Our company has developed and implemented internal policies and procedures that take into account the principles of data processing specified in the GDPR.

The Personal Data Protection Policy updated in line with the GDPR was developed and approved on November 27, 2018, and since then has been subject to systematic reviews and, if necessary, updates. This Policy consists of the following elements:

1. Status and tasks of the IOD

2. Scheme of functional persons
3. Incident management procedure

4. Procedure for designing new processes

5. Personal data protection procedure in relations with suppliers

6. Procedure for granting authorizations and powers

7. Rules for using assigned equipment

8. Rules for working with e-mail

9. Data security rules at the workplace

10. Procedure for reviewing user access rights

11. Rules for using IT systems

12. Procedure for managing authentication data

13. Procedure for handling requests from data subjects

In addition, in our company we are aware of the need for other internal documents, such as: Password management and storage procedure, Backup policy, and Personal data retention policy. These documents are either prepared separately or included as attachments to the Personal Data Protection Policy.