Personal Data Processing Policy at LOTAMS
We at LOTAMS respect the privacy rights of persons whose data we process, including persons visiting LOTAMS websites.
The information contained in the Policy is of a general nature. Detailed information regarding the processing of personal data is made available each time it is obtained. This applies in particular to information about the purpose and legal basis for the processing of personal data, the period of storage and recipients to whom it may be transferred.
We use technical and organizational measures required by the provisions on personal data protection to ensure that all operations on personal data are processed in accordance with applicable law, recorded and carried out only by authorized persons. To ensure the transparency of our data processing processes, we present the rules in force at LOTAMS.
Definitions:
Policy means this Personal Data Processing Policy at LOTAMS, unless otherwise explicitly stated in the context;
Portal means the website www.lotams.com;
Administrator, LOTAMS, Company – means LOT Aircraft Maintenance Services sp. z o.o. headquarters in Warsaw, at ul. Komitetu Obrony Robotników 45C, 02-146 Warsaw, registered in the Register of Entrepreneurs of the National Court Register under the number KRS: 0000352848, kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Department of the National Court Register, with a share capital of 225 470 099,40PLN, NIP: 522-294-67-95, REGON: 142321116;
Fanpage means the public profile of LOTAMS on social networks: Facebook, Instagram, Linkedin, Tweeter, Youtube;
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1);
Personal data means any information about an identified or identifiable natural person („data subject”); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, online identifier or one or several specific factors determining physical, physiological, genetic, mental, the economic, cultural or social identity of the natural person;
Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of a natural person, in particular to analyse or forecast aspects of the natural person’s work effects, his economic situation, health, personal preferences, interests, credibility, behaviour, location or movement;
PERSONAL DATA ADMINISTRATOR
LOTAMS is the owner of the Portal and at the same time the Administrator of personal data obtained through the Portal or Fanpage, our clients and business partners as well as their employees, job candidates, contest participants and people contacting us.
In matters related to the protection of personal data, including the exercise of the rights of the person whose data is processed, please contact our data protection officer, i.e. Mrs. Magdalena Wolańska, sending a message to the e-mail address: daneosobowe@lotams.com, or the address of the LOTAMS headquarters, with the note „Personal Data”.
SECURITY OF PERSONAL DATA
Personal data collected and processed by LOTAMS in connection with business operations are processed in accordance with applicable law, including in particular the GDPR, and the principles of data processing contained therein.
The Administrator makes every effort to protect the interests of data subjects, and in particular ensures that the data collected by him are:
- processed in accordance with the law, fairly and transparently for the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- stored in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures, and access to data is available only to persons authorized by the Administrator.
OBJECTIVES, LEGAL BASIS AND PERIOD OF PROCESSING OF PERSONAL DATA
LOTAMS may process your personal data, in particular, for the following:
PURPOSE | DATA CATEGORIES | BASIS OF PROCESSING | PROCESSING TIME |
Conducting e-mail and/or traditional correspondence – if correspondence not related to services provided to the sender or other agreement concluded with the Administrator is addressed to the Administrator, personal data of the sender of the correspondence are processed solely for the purpose of communication with the sender and resolving the matter which relates to correspondence; Telephone communication – in matters not related to the agreement or services rendered – taken at the request of the data subject
| We process the data provided to us by the sender of the correspondence, the caller contacting us by phone, such as: email address, name and surname, telephone number, correspondence address, company name, other data provided in the correspondence | The provided personal data provided as part of the sent correspondence/telephone contact – shall be processed in order to answer the question asked (conducting correspondence addressed to the Administrator or resolving a reported matter in connection with its business activity) – we shall process based on art. 6 clause 1-f) GDPR, i.e. the Administrator’s legitimate interest | We process data for the period necessary to conduct correspondence, and then for the period necessary to establish, investigate or defend against claims
|
Recruitment – As part of recruitment processes, the Administrator expects personal data to be provided only to the extent specified in labour law. If the submitted applications contain additional data, their processing shall be based on the consent expressed by the candidate. In the absence of consent or submission by the candidate of information inadequate for the purpose of recruitment – such applications shall not be used or included in the recruitment process | We process the data provided to us by the candidate submitting the application: · required by the provisions of the Labour Code: first and last name, date of birth, contact details, education, professional qualifications, previous employment; · provided on the basis of consent, such as: additional contact details, photography, additional qualifications | The basis for processing personal data is: · performance of obligations related to the recruitment process under the Labour Code – art. 6 clause 1-c) GDPR; · the need to take action before the conclusion of the agreement, at the request of the data subject – Art. 6 clause 1-b) GDPR; · consent expressed by the candidate for participation in future recruitment processes – art. 6 clause 1-a) GDPR; · legally justified purpose of the Administrator – art. 6 clause 1-f) GDPR – which is verification of the candidate’s qualifications and determining the terms of cooperation, as well as possible defence or redress
| Personal data shall be processed for the period necessary to conduct recruitment; · in the case of consent to participate in future recruitment processes – for 12 months from the date of sending the application; · until the consent for processing is withdrawn – to the extent that personal data is processed on its basis |
Conducting marketing activities (including sending Newsletter) | We need your email address to send the Newsletter | Data processing is possible after obtaining the consent expressed by the Portal user – art. 6 clause 1-a) GDPR
| We shall process personal data until the consent of the Portal user is withdrawn |
Conducting competitions, in particular selecting the winners of the competition and passing on the prizes | We process data provided voluntarily by competition participants, such as: name and surname, e-mail address and correspondence address. In the case of winners in competitions, we shall additionally process the data necessary to transfer and settle the prize | We process data based on: · the participant’s acceptance of the regulations, · legal obligations incumbent on the Administrator in the field of accounting – art. 6 clause 1-c) GDPR · on art. 6 clause 1-f) GDPR, i.e. in the legitimate interest of the Administrator
| We shall process winners’ personal data for 5 years from the end of the calendar year in which the competition took place; We shall process the data of other participants in the competition for the period necessary to establish, investigate or defend against claims |
Website management and Fanpage management – personal data left by visitors of the Administrator’s social profiles (such as: Internet IDs, comments, likes) are processed in order to: · enable activity for Portal/Fanpage visitors, · responding to private messages directed by the Portal/Fanpage user · effective Fanpage management by providing users with information on Administrator’s initiatives and activities, and promoting events, · conducting statistics and analytics to improve the functioning of the Portal/Fanpage · possible redress or defence against claims
The above information does not apply to data processing by administrators (owners) of social networking sites | We process data such as: username of the social networking site, data provided in the content of comments/messages | We process personal data based on the legitimate interest of the administrator – art. 6 clause 1-f) GDPR, which is responding to messages and comments of Portal/Fanpage users, providing information about the Administrator’s activities, analysing statistical data and, if necessary – investigating and defending against claims | We shall process personal data until an effective objection to the processing is made Users of social networking sites following the Administrator’s Fanpage have the right to always delete their comments under Administrator’s posts, stop following Fanpage or cancel their account on a given social networking site |
Conclusion and implementation of the agreement | We process the data necessary to conclude the agreement, i.e. company name, business address, NIP, REGON, bank account number | Processing is necessary for: · performance of an agreement to which the data subject is a party – art. 6 clause 1-b) GDPR, · fulfilling legal obligations incumbent on the Administrator – art. 6 clause 1-c) GDPR, · determination, defence or redress – i.e. the legitimate interest of the Administrator – art. 6 clause 1-f) GDPR
| We shall process personal data for the duration of the agreement and until the obligations incumbent on the Administrator in connection with its implementation |
Processing of personal data of contractor staff or clients cooperating with the administrator; categories of data processed: name and surname, position, business phone number, business e-mail address | We process the data of contact persons provided by our clients / contractors / business partners, i.e. Name, position, work e-mail address, work phone number | We process personal data based on the legitimate interest of the administrator – art. 6 clause 1-f) GDPR, which is the correct implementation of the agreement concluded with the client or contractor Personal data is provided to us by the employer/principal of a natural person | We shall process personal data for a period enabling the Administrator’s legitimate interest to be fulfilled or until an effective objection to processing has been lodged |
Establishing and maintaining business contacts (collecting personal data during business meetings or by exchanging business cards) | We process the data provided by our business partner/potential business partner, i.e.: name and surname, position, company name, telephone number, e-mail address | We process personal data on the basis of the legitimate interest of the administrator consisting in creating a network of contacts in connection with the business – art. 6 clause 1-f) GDPR | We shall process personal data for a period enabling the Administrator’s legitimate interest to be fulfilled or until an effective objection to processing has been lodged
|
Handling the complaint process | We process the data necessary to process the complaint, i.e.: name and surname / name of the company submitting the complaint, contact details (business address / correspondence address / e-mail address, telephone number) | Processing is necessary for: · performance of an agreement to which the data subject is a party – art. 6 clause 1-b) GDPR, · fulfilling legal obligations incumbent on the Administrator – art. 6 clause 1-c) GDPR,
| We shall process personal data for the period necessary to consider the complaint |
LOTAMS customer satisfaction survey | We process the data of the person answering our survey questions, i.e. name and surname, company name, e-mail address | The data is processed on the basis of the Administrator’s legitimate interest, i.e. building a positive image of the company – art. 6 clause 1-f) GDPR
| We shall process personal data for 5 years from the survey |
Access control to the Administrator’s area and video monitoring of the LOTAMS area | We process data registered by monitoring cameras in the form of an image of a person residing at LOTAMS, and data necessary to enter the company, i.e. name, company name, ID card number, vehicle registration number (if permission to enter the area has been granted) company) | The data is processed on the basis of: · Obligation to comply with the law regarding the implementation of the National Civil Aviation Security Program – Art. 6 clause 1-f) GDPR, · The data collected by the monitoring are processed to ensure the safety of persons and property protection, keeping confidential information whose disclosure could expose the Administrator to harm and control of production – i.e. based on the Administrator’s legitimate interest – Art. 6 clause 1-f) GDPR
| Recordings are stored for 3 months from the date of recording, unless the recording constitutes evidence in the proceedings, then it is stored until the final termination of the proceedings or until an effective objection has been lodged. · We shall process personal data for the period necessary to establish, pursue or defend claims |
Analysis of data, among others automatically collected when using the Portal, including Cookies e.g. Google Analytics Cookies, Facebook Pixel
| The categories of data processed are indicated below in the Cookies Policy | data is processed on the basis of the consent given by the User – art. 6 clause 1-a) GDPR, data is processed on the basis of the legitimate interest of the administrator – art. 6 clause 1-f) GDPR
| We shall process personal data: · until the consent is withdrawn · until an effective objection to processing has been filed |
Determining or pursuing any claims or defending against claims
| The categories of data processed shall in each case be indicated separately and limited to the minimum necessary for the given purpose (determination / investigation / defence of claims) | The data is processed on the basis of the Administrator’s legitimate interest – art. 6 clause 1-f) GDPR, which is establishing, defending or pursuing claims
| The processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after that period – only if and to the extent required by law. |
After the end of the processing period, the data is irreversibly destroyed or anonymized.
CATEGORIES OF PERSONAL DATA PROCESSED
The categories of personal data that we process depend on the purpose of their processing, but in each case we follow the principle of minimalism set out in the GDPR. Personal data that we process is:
- information that can identify a natural person on their own or indirectly allow such identification, such as: name and surname, ID card number, image, e-mail address, telephone numbers, position, other contact details, internet protocol address („IP” ), device identifiers, internet identifier, content of Cookies,
- as well as information that may not be user IDs in themselves, but which we store with such IDs, for example, how the Portal / Fanpage users use our services or the country in which the user resides while using our services.
CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
Providing personal data is voluntary, but necessary, among others down:
- implementation/continuation of using the Portal or Fanpage,
- conclusion of the Agreement,
- get the answer to your question,
- participation in recruitment,
- staying at LOTAMS
the consequence of not providing them is the inability to provide/continue the services provided.
Providing by a natural person data that is not mandatory or excess data that the Administrator does not need to process is based on the decision of the data subject himself and then the processing is carried out on the basis of the premise contained in art. 6 clause 1-a) GDPR (consent).
DATA RECIPIENTS CATEGORIES
The Administrator shall provide personal data only if it is required by law, or when in cooperation with external business activities it cooperates with external entities:
- in the scope of services provided, including: IT support and hosting, destruction of documents and their carriers, management of document resources and their storage, legal and tax services as well as debt collection services, as well as HR services (i.e. entities processing personal data on the basis of agreement Administrator),
- entities whose participation in the implementation of the service is necessary due to the content of the Agreement
Personal data may be transferred to third countries (i.e. a country not belonging to the European Economic Area) in which the Administrator provides services, if the transfer is necessary to perform the Agreement between the data subject and the Controller (pursuant to Article 49 paragraph 1 point b GDPR).
RIGHTS OF PERSONS WHO THE DATA CONCERNS
The person whose personal data is processed by LOTAMS has the right to:
- access to personal data (including e.g. receipt of information about the purposes and legal grounds for processing, categories of data, possible recipients, the planned date of deletion of data, applicable rights);
- requests for rectification and restriction of processing (e.g. if personal data is incorrect) or deletion of personal data (e.g. in the event that it was processed unlawfully);
- object to the processing of personal data concerning him carried out in order to implement the legitimate interests of the Administrator or a third party;
- withdrawal of each consent given to the Administrator at any time, whereby withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal, provided that the consent was the basis for data processing;
- transferring personal data that has been provided to the Administrator and which are processed in an automated manner, and the processing is carried out on the basis of consent or on the basis of a Agreement, e.g. to another administrator;
- lodging a complaint to the President of the Office for Personal Data Protection with its registered office in Warsaw at ul. Stawki 2.
Requests regarding the exercise of rights may be submitted by the data subject by sending an application to the address: daneosobowe@lotams.com.
If the Administrator shall not be able to identify a natural person based on the request, he shall ask the applicant for additional information. Providing such data is mandatory, and failure to provide it shall result in the refusal of the request.
PROFILING
Please be advised that the data of Portal users or Fanpage users can be profiled for the purposes of conducting our offer and marketing activities better suited to the users’ expectations. However, we do not make decisions solely on the basis of automated data processing, including profiling.
THE RIGHT TO CHANGE POLICY
- If it proves necessary or recommended, in particular due to changes in the law, changes in the purposes or the basis for the processing of personal data, new guidelines of the authorities responsible for supervision of personal data protection processes or intra-corporate regulations, as well as in the case of technological changes LOTAMS reserves the right to amend this Policy by publishing new content on the Portal.
- The current version of the Policy is effective from 17/12/2019.
…………………………………………………………………………………………………………………………………………………….
Cookies
Cookies, are files that provide the Portal operator with the ability to control its functionality, prevent abuse, and facilitate the use of the website www.lotams.com
- In accordance with applicable law, when accessing the website lotams.com, if it is allowed by the User’s browser (s) or explicitly approved by the User at the first visit, the Portal may automatically remember information about the computer or device used for browsing and for this purpose may place „Cookies” (Cookies).
„Cookies” provide the administrator of the Portal with the ability to control its functionality, prevent abuse, and also give the possibility of easier use of the Portal. Cookies can be used to collect information to provide users with even more convenient use and to develop the Portal. - Accepting and enabling „Cookies” is optional. You can manage cookie settings in your browser at any time and withdraw your consent to their use at any time.
- LOTAMS may use Cookies, among others, to remember users’ preferences (web browser, device type, font, colours), secure websites or conduct marketing campaigns. The administrator may collect users’ IP addresses in order to diagnose technical problems, create statistical analyses, as useful information when administering and improving the Portal, as well as for security purposes.
- The portal may contain links and references to other websites, however LOTAMS is not responsible for the privacy principles applicable to them.
- The types of Cookies we use on the Portal:
- Persistent Cookies – they are saved on the User’s device, even after leaving the viewed page. They allow you to store and remember preferences information;
- Session Cookies – they are necessary to maintain proper exchange of information between the server and browser, and thus – to be able to correctly display the content of the page visited and use its functionalities. They are intended to identify a given session (i.e. dialogue between the browser and the server) and Users communicating with the server at the same time;
- Other Cookies (external entities with which LOTAMS cooperates) – enable external companies to analyse data such as: number of visits, user behaviour on websites, type of browsers and electronic devices, information from „pixel” files or other behavioural data (e.g. location ). The purpose of collecting and processing these types of Cookies is to collect information on the profile of people visiting LOTAMS websites, their behaviour and preferences and interests in individual products. They enable the display of advertisements and marketing offers as well as the analysis of information on the User’s interest in the displayed materials. Companies that provide analytical services for LOTAMS include Facebook and Google.
- How can you not agree (or withdraw consent) to install Cookies?
The vast majority of browsers accept Cookies by default in order to provide Users with the convenience of using the website and displaying its content correctly. At any time, the User may modify the management of cookie files through the settings of his browser, however, it is currently not possible to choose the type of Cookies that the User accepts. Withdrawal of consent shall disable the use of all Cookies and may affect some of the Portal’s functions, causing total or partial blocking of some of the Portal’s functions.
In order to change your browser settings regarding Cookies, we recommend using the following instructions:
- Internet Explorer – https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
- Chrome – https://support.google.com/chrome/answer/95647?hl=pl
- Firefox – https://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20ciasteczek
- Opera – http://help.opera.com/Windows/12.10/pl/Cookies.html
The above types of browsers are indicated as examples and in random order. Due to the large variety of browsers used, there may be some differences in the way they are set so that Cookies cannot be installed. Usually, information about Cookies can be found in the „Tools” or „Options” menu. More detailed information in this regard can usually be found on the browser manufacturer’s website.