Our security policy
1. Our Security Policy was established in regard to the requirements included in the Regulations of the European Parliament and of the Council (EU) 2016/679 from 27 of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz.Urz.UE.L No 119, p. 1) and Data Protection Act of 10 May 2018 (RODO).
1. Personal Data Protection is performed through physical protections, organizational protection as well as the protection of information systems processing data.
1. The aim of the applied security measures is to provide executing objectives and obligations indicated in RODO. The objective of the security policy is to indicate actions, which need to be performed and to indicate principles and procedures, that need to be applied in order to properly realize obligations of data administrator in terms of personal data protection.
The scope of Security Policy
1. Sphere Square Technology collects and processes mainly personal data of clients, subcontractors, contractors maintained in personal data sets/gatherings/collections. The data are processed in paper and electronic form.
2. Security Policy includes documents in reference to technical and organizational provisions that provide protection in processing of personal data protection such as:
1. The procedure involving an access to data by persons concerned by the data
2. The description of security measures necessary for data protection
3. The operating manual describing procedure in case of violation of personal data protection
4. The processing registry
5. An instruction of using technological resources
6. A sample of Information Clause for clients and contractors
7. A sample of Information Clause for subcontractors
8. Entrustment contract template – regarding the cooperation with external entities in terms of the processing of entrusted data
1. Security Policy applies particularly to:
a. The processing of personal data in regard to provided services
B. Information regarding personal data protection, including account names and passwords in the systems processing personal data
c. Other documents that contain personal data
List of processed personal data
1. Collected sets of data:
4) Contact database;
5) Sales’ participants
2. The data administrator adopts and follows a rule stating that only these data that are necessary to the declared objective of the data processing can be processed. Processing personal data not necessary to the declared objective should be avoided, in case of obtaining those data, the rule of permanently removing those data is adopted.
1. The regulations/rules indicated in the Security Policy and in other Personal Data Protection documents are binding upon the data administrator, who is obliged to:
a. Take proper care of personal data protection and strictly obey the rules/regulations as described in The Policy and other documents
b. Get familiar with RODO policy
c. Recognise /identify and immediately react to any potential danger or violation of the rules and regulations of personal data protection
The list of buildings, rooms/locations and areas that process personal data.
Personal data are processed in the company headquarter as well as in an accounting office, that renders accounting and human resourcing services for SST and is also a controller of personal data/entity processing personal data
The list of locations that take part in processing personal data:
Office headquarter – office premises on Geodetów 1, 64-100, Leszno
4) Contacts database;
5) Sales’ participants
Office premises where the headquarter is located Geodetów 1, 64-100, Leszno
The entrance to the office premises is protected by a locked door, a key to which is in the owner’s possession/ to which only the owner has an access to.
Accounting office- MATT Sp. z o.o. Geodetów 1, 64-100 Leszno
Office premises where the accounting office is located
Geodetów 1, 64-100, Leszno