I have the role of Data Protection Administrator (hereinafter also the DPA) at Mercer Solar sp. z o.o. (hereinafter also known as Mercer).
You can contact me in all matters related to the processing of personal data in Mercer, including if you want to exercise one of your rights.
Below I provide the most important information regarding the protection of personal data at Mercer.
Stéphanie Bischof
Data Protection Manager/Administrator at Mercer
Who is the Personal Data Administrator?The administrator of your personal data is Mercer Solar sp. z o.o. with its registered office at ul. Taneczna 18, 02-829 Warsaw.
Why do we need personal data?Each time before commencing the processing of personal data, Mercer identifies the purpose, the legal basis for their processing and determines the data retention period.
When we are bound by a contract, we process personal data in order to perform it or to conclude it, and we will process this data for at least 6 years from its completion due to the requirements of tax law.
We may also process your data due to the legal requirements imposed on us by Polish or European law, e.g. when an accident at work occurs on the premises of one of our facilities, we will process the personal data of the participants of the accident due to legal requirements in the area of health and safety and we will process them for the period required by them. It also happens that we process your personal data in our legitimate interest, e.g. to ensure the safety of people and property on Mercer premises.
Each time we will make every effort to inform you about the purpose of personal data processing, the legal basis for this processing, the data retention period and all other information required by the GDPR as part of the information obligation.
Information clauses:
Safe work instructions for employees of the Contractor and Subcontractor
Monitoring of photovoltaic farms
Call monitoring
Persons performing the contract - employees of the contractor
Persons indicated in contracts and agreementsWhat matters does the Data Protection Administrator deal with?
The Data Protection Administrator has been appointed in Mercer pursuant to art. 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation ), hereinafter referred to as the Regulation or the GDPR. The Data Protection Administrator verifies the correctness of personal data processing in the organization in which he has been appointed. As part of its activities, it is also a contact point for any reports related to possible irregularities in their processing. Therefore, you can turn to the DPA, for example, if you want to exercise one of your rights under the GDPR. These rights, with the limitations set out in the GDPR, apply in particular to:
1) the right to access personal data,
2) the right to rectify personal data,
3) the right to delete personal data (“the right to be forgotten”),
4) the right to limit processing,
5) the right to transfer personal data,
6) the right to object to further processing,
7) the right to object to automated decision-making, including profiling,
8) the right to notify the supervisory body of a breach (www.uodo.gov.pl. Ul. Stawki 2, Warsaw).
How is your application processed?
The application may be submitted through Mercer Employees and Advisors or directly to the Data Protection Administrator. We will deal with it immediately and respond within a month. If the verification of the possibility of satisfying your request will last longer than a month, you will be informed about the extension of the deadline for responding in a separate letter. Such an extension is possible due to the complexity of the request or the number of requests submitted. If the application does not allow for your unambiguous identification or is unclear, the Data Protection Administrator will ask you to supplement it within one month of receipt of the application. If the application is submitted in electronic form, further correspondence will also be conducted in this form, if possible. In other cases, you will be informed about the manner of examining the application in writing, by registered letter with acknowledgement of receipt. Consideration of the application is free of charge. However, if the request is obviously unjustified or repeated frequently, the Personal Data Administrator may:
• charge a reasonable fee, including reasonable administrative costs, to process the request, communicate or carry out the requested operations, or
• refuse to consider the application.
How to contact the Data Protection Administrator?
Electronically to the e-mail address:
[email protected] or in writing to the following address:
Data Protection Administrator, ul. Taneczna 18, 02-829 Warsaw.
What are the principles of personal data processing at Mercer?
For the sake of security, and respect for your rights at Mercer, personal data is:
• processed lawfully, fairly and in a transparent manner,
• collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes,
• adequate, relevant and limited to what is necessary for the purposes, i.e. the principle of data minimization is applied,
• correct and, if necessary, updated,
• stored in a form that allows identification of the data subject for a period not longer than it is necessary for the purposes for which the data is processed,
• processed in a manner that ensures adequate security of personal data: protection against unauthorized or unlawful processing and accidental loss, destruction or damage by means of appropriate technical and organizational measures.
At Mercer, based on the risk assessment process, we have also implemented safeguards that minimize the likelihood of a personal data breach. The security measures that we have implemented include both the area of personal security (e.g. we conduct training on personal data protection), physical security (e.g. we store documentation in supervised rooms and additionally place them in lockable cabinets) and ICT security (e.g. we encrypt hard drives our computers).
Will we transfer your data?
As part of the processing activities, your personal data may be transferred to our trusted partners. The recipients of your personal data may include, among others:
• suppliers of IT systems and services with whom the Administrator cooperates,
• companies providing security services for our facilities,
• external consulting companies,
• companies providing courier services,
• other authorized entities upon documented request.
• entities related to Mercer Solar legally, economically and personally, in particular those understood in accordance with Polish and EU law.
Data transfer outside the European Economic Area and profiling
As a rule, your personal data will not be transferred outside the European Economic Area and profiling is not carried out on their basis.
If you do not find the answer to your questions in this information, please contact us via the e-mail address provided:
[email protected]