Personal data processing agreement

Magnum Kamil Zalewski , with headquarters in Gdańsk Siennicka 25B Street, TaxID 9571051159
Called ‘Processing entity’


§ 1
Entrusting the processing of personal data

1. The data controller entrusts the Processing Entity, pursuant to Article 28 of the General Data Protection Regulation of 27 April 2016. (hereinafter referred to as the “Regulation”) personal data for processing, on the terms and for the purpose set out in this Agreement.
2. The processing entity undertakes to process the personal data entrusted to it in accordance with the Regulation and other provisions of generally applicable law that protect the rights of data subjects.
3. The processing entity declares applying security measures that meet requirements of the Regulation.


Scope and purpose of data processing

1. The processing entity will process the entrusted ordinary data of the entrusting person that is necessary for the performance of the service.
2. Personal data entrusted by the Administrator will be processed by the Processing entity solely for the purpose of providing services.


Obligations of the processor

1. The processing entity undertakes, when processing entrusted personal data, to secure them through the use of appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risk related to the processing of personal data referred to in art. 32 of the Regulation.
2. The processing entity undertakes to exercise due diligence in the processing of entrusted personal data.
3. The processing entity undertakes to authorize the processing of personal data to all persons who will process the entrusted data in order to provide the service.
4. The processing entity undertakes to ensure confidentiality (referred to in Article 28 (3) (b) of the Regulation) of processed data by persons who authorize the processing of personal data in order to provide the service.
5. The processing entity, after finding a personal database breach without undue delay, reports it to the administrator within 24 hours.


§ 4
Liability of the processing entity

1. The processing entity is responsible for providing or using personal data contrary to the content of the contract, and in particular for providing personal data entrusted for processing to unauthorized persons.
2. The processing entity undertakes to immediately inform the Data Controller about any proceedings, in particular administrative or judicial, regarding the processing by the Processing entity of personal data specified in the contract, about any administrative decision or decision regarding the processing of such data, addressed to the Processing Entity, as well as about any planned, as far as they are known, or implemented controls and inspections regarding the processing of such personal data in the Processing Entity, in particular conducted by inspectors authorized by the Inspector General for Personal Data Protection. This paragraph applies only to personal data entrusted by the Data Administrator.


§ 5
Confidentiality rules

1. The processing entity undertakes to keep confidential all information, data, materials, documents and personal data received from the Data Administrator and from persons cooperating with him and data obtained in any other way, intended or accidental in oral, written or electronic form ( “secret data”).
2. The processing entity declares that in connection with the obligation to keep confidential data confidential, they will not be used, disclosed or made available without the written consent of the Data Administrator for purposes other than performance of the Agreement, unless the need to disclose information is due to applicable law or the Agreement .

Data Administrator