This privacy statement specifies how to process personal data of Clients, Employees, Suppliers and Investors by CCC S.A. and subsidiaries.
The CCC Group is aware of the EU reform in the area of personal data resulting from the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data (GDPR) .
The CCC Group attaches great importance to privacy. Collection and processing of personal data is carried out in accordance with the principles of the said regulation and regulations in force on domestic markets.
Responsible entity and information obligation
Always in the case of personal data processing, the CCC Group fulfils the information obligation towards the data subject of the responsible entity (Administrator of personal data, in accordance with Article 4 paragraph 7 of the GDPR).
By completing this information obligation, the CCC Group follows the principles of Article 13 of the GDPR, that is:
- indicate the identity and contact details of the Data Administrator;
- the purposes and legal basis of data processing;
- inform about data receipts (if such a situation occurs);
- inform about the rights of the data subject;
- inform about the right to file a complaint to the supervisory body and provides contact details to that body.
The scope of collected personal data
The scope of personal data that is processed by CCC S.A. or its subsidiaries follows each time for the purpose of processing those data.
The scope of data is always indicated in the information clauses.
Rules for the processing of personal data
The CCC Group adheres to the principles of personal data processing under Art. 5 GDPR, such as:
- compliance with regulations, reliability and transparency;
- restrictions on the purpose of processing;
- regularity of processing;
- processing restrictions;
- data processing in a secure manner, using measures guaranteeing integrity and confidentiality;
Processing of personal data with the support of third parties
The CCC Group and subsidiaries control the flow of personal data to third parties. The transfer of data takes place in accordance with the principles resulting from art. 28 of the GDPR. In particular, CCC has knowledge about who, on what terms and to what extent it provided data with.
The Group also controls how to deal with data after the end of cooperation with a third party.
Rights of data subjects
In accordance with the rules resulting from chapter III of the GDPR, the CCC Group informs persons whose data relate to the scope of their rights. The CCC Group, whenever collecting personal data from the data subject, informs the data subject of such rights as:
- the right to information about the scope of data being processed;
- the right to rectify data;
- the right to limit the processing of data;
- the right to transfer data;
- the right not to be profiled (the CCC Group always informs whether the transferred personal data are subject to profiling).
The implementation of applications of data subjects is determined by the internal instructions of the CCC Group.