Privacy Policy Compendium - Centrum Edukacyjne Spółka z o.o. Date of last update: May 21, 2018

 

This Privacy Policy is part of the personal data security policy of Compendium - Centrum Edukacyjne Spółka z o.o. with headquarters in Krakow, ul. Tatarska 5, 30-103 Kraków (hereinafter: Compendium CE). The Privacy Policy explains:

  1. Who is the Compendium CE
  2. What personal data is obtained by Compendium CE
  3. What is the purpose of processing personal data by Compendium CE, and making it available to third parties
  4. What are the sources of obtaining personal data
  5. A method of data security to prevent data processing violations
  6. Responsibilities of entities entrusting and receiving from Compendium CE personal data of third parties
  7. Information on the rights of people whose personal data Compendium CE processes

 

I. Who is the Compendium CE

Compendium CE is a leader in the provision of IT training. Compendium CE has about 30 Authorizations in its offer, which translates into approximately 700 trainings, which correspond to all the needs of the IT training market in Poland as well as in Eastern European countries. In accordance with European regulations, Compendium CE is the administrator of personal data.

Below are the contact details of Compendium CE:
Compendium – Centrum Edukacyjne Spółka z o.o.
ul. Tatarska 5
30-103 Kraków
phone. 12 29 84 777
fax 12 29 84 778
e-mail: compendium@compendium.pl

To ensure the highest standards of personal data protection, Compendium CE appointed the Data Protection Officer (hereinafter referred to as "IOD"), which is responsible for implementation, supervision and audits of compliance with personal data security policy, and compliance of personal data processing by Compendium CE in accordance with the law. Below is the data of the IOD, to provide contact in case of any questions or concerns:

Data Protection Inspector Compendium CE - email address for contact : iod@compendium.pl

II. What personal data is obtained by Compendium CE

The IT training market in Poland (Central and Eastern Europe), where Compendium CE conducts its operations, is a market of educational services with the following entities:

  1. Producers of IT solutions and equipment, including trainings and examinations - which are usually global or Polish enterprises that offer their products and services in many countries
  2. Distributors of IT solutions and equipment, including training and exams - being global or local entrepreneurs
  3. Suppliers of Examination Solutions - being global entrepreneurs
  4. Resellers and integrators - usually local entrepreneurs
  5. Advisory enterprises - being global or local enterprises
  6. Institutional buyers and individual purchasers of products (training services, examinations) - being end users

Relations between the above these entities may be of a nature:

  • Advice, selection of specific trainings, exams to the buyer's preferences
  • The provision of training and education services in accordance with the preferences of the potential buyer, training services are:
    1. Authorized Training - provided by the Manufacturers and Suppliers by Compendium CE based on concluded agreements, provisions.
    2. Author's trainings - delivered and prepared by Compendium CE.
    3. presentations
    4. webinars
    5. exams
    6. tests that check knowledge

On the IT Education market in Poland (Central and Eastern Europe), there are market segments of buyers (end customers) classified as:

  • institutional so-called B2B: organizations, enterprises and other public or private institutions - represented in the process by natural persons who are their employees or provide services to them under other legal relationships,: contract of mandate, self-employment, subcontracting
  • private - consumers of the so-called B2C or physical persons

Compendium CE, pursuant to , agreements and licenses, sells IT trainings and examinations. It is implemented in both customer segments, in certain cases also through business partners.

In connection with the activities carried out, Compendium CE must process the above-mentioned data entities and their employees, and in specific cases, provide such data to the individual entities. Compendium CE may collect some of the following information:

  • First name Last Name
  • phone number
  • e-mail adress
  • business name
  • job title
  • employer company
  • NIP
  • Sort code
  • EU Tax Number
  • Address for correspondence
  • participation of trainings, examinations, promotions, conferences organized by Compendium CE

Compendium CE also obtains data not constituting personal data, such as the IP address of the device used by a natural person, to gain access to Compendium CE services, technical information including Internet and / or network connections, device ID / IM messenger, login data including date and time of the last login.

Compendium CE also collects information related to the Customer through cookies, which is announced at the first login to the Compendium CE website.

In exceptional cases, the scope of data processed may be broader - due to specific processing purposes, which the data subject will be informed about when collecting such data.

III. What is the purpose of processing personal data by Compendium CE, and making it available to third parties

Compendium CE is obliged to comply with the law by processing the data, otherwise it is voluntary. The personal data processed by Compendium CE are mainly used for contacts in order to conduct regular business activities that are the subject of the Compendium CE business. As well as providing a full educational service in accordance with the requirements of the buyer as well as rights, obligations imposed by the Manufacturer, Supplier of training and exams against Compendium CE.

The regular business activities conducted by Compendium CE include, among others:

  • sending a Compendium CE trade offer
  • pre-sales support (activities related to the preparation, adjustment of the training service, examination to the requirements of the buyer)
  • contact for the performance of the contract for the provision of training and examination services
  • contact for after-sales support
  • own marketing
  • processing resulting from generally applicable laws - including tax, customs,
  • sharing the data mentioned above third parties to implement contracts
  • investigation and enforcement of claims
  • providing technical and business knowledge (mailing, webinars, events, conferences)

The sharing of personal data to third parties takes place only for the purpose of performance of the contract to which the data subject is a party, or to take action at the request of the data subject, before concluding the contract, including obtaining special prices, exam vouchers, creating buyer accounts for Manufacturers and Suppliers platforms. Providing the results of exams, certificates of Manufacturers, Suppliers confirming the share of the buyer in a given service, after-sales support, performance of guarantees, ensuring updates and renewals.

Presentation of offers by Compendium CE may require:

  1. Providing personal data to the buyer (including the end customer, his employees)
  2. Providing personal details of the broker (reseller or employee) to prepare the training offer, the resale exams

Compendium CE may be compelled by objective economic, legal or technical conditions to provide personal data to its suppliers, training and examiners in order to:

  1. obtaining training materials for the buyer
  2. obtaining training and examination certificates for buyers
  3. creating an account of a training participant, an exam in the portal, an application, a required www platform, indicated or provided by the Manufacturer, the Supplier
  4. order processing
  5. obtain access to the results of exams for buyers
  6. verification of personal data in their marketing control systems WSK
  7. verification of personal data in marketing control systems of the so-called Export Control
  8. activation of the training or examination service directly at the Manufacturer's or Supplier's
  9. Reporting of completed training and examination services.
  10. implementation of after-sales suport

Compendium CE is compelled by objective technical conditions to store the collected personal data for the purpose

  1. implementation of further training and examination services
  2. implementation of the provisions of contracts concluded with producers, suppliers or buyers in the case of services of a subsidized nature
  3. complaint services

Bearing in mind the above, Compendium CE derives a legitimate interest in the processing of personal data in accordance with the requirements of the GDPR, and

  1. undertakes not to extend the abovementioned criteria without obtaining the prior consent of the data owners
  2. take into account and respect the rights of data owners in accordance with the binding legal standards, in particular in the areas
    • data protection and limiting access to them only for authorized persons
    • transfer of data to third parties, especially outside the EU
    • o profiling
    • no processing of sensitive data
    • where it is technically and economically justified and legally permitted to use pseudonymisation
    • notification of the data obtained pursuant to art. 14 point 3b RODO
  3. accepts the related liability, including regarding the leakage of such data and civil and administrative liability

If Compendium CE will have to process personal data for any other purposes - each processing will be preceded by consent. Compendium CE does not share personal data with third parties for marketing purposes.

IV. What are the sources of obtaining personal data

Compendium CE może pozyskiwać dane osobowe w następujący sposób:

  • Direct consent based on the person's registration for training, exams, conferences organized by Compendium CE, via the www form (www.compendium.pl) or a form available in paper form
  • direct consent based on the registration of the person for the exam carried out by Compendium CE, through the platform of the Manufacturer, the Exam Provider
  • self-registration of end users electronically in Compendium CE systems, to obtain information about the services it offers
  • independent electronic registration of intermediaries in Compendium CE systems to obtain information about services offered by Compendium CE
  • entrusting third party personal data to Compendium CE (the obligations of entities entrusting Compendium CE with personal details of persons are specified in point VI below)
  • personal meetings during which contact details are exchanged
  • telephone conversation between Compendium CE employees and the buyer during which contact details are exchanged
  • the use of existing information collected in the Compendium CE databases
  • digital marketing (TBD)

V. A method of data security to prevent data processing violations

Personal data processed by Compendium CE are stored on secure servers in Poland or in the European Union with cloud service providers complying with the GDPR / RODO directive. Compendium CE has implemented appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, including loss, destruction or damage.

In the case of personal data processed in paper form, the data is stored in separate rooms to which only authorized persons have access, and in the case of data processing in rooms to which a greater number of people have access, data are stored in lockers, to which the keys have only personal data authorized for processing.

Personal data depending on the purpose of their processing - will be kept only as long as it is necessary to meet the objectives set out in this Privacy Policy. In some cases, the law requires a longer period of personal data storage than it results from contracts, or from the general purposes in which data was entrusted for processing, e.g. for tax, billing or other legal requirements and obligations - in such cases, the data will be kept for a period resulting from these provisions.

VI. Responsibilities of entities entrusting and receiving from Compendium CE personal data of third parties

Entrusting, making available to Compendium CE, or receiving personal data from Compendium CE for processing, the third party undertakes to comply with the terms of this policy, and depending on the purpose for which personal data are made available to Compendium CE, this entity undertakes to obtain all the rights required by the consent of the data subjects,including but not limited to transfer of these data to Compednium CE with the right to make these data available to producers and / or resellers for the purposes specified in this Privacy Policy. Taking into account the fact that in certain cases Compendium CE may provide personal data to a third party, the third party undertakes to comply with the following obligations, regardless of whether it acts as the entity entrusting or as an entity to whom Compendium CE entrusted or provided data for processing.

Upon the transfer of personal data to Compendium CE or obtaining data from Compedium CE, the third party confirms that it accepts and releases Compendium CE from any liability resulting from the lack of obtaining by the third party of relevant consents of data subjects, and in the event of imposing penalties on Compendium CE or the obligation to pay compensation, this entity undertakes to pay the first request of Compendium CE to pay an amount equal to the penalty imposed and / or compensation.

The entrusting person undertakes, in particular, but not exclusively to:

  1. Entrust personal data for processing according to the principles set out in the Privacy Policy, in accordance with the obligations resulting from the GDPR, in particular with art. 28, and the commonly binding provisions of Polish law related to it.
  2. Data processing only for the purpose of implementing cooperation, for the duration of cooperation and possibly securing claims arising from it, unless the period of data storage results from generally applicable laws.
  3. use of personal data entrusted to him by Compendium CE solely for the purposes indicated at the time of transfer of personal data or at a later date, after prior acceptance by Compendium CE.
  4. provide sufficient guarantees for the implementation of appropriate technical measures and organizational, that the processing would meet the requirements of the GDPR and protect the rights of the data subjects.
  5. Obtaining all legal consents authorizing to provide Compendium CE with personal data for further entrusting to the following entities: authorized product distributors, training and examination manufacturers, external authorized services of the manufacturer. If for the proper implementation of obligations resulting from cooperation it will be necessary to entrust Compendium CE with third country, third party declares that Compendium CE can do this and guarantees that it has the right to provide personal data for Compendium CE for this purpose, and that in the scope of these data, the third party is considered to be the Administrator and performs the duties specified in art. 12, 13 and 14 GDPR. While Compendium CE has an informational obligation resulting from the GDPR, the Parties agree that these obligations will be performed by a third party, and the third party bears full liability to Compendium CE for the proper performance of these obligations, and is liable without limitation for any damage suffered by Compendium CE due to improper performance of these duties.
  6. After the completion of the services related to data processing, the third party is obliged to remove or return Compendium CE - depending on the Compendium CE decision - any personal data that has been entrusted to him, as well as delete any existing copies, unless the processing is necessary due to generally applicable law, or for purposes of determining, investigating or securing claims.

VII. Information on the rights of people whose personal data Compendium CE processes

Compendium CE ensures the following rights for persons whose personal data is processed:

  1. the right to inform about the processing of personal data
  2. the right to access the content of personal data processed
  3. the right to rectify data
  4. the right to request the Administrator to delete data
  5. the right to request the Administrator to limit the processing of data
  6. the right to transfer data
  7. the right to object to the processing of data
  8. the right to file a complaint to the Polish supervisory body or supervisory body of another EU Member State
  9. the right to withdraw consent to the processing of personal data at any time
  10. the right to obtain human intervention on the part of the Administrator, to express his own position and to challenge the decision based on automated data processing.