Based on Article 13 section 1 of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), hereinafter referred to as the GDPR, we would like to inform you that:

The Data Administrator is:	KRK PARKING Kpt. Mieczysław Medwecki 13 Street, 32-083 Balice, along with entities from the capital group, NIP: 679-280-82-92, REGON: 360140216
Your data will be processed in order to:	Establish and maintain business relationships, conduct sales, accounting, HR and payroll, marketing and recruitment activities. Your personal data will be processed with the use of electronic devices, i.e. phones, tablets, computers and in paper form.
Legal basis for the processing of personal data is:	Personal data is processed in accordance with the provisions of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016.
Recipients of personal data are:	The recipients of your personal data are employees, co-workers and business partners, who cooperate with KRK PARKING in mutual projects.
Data storage period:	Until the request to delete the data or the lack of consent for processing of such data
You have the right to:	1. Access to your data and the possibility of correcting it, 2. Delete or limit the processing of your data, 3. Object to the processing of your data, 4. Transfer your data, 5. Withdraw the consent for data processing, 6. Lodge a complaint to the supervisory body.
Your data is:	Provided voluntarily

 

Please note that at KRK PARKING Kpt. Mieczysław Medwecki 13 Street, 32-083 Kraków, NIP: 679-280-82-92, REGON: 360140216 (hereinafter referred to as „PARKING”), there is a video monitoring system, including parking monitoring, which records the image that can constitute personal data. The Administrator of personal data of persons visiting KRK PARKING (collected within the framework of video monitoring) is the following company: Nieruchomości Iga Piekus, Czarnogórska 18/46 Street, 30-638 Kraków NIP: 679-280-82-92, REGON: 360140216 (hereinafter referred to as: „Administrator”). Personal data is processed to monitor the events and traffic of people and vehicles on the premises of the KRK PARKING.

 

The legal basis for data processing is the indispensability of processing for purposes arising from legally justified interests realized by the Administrator – the Administrator processes personal data of PARKING visitors in order to ensure protection in the PARKING and to claim for the business.

Personal data is processed for a period from 5 to 30 days, and in the case of registration of events requiring claims – it is processed until the expiration of the period of limitation for these claims. Personal data is not profiled.

The Administrator informs that the data subjects have the right to access, rectify, supplement, delete and transfer their personal data, as well as the right to limit this data.

The Administrator also informs that the data subject has the right to object to the processing of his or her personal data.

Contact details of the Administrator, in particular or reporting requests regarding the exercise of the rights set out in this clause, are as follows: KRK PARKING, Kpt. Mieczysław Medwecki 13 Street, 32-083 Kraków, e-mail address: biuro@krkparking.eu.

Provision of personal data is voluntary, but necessary for entering the PARKING area. The Administrator has appointed the Personal Data Inspector (PDI) – contact details of the PDI are available at the PARKING office.

The Administrator may share personal data collected as part of video monitoring for his suppliers, to whom he outsources services related to the processing of personal data, including IT service providers or security companies. Personal data may also be made available to entities from the Administrator’s capital group.

The data subject has the right to file a complaint regarding the protection of personal data to the supervisory body, i.e. to the President of the Personal Data Protection Office.

The Administrator makes special efforts to protect the privacy and information provided to him and regarding Users. The Administrator selects and applies adequate technical measures, including programming and organizational measures, ensuring protection of the data being processed, with due diligence. In particular, the Administrator protects data against unauthorized access by third persons, disclose, loss and destruction, unauthorized modification, as well as prior to their processing in violation of applicable law. In this respect, the Administrator applies the principles set out in the GDPR (especially Articles 5-7, Articles 12-13).

The Administrator ensures data processing with the use of the following principles, consistent with the GDPR:

• The principle of compliance with the law, reliability and transparency – data processing is carried out in compliance with the above principles.

• The principle of limiting the purpose of data processing – the purpose of data processing is clearly defined and lawful.
• The principle of data minimization – personal data processed by the Administrator is adequate, relevant and limited to what is necessary for the purposes, in which they are processed.
• The principle of data validity – the Administrator takes action to ensure that the data processed by him is correct and creates technical capabilities so that data improvement is possible.
• The principles of limiting the storage of data – data is stored by the Administrator only for a period of time that is necessary for the purposes for which the data is processed and for archival purposes.
• The principle of data integrity and confidentiality – the Administrator processes data in a manner ensuring adequate protection of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of adequate technical or organizational measures.
• The accountability principle – the Administrator processes the data in a lawful manner with the possibility of demonstrating compliance with the applicable provisions.

Due to the voluntary nature of providing personal data by the User, the User:

• Has the right to access his or her personal data and obtain information about the purposes of processing, as well as obtain a copy of his or her personal data,
• Has the right to rectify his or her personal data,
• May ask the Administrator to remove the personal data provided above from the data files kept by the Administrator,
• Has the right to transfer personal data or (if it is technically possible) require the Administrator to send personal data directly to the another Administrator,
• Has the right to remand restricting the data processing by the Administrator,
• Has the right to withdraw consent to the processing of personal data,
• Has the right to object to the processing of personal data.

Withdrawal of consent, deletion of data, limitation of data processing and actions taken against the opposition to data processing initiated by the Client, may prevent or restrict the performance of the service by the Administrator or use the functionality of the Store, for which the Client’s consent is necessary. Moreover, as well as achieve the purpose for which the data was collected, unless the purpose has already been achieved.

The Client may submit requests to exercise his or her rights via e-mail message to the following address: biuro@krkparking.eu or win writing to the Administrator’s address: Kpt. Mieczysław Medwecki 13 Street, 32-083 Balice.

In the event of using the rights set out in section 3 above by the Client, the Administrator fulfills the request or refuses to meet such a request providing the reason for refusal, without delay, but no later than within 30 days from the date of receipt, unless it is impossible to meet the request within the specified deadline due to technical reasons or reasons independent from the Administrator. In such a case, the Administrator will inform the Client about this fact and he will set another date - not longer than the next 30 days.

Despite the request to delete personal data, withdrawal of consent or application of the consent, the Administrator reserves the right to retain the personal data that he needs to establish, investigate or defend his claims against the Client, as well as to comply with the obligation imposed on the Administrator by the applicable law. This may include, in particular, data such as: name and surname, home address, e-mail address, as well as number and order details. 

The Client has the right to submit a complaint to the supervisory body – the President of the Personal Data Protection Office in the scope of violation of his or her rights regarding the protection of personal data.