SentiOne SA Personal Data Complaint Procedure

  1. GENERAL

    1. Anyone whose Personal Data are processed in connection with the activities of SentiOne SA with its registered office in Gdańsk may complain about such processing.
    2. Anyone has the right to:
      1. obtain confirmation from the Data Controller as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access the personal data and the following information:
        • the purposes of the processing;
        • categories of Personal Data;
        • about the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
        • where possible, about the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
        • about the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of Personal Data concerning the data subject or to object to such processing;
        • about the right to lodge a complaint with a supervisory authority;
        • where the Personal Data are not collected from the data subject, any available information as to their source;
        • about the existence of automated decision-making, including profiling and important information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
      2. obtain from the Data Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the Processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement;
      3. object – for reasons connected with their special situation – to Processing of Personal Data concerning him or her, in the cases provided for in applicable laws;
      4. obtain from the Data Controller the immediate erasure of Personal Data concerning him or her (“right to be forgotten”) if any of the following circumstances arise:
        • the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise Processed;
        • the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the Processing;
        • the Data Subject objects to the Processing and there are legitimate grounds for the objection in applicable legislation;
        • where possible, about the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
        • the Personal Data have been unlawfully processed;
        • the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
        • the Personal Data have been collected in relation to the offer of information society services to a child in line with applicable laws;
      5. request from the Data Controller restriction of processing of Personal Data whenever:
        • the accuracy of the Personal Data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;
        • the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
        • the Data Controller no longer needs the Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
        • the Data Subject has objected to Processing in accordance with applicable laws pending the verification whether the legitimate grounds of the Data Controller override those of the Data Subject.
        • The Data Controller provides the contact details of the Data Protection Officer on its website https://sentione.com/pl.
        • The terms used herein are defined as follows:
          • Personal Data Controller / Data Controller SentiOne Spółka Akcyjna with its registered office in Gdańsk, ul. Lęborska 3B, 80-386 Gdańsk, entered in the Register of Enterprises of the National Court Register kept by the District Court for Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register, at KRS No. 0000904567, with NIP No.: 5252520285, REGON No.: 145863272.
          • Personal Data / Data Any information about an identified or identifiable natural person.
          • Data Protection Officer A Data Protection Officer appointed by the Data Controller as required under applicable laws.
          • Breach Response Policy The Data Controller’s breach response policy in place.
          • Processing A set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
          • Complaint Reporting any nonconformities in Personal Data processing to the Data Controller, in particular a breach of Personal Data processing laws. A ‘Complaint’ as defined herein shall also mean filing of the requests referred to in clause 1.2 above.
          • Registered OfficeThe Data Controller’s registered office, i.e. the building in Gdańsk occupied by the Data Controller at 3B Lęborska Street.
    3. COMPLAINT REPORT

      1. A Complaint may be reported:
        • in writing – to the address of the Data Controller’s Registered Office;
        • in an electronic form – to privacy@sentione.com.
      2. A Complaint should at least:
        • specify how the Personal Data protection was breached and describe the breach;
        • specify the Data that make it possible to communicate the outcome of the Complaint procedure.
      3. If one of the requests specified in clause 1.2 above is filed, a Complaint should:
        • quote the request;
        • where necessary – present a statement of grounds;
        • specify the Data that make it possible to communicate the outcome of the Complaint procedure.
      4. The Data Controller may request the complaining party for additional information, if it is necessary to examine the report or request.
      5. If one of the requests listed in clause 1.2 above is filed, the Data Controller may ask the requester to prove their identity in order to verify if the requester has the right to make the request.
    4. COMPLAINT EXAMINATION

      1. Any Complaint is examined without undue delay.
      2. If a Complaint requires any additional procedure, the Complaint examination time can be extended.
      3. The complaining party may receive information from the Data Protection Officer about the state of affairs of their Complaint at any stage.
      4. Promptly after a Complaint is examined, the Data Controller shall inform the complaining party about the outcome.
        • The Data Controller shall inform the complaining party about any actions that have been taken in connection with a Complaint.
      5. The Data Controller shall communicate with a complaining party electronically – to the e-mail address specified by the complaining party. If the complaining party fails to give an e-mail address, the Data Controller shall communicate with the complaining party in writing.
      6. No reply to a Complaint within 30 days of receiving the Complaint means it has been recognised.
      7. If the Complaint procedure leads to a conclusion that Personal Data protection has been breached, the Data Controller shall take the actions provided for in the applicable laws and in the Breach Response Policy.