Privacy Policy


Privacy Policy

This Privacy Policy (hereinafter referred to as the "Policy") has been created to demonstrate that personal data at Semicon Sp. z o.o. is processed and secured in compliance with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data (hereinafter "GDPR").

I. Definitions

  1. Data Controller – Semicon Sp. z o.o., ul. Zwoleńska 43/43a, 04-761 Warsaw, Poland.

  2. Personal Data – Any information relating to an identified or identifiable natural person.

  3. Information System – A set of cooperating devices, programs, data processing procedures, and software tools used for processing data.

  4. User – A person authorized by the Data Controller to process personal data.

  5. Data Set – Any structured set of personal data accessible according to specific criteria.

  6. Data Processing – Any operation performed on personal data such as collection, recording, storage, adaptation, alteration, sharing, or deletion—whether manually or via IT systems.

  7. User ID – A string of letters, digits, or other characters uniquely identifying the User.

  8. Password – A confidential string of characters known only to the authorized User, required to access the information system and process personal data.

  9. Authentication – The process of verifying the declared identity of a User.

II. General Provisions

  1. This Policy applies to all personal data processed by Semicon Sp. z o.o., regardless of the form or system in which it is processed.

  2. The Policy is stored in both electronic and paper form at the Data Controller’s registered office.

  3. The Policy is made available for review upon request to any person authorized or to be authorized to process personal data.

  4. To ensure the effective implementation of this Policy, the Data Controller provides:
    a) technical and organizational measures appropriate to the risk and data category,
    b) supervision and control over personal data processing,
    c) monitoring of the security measures in place.

  5. Monitoring includes actions of Users, violations of access rules, file integrity, and protection against internal and external threats.

  6. The Data Controller ensures that all data processing and security measures are compliant with this Policy and applicable law.

III. Personal Data Processed by the Controller

  1. Personal data is collected and processed in defined data sets.

  2. The Data Controller does not engage in processing likely to result in a high risk to the rights and freedoms of individuals. If such processing is planned, the Controller will perform a Data Protection Impact Assessment per Articles 35 et seq. of the GDPR.

  3. For any new processing activities, the Data Controller evaluates their impact on data protection and incorporates data protection principles by design.

  4. The Data Controller maintains a register of processing activities.

IV. Responsibilities for Data Security Management

  1. Users must process personal data in accordance with the law and internal procedures: Data Security Policy, this Privacy Policy, the IT System Management Manual, and other internal documents.

  2. All personal data is processed according to GDPR principles:
    a) lawful basis for processing,
    b) fairness and transparency,
    c) purpose limitation,
    d) data minimization,
    e) accuracy and up-to-date maintenance,
    f) storage limitation,
    g) informational duties under Articles 13 and 14 of the GDPR,
    h) data security and protection.

  3. The Data Controller may withhold information if data is protected under professional secrecy obligations (Art. 14(5)(d) GDPR).

  4. Violations include but are not limited to:
    a) breaches of IT system security,
    b) unauthorized disclosure of data,
    c) negligence in data protection duties,
    d) failure to maintain confidentiality,
    e) unlawful data processing,
    f) damage or unauthorized modification of personal data,
    g) infringement of data subject rights.

  5. Upon detecting a violation, the User must take immediate steps to mitigate impact and notify the Data Controller.

  6. In employment or collaboration processes, the Controller ensures:
    a) appropriate training,
    b) written authorization to process data,
    c) confidentiality commitments via signed declarations.

  7. Employees are obligated to:
    a) adhere to the scope of their authorization,
    b) ensure lawful processing,
    c) maintain confidentiality,
    d) report data security incidents.

V. Data Processing Locations

  1. Personal data is processed at the following Semicon Sp. z o.o. locations:

    • ul. Zwoleńska 43/43a, 04-761 Warsaw

    • ul. Ezopa 71, 04-805 Warsaw

    • ul. Zakrętowa 4, 05-077 Warsaw

    • ul. Radomszczańska 19, 04-764 Warsaw

  2. Processing also occurs on laptops and data carriers located outside the above premises.

VI. Technical and Organizational Safeguards

  1. The Data Controller applies appropriate technical and organizational safeguards to ensure data confidentiality, integrity, accountability, and continuity.

  2. Measures are adapted to risk levels and include:
    a) restricted access to data-processing areas,
    b) secured premises during staff absence,
    c) locked cabinets and safes,
    d) document shredders,
    e) firewalls for external threat protection,
    f) secure backups,
    g) anti-malware software,
    h) password-protected access to company devices,
    i) encryption during data transmission.

VII. Data Breach Notification

  1. The Data Controller evaluates each breach to determine its impact on data subject rights.

  2. If a breach may risk individuals’ rights, the Controller notifies the supervisory authority without undue delay—within 72 hours if feasible. High-risk breaches will also be communicated to the affected individuals.

VIII. Data Processing by Third Parties

  1. The Controller may entrust data processing to third parties only under a written agreement that complies with Article 28 GDPR.

  2. Where possible, the Controller evaluates the processor’s data protection practices beforehand.

IX. Data Transfers Outside the EU

  1. Personal data will not be transferred to third countries unless explicitly requested by the data subject.

X. Cookies

  1. The Data Controller may collect personal data automatically through cookies on its website. Essential cookies are used for:
    a) maintaining user sessions,
    b) saving session states,
    c) authentication via login systems,
    d) anonymous login information,
    e) shopping cart functionality,
    f) service availability monitoring,
    g) restoring last-viewed states,
    h) hiding or limiting repeated popups,
    i) session restoration,
    j) last-selected product category,
    k) checking cookie functionality,
    l) “remember me” login feature,
    m) personalizing content,
    n) storing preferences (language, currency, font size),
    o) storing recent search results,
    p) showing recently viewed products,
    q) remembering the last sorting setting.

XI. Access Logs

The Data Controller collects usage data and IP addresses based on access logs to diagnose server issues, analyze security breaches, and manage the website. IPs are used for statistical analysis (e.g., region of connection) and for anonymized aggregate reports, which do not identify specific users.

XII. Automated Data Processing

  1. Personal data may be processed automatically (including profiling) in connection with transactions with Semicon Sp. z o.o., but this does not produce legal effects for the user.

  2. Profiling may involve automated assessment of preferences or interests for analytical or predictive purposes.

XIII. Final Provisions

  1. Failure to comply with this Policy may result in disciplinary action under the Labor Code and applicable data protection laws.

Confidentiality Note

This message and any attachments are confidential and may be legally protected. If you are not the intended recipient, you must not disclose, copy, distribute, or use this information. Please notify the sender immediately and delete the message.

Data Controller: Semicon Sp. z o.o.
rodo@semicon.com.pl

Let me know if you'd like this formatted into a document or adjusted for legal/website publication.