§ 1

Entrusting the processing of personal data

                 The administrator of personal data entrusted by SKLEP is the Konsorcjum ATS M. Nosek, S. Wietrzyński Spółka Jawna, 26-600 Radom ul Tadeusza Mazowieckiego 7g, pursuant to art. 28 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation ) - hereinafter referred to as the "Regulation" - personal data for processing, on terms
and for the purpose set out in this Agreement.
                 The processing entity undertakes to process the personal data entrusted to it in accordance with this Agreement, the Regulation and other generally applicable laws that protect the rights of the data subjects.
                 The processing entity declares that it applies security measures that meet the requirements of the Regulation.
 

§2

The scope and purpose of data processing

                 The processing entity will process the data of contractors in the form of: first names, surnames, residence addresses, correspondence addresses, e-mail addresses, telephone numbers.
                  The personal data entrusted by the Administrator will be processed solely for the purpose of executing the Order placed via the store, telephone or e-mail.


§3

Responsibilities of the processor

                 The processing entity undertakes, when processing the personal data entrusted, to protect them by applying appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risks related to the processing of personal data referred to in art. 32 of the Regulation.
                 The processing entity undertakes to exercise due diligence in the processing of the personal data entrusted.
                 The processing entity undertakes to authorize the processing of personal data to all persons who will process the data entrusted
in order to implement this contract.
                 The processing entity undertakes to ensure confidentiality,
(referred to in Article 28 (3) (b) of the Regulation) of the data being processed by persons who authorize the processing of personal data for the purpose of implementing this Agreement.
                 Processing entity after the completion of related services
with processing, it returns to the Administrator all personal data and removes all existing copies thereof, unless European Union law or the law of a Member State requires the storage of personal data.
                 As far as possible, the Processor helps the Administrator
to the extent necessary, to fulfill the obligation to respond to the requests of the data subject and to fulfill the obligations set out in Article 32-36 of the Regulation.
                 After reporting the personal data breach, the processing entity reports it to the administrator within 24 hours without undue delay.

§4

Right of control

                 The data administrator in accordance with art. 28 para. 3 point h) of the Regulation has the right to check whether the means applied by the Processing Entity during processing
and securing entrusted personal data meet the provisions of the contract.
                  The data administrator will exercise the right of control during working hours of the Processing Entity and with a minimum of 30 days' notice.
                 The processing entity agrees to remedy the deficiencies found during the inspection by the date specified by the Administrator, data not longer than 7 days.
                 The processor shall provide the Administrator with all information necessary to demonstrate compliance with the obligations set out in Article 28 of the Regulation.

§5

Further entrusting data for processing

                 The processor may entrust personal data covered by this agreement for further processing to subcontractors only for the purpose of performing the contract after obtaining the prior written consent of the Data Administrator.
                 The entrusted data may be transferred to a third country only at the written request of the Data Administrator, unless such obligation imposes on the Entity processing European Union law or the law of the Member State to which the Processing Entity is subject. In this case, before the processing begins, the Processing Entity informs the Administrator of the data about this legal obligation, unless such law prohibits the provision of such information.
due to important public interest.
                 Subcontractor referred to in §5 para. 1 of the Contract shall fulfill the same guarantees and obligations as were imposed on the Processing Entity
in this Agreement.
                 The processor shall bear full responsibility towards the Administrator for failure to comply with data protection obligations imposed on the subcontractor.
 

§ 6

Responsibility of the Processor

                 The processor is responsible for the disclosure or use of personal data in breach of the contract, and in particular for providing unauthorized persons with access to personal data processing.
                 The processing entity undertakes to immediately inform the Administrator about any proceedings, in particular administrative or judicial, regarding processing by the Processing Entity of personal data specified in the contract, any administrative decision or ruling regarding the processing of such data addressed to the Processor, and any planned
if known, or performed controls and inspections regarding processing in the entity processing such personal data,
in particular, conducted by inspectors authorized by the Inspector General for Personal Data Protection. This section applies only to personal data entrusted by the Data Administrator.
§ 7

The duration of the permit

                 This authorization is valid from the day it is granted until the consent referred to in §2 para. 2
 

§8

Termination of the contract

                 The data controller may terminate this contract with immediate effect when the processor:
(a) notwithstanding the obligation to remedy the deficiencies identified during the inspection, he will not delete them within the prescribed period;

b) processes personal data in a manner inconsistent with the contract;

c) entrust the processing of personal data to another entity without the consent of the Data Administrator;

§ 9

Privacy policy

                 The processing entity undertakes to keep secret all information, data, materials, documents and personal data received from the Administrator of the data and from the persons cooperating with it and data obtained
in any other way, deliberate or accidental in verbal, written or electronic form ("confidential data").
                 The processing entity declares that due to the obligation to keep confidential data secret, they will not be used, disclosed or made available without the Administrator's consent in writing for purposes other than the performance of the Agreement, unless the need to disclose information arises under applicable law or the Agreement.