Fundusze Unijne

Information clause for Training Participants

1. Personal data and their protection within the meaning of the General Data Protection Regulation (GDPR):

This clause applies to personal data collected by SQD Alliance (hereinafter referred to as the Company), where it acts as the personal data controller, the ways in which this data is used, as well as the rights of persons related to the use and collection of this data.
In order to facilitate contact in the field of personal data protection, please contact us at the following e-mail address:iod@sqda.pl

As part of our statutory obligation, but also to build your trust, we would like to inform you as our clients about:

  • reasons for collecting and processing data;
  • legal basis for processing;
  • what are your rights in connection with these operations.

2. This clause applies to natural persons who are:

  • participants of proprietary training organized by the Company;
  • employees of the entity directing them to such training;
  • other entities whose data we process for the purposes of issuing or processing invoices as part of cooperation with the client;

Collectively referred to as Training Participants or You.

3. In connection with the organization of training, we may process the following categories of data:

  • name, surname, business address, as well as correspondence addresses;
  • numbers held in registers related to business activities (NIP, REGON);
  • contact details;
  • position within the organization;
  • specific identification numbers that are not universally assigned numbers, or numbers assigned internally within the Company.
  • bank account number;
  • personal data required to identify the Customer (name, surname, citizenship, PESEL, date of birth, country of birth, series and number of the identity document, address of residence, data related to the business activity, if they are personal data within the meaning of Article 36(1) point 1(f) and point 2 of the Act on Counteracting Money Laundering and Terrorist Financing) if the conditions under the Act are met (suspicion that an activity or relationship is related to money laundering or terrorist financing);

Providing data is voluntary, but necessary for the purposes of concluding the contract or its performance. Each detailed scope of data provided results from the content of the legal relationship between the parties, and failure to provide them may result in the inability to conduct the training.

We may also collect your data from other publicly available sources (e.g. CEIDG, KRS) in order to verify the accuracy of the information provided by customers. It is possible to obtain data from entities that employ you or represent you, and the scope of this data only includes information necessary for the conclusion and implementation of the contract and cannot include data unnecessary for this purpose.

We may also obtain data from internal databases maintained by the Company, entries to which are made based on prior consent.

Personal data will not be used for automated decision-making, including profiling.

4. Legal basis for data processing:

Data is processed only when:

  • the authorized person has consented to it;
  • it is necessary for the performance oft he contract concluded with Training Participant
  • processing is necessary to fulfill our legal obligations as a data controller (e.g. issuing an invoice)
  • processing is necessary to pursue the legitimate interests of the company, which requires maintaining a balance between our interests and your right to privacy.
  • personal data required to identify the client, marked in point 3, indent 7 (i.e. identification data processed in connection with suspected money laundering or terrorism financing) may be processed without the consent or knowledge of the data subject. The legal basis for processing is the provisions of Chapter 5 of the Act on Counteracting Money Laundering and Terrorist Financing, i.e. fulfillment of the legal obligation: Art. 6 section 1 letter c GDPR.

Legitimate interest is:

  • determining or pursuing civil law claims as part of the business, as well as defense against such claims;
  • contact with Training Participants in order to perform the contract.

Personal data are processed only for the purpose for which they were collected. Below is a summary of the purposes of processing and their assigned data storage periods:

Table 1

Purpose of processing

Processing period

Fulfillment of contractual obligations; conclusion and implementation of the contract

For the duration of the contract

Fulfillment of obligations arising from the protection of personal data, e.g. in the scope of exercising the rights of data subjects, creating the necessary registers and records

Until they become ineffective, an effective objection is raised or the limitation period for the Company’s liability expires

The legitimate interest of the Personal Data Controller

Until the objection is effectively raised or the purpose of processing is achieved

5. Security measures

All employees accessing personal data must comply with internal procedures and policies related to the processing of personal data in order to adequately protect them and ensure confidentiality, as well as to ensure the technical and organizational security measures implemented to protect them.

The technical and organizational measures implemented by SQD Alliance aimed at protecting information (not only personal data) take into account the latest technological achievements used in this type of security and are adequate to the purpose, scope and nature of data processing.

6. Data transfer:

Data is transferred by making it available to entities that are independent Data Controllers or by entrusting it to the Company’s subcontractors for processing, on the basis of concluded entrustment agreements.

Personal data may be transferred to third parties to achieve the purposes listed in Table 1, to the extent that they are necessary to perform the tasks commissioned by the Company on the basis of applicable regulations or data entrustment agreements. The entities indicated in the previous sentence may include:

  • entities processing personal data on behalf of the Company, such as suppliers of IT systems, document archiving, external trainers, entities providing legal or accounting services. It should be noted that the Company remains the controller of this data.

In addition, personal data may be made available to:

  • administrative authorities: national or community ones, such as the police and courts, if required by law or at their reasonable request.
  • courier or postal service providers;
  • other persons within a given client’s organization, if there is a legal or contractual basis for this.

The company does not process data outside the EEA, with the exception of entities providing selected IT systems and hosting services. In this case, your data is protected using security measures used by this supplier, but always adequate to the purpose, scope and method of processing. You may also request additional information in this regard.

7. Client rights and obligations and rules for exercising these rights:

Every person has the right to access personal data processed by the Company, and if you believe that any information is incorrect or incomplete, please contact us so that we can correct the information immediately.

In addition, you have the right to:

  • withdrawal of consent, if the processing is based on the consent granted (provided that this withdrawal will not affect the lawfulness of data processing carried out before the withdrawal);
  • requesting deletion of data or restriction of processing in the cases specified in the GDPR;
  • expressing objection to the processing of your personal data (including profiling, if any);
  • transferring data to a systematic, external data file (maintained by another controller);

You can exercise these rights at the controller’s office, by post, by phone by submitting an application at +48 797 703 449, or by e-mail at iod@sqda.pl.

If you are not satisfied with the way SQD Alliance processes your personal data, please let us know and we will investigate any irregularities.

If you are still not satisfied with the implementation of your rights by the Company, you can also submit a complaint to the President of the Personal Data Protection Office.

To ensure that your personal data is up-to-date and accurate, we reserve the right to check and confirm it periodically. We also ask you to inform us about changes to the personal data you have provided to us, such as changes to your contact details, so that we can better provide our services to you.

8. Validity

This clause was updated on 19.10.2023 and may be subject to further changes. If required by law, we will provide any information regarding future changes or additions to personal data in the manner customary in contacts with the Training Participants.

Chcesz o coś zapytać?