Privacy Policy
According to the art. 13 and art. 14 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data and repealing Regulation (EC) 95/46 (General Data Protection Regulation, “GDPR”), we inform, that:
- The Controller of your personal data is the entity in intive Group GmbH at which you are employed or with which you cooperate.
- In matters related to the processing of personal data, please contact the Data Protection Officer (DPO) or directly the Controller if the DPO is not established. In our Privacy Policy you can find the contact details of each Controller and DPO.
- The legal basis for the processing of the personal data are:
- art. 6(1)(f) GDPR where the legitimate interest of the controller is eliminating immoral or unacceptable practices and activities of the organization in accordance with the law and decency;
- art. 6(1)(c) GDPR, i.e. when processing is necessary for compliance with a legal obligation to which the controller is subject in connection with the implementation of the Directive;
- art. 6(1)(a) GDPR when data subject has given such consent, e.g. when the person providing the information consents to the disclosure of his or her identity by the controller.
4. Personal data can be shared with external entities that support the controller, in particular:
- governmental authorities or other authorities to carry out intive obligations determined by legal regulations;
- entities providing intive with legal services, consultancy services and other entities if it is necessary to the implementation of the Whistleblowing process, including Vispato GmbH, which provides a platform for Whistleblowing.
5. Each data subject shall have the following rights:
- the right of access to personal data
- the right to rectify them
- the right to erase personal data
- the right to limit the processing
- the right to personal data portability
- the right to object against personal data processing
- right to withdraw the consent at any time without affecting the lawfulness of the processing carried out prior to its withdrawal.
6. Each data subject is entitled to lodge a complaint to the proper supervisory authority, if in his opinion the processing of the personal data violates the provisions of the GDPR. The contact details of each supervisory authority you can find in our Privacy Policy.
7. The controller in the Whistleblowing process can also process personal data of the person/persons involved in the misconduct or witnesses – the personal data can be revealed to the controller by the person submitting the disclosure (Whistleblower). The personal data are:
7. The controller in the Whistleblowing process can also process personal data of the person/persons involved in the misconduct or witnesses – the personal data can be revealed to the controller by the person submitting the disclosure (Whistleblower). The personal data are:
names of persons involved;
- job title;
- company;
- names of any witnesses (if applicable);
- description of all the details of the misconduct.
8. Providing of personal data by Whistleblower is entirely voluntary.
9. Personal data will be processed:
9. Personal data will be processed:
- for a period of 1 year counting from the first day of the year following the year in which the Whistleblowing disclosure was submitted, unless there is a need for internal investigation, court proceedings, enforcement proceedings or defense against claims;
- for a period of 1 year counting from the first day of the year following the year in which the internal investigation was finalized.
- until the final conclusion of the proceedings (in the event of pending court proceedings related to the reported misconduct) and in the event of enforcement proceedings - until its completion.
10. Due to the international nature of our business, we may need to transfer your personal data within the intive group. Personal data may be transferred to third countries on the basis of Article 45 or 46 of the GDPR or when any of the exceptions provided for in Article 49(1) of the GDPR apply. In particular data may be transferred to the Argentine Republic, United Kingdom, Uruguay (for which the European Commission has concluded an adequate level of protection of personal data). In other cases, data transfer may be based on standard contractual clauses and additional guarantees. Information regarding transfer of data and information on the applicable safeguards as well as a copy of the transferred data can be obtained from the data protection officers or by contacting the Controller directly if the DPO is not established.
11. Personal data will not be used for automated decision making, including profiling, which is described in art 22(1,4) GDPR.
11. Personal data will not be used for automated decision making, including profiling, which is described in art 22(1,4) GDPR.