compliance Officer, after logging in, the Website Administrator uses cookies to verify the user's identity on individual subpages.