DOCUMENTA sprijină companiile în demersul aplicării prevederilor GDPR

`Ce este GDPR-ul?`

Regulamentul general privind protecția datelor (General Data Protection Regulation - GDPR) = Regulamentul (UE) 2016/679 al Parlamentului European și al Consiliului din 27 Aprilie 2017 privind protecția persoanelor fizice în ceea ce privește prelucrarea datelor cu caracter personal și privind libera circulație a acestor date și de abrogare a Directivei 95/46/CE.

Legea a intrat în vigoare în statele membre UE în data de 25 mai 2018, aceasta fiind data limită la care toate țările s-au aliniat la noile reglementări.

`Implementare norme GDPR - DOCUMENTA`

BitHAT Solutions este printre primele companii de IT care a implementat soluțiile de conformitate, aplicând astfel regulile impuse de către Uniunea Europeană.

De la interfață și până la arhitectura tehnică, DOCUMENTA-DMS este concepută astfel încât să minimalizeze accesul și folosirea datelor cu caracter personal, fiind prelucrate doar acele date de care este nevoie pentru o operațiune specifică și impetuos necesară. Această caracteristică este realizabilă cu ajutorul drepturilor de acces, în funcție de zona de acțiune și de competență fiecărui utilizator. Astfel, drepturile persoanelor ce pot avea acces la datele cu caracter personal (drept pe fiecare categorie de documente, drept pe fiecare tip de document, pe registrul de documente, operațiuni, șabloane, tip de index) sunt alocate într-un mod foarte controlat și strict.

De asemeni, accesul poate fi monitorizat prin intermediul funcției de audit, iar descarcărea și copierea documentelor sunt blocate prin intermediul unor funcționalități ca: Security Level 2, IPSecurity, IMEI Security, Audit, Logs.

Alertele setate pentru situațiile de accesare sau descarcare a documentelor ce conțin informații sensibile sunt semnalate către administrator, auditori sau către responsabilul cu protecția datelor din companie, iar în cazul unei situații de risc apărute, datele sunt pseudonimizate și criptate, urmând ca acestea să fie restaurate din serverul specific de date cu ajutorul unei echipe de suport tehnic.

Aceste caracteristici și funcționalități fac din aplicația de management electronic al documentelor, DOCUMENTA-DMS, o soluție cu un nivel maxim de securitate, iar prin implementarea și utilizarea ei se respectă condițiile de prelucrare a informațiilor cu caracter personal.

Privacy Policy

`Introduction`

`Policy objective`

We would like to inform you that the principles contained in this Policy shall apply whenever you use the websites of Asseco Poland S.A. (e.g. websites in the global domain www.asseco.com, owned by Asseco Poland S.A. and other websites, hereinafter referred to as the "Asseco Websites"), as well as in any other case when you contact our Company, including in the framework of activities conducted by Asseco Poland S.A. for the entities of the Asseco Group, hereinafter referred to as the "Processes".
Asseco Poland S.A. declares that both the websites and other tools used by the Company in its day-to-day operations are developed and selected with the utmost care, the latest technical knowledge and the principles of professionalism, and meet the requirement of compliance with the applicable laws, in particular those that protect the privacy of natural persons, including website users:

Technology for business, solutions for people. Our mission is to improve the quality of life by providing solutions for people and technology for business.
Asseco is everywhere where technology and business connect with everyday life. Our experience gained in all market sectors allows us to create reliable, advanced products. We operate globally, but we never lose sight of the human and social dimension of our work. We know that someone's life and financial future may depend on our solutions. We take full responsibility for the projects we carry out. In this way we have been building trust and prestige of our brand for years.
Asseco makes every effort to meet the highest standards of management, communication and transparency. The pillars of our business are, among others, compliance with applicable laws on privacy and personal data protection. We attach particular importance to respecting the privacy of visitors to our sites (hereinafter referred to as the "Users"):

• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. OJ EU. L. 2016 No. 119/1 (GDPR).
• Act of July 18, 2002 on the provision of electronic services, i.e. Journal of Laws of 2020, item 344, as amended.
• Act of July 16, 2004. Telecommunication Law, i.e. Journal of Laws of 2019, item 2460, as amended.

`Data collection - Security`

The right to respect personal data and control information is an important part of everyday work for Asseco, therefore security is crucial. Asseco selects security measures based on the continuous process of risk and threat assessment and analysis of the latest market solutions.
Tools - sites, applications, programs, devices are equipped with both technical and organizational security measures to protect the information under our control from loss, misuse or modification. We protect any information disclosed to us in accordance with laws, regulations, and good practice standards to protect security and confidentiality. Asseco has implemented the Information Security Management System based on the international standard ISO/IEC 27001:2014.
Asseco has appointed the Data Protection Inspector (DPO) to ensure compliance with the rules related to personal data protection. Contact us about privacy or personal data protection issues: Data Protection Inspector of Asseco Poland S.A., 14 Olchowa St., 35-322 Rzeszów, e-mail: iod@asseco.pl, phone: +48 17 888 55 55

`Collection of data - Personal data protection`

The information about you that Asseco may collect and process includes:
• name and address, e-mail address and telephone number;
• demographic data, when linked to personally identifiable information;
• photographs and opinions;
• transaction data, including products and services ordered, financial data and payment methods used;
• company data such as company name, size and location and your role in the company;
• survey data and publicly available information, such as posts from social networking sites;
• unique identifiers, such as mobile device identifiers or cookie identifiers in your browser;
• IP address and information that may be determined by the IP address, such as geographical location;
• information about the device you are using, such as your web browser, device type, operating system, presence or use of "applications", screen resolution and preferred language;
• data about the behavior of a computer connected to the Internet or a device used to access websites, such as clicks on ads or their display, sites and their content, dates and times of activity or searches to locate and visit websites.

Notwithstanding the above, there may be circumstances in which other information than that indicated above will be necessary to provide the service or process requested by you. In such cases, you will be informed of the need to provide certain information, including personal data, with an indication of the purpose of its use. You have the opportunity to make a voluntary decision on whether or not to provide access to your data. Nevertheless, providing personal data may be required in a situation where it is necessary to provide the service or process specified each time within the framework of the website, the regulations of Asseco (e.g. receiving information about the product, organized event, offer, demo download, launching an internship program, recruitment process). In such cases, you may be asked to fill in and send a form/ questionnaire, which will clearly indicate what kind of personal data will be collected and for what purpose.
The data provided will be processed for the time necessary to achieve the purpose of providing access, unless the law requires it to be kept for a longer period.
If you disclose the personal data of a third party in a form/questionnaire, direct relations, you will be deemed to have the consent of the third party whose data you disclosed.
You have the right to inspect as well as the right to correct and complete any incorrect or incomplete personal data. You also have the right at any time to demand that the processing of your personal data be discontinued (that the data is deleted). The form of making this request is given when collecting the data or, if not given, you can submit your request to the e-mail address iod@asseco.pl.
It shall be reserved that the Asseco websites do not to collect, monitor or verify information about the age of the Users who visit them, or other information the collection of which would make it possible to determine whether the User (including the recipient and user of e-mailing lists, survey participant and person participating in contests organized through them) has legal capacity.
Persons who do not have full legal capacity should not order or subscribe to services provided under the Asseco Websites unless their legal representatives give their consent, if such consent is sufficient under applicable law.
Below we present the principles of processing of personal data by Asseco in order to achieve the objective related to the indicated area of Asseco's operations. Please be informed that Asseco may process data as a controller or a processor on behalf of another controller.

`Marketing and Public Relations`

Any and all information, including personal data provided by you on the Asseco Web-sites and provided in connection with your participation in various types of meetings organized by the Asseco Group companies, may be used for marketing and public re-lations purposes in the undertakings conducted by the Asseco Group companies, if you give your consent. Your consent shall be tantamount to accepting receipt of infor-mation via electronic means of communication (in particular commercial information).

`Recruitment`

The recruitment of new employees, trainees, interns, apprentices, partners for Asseco Poland S.A. or other entities of the Asseco Group may be carried out through the As-seco's websites, social media portals or in direct contact. The personal data obtained in this way is used exclusively for the purposes of current and future recruitments with the consent of the person taking part in them. Such consent applies to all documents submitted during the recruitment processes.

`Employment/cooperation record - Asseco personnel`

The "Asseco Personnel" comprises of Asseco employees hired under employment contracts as well as Asseco employees with whom civil law contracts have been con-cluded.
Personal data of the Asseco Group's personnel shall be disclosed in business rela-tions to contractors and entities of the Asseco Group for the purposes and to the extent necessary to fulfil their obligations and comply with legal regulations. The scope of the processed personal data of the Asseco Personnel in business relations shall not ex-ceed the information necessary to identify and to provide information related to the qualifications of the Asseco Personnel, in particular to document their competence within the framework of offers submitted by the Asseco Group companies.

`Business relations - Contractors (Partners, Customers, Suppliers)`

Personal data and information provided through the Asseco websites may be used in business relations of the Asseco Group companies.
In particular, such processing activities may be carried out as: making available, send-ing commercial, product and marketing information or information on partner programs and communication within the framework of the obligations binding the Parties.
The Asseco Group companies reserve the right to disclose such information and per-sonal data of a person representing the Contracting Party to other related entities in order to provide services or Processes, provided such disclosure is legally permissible.

`Portals/Social Media`

Asseco's social media are conducted for image and recruitment purposes. They are used to promote the company, including its experts, products, events and business successes. They constitute one of the external communication channels of Asseco.
Asseco uses such portals as: Twitter, LinkedIn, Facebook, Instagram, YouTube.
Using our profiles, pages, social media channels also gives you the opportunity to connect to non-Asseco websites, social networking sites, applications and other fea-tures. Using them will result in your personal data being processed by entities inde-pendent of Asseco, in particular the operators of the aforementioned websites, over which Asseco has no control and responsibility. We make every possible effort to properly secure your personal data, thus we recommend prudent use of unknown functionalities, applications, and we encourage you to read the privacy policy of these entities before using them.

`Asseco Group`

Protection of information, including personal data and technical, organizational and legal security is crucial for each and every entity of the Asseco Group. Each of the As-seco Group companies is an independent controller. The provision of personal data between Asseco and the Asseco Group companies that may be processed outside the EEA shall be governed by a signed agreement, the integral part of which are standard contractual clauses approved by the European Commission.

`Shareholders`

The information is addressed to natural persons whose personal data we process in connection with identification of Shareholders, participation in the General Meeting of Shareholders, communication of corporate events or exercise of rights attached to shares which are or will be issued by the Company. Within the meaning of this infor-mation, a 'Shareholder' is also a person who is a proxy or statutory representative of the Shareholder or who represents him or her or is otherwise a person entitled to ex-ercise rights from the Company's shares.

`Management Board and Supervisory Board`

This information is addressed to the members of the Supervisory Board and Manage-ment Board of Asseco Poland S.A., whose data we process in connection with the cor-porate services provided to the Company's governing bodies.

`Monitoring`

We take care of our safety as well the safety of our guests, therefore we conduct video monitoring of people in our offices within the range of monitoring cameras and keep records of people entering our offices.

`Requests of data subjects concerning the processing of their personal data`

We respect the rights of the data subjects pursuant to art. 7 and 15-22 of the GDPR, i.e. the right of access to data, rectification, deletion, restriction of processing, obtaining a copy, transfer of data, withdrawal of consent, objection to processing, not being subject to decisions based solely on automated processing (data is collected in connection with a request made by a person) - we fulfil the information obligation pursuant to art. 13 of the GDPR (data collected directly from the data subject).

Collection of Information - Cookie Policy

According to the established practice of most websites, we store HTTP queries addressed to our server. This means that we know the public IP addresses from which you can view the information content of our service. The resources you are viewing are identified by their URLs. We also know about:

• time of the inquiry,
• time of sending the answer,
• client station name - identification implemented by the HTTP protocol,
• information about errors that occurred during the execution of HTTP transactions,
• The URL of the page previously visited by the user (referer link) - in case the page was accessed via a link, information about the user's browser.
The above information is saved in the so-called "cookies" files.

We use "cookies" for the following purpose:
• adjusting the content of the Service's websites to the User's preferences and optimizing the use of websites; in particular, these files allow to recognize the Service User's device and properly display the website, adjusted to their individual needs
• create statistics that help to understand how Service users use the web pages to improve their structure and content
• maintaining the Service User session (after logging in), thanks to which the User does not have to re-enter their login and password on each subpage of the Service.
• improve security by controlling abuse in the use of the Websites,
• obtain aggregate, anonymous statistical data to improve the functionality of the Websites,
• maintain your session (applies to Sites with login options) so that you do not have to re-enter your login and password on each page of the Site,
• enable the basic functionality of the Websites (e.g., remembering the pages you visit in turn to restore them on your "request"),
• The website is designed to adapt the content of advertisements and texts displayed on the Asseco Sites as well as outside them to the User's preferences.
We use the following types of cookies on the Asseco Websites:
Session cookies (temporary) - stored on your device only while you are using the Websites, i.e., until you log out, turn off the Website or turn off your browser,
Permanent cookies - remain on the User's device until the end of their life (operating time parametrized for the cookie) or until the User removes them.
The cookie settings are individual for each web browser. The default option is to allow cookies. However, you can disable this option completely or restrict the reception of cookies on your device to some extent. We would like to inform you that this may affect the convenience of using the pages, and may cause most websites to be missing or incorrectly displayed. In some cases it is possible to set your browser to ask for your consent to cookies in each case. This gives you the possibility to control the cookies, but may slow down your browser.

To easily manage cookies, select your preferred browser and follow the instructions:
• Internet Explorer
• Firefox
• Chrome
• Opera
• Safari

If you use a different browser than the above mentioned, please refer to the cookie documentation on the website of the solution provider.
If you do not change your cookie settings, it means that they will be placed in your end device and thus the Asseco Group will store information in your end device and access it.

`Cookies of independent companies used on Asseco websites`

Google Analytics - web analytics cookies collect information about your use of our website, the type of website from which you have been redirected, the number of visitors and the duration of your visit to this site. This information does not record any specific personal data of the user, but is used to compile statistics on the use of the website on an aggregate basis.
YouTube - the websites operated by the operator include videos and links to videos from YouTube. As a result, when browsing through a page with embedded content from YouTube or links, you may be exposed to cookies from these sites. More information: www.youtube.com.
Adobe Flash Player - the website uses animations in Flash technology. Flash Player software uses local shared objects or Flash cookies to enable the user to use features such as automatic restoration or saving of user preferences. Flash cookies are stored on the user's device in the same way as normal cookies, but are managed differently from the browser. More information: www.adobe.com
Chatbot - Virtual Advisor placed on the website, communicating with users in natural language, providing them with general information about the company and working conditions in Asseco Poland, as well as searching for job offers based on criteria chosen by the user. The Virtual Advisor processes the IP address and collects cookies. This information is used to create statistics that help to understand what kind of information about the company and work in Asseco Poland users are looking for, how many people are interested in this form of conversation and how long each conversation with the advisor lasts.

`Sharing sites`

Asseco websites may contain links to websites of other entities. Asseco Poland S.A. has no influence on the privacy policy of those entities' websites and is not responsible for it.

`Changes to the Privacy Policy`

The policy is reviewed and, if necessary, updated on an ongoing basis. The current version of the Policy has been adopted and is effective as of September 11, 2020.