A A+ A++
Menu

Privacy policy

/ Privacy policy

Personal data information clause

§ 1. Personal data administrator

The administrator of the personal data of the Recipients (Buyers) is Szczecińska Energetyka Cieplna Sp. z o.o. (hereinafter referred to as “SEC”), ul. Zbożowa 4, 70-653 Szczecin, KRS 131910, NIP 851-010-94-44, www.sec.com.pl, bok@sec.com.pl, tel. +48 91 450 99 99 The Personal Data Protection Inspector (Sebastian Zagórski) of Szczecińska Energetyka Cieplna Sp. z o.o. can be contacted by writing to the postal address, or electronic address: iod@sec.com.pl, with the note: “Personal Data Inspector”.

§ 2. Objectives and grounds for processing

The personal data of Recipients will be processed on the basis of legal provisions – in particular Article 6(1)(a)-(f) of the GDPR, concluded agreements, and on the basis of consent granted for the following purposes:

  • concluding and performing a contract for the use of our services based on the Recipients’ interest in our services,
  • marketing and promotion of services offered by SEC,
  • customer satisfaction surveys and determining the quality of our service, which is our legitimate interest,
  • collecting receivables, which is our legitimate interest,
  • potential legal disputes, including establishing, investigating, or defending against claims, which is our legitimate interest,
  • archival (evidential) for securing information in case of a legal need to prove facts, which is our legitimate interest,
  • fulfillment of legal obligations, e.g., the obligation to issue an invoice or other document required by law,
  • fulfilling our legal obligations under EU or Polish law (e.g., toward the President of the Energy Regulatory Office or tax authorities) – because processing in this case is necessary to comply with the legal requirements to which we are subject.

Otherwise, Recipients’ personal data are processed only on the basis of previously granted consent within the scope and purpose specified in the consent.

§ 3. Categories of data we process

In order to provide services to you, we process the following data:
data necessary for the conclusion, performance, and termination of contracts concluded with SEC – including name, KRS number, REGON number, NIP number, registered office address, representation data, contact details, data concerning the real estate covered by the contract,
image recordings – data recorded at SEC’s registered office related to property security,
audio data – data related to the recording of conversations between SEC employees and customers calling SEC.
Detailed and complete information on the processing of personal data is provided to customers when concluding a contract or responding to a query addressed to the Data Protection Officer.

§ 4. Data recipients

Personal data may be transferred to entities to whom the transfer of data is necessary for the performance of the contract – these include entities from our capital group, entities providing IT services to the seller, services in the field of debt collection under the contract, and in the field of issuing and delivering invoices. The recipients of the personal data of the Recipients will also include state authorities within the scope of their tasks.

§ 5. Transfers of data to third countries or international organisations

The Recipients’ personal data will not be transferred to a third country or international organisation.

§ 6. Data retention period

(the period for which the personal data will be stored, and where that is not possible, the criteria used to determine that period)

The personal data of Recipients will be processed for the period necessary to achieve the purposes of processing indicated in point 2, i.e.:

  • for the purpose of performing the contract concluded by the Recipients, for the period until its expiry, and after that time for the period required by law or to secure any claims, and if the Recipients consent to the processing of data after the expiry of the contract for archiving purposes, until such consent is withdrawn,
  • for the purposes of marketing and promoting the services offered, for a period until the Recipients withdraw their consent to such processing,
  • for the purpose of customer satisfaction surveys and determining the quality of our service, for the duration of the contract,
  • or the purpose of debt collection – for a period of 5 years from the end of the contract,
  • in relation to court disputes for a period of 10 years from the date of the final judgment concluding the proceedings.

§ 7. Rights concerning personal data

Recipients have the right to access their data and the right to rectify, delete, restrict processing, the right to transfer data, the right to object to the processing of Recipients’ personal data, the right to withdraw consent at any time without affecting the lawfulness of the processing (if the processing is based on consent) that was carried out on the basis of consent before its withdrawal. Recipients have the right to lodge a complaint with the supervisory authority competent in matters of personal data protection if they consider that the processing of their personal data violates the provisions of the GDPR. The data controller reserves the right to refuse to delete user data if its retention is necessary for the purpose of pursuing claims or if required by applicable law.

§ 8. Information on the requirement/voluntary nature of providing data

The provision of data by Recipients is voluntary, however, failure to provide the data necessary for the performance of the contract will prevent its conclusion and performance.

§ 9. Automated processing and profiling

The personal data of Recipients will not be processed by automated means, including profiling.

§ 10. Google reCAPTCHA

On our sites we use the “Google reCAPTCHA” service (hereinafter “reCAPTCHA”), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The reCAPTCHA function makes it possible to check whether the data on our pages (e.g. in a contact form) has been entered by a human being or by an automated machine. For this purpose, reCAPTCHA analyses the user behaviour of the page based on various characteristics. This analysis starts automatically as soon as the page is accessed. As part of the analysis, reCAPTCHA takes into account various information (e.g. IP address, amount of time spent on the website by the user or mouse movements made by the user). The data collected as part of the analysis is sent to Google.

The reCAPTCHA analysis runs entirely in the background. The website user is not informed that such an analysis is taking place.

Data processing is carried out on the basis of Article 6(1)(f) of the General Data Protection Regulation. The website operator has a legitimate interest in protecting its online offering against abuse resulting from automated data harvesting as well as against spam.

For more information on Google reCAPTCHA and Google’s privacy statement, please visit: https://policies.google.com/privacy?hl=pl

Cookie policy on SEC website

  1. In connection with the provision of content on the website www.sec.com.pl, we use cookies, i.e., information stored by servers on the user’s end device, which servers can read each time they connect to that end device. We may also use other technologies with functions similar or identical to cookies. In this document, information about cookies also applies to other similar technologies used on our websites. Cookies are IT data, in particular text files, which are stored on the end device of the user of the www.sec.com.pl website. Cookies usually contain the domain name of the website they come from, their storage time on the end device, and a unique number.
  2. Cookies are used for the following purposes:
    to adapt the content of the website to the user’s preferences and to optimize the use of websites; in particular, these files allow the website to recognize the user’s device and display the website accordingly, tailored to their individual needs, to create statistics that help understand how website users use the website, which allows for improving its structure and content, to maintain the website user’s session (after logging in), so that the user does not have to re-enter their login and password on every subpage of the website, and to provide users with advertising content that is more tailored to their interests.
  3. Within the www.sec.com.pl website we may use the following types of cookies:
    “necessary” cookies enabling the use of the services available within the website, e.g. authentication cookies used for services requiring authentication within the website, cookies used to ensure security, e.g. cookies used to detect misuse of the website’s authentication, cookies that make it possible to collect information about the way the website’s pages are used, “functional” cookies that make it possible to “remember” the user’s selected settings and to personalise the user’s interface, e.g. with respect to the selected language or the region from which the user comes, the font size, the website’s appearance, etc, “advertising” cookies, making it possible to provide users with advertising content more tailored to their interests
  4. In many cases, the web browsing software (web browser) allows cookies to be stored on the user’s terminal device by default. Users of the website may change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the web browser settings or inform about their placement on the website user’s device each time. Detailed information on the possibility and methods of using cookies is available in the settings of your software (web browser). Failure to change the settings for cookies means that they will be placed on the user’s terminal equipment, and thus we will store information on the user’s terminal equipment and gain access to this information.
  5. Disabling cookies may cause difficulties in using certain services on our websites, in particular those requiring login. However, disabling cookies does not prevent you from reading or viewing content posted on the www.sec.com.pl website, with the exception of content that requires login.
  6. Cookies may be placed on the end device of users of the www.sec.com.pl website and then used by advertisers, research companies, and multimedia application providers cooperating with the website.

Declaration on the application of necessary security measures by Szczecińska Energetyka Cieplna

Assets/systems/processesSecurityImplementation
Information Security Policy (ISP),
Business Continuity Policy (BCP)		The Information Security Policy and Business Continuity Policy have been developed and approved, and are reviewed and issued by competent persons. 
Internal organisationA management structure has been established to initiate and oversee the implementation and operation of information security within the organization (roles and responsibilities for information security, separation of duties, contacts with authorities, contacts with specialist interest groups, information security in project management). 
Mobile devices
and teleworking		ISP in chapters: Competencies and awareness, remote working rules, Portable data storage devices. 
Organisational security of human resourcesISP in the scope of the GDPR, Documents: SEC Work Regulations, Performance Management, Rules for Improving Qualifications, Company Organizational Regulations. 
Asset managementThe SEC has identified assets – appendix to the ISP.
The organization has regulations concerning the handling of media – Portable Data Media, Rules for the Destruction of Data on Electronic Media, Rules for the Destruction of Data on Paper Media, and Rules for the Use of Mobile Devices.		 
Access controlThe ISP has established policies on: Assignment of Authorizations and Records of Authorized Persons, Privileged Access, Password Policy, Key Policy. 
CryptographyThe ISP contains Cryptographic Protection Rules and Key Policy. 
Physical and environmental safetyThe ISP contains information on: Secure areas and areas of increased security, Security of networks, systems, applications, databases, machines, and devices. 
Safe operationThe ISP contains information on the following issues: Equipment and software records, Network, machine, and device security, operating systems, applications, databases, Archiving, backup, and information deletion policy, Incidents.
Vulnerabilities related to assets have been identified and operating instructions have been developed.		 
Security of communicationsThe ISP sets rules for Network Security, How data flows between different systems, Rules for publishing information on the Internet, Rules for posting content on the intranet. 
Systems acquisition, development and maintenanceThe ISP contains information regarding system security: Operating system security. SEC has agreements with system suppliers. 
Relationships with suppliersThe organisation has established a Procurement Procedure Manual, an Instruction on outsourced work. 
Information security incident managementThe ISP includes Incident Handling Rules: Incidents, and the Non-Compliance and Corrective Action procedure. The SEC has developed a Business Continuity Policy. 
Information security aspects of business continuity management.Business Continuity Policy, Crisis Management Manual. 
ComplianceLegal and other requirements – identification, risk analysis and compliance assessment.
The KSC requirements are supplemented by requirements derived from ISO 27001 and 22301		 
implementedThe necessary safeguards, including technical safeguards, have been selected by competent persons with the necessary technical knowledge. Technical safeguards are described in established policies, procedures, and instructions.
     not implemented

Recommendations for customers and contractors

Since we also use electronic means of communication in our contacts with our customers and contractors, we would like to present 10 rules that increase the level of cybersecurity on the Internet:

  1. Keep your hardware and software up to date, use anti-virus software.
  2. Use passwords that are strong and difficult to guess. Try to use different passwords and logins on different services.
  3. Do not share your credentials (pins, logins, passwords) with anyone.
  4. Visit secure sites by checking web addresses. and that they use the https protocol.
  5. Do not act under the influence of emotions, do not open untrusted email attachments and do not click on suspicious links.
  6. Avoid external storage media. Use them if you are sure of their security.
  7. Use only trusted networks. Avoid free hot spots.
  8. Block your account by walking away from the computer, log out at the end of work.
  9. Read carefully what you agree to. Take care of your privacy.
  10. Verify the account number for invoice payments when it changes.

Please send any information regarding cybersecurity violations to: iod@sec.com.pl

Wyszukiwanie
Menu
Język:
A A+ A++