On May 25, 2018, the General Data Protection Regulation (GDPR) enters into force. This is a Regulation of the European Parliament and the Council of the EU, aimed at unifying the rules for the processing of personal data in the EU.
Changing the regulations does not require your involvement (personal, telephone or written contact), but we want you to have all the necessary information resulting from the GDPR, i.e. how we process and protect your personal data.
The administrator of your personal data is Serwis Konsularny Sp. z o. o. (SK). We make sure that this data is properly secured and that its processing is clear, reliable and compliant with the regulations.
We assure you that our conduct is guided by the provisions of law regulating the principles of personal data protection. The personal data protection solutions used in our company meet the highest information security standards.
§1
What and where data is obtained and stored
1. Obtaining and storing personal data electronically in SZW
Serwis Konsularny uses the proprietary Visa Ordering System (SZW) to conduct, control and provide visa information. For this purpose, it obtains and stores personal data solely for the purpose of executing orders. SZW as a system is stored on the servers of an external hosting company (security details in §3). Serwis Konsularny stores the following data in the Visa Order System:
– company name (or names and surname of a private person), address of the company or private person, telephone (and fax) number, e-mail address, NIP number, correspondence address and telephone (and fax) number (if different from the payer’s)
– name, surname, telephone number and e-mail address of the contact person
– name and surname, address and telephone number of the applicant, return address with telephone number for delivering the completed order,
– data of the ordered document (type / multiplicity / quantity / date of issue / date of submission and receipt in individual offices),
– based on the above data, SK creates statistics and summaries to analyze its own sales
2. Obtaining and storing personal data via e-mail
During electronic correspondence between SK and the client, personal data are sent in the messages, i.e. completed official forms, scans of personal documents, photos, etc. All correspondence is stored on the servers of an external hosting company (security details in §3). SK does not provide this data to anyone other than employees in order to complete the order. The data is strictly confidential and is not used for customer profiling or in any other way that exposes the customer to theft, transfer or processing of personal data.
3. Obtaining and storing personal data from electronic inquiry forms on the website
SK obtains the following personal data from electronic inquiry forms on the website – company name, names and surname, telephone number, e-mail address – we obtain data only for the purpose of quick contact with the customer and processing the inquiry. The data is stored on the servers of an external hosting company (security details in §3). This data is obtained on the website www.serwikonsularny.pl; www.legalnypobyt.pl and www.klient.serwikonsularny.pl
4. Obtaining and storing personal data on paper documents during the duration of the order
During the execution of the order, temporary documentation is kept and collected. These are waybills, documents physically provided by the client for the purpose of executing the order, and employee notes closely related to the execution of the order. At all times, when not in use, this documentation is stored in a locked cabinet on company premises. SK does not provide this data to anyone other than employees in order to complete the order. The data is strictly confidential and is not used for customer profiling or in any other way that exposes the customer to theft, transfer or processing of personal data.
5. Storing personal data on paper documents after completing the order
After completion of the order and settlement with the client, all documentation is transferred to a specialized company that destroys documents containing personal data. These documents, in the presence of SK’s data administrator, are placed in a container, sealed and handed over to a specialized company for destruction. From the completion of the order and settlement with the client, the time to destroy the documentation does not exceed one month. In the period between the end of the order and the submission for destruction, the documents remain in a special room secured with a lock on the premises of SK.
§2
Who has access to this collection
§3
Who will we transfer the data to?
1. Transfer of personal data to external service providers.
In order to complete the order, personal data is transferred to our partners, i.e. insurance systems, courier companies, foreign companies purchasing invitations and vouchers, foreign partners for visa services outside Poland. In order to conduct business activities, personal data is also made available to entities providing legal, auditing, tax and accounting services to SK. SK has signed separate agreements on personal data protection and GDPR with our partners and other entities.
2. Transferring personal data to state offices and consular offices
Due to the nature of its business activity, SK, during the execution of an order, transfers personal data at the client’s request to selected state offices and consular posts. SK has no influence on how the data is stored, transferred and processed by these entities. These entities are usually subject to the applicable law of individual countries, which is not influenced by the above regulations. After SK provides the relevant data to these entities during the execution of the order, SK’s liability for the data provided ends in this case.
§4
How they are protected
1. Page security systems and SZW
Websites are regularly checked and updated for security by a specialized external hosting company. Reports on periodic audits and updates, as well as network security certificates, are sent to our company and available on request. The Visa Order System (SZW) is a proprietary system, closed to external attacks. It is constantly monitored by the creator and system administrator.
2. Access passwords
Periodically and every time there is a change in the personnel of the Serwis Konsularny, passwords for access to individual databases are changed, i.e. (computers, routers, mailboxes, database, SZW, insurance, courier companies).
3. Antivirus program
Serwis Konsularny uses modern, updated and legal anti-virus software on all computers, certificates are available at the company’s headquarters.
4. Staff training
Employee training in personal data protection and online security is mandatory during the employment process and after each emergency situation or change in security schemes in the company.
5. Physical protection of personal data at the company’s headquarters
The company’s headquarters is secured with locks with limited access. Documentation is stored in special rooms and protective cabinets.
§5
What rights do you have in connection with the processing of personal data
1. The right to rectify data – i.e. correct personal data when it is incorrect, has changed or has become outdated
2. The right to partial or complete deletion of data (“right to be forgotten”) – i.e. to delete data remaining in the Serwis Konsularny databases
3. The right to limit data processing – i.e. limiting data processing only to storing it, which results in suspending the execution of a given order
4. The right to access data – i.e. obtain information about the purpose and method of processing your personal data and copies of data – this information is publicly available, also in this scheme
5. The right to transfer data – i.e. obtain your personal data that you have provided to us or indicate another administrator to whom we should transfer it, if technically possible
6. The right to object – to the processing of personal data, i.e. resignation from the service and complete deletion of data
7. The right to withdraw consent – i.e. you can withdraw any consent at any time, which results in partial or total resignation from the provision of the service 8. you can exercise your rights by submitting an application via any communication channel – by sending an e-mail to biuro@serwikonsularny.pl or by calling +48 22 826 44 62 or to any assistant from our company