THE GENERAL DATA PROTECTION REGULATION
EXTRACT FROM SAFETY POLICY
CAMARO-ART ARTISTIC AGENCY TOMASZ LABUDDA
(hereinafter referred to as "ADO" or "CAMARO-ART")
TERMS AND CONDITIONS FOR THE PROTECTION OF PERSONAL DATA
The regulations for the protection of personal data (hereinafter referred to as the "Regulations") constitute an excerpt of the basic rights and obligations of CAMARO-ART personnel and procedures related to the processing of personal data, defined in the Security Policy implemented for use in CAMARO-ART.
Provisions of the Regulations are binding for all CAMARO-ART staff members, ie employees, persons cooperating on the basis of cooperation agreements, contracts of mandate, contracts for specific work, apprentices, trainees and other (hereinafter referred to jointly as "Staff" or "Users").
GENERAL PRINCIPLES OF PROCESSING OF PERSONAL DATA
A member of the CAMARO-ART Personnel is entitled to process personal data only to the extent individually agreed upon in the authorization given to him and only in order to perform the duties entrusted to him.
The CAMARO-ART Personnel Person authorized to process personal data is obliged to keep these data secret and the methods of their protection used in CAMARO-ART.
A member of the CAMARO-ART Personnel is obliged to:
confidentiality of personal data processed and security measures applied by ADO, in particular the methods of securing personal data and submission of a statement in writing to comply with this obligation;
adequate protection of personal data against making it available to unauthorized persons, being taken away by an unauthorized person, processing in violation of the Act and a change, loss, damage or destruction;
compliance with the principles of personal data processing, in particular through the application of procedures and guidelines accepted and implemented in CAMARO-ART aimed at lawful and safe processing of personal data
HANDLING WITH PERSONAL DETAILS AND PERFORMANCE OF SERVICE OBLIGATIONS
Members of the CAMARO-ART Personnel performing their professional duties are obliged to ensure the security of the CAMARO-ART processed by personal data, in particular by:
not leaving bystanders in the room where personal data are processed in the absence of a person authorized to process personal data,
not reusing unilaterally printed documents on which personal data are stored, and if their usefulness is immediately removed using a shredder;
removing any printouts containing personal data using a shredder that will not be used at work before leaving the workplace after the end of the working day;
concealing of files, documents and printouts containing personal data for locked lockers, before leaving the workplace after the end of the working day;
closing windows in the event of leaving the room, especially after the end of the working day.
PROCESSING OF PERSONAL DATA BY THE USE OF THE IT SYSTEM
Members of the CAMARO-ART Personnel using the IT system, including electronic devices, computers, laptops, tablets, mobile phones (smartphones), programs or computer applications and external data carriers are obliged to ensure the security of personal data being processed.
The obligation set out in paragraph 1 above should be implemented in particular through:
obeying their rights in the IT system, i.e. proper use of databases and using only their own identifier and password, and complying with the ADO recommendations in this regard;
not connecting to voltage restraining strips, intended for computer equipment, other devices, especially those that easily cause short circuits;
ensuring proper ventilation of computers, in particular through non-entry and non-detection of ventilation openings;
guarding of data carriers, including files, CDs and DVDs, portable memory devices and portable computers, in particular by leaving them unattended in places where they are exposed to unauthorized acquisition by third parties;
protection of the medium on which the passwords were saved, in such a way that it would be unavailable to third parties;
terminating work on the workstation after saving all changes and logging out of the system and turning off the computer;
removal of electronic documents and other files created or modified for business purposes, in particular those containing personal data, from a private computer, tablet, mobile phone (also from the recycle bin) immediately after completion of work, after sending them to the business e-mail.
PROHIBITION OF PERFORMANCE OF OBLIGATIONS
OUTSIDE THE CAMARO-ART OFFICE USING PRIVATE COMPUTER EQUIPMENT
The performance of official duties, which involves the processing of personal data, outside the premises of CAMARO-ART using private computer equipment (computer, laptop, tablet) is prohibited, subject to paragraph. 2 below.
In emergency and exceptional cases, it is allowed to perform official duties in the manner referred to in para. 1 above, whereby a member of CAMARO-ART Personnel is obliged to remove from private computer equipment (also from electronic mail and trash) electronic documents and other files created or modified for business purposes, in particular those containing personal data, immediately after completion of work, after sending them to the work email.
On each case of performance of official duties in the manner referred to in para. 1 above, a member of CAMARO-ART Personnel is obliged to inform ADO immediately.
USE BY USERS FROM AN ELECTRONIC E-MAIL
Members of the CAMARO-ART Personnel are entitled to use the official e-mail only for business purposes.
The use of electronic documents and other files, including those containing personal data, by members of the CAMARO-ART Personnel from private electronic mail for business purposes, in particular involving the transfer from the work computer or server to a private e-mail, is strictly prohibited.
USE BY USERS FROM A PUBLIC NETWORK
Members of the CAMARO-ART Personnel are entitled to use the Internet for business purposes, but it is allowed to browse the websites for private purposes in private mode (incognito mode), except for downloading private files from unverified sources; making purchases, downloading music tracks, wallpapers and other files that do not serve business purposes.
PROCEEDING PROCEDURE IN CASE OF
INFRINGEMENTS OF PERSONAL DATA SECURITY
Personal data security is breached by any unauthorized disclosure of personal data, access to or access by unauthorized persons, personal data being prohibited by an unauthorized person, damage to any part of the IT system, in particular:
unauthorized access to personal data;
loss of media containing personal data;
unauthorized modification or destruction of personal data;
providing personal data to unauthorized entities;
illegal disclosure of personal data;
obtaining personal data from illegal sources.
In the event of a breach of security of the IT system or situations that may indicate a breach of personal data protection, each CAMARO-ART staff member is obliged to stop the processing of personal data and immediately notify the ABI or ASI and the immediate supervisor, and then comply with decisions made by him.
Notification of a personal data breach should include:
description of the breach of personal data protection found;
determination of the situation, place and time in which the personal data protection breach was found;
identification of any relevant information that may indicate the reason for the breach;
defining methods of protecting the system known to a given person and all steps taken after disclosing the event.
In order to implement the procedure in the event of a breach of the security of personal data, each member of the CAMARO-ART Personnel is obliged to follow the instructions and instructions of the ABI or other person authorized by him, and in particular is obliged to provide all explanations and information.
RESPONSIBILITY FOR BREACH OF THE REGULATIONS
Violation of the provisions of the Regulations may constitute a serious violation of basic employee duties or a serious breach of contractual obligations, and as a consequence provide the basis for ADO to take legal measures, and in particular may be the reason justifying:
application of the penalty of order;
termination of the employment contract or other contract being the basis for the work for ADO;
termination of a contract of employment or other contract being the basis for providing work for ADO without notice due to the fault of the person responsible for the violation.