Information on fundamental provisions of the agreement between Joint Controllers and Data Processing Notice

Information on fundamental provisions of the agreement between Joint Controllers and Data Processing Notice

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) we advise that:

1. POLISH WIND ENERGY ASSOCIATION with its registered office in Szczecin, National Court Register (KRS) number 0000097999, address: al. Wojska Polskiego 187/4-5, 71-325 Szczecin, tel.: +48 608 518 785, e-mail: szymon.kowalski@psew.pl and RE-SOURCE POLAND HUB FOUNDATION with its registered office in Szczecin, National Court Register (KRS) number 0000801781, address: al. Wojska Polskiego 187 /4-5, 71-325 Szczecin, tel.: +48 786 445 319, e-mail: rafal.malarowski@resourcepoland.pl (“Joint Controllers”) are joint controllers of personal data within the meaning of GDPR Article 4(7) in relation to personal data provided by you (“Personal Data”).
2. Joint Controllers jointly control Personal Data to distribute a Nwesletter containing information on the functioning of the renewable energy market in Poland. The basis for the processing of Personal Data is Joint Controllers’ legitimate interest in performance of their statutory activities and achievement of joint purpose stemming from the co-operation agreement concluded between Joint Controllers on the basis of GDPR Article 6(1)(f).
3. Personal Data may be disclosed to relevant recipients, in particular third parties providing IT or legal services to Joint Controllers, on the basis of data processing agreements, or to institutions authorised to audit Joint Controllers’ operations and gain access to personal data pursuant to applicable laws.
4. Personal Data will be processed until you opt-out from the Newsletter. You may opt-out from the Newsletter at any time by clicking the opt-out link in every message.
5. Personal Data subjects have the right to access their personal data, correct, rectify, and delete them, as well as to restrict and object to processing thereof in the cases and pursuant to the terms and conditions laid down in GDPR.
6. Personal Data subjects have the right to file a complaint with the President of the Office for Personal Data Protection with its registered office in Warsaw at ul. Stawki 2, 00-193 Warsaw.
7. Provision of Personal Data is voluntary.
8. Personal Data will not be subject to automated decision-making or profiling.
9. In connection with the processing of Personal Data we furthermore advise that:
a) Joint Controllers represent that they process Personal Data in compliance with the principles relating to processing of personal data laid down in GDPR Article 5.
b) Joint Controllers store all documentation related to joint controllership to comply with accountability requirements.
d) Joint Controllers undertake to limit access to Personal Data only to persons requiring access to Personal Data to achieve the purpose referred to in above. Additionally, Joint Controllers warrant that Personal Data are processed only be persons having individual authorisation granted by Joint Controllers, and that the persons allowed to process Personal Data are obliged to keep Personal Data confidential and have been familiarized with personal data protection rules and regulations.
e) Joint Controllers ensure appropriate level of security of Personal Data. To ensure security, Joint Controllers:
• ensure capacity to continuously ensure confidentiality, integrity, availability and resilience of personal data processing systems and services;
• have implemented personal data protection documentation, taking into account the nature, scope, context and purposes of personal data processing and the risk of breach to rights of freedoms of data subjects;
• have implemented a procedure to ensure data subjects the right of acess to the data;
• have implemented a procedure to delete redundant data in connection with the data subjects’ “right to be forgotten”;
• have implemented a procedure in case of a personal data breach;
• have implemented a procedure to limit personal data processing in circumstances laid down in GDPR.
f) Joint Controllers may entrust the processing of personal data to a processor in compliance with GDPR requirements, in particular laid down in GDPR Article 28.
10. Joint Controllers did not appoint a Data Protection Officer and perform the duties related to the protection of personal data on their own. You may contact any of Joint Controllers in all matters related to the protection of Personal Data. You may do so using the following contact data (Point of Contact): e-mail: newsletter@resourcepoland.pl, phone: +48 786 445 319 or by mail: al. Wojska Polskiego 187/4-5, 71-325 Szczecin.