<h1>Zespół Elektrociepłowni Wrocławskich KOGENERACJA S.A.</h1>

Protection of personal data

Dear Sir or Madam,

We kindly inform you that Zespół Elektrociepłowni Wrocławskich KOGENERACJA S.A. with its registered office in Wrocław at ul. Łowiecka 24, 50-220 Wrocław (hereinafter referred to as the Company) within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(Official Journal of the European Union, series L of 2016) (hereinafter referred to as the GDPR) is a data controller obliged to provide you, in accordance with the Art. 12 of the GDPR, with all information referred to in Art. 13 and Art. 14 of the GDPR.

The Company, as a data controller, taking into account the Article 14 of the GDPR, fulfils this legal obligation to provide information through this information channel to the following:

1.          any natural person with whom it has entered into or enter into a contract,

2.          any natural person with whom it cooperates otherwise through or with other data controllers or processors,

3.          other natural persons in respect of whom that obligation must be fulfilled.

 

The information obligation towards the Company’s employees is implemented through a separate information channel.

The content of the information clause is also placed on the Company’s premises in the Pass Office
and in the Customer Service Office

The Company complies with this legal obligation to provide information also as an issuer, in particular taking into account the following:

1.          Law of 15 September 2000 Commercial Companies Code (i.e. Dz. U. [Journal of Laws] of 2017, item 1577; of 2018, item 398, 650),

2.          Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (Official Journal of the European Union of 2014, series L 173),

3.          Commission Implementing Regulation (EU) 2016/347 of 10 March 2016 laying down implementing technical standards with regard to the precise format of insider lists and for updating insider lists in accordance with Regulation (EU) No 596/2014 of the European Parliament and of the Council (Official Journal of the European Union of 2016, series L 65),

4.          Law of 1 March 2018 on counteracting money laundering and terrorist financing (Dz. U. [Journal of Laws] of 2018, item 723)

5.          as well as other legal regulations in this regard.

The purpose of this information is primarily to provide current and future owners of financial instruments with access to relevant information about the Company performing public tasks and to eliminate any asymmetry of information that could occur between these market participants due to lack of such information.

 

For more information visit:

1.          https://www.gpw.pl/obowiazki-informacyjne

2.          https://www.knf.gov.pl/dla_rynku/Informacje_dla_podmiotow_nadzorowanych/mar/regulacje_obowiazujace.

Note:
In order to ensure the safety of persons staying on the premises of KOGENERACJA S.A. as well as the protection of property and information, the Company’s premises are subject to video monitoring (Art. 6, section 1, letter f of the GDPR).

In order to maintain the confidentiality of legally protected information and the necessity to protect IT systems, while maintaining the confidentiality of correspondence and other personal rights, the Company conducts monitoring of the IT network (Article 6, section 1, letter f of the GDPR).

Personal data means any information relating to an identified or identifiable natural person.

Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

However, personal data is not a single piece of information with a high degree of generality. Such information becomes personal data only when compared with other, additional (possessed) information, which will result in the ability to relate it to a specific individual.

Personal data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Obligation to provide information
The controller of your personal data is the Company, i.e. Zespół Elektrociepłowni Wrocławskich KOGENERACJA S.A. with its registered office in Wrocław at ul. Łowiecka 24, 50-220 Wrocław, www.kogeneracja.com.pl,registered in the District Court in Wrocław, VI Commercial Division of the National Court Register under the KRS [National Court Register]
no. 0000001010, NIP [VAT] 896 000 00 32.

In order to obtain additional information regarding the processing of personal data, please contact the Data Protection Officer, Dariusz Wasiak, by:

1.        an e-mail address:

odo@kogeneracja.com.pl

2.        a postal address:

Inspektor Ochrony Danych [Data Protection Officer]

Zespół Elektrociepłowni Wrocławskich KOGENERACJA S.A.

ul. Łowiecka 24

50-220 Wrocław

In order to exercise the rights resulting from the GDPR, to report a breach of personal data protection rules as well as in the case of necessity to make a specific request, please contact the Data Protection Officer: Dariusz Wasiak by:

 

1.        the application as set out below

2.        a form available at the Company’s premises in the Pass Office

3.        a form available at the Company’s premises in the Customer Service Office

4.        a postal address:

Inspektor Ochrony Danych [Data Protection Officer]

Zespół Elektrociepłowni Wrocławskich KOGENERACJA S.A.

ul. Łowiecka 24

50-220 Wrocław

 

We will process your personal data in accordance with the provisions of the GDPR and other Polish and European regulations on personal data protection depending on the type of agreement or form of cooperation between us or the supervision of the Company’s activities, in particular on the basis of:

 

1.        Article 6, section 1 letter b of the GDPR:

in order to prepare, enter into, execute, supervise and settle the agreement, including the specification of technical conditions for connection to the network, entering into and execution of an agreement for the connection of real estate and facilities to the network, provision of energy sales services, energy transmission services, agreements for construction of district heating infrastructure and agreements for the management of network distribution assets (repairs, modernisations, maintenance, servicing, removal of defects and failures) and other related to ensuring the safety and continuity of the Company’s operations

2.        Article 6, section 1, letter c of the GDPR:

in order to implement the processes resulting from preparation, initiation, performance, supervision and settlement of the procurement procedure referred to in the Law of 29 January 2004 – Public Procurement Law (i.e. Dz. U. [Journal
of Laws] of 2017, item 1579, 2018 as amended)

3.        Article 6, section 1, letter c of the GDPR:

in order to reduce the risk of money laundering and terrorist financing, taking into account Article 10 of the GDPR,
if necessary

4.        Article 6, section 1, letter c of the GDPR:

in order to fulfil the legal obligations incumbent on the Company in connection with its operated business and the execution of your requests as well as rights arising from the GDPR, tender processes, concluded agreements, provisions of the Energy Law, provisions on public statistics, tax law provisions, archiving documents, OSH, environmental protection and other generally binding provisions of law in order to ensure energy security of the network and continuity of energy supply

5.        Article 6, section 1, letter c of the GDPR:

in order to fulfil the legal obligations incumbent on the Company resulting from the form of conducted operations incumbent on the Company as an issuer, taking into account the reporting performed

6.        Article 6, section 1, letter d of the GDPR:

in order to ensure the protection of the vital interests of the right holder, if such a necessity arises

7.        Article 6, section 1, letter a of the GDPR:

on the basis of your consent, if it is necessary due to the regulations in force, and your consent to the processing of personal data for the purposes specified by the Company or you have been given

8.        Article 9, section 2 letter b of the GDPR:

in order to confirm the professional qualifications and the absence of contraindications for the execution of works specified in the Agreement, if such a necessity arises

9.        Article 6, section 1, letter f of the GDPR:

in order to ensure the safety of persons staying on the Company’s premises and the protection of property and information (video monitoring);

10.     Article 6, section 1, letter f of the GDPR:

in order to maintain the confidentiality of legally protected information and the necessity to protect IT systems (while maintaining the confidentiality of correspondence and other personal rights, the monitoring of the IT network)

11.     Article 6, section 1, letter f of the GDPR:

in order to issue a personal card authorising to enter the Company’s premises

12.     Article 6, section 1, letter f of the GDPR:

in order to carry out the recruitment process, if such a necessity arises

13.     Article 6, section 1, letter f of the GDPR:

in order to establish, assert and defend claims, if such a necessity arises

14.     Article 6, section 1, letter f of the GDPR:

for purposes arising out of legitimate interests pursued by the Company or a third party for the purposes of the Company in order to do the following:

a.     answer a question or request,

b.     maintain contact,

c.     cooperate,

d.     exchange information,

e.     conduct direct marketing of products and services,

f.       use powers of attorney,

g.     physical protection, including activities related to ensuring the safety of persons and property and emergency procedures,

h.     process data of persons acting on behalf of Customers and Contractors,

i.       verify and ensure the highest quality of services,

j.       remedy faults and failures,

k.     modernise, repair, service and maintain heating and power equipment,

l.       conduct training,

m.    prepare reports,

n.     evaluate actions.

 

The recipients of your personal data, depending on the type of agreement or form of cooperation between us or the supervision over the Company’s operations may be in particular the following categories of entities and persons:

 

1.          PGE Capital Group entities, our partners and contractors to the extent necessary for contact purposes and proper performance of the agreement, including PGE Energia Ciepła S.A. Branch No. 2 of the CUW in Kraków for the purpose of performance of agreements for the provision of services connecting this entity with the data administrator;

2.          Authorised to receive it on the basis of the applicable provisions of law, including the provisions of the Energy Law and, among others, the Commercial Companies Code;

3.          Entities providing services to the Company in the scope of servicing and implementation of the connection process;

4.          Entities providing advisory, security, audit, control, legal and debt collection services to the Company;

5.          Entities providing services to the Company in the scope of servicing and implementation of the process of service, maintenance, modernisation, repairs, troubleshooting faults and failures, readings of heat, water and electricity consumption;

6.          Energy distributors;

7.          The purchaser of the receivables;

8.          Economic information offices;

9.          Entities and persons to whom the documentation of the procurement procedure will be made available on the basis of Article 8 and Article 96, section 3 of the Law of 29 January 2004 – Public Procurement Law (i.e. Dz. U. [Journal of Laws] of 2017, item 1579, 2018 as amended), including persons and entities related to the process of preparing, implementing and supervising and other persons and entities authorised on the basis of the legal regulations;

10.       Entities and persons supervising the Company as part of ownership or investor supervision.

 

In addition, your data may be transferred on our behalf to processors and their authorised employees, and such processors process data on the basis of a contract with us and only in accordance with our instructions and provided that confidentiality is respected.

We do not intend to transfer your personal data to recipients outside the European Economic Area, i.e. to third countries within the meaning of the GDPR.

Depending on the type of agreement or form of cooperation between us or the supervision of the Company’s activities we process your personal data for the period of time necessary to achieve the specific purposes
of processing, in particular on the basis of:

 

1.          Article 6, section 1 letter b of the GDPR:

in order to prepare, enter into, execute, supervise and settle the agreement, including the specification of technical conditions for connection to the network, entering into and execution of an agreement for the connection of real estate and facilities to the network, provision of energy sales services, energy transmission services, agreements for construction of district heating infrastructure and agreements for the management of network distribution assets (repairs, modernisations, maintenance, servicing, removal of defects and failures) and other related to ensuring the safety and continuity of the Company’s operations: for the duration of the agreement, guarantee and warranty, and thereafter for the period of limitation of claims, but not longer than five years

2.          Article 6, section 1, letter c of the GDPR:

in order to implement the processes resulting from preparation, initiation, performance, supervision and settlement
of the procurement procedure referred to in the Law of 29 January 2004 – Public Procurement Law (i.e. Dz. U. [Journal of Laws] of 2017, item 1579, 2018 as amended): for the period of 4 years as of the date of completion of the procurement procedure, and if the duration of the agreement exceeds 4 years for the entire duration of the agreement (Art. 97, section 1 of the PZP), subject to the provisions of the tax law and archiving of documents and the period of limitation of claims, but not longer than 5 years, if such a necessity arises during the performance of the objective

3.          Article 6, section 1, letter c of the GDPR:

in order to reduce the risk of money laundering and terrorist financing, taking into account Article 10 of the GDPR:
for the period necessary to achieve the objective, and thereafter for the limitation period for claims, but not longer than five years if such a necessity arises in the course of achieving the objective

4.          Article 6, section 1, letter c of the GDPR:

in order to fulfil the legal obligations incumbent on the Company in connection with its operated business and the execution of your requests as well as rights arising from the GDPR, tender processes, concluded agreements, provisions of the Energy Law, provisions on public statistics, tax law provisions, archiving documents, OSH, environmental protection and other generally binding provisions of law in order to ensure energy security of the network and continuity of energy supply: for the period necessary to achieve the objective, and thereafter for the limitation period for claims, but not longer than five years

5.          Article 6, section 1, letter c of the GDPR:

in order to fulfil the legal obligations incumbent on the Company resulting from the form of conducted operations incumbent on the Company as an issuer, taking into account the reporting carried out: for the period necessary
to achieve the objective, and thereafter for the period of limitation of claims, but not longer than for five years

6.          Article 6, section 1, letter d of the GDPR:

in order to ensure the protection of the vital interests of the right holder: for the period necessary to achieve
the objective, taking into account the limitation period for claims, but not longer than five years if such a necessity arises in the course of achieving the objective

7.          Article 6, section 1, letter a of the GDPR:

on the basis of your consent, if it is necessary due to the regulations in force, and your consent to the processing
of personal data for the purposes specified by the Company or you have been given: up until the consent is withdrawn or outdated; the consent may be withdrawn at any time without legal consequences, but its withdrawal does not affect the lawfulness of the processing before the withdrawal of consent

8.          Article 9, section 2 letter b of the GDPR:

in order to confirm the professional qualifications and the absence of contraindications for the execution of works specified in the Agreement: for the period necessary to achieve the objective, taking into account the term of the Agreement and limitation period for claims, but not longer than five years if such a necessity arises in the course
of achieving the objective

9.          Article 6, section 1 letter f of the GDPR:

in order to ensure the safety of persons staying on the Company’s premises and the protection of property and information (video monitoring): for the period not longer than three months; this period may be extended by the duration of an investigation into a breach of security or protection of property, or in related cases, if the data collected in this way may constitute evidence in such cases, afterwards it will be deleted

10.       Article 6, section 1 letter f of the GDPR:

in order to maintain the confidentiality of legally protected information and the necessity to protect IT systems (while maintaining the confidentiality of correspondence and other personal rights, the monitoring of the IT network): for the period necessary to achieve the objective; this period may be extended by the duration of an investigation into a breach of security or protection of property, or in related cases, if the data collected in this way may constitute evidence in such cases, afterwards it will be deleted

11.       Article 6, section 1 letter f of the GDPR:

in order to issue a personal card authorising entry to the Company’s premises: for the period not longer than twelve months; this period may be extended by the duration of an investigation into a breach of security or protection of property, or in related cases, if the data collected in this way may constitute evidence in such cases, afterwards it will be deleted

12.       Article 6, section 1 letter f of the GDPR:

in order to carry out the recruitment process: for the period necessary to achieve the objective, but not longer than three months as of the date of completion of the recruitment process in the event of the need to meet the formal requirements of candidates, if such a need arises in the course of achieving the main objective. A deviation from this rule are situations in which there will be a claim against the Company, or the candidate of the Company for the damage caused in the period referred to above. In such a case, the data will be processed taking into account the periods resulting from the applicable legal regulations

13.       Article 6, section 1 letter f of the GDPR:

in order to establish, assert and defend claims: for the period specified in the provisions of the Law of 23 April 1964 – Civil Code (i.e. Dz. U. [Journal of Laws] of 2018, item 1025, 1104, 1629) and other provisions in force in this respect, taking into account the period of administrative, civil or criminal proceedings, if such a circumstance occurs

14.       Article 6, section 1 letter f of the GDPR:

for purposes arising out of legitimate interests pursued by the Company or a third party for the purposes of the Company in order to do the following:

 

a.     answer a question or request,

b.     maintain contact,

c.     cooperate,

d.     exchange information,

e.     conduct direct marketing of products and services,

f.       use powers of attorney,

g.     physical protection, including activities related to ensuring the safety of persons and property and emergency procedures,

h.     process data of persons acting on behalf of Customers and Contractors,

i.       verify and ensure the highest quality of services,

j.       remedy faults and failures,

k.     modernise, repair, service and maintain heating and power equipment,

l.       conduct training,

m.    prepare reports,

n.     evaluate actions,

 

for the period of time necessary to achieve the stated objective, including the limitation period for claims and exclusions mentioned above or applicable law, but not longer than 5 years, if such a necessity arises in the course of the achieving the objective.

 

You have the right to the following:

 

1.          Request access to your personal data and the right to limit the processing, transfer or delete them within the limits resulting from the GDPR, taking into account the processes carried out with the use of video monitoring;

2.          Rectify the data;

3.          To the extent that the processing of personal data is based on the consent, you have the right to withdraw it at any time without any negative legal consequences, with provision that the processing of your personal data before the withdrawal of the consent is in accordance with the provisions in force in this respect;

4.          Object at any time to the processing of personal data (including video monitoring processes):

a.     for reasons connected with your particular situation, if the Company processes data for purposes resulting from legitimate interests (Article 21, section 1 of the GDPR),

b.     for direct marketing purposes, including profiling for marketing purposes to the extent that the processing of your data is related to direct marketing (Article 21, section 2 of the GDPR).

Upon objection, we will cease processing your data for these purposes unless we can demonstrate that there are valid, legitimate grounds overriding your interests, rights and freedoms or that your data are necessary for us to establish, assert or defend claims, if any.

5.          File a complaint to the supervisory authority, i.e. to the President of the Personal Data Protection Office with its registered office in Warsaw (00-193) at ul. Stawki 2, if you believe that we process your personal data contrary to the provisions of the GDPR.

In exercising your rights, you may make use of the request contained on the website below by addressing your request through it. The Officer will provide you with a comprehensive reply without undue delay, but not later than one month after receipt of the request and, in exceptional cases (of which you will be informed), within three months.

 

Personal data processed by us (in particular) for the purpose of the following:

1.          fulfilment of obligations as an issuer;

2.          execution of claims, rights and requests;

3.          making it possible to issue technical conditions for connection to the grid;

4.          implementation of tender processes;

5.          entering into and performance of agreements;

6.          provision of energy sales services;

7.          issuing an identification card in order to enter the Company’s premises;

8.          conducting training, including health and safety at work;

 

in principle, come directly from you to the extent specified by the implementation process and to the necessary extent.

An exception shall be made, in particular, where:

1.          data necessary to issue an identification card in order to enter the Company’s premises;

2.          the contact details necessary for the implementation of the contracts;

3.          data of persons performing or supervising agreements;

4.          data of auditors, inspectors, experts;

5.          data for the implementation of tender processes;

6.          data necessary to conduct training, including health and safety training;

7.          data necessary to perform other activities resulting from the role of the administrator and issuer;

 

will be provided to us by natural or legal persons as well as bodies, units or entities to the extent depending on the type
of agreement or form of cooperation between us, the supervision over the Company’s operations, including by the following:

1.        the persons representing you on the basis of the granted power of attorney,

2.        the entity to which you have given your consent to transfer the data,

3.        your employer or other client,

 

or we will use the information collected in the System of Electronic Land and Mortgage Registers, Central Register of Business Activity, National Court Register within the scope specified in the Law of 6 March 2018 on Central Registration and Information on Business and the Information Point for Entrepreneurs (Dz. U. [Journal of Laws] of 2018, item 647) and other publicly available registers.

An exception may also be made for the performance of operations on the basis of a legitimate legal interest or prior consents as well as other actions accepted by law.

 

The processing of your personal data is not automated and the data is not profiled by the Company.

The above information also applies to processes in which video monitoring and IT system monitoring records will have to be analysed for the purposes of any investigation into breaches of security, protection of data or property, or in related matters
if we initiate such an investigation or if we become aware that data collected in such a way may constitute evidence in such cases. Such activities will be carried out by people and without specific technical methods (e.g. automatic image analysis
or automatic content retrieval) which could be considered as systems processing data referred to in Article 9, section 1 of the GDPR in an automated manner.

 

In the case of services related to heat supply, the data determining heat consumption will be processed with the use of the installed billing and measuring devices only for the needs of heat supply to the property and correct settlement of service costs.

In order for the Company to take certain actions at your request with regard to the exercise of individual rights
or resulting from a breach of data protection rules, please use the following request:

pdf Request for exercise of rights/Request for notification of a breach of data protection rules Download

Contact form