1. DEFINITIONS
Personal Data Administrator (hereinafter: Administrator) – a natural or legal person, public authority, entity, or other body that alone or jointly with others determines the purposes and means of processing Personal Data. Due to the nature of the customs services provided by AC Porath Customs Agency, the Administrator may be: AC Porath Sp. z o.o.
Processor – a natural or legal person, public authority, entity, or other body that processes personal data on behalf of the Administrator.
Personal Data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing Activities – means an operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing, or destroying.
Personal Data Set – an ordered set of personal data available according to specific criteria, regardless of whether this set is centralized, decentralized, or functionally or geographically dispersed.
Data Security – the implementation and operation of appropriate technical and organizational measures ensuring the protection of personal data against unauthorized processing.
Regulation – the Regulation of the Minister of Internal Affairs and Administration of April 29, 2004, on the documentation of personal data processing and the technical and organizational conditions that IT devices and systems used for personal data processing must meet (Journal of Laws of 2004 No. 100, item 1024, as amended).
Act – the Act of May 10, 2018, on personal data protection.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, known as the General Data Protection Regulation.
Supervisory Authority – means the supervisory authority referred to in Article 4(21) of the GDPR.
Client of AC Porath Sp. z o.o. (hereinafter: Client) – a natural or legal person commissioning AC Porath Sp. z o.o. to provide customs agency services.
2. GENERAL PROVISIONS
This Regulation governs the mutual rights and obligations of AC Porath Sp. z o.o. and its Clients concerning the outsourcing of personal data processing. The legal basis of the Regulation is the Act of May 10, 2018, on personal data protection and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).
3. CHARACTERISTICS OF RELATIONSHIPS IN THE PERSONAL DATA PROCESSING PROCESS DURING THE PROVISION OF SERVICES BY AC PORATH CUSTOMS AGENCY Sp. z o.o.
AC Porath Customs Agency Sp. z o.o. provides customs agency services (hereinafter: customs agency services). As part of these services, AC Porath Customs Agency Sp. z o.o. acts as a Processor of personal data entrusted by its Clients, who are the Administrators of such data.
4. PERSONAL DATA PROCESSING
In connection with the services specified in § 3(1) of this Regulation, it is necessary to define the obligations of the parties involved in the performance of the aforementioned services concerning personal data protection.
The scope of personal data processed in connection with the services specified in § 3 of this Regulation includes:
-
Name and surname
-
Business phone number
-
Business email address of employees designated for cooperation with AC Porath Customs Agency Sp. z o.o.
-
Company name
-
Registered office address
-
Business operation locations
-
Full name of the Client (if the Client is a sole proprietorship), Tax Identification Number (NIP), National Business Registry Number (REGON), Personal Identification Number (PESEL)
-
Bank account number
-
For individuals not conducting business: name and surname, residential address, ID card number, PESEL, email address, phone number
-
Data of the person receiving documents or shipments, including company, driver’s name and surname, driver’s ID card number, driver’s passport number, vehicle registration number, phone number
The personal data referred to in § 4(1) will be processed during the provision of services by AC PORATH Customs Agency Sp. z o.o. unless either party is required to process them further under applicable law.
The nature of data processing: data will be processed in both paper and electronic form.
Each party to this Regulation processes personal data only in the manner specified in this Regulation or on the documented instruction of the party acting as the Administrator unless processing is required by Union or Member State law, in which case the Processor must inform the Administrator unless prohibited by public interest.
Each party to this Regulation is committed to processing data lawfully.
The Processor is obliged to immediately inform the Administrator about any proceedings, especially administrative or judicial, concerning the personal data entrusted for processing, as well as any planned or ongoing inspections regarding these data.
Taking into account the nature of processing, the Processor assists the Administrator in fulfilling obligations specified in Articles 32-36 of the GDPR.
In the event of changes in data protection laws, the Processor agrees to adapt its data processing principles to comply with the new regulations.
The Processor must report to the Administrator any situations that could allow unauthorized persons to access the entrusted personal data.
In extraordinary situations (such as data breaches), when it is impossible to obtain the Administrator’s consent, the Processor may take actions not covered by this Regulation only to ensure data security.
After the termination of the Cooperation Agreement, the Processor agrees to permanently delete all entrusted personal data and their copies from all media, or if not possible, to destroy the media in a way that prevents data recovery, except for data required to be retained by law.
AC PORATH Customs Agency Sp. z o.o., acting as a Data Administrator, does not consent to further processing (sub-processing) of the entrusted personal data by the Processor.
Clients, acting as Data Administrators, consent to further processing (sub-processing) of entrusted personal data, to the extent required for the services described in § 3.
The Processor acknowledges that it is responsible for complying with the Act and GDPR concerning data security as if it were a Data Administrator.
5. VALIDITY OF THE REGULATION
This Regulation applies during the validity period of the Cooperation Agreement.
Each party, acting as a Processor, agrees to maintain the confidentiality of all information related to the entrustment of Personal Data and the entrusted Personal Data, both during the validity of this Regulation and indefinitely after the termination or expiration of the Cooperation Agreement.
6. COOPERATION BETWEEN THE PARTIES
The parties are obliged to cooperate in overseeing the implementation of this Regulation. From May 25, 2022, the owner of the company supervises compliance with this Regulation and applicable laws regarding personal data protection. Contact: biuro@acporath.com.
7. FINAL PROVISIONS
Any amendments to this Regulation require a written form under pain of nullity. Matters not regulated by this Regulation shall be governed by applicable law, in particular the Act, GDPR, and the Civil Code.
The Regulation enters into force on May 25, 2022.