sygnet
icon

Port Gdańsk

Privacy Policy

In performance of its obligation under Article 11 of the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000), Port of Gdańsk Authority S.A. reports that, acting pursuant to Article 37(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Port of Gdańsk Authority S.A. (the Controller) has appointed Mr Karol Cieniak as Data Protection Officer.

Data subjects may contact the Data Protection Officer in all matters relating to the processing of their personal data and the exercise of their rights under the GDPR.

The Data Protection Officer can be contacted via email:
iod@portgdansk.pl or in writing: Zarząd Morskiego Portu Gdańsk S.A.,
ul. Zamknięta 18, 80-955 Gdańsk, Poland with the note ‘Inspektor Ochrony Danych’ or ‘IODO’.

The Data Protection Officer shall ensure full confidentiality of the communication in all matters raised by data subjects.

PGA S.A. Privacy Policy [in Polish, PDF, 542,8 KB, Adobe Reader]

Information on the processing of personal data within a video surveillance system

Port of Gdańsk Authority S.A. with its registered office in Gdańsk 80-955, ul. Zamknięta 18, registered by the District Court Gdańsk – Północ in Gdańsk, 7th Commercial Division of the National Court Register, under KRS no: 0000040398, NIP 583 24 61 866 (hereinafter referred to as “PGA”) is the Controller of the personal data of all persons who enter the area managed by PGA under its video surveillance system (hereinafter “Video Surveillance”);

Contacting the Controller

In matters concerning personal data, you can contact PGA directly, as your Controller – via letter to the address given above or via email: info@portgdansk.pl;

Contacting the Data Protection Officer

Data subjects may contact the Data Protection Officer appointed by PGA in all matters relating to the processing of their personal data and the exercise of their rights under the GDPR;

The Data Protection Officer can be contacted via email: iod@portgdansk.pl or in writing: Zarząd Morskiego Portu Gdańsk S.A., ul. Zamknięta 18, 80-955 Gdańsk, Poland with the note ‘Inspektor Ochrony Danych’ or ‘IODO’;

Scope of Video Surveillance

If land, buildings or individual rooms are covered by Video Surveillance operated by PGA, they are marked with security camera symbols and signs containing information about personal data processing;

Purpose of processing

Video Surveillance is used to ensure the security of the area managed by PGA, including general security, physical security, confidentiality of information and protection of property;

Legal basis

In relation to all persons entering the area managed by PGA who are not employees of PGA, the legal basis for the use of Video Surveillance is Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation) in conjunction with Article (5a)(1) of the Act on the principles of state property management (PGA fulfils its obligations as a company carrying out a public service mission within the meaning of Article (2)(8)(a)(9) of that Act) and Article (6)(1)(e) GDPR (a task carried out in the public interest resulting from the abovementioned provision). In this sense, being covered by the relevant Video Surveillance System is a condition for access to the covered areas;

Data recipients

Access to video surveillance recordings is provided by delegated employees of Orlen Ochrona Sp. z o.o., representatives of PGA Security Department and selected persons from the PGA structure to the extent appropriate to the nature of the recorded events. Access may also be granted to external law firms, in particular in cases where the recording may constitute evidence in a claim;

Recordings storage period

Video surveillance recordings shall be overwritten after 30 days – provided that there has been no incident justifying securing the recordings during that time. Recordings from the marked area and the appropriate time period are preserved until the settlement of the case and the expiry of the longest limitation period for claims relevant to the incident;

Right to lodge a complaint with the supervisory authority

OData subjects have the right to lodge a complaint with the data protection supervisory authority if they believe that the processing of their personal data violates the provisions of the GDPR. Supervisory authority:
President of the Personal Data Protection Office based in Warsaw, at ul. Stawki 2; Tel. 22 531 03 00). However, if you have any questions or concerns about the processing of your personal data, please consider reaching out to the Personal Data Officer appointed by PGA S.A. first (iod@portgdansk.pl or in writing: Zarząd Morskiego Portu Gdańsk S.A., ul. Zamknięta 18, 80-955 Gdańsk, Poland with the note ‘Inspektor Ochrony Danych’ or ‘IODO’), as he will help you get the necessary information and will conduct an investigation, if necessary;

Other rights

Data subjects have the right to:

  • request access to their data and to receive a copy thereof. However, if a recording is requested to be released or made available – where the recording also includes images of other persons – the scope, manner and the very admissibility of making the recording available shall be assessed on a case-by-case basis;
  • correct (rectify) their personal data;
  • restrict the processing of their personal data;
  • object to the processing of certain data for a specific purpose;
  • have their personal data erased;

In some cases, PGA may not obliged to fulfil your request; however, we will notify you of the reasons for any refusal and the possibility to lodge a complaint or take legal action;

Entry passes

Clause under Article 13 of the GDPR – for persons representing applicants

Pursuant to Article 13 of the General Data Protection Regulation of 27 April 2016. (OJ L 119 04.05.2016), we inform you that:

  1. Your personal data controller is Port of Gdańsk Authority S.A. with its registered office in Gdańsk, Poland (80-955) at ul. Zamknięta 18;
    You can contact the Controller via email: info@portgdansk.pl or via letter to the address indicated above;
  2. To ensure the security of the processing of personal data and facilitating contact with regard to the exercise of data subjects’ rights, the Controller has appointed a Data Protection Officer;
    the Data Protection Officer may be contacted at iod@portgdansk.pl in all matters concerning the processing of personal data and the exercise of rights related to the processing of data.
  3. Your personal data will be processed for the purpose of issuing the requested pass, as well as for the subsequent verification of the correct operation of the pass system;
  4. The legal basis for the processing of personal data of the person representing the entity applying for a pass is Article 6(1)(c) of the GDPR – implementation of the obligation resulting from a legal provision, which consists in ensuring an access control system by establishing a pass system by the entity in charge of the port; The organisation method of the pass system results from the Ordinance of the Council of Ministers of 15 April 2011 on methods and measures for the protection of shipping and maritime ports, issued pursuant to Article 42 of the Act on the security of shipping and maritime ports;
    Ensuring the security of the system through the introduction of the pass system is at the same time a legitimate interest of the Controller within the meaning of Article 6(1)(f) of the GDPR – in particular as regards the provision of data which are not explicitly indicated in the generally applicable regulations but are necessary for identity verification, such as the PESEL number or other identifier enabling unambiguous confirmation of identity in the case of foreigners;
    The principles of issuing passes is described in detail in Passenger, Material and Vehicle Traffic in Port Areas of Port of Gdańsk Authority S.A. issued for the purpose of performing the obligations arising from the abovementioned applicable law;
  5. Your personal data will be kept for 2 years from the date of expiry of the last pass issued on the basis of your application;
  6. The data of persons representing entities requesting a pass will be forwarded to a merchant (person representing an entity entitled to accept the issuance of a specific pass) indicated on the request.
    For security reasons, employees of entities providing physical protection in port areas of Port of Gdańsk Authority S.A. have access to the data collected in connection with the operation of the pass system;
  7. You have the right to request a copy of your personal data, to transfer You have the right to object to the processing of your personal data; the objection is subject to the Controller’s approval based on your individual situation;
  8. You have the right to object to the processing of your personal data; the objection is subject to the Controller’s approval based on your individual situation;
  9. You have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland);
  10.  The data we ask for in the pass request are absolutely necessary – without this information, a pass cannot be issued;

Issuing of passes

Clause under Article 14 of the GDPR – for persons whose data are provided by the applicant

Pursuant to Article 14 of the General Data Protection Regulation of 27 April 2016. (OJ L 119 04.05.2016), we inform you that:

  1. The controller of your data provided in relation to a pass request is Port of Gdańsk Authority S.A. with its registered office in Gdańsk, Poland (80-955) at ul. Zamknięta 18;
    You can contact the Controller via email: info@portgdansk.pl or via letter to the address indicated above;
  2. To ensure the security of the processing of personal data and to facilitate contact with regard to the exercise of data subjects’ rights,
    the Controller has appointed a Data Protection Officer; the Data Protection Officer may be contacted at iod@portgdansk.pl in all matters concerning the processing of personal data and the exercise of rights related to the processing of data.
  3. Your personal data is collected by the Controller, Port of Gdańsk Authority S.A., from the entity requesting a pass (e.g. the employer provides data of its employees to whom the passes are to be issued);
  4. Port of Gdańsk Authority S.A., as the Controller, obtains the following data of prospective pass holders:
    – full name;
    – nationality;
    – place of employment (for employees);
    – address of residence;
    – PESEL number or, where inapplicable, the series and number of the passport or other document proving identity;
    – photograph;
    – for vehicle passes – the make and registration number of the vehicle;
    – where the pass expires within the period indicated in Section 7 – circumstances of the expiry;
  5. Your personal data will be processed for the purpose of issuing the requested pass, as well as for the subsequent verification of the correct operation of the pass system;
  6. The legal basis for the processing of personal data of a prospective personal pass holder is Article 6(1)(c) of the GDPR – implementation of the obligation resulting from a legal provision, which consists in ensuring an access control system by establishing a pass system by the entity in charge of the port; The organisation method of the pass system results from the Regulation of the Council of Ministers of 15 April 2011 on methods and measures for the protection of shipping and maritime ports based on Article 42 of the Act on the security of shipping and maritime ports;
    Ensuring the security of the system through the introduction of the pass system is at the same time a legitimate interest of the Controller within the meaning of Article 6(1)(f) of the GDPR – in particular as regards the provision of data which are not explicitly indicated in the generally applicable regulations but are necessary for identity verification, such as the PESEL number or other identifier enabling unambiguous confirmation of identity in the case of foreigners;
    The principles of issuing passes is described in detail in Passenger, Material and Vehicle Traffic in Port Areas of Port of Gdańsk Authority S.A. issued for the purpose of performing the obligations arising from the abovementioned applicable law;
  7. Your personal data will be kept for a period of 2 years from the expiry date of your pass;
  8. The data of pass holders will be forwarded to a merchant (person representing an entity entitled to accept the issuance of a specific pass) indicated on the request. For security reasons, employees of entities providing physical protection in port areas of Port of Gdańsk Authority S.A. have access to the data collected in connection with the operation of the pass system;
  9. You have the right to request a copy of your personal data, to transfer the data, to restrict processing and to erase or rectify the personal data – the Controller is not obliged to comply with such requests at all times; the decision will be made on a case-by-case basis and all refusals will be justified;
  10. You have the right to object to the processing of your personal data; the objection is subject to the Controller’s approval based on your individual situation;
  11. You have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2,
    00-193 Warsaw, Poland);
  12. The data we ask for in the pass request are absolutely necessary – without this information, a pass cannot be issued;

Information notice on the processing of personal data in connection with the conclusion of contracts

Pursuant to

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing

Directive 95/46/EC (General Data Protection Regulation)

(OJ L 119, 04.05.2016, p. 1), hereinafter “GDPR”, we inform you that:

  1. The controller of personal data contained in any documents necessary for the conclusion and/or proper performance of contracts is Port of Gdańsk Authority S.A. with its registered office in Gdańsk, at
    ul. Zamknięta 18, 80-955 Gdańsk, Poland registered in the District Court Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register under KRS number 0000040398 , NIP 583-246-18-66, share capital (fully paid up)
    PLN 2,110,240, hereinafter “PGA”;
  2. PGA has appointed a Data Protection Officer who can be contacted in all matters relating to the processing of personal data at:
    iod@portgdansk.pl;
  3. In matters concerning personal data, you can contact PGA directly, as your Controller, via letter to the address given in Section 1 or via email: info@portgdansk.pl;
  4. The processing in question includes basic personal data used for official purposes (in particular verification of authorisation and identity) – full name, place of work, position.
    In exceptional cases, the scope of such data may be greater if it is necessary for the performance of the contract (such scope may result, for example, from documents confirming qualifications or authorisations, provided that the submission of such documents will serve the purpose of the proper implementation of the contract at a specific stage of contract performance, or the basic contact details of the relevant contact persons).
    For detailed information on the scope of personal data that has been collected, please see the contact data given in Section 2 or 3;
  5. If you are not transferring your data directly, the entity directly concluding a contract with PGA is the source of your personal data;
  6. Personal data obtained in connection with concluded contracts will be processed on the basis of:
    – Article 6(1)(f) of the GDPR, concerning persons representing an organisational unit, i.e. in order to pursue PGA’s legitimate interest in clarifying the scope and performance of the contract to be concluded, and to ensure protection against possible claims. Personal data related to the circumstances of the conclusion or performance of the contract will be processed for the period of its validity, and after its expiry, will be archived for the limitation period of any possible related claims.
    – Article 6(1)(b) of the GDPR, as regards data relating to natural persons signing a contract on their behalf, the legal basis for processing personal data is the necessity to conclude and
    perform the contract – in such a case, Article 6(1)(f) of the GDPR will also be the legal basis after the termination of the contract as regards safeguards against possible claims, and therefore your data
    will be archived for the limitation period of any possible related claims;
    – Article 6(1)(c) of the GDPR, to fulfil the legal data archiving obligation and ensure compliance with the tax law and the Accounting Act;
  7. Data recipients may include entities carrying out audits commissioned by PGA covering activities related to the contract; or external law firms in the event of a dispute;
    data recipients may also include providers of services related to ensuring the functioning of the IT system, entities providing accounting, advisory, tax, audit, consulting and document destruction services, postal operators, couriers, banks and payment operators;
  8. You have the right to request a copy of your personal data, to transfer the data, to restrict processing and to erase or rectify the personal data
    – please mind, however, that the Controller is not obliged to comply with such requests at all times; the decision will be made on a case-by-case basis and all refusals will be justified;
  9. You have the right to object to the processing of your personal data (insofar as your personal data are processed on the basis of a legitimate interest as referred to in Article 6(1)(f)
    of the GDPR); however, the objection is subject to the Controller’s approval based on your individual situation;
  10.  You have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2,
    00-193 Warsaw, Poland).

Information notice for PGA CEF Contractors

  1. Your personal data controller is the Minister of Investment and Development (MIR), who is responsible for implementing the Connecting Europe Facility (CEF) in the transport sector and whose office is located at ul. Wspólna 2/4, 00-926 Warsaw, Poland.
  2. Your personal data will be processed for the purposes of CEF implementation, in particular to monitor the correct implementation of projects and to verify the expenditure under the projects.
  3. The provision of personal data by you is voluntary but at the same time necessary for the abovementioned purpose related to CEF implementation. Your refusal will hinder certain actions.
  4. Your data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), based on
    1. the following provisions of law:

       

      • Regulation (EU) No 1316/2013 of the European Parliament and of the Council of 11 December 2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010 (OJ L 348, 20.12.2013, p. 129);
      • Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing
        Council Regulation (EC, Euratom) No 1605/2002 (OJ L 298, 26.10.2012, p. 1);
      • Council Regulation (EC, Euratom) No 2988/95 of 18 December 1995 on the protection of the European Communities financial interests;
      • Act of 14 June 1960 – Code of Administrative Procedure;
      • Public Finance Act of 27 August 2009;
      • Regulation of the Council of Ministers of 23 December 2016 on the list of public resources not included in the resources referred to in Article (5)(3)(5c) and (6) of the Public Finance Act (Journal of Laws of 2017, item 17);
    2. your consent to the processing of your personal data;
    3. a contract, if you are a party to it and the processing of personal data is necessary for its conclusion and performance.
  5. The recipients of personal data may include:
    1. the Centre for EU Transport Projects;
    2. European Union (EU) institutions, bodies and agencies, as well as other entities entrusted by the EU with tasks related to the implementation of the CEF.
  6. Your personal data will be kept for 5 years from the date of receipt of the final payment or payment of the balance by the beneficiary. Where public aid is granted to a CEF project, personal data relating to that project shall be kept for 10 years from the date the public aid is granted. The period of retention of personal data may be extended to cover the entire period of any audits, appeals, disputes or claims connected with a CEF project.
  7. You have the right to:
    1. access your personal data;
    2. rectify or erase your data, or restrict processing;
    3. transfer your personal data;
    4. object to processing;
    5. withdraw consent at any time without affecting the lawfulness of the processing carried out on that basis before the withdrawal.
  8. In addition, you have the right to lodge a complaint with the supervisory authority, the President of the Personal Data Protection Office, if you believe that the processing of your personal data violates the provisions of the GDPR or other national legislation
    governing the protection of personal data.
  9. If you have any questions, please contact the MIR Data Protection Officer:
    1. in person: ul. Wspólna 2/4, 00-926 Warsaw, Poland;
    2. via email: IOD@miir.gov.pl.

Information notice for shareholders of Port of Gdańsk Authority S.A.

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (OJ L 119/1 04.05.2016), hereinafter “GDPR”, we inform you that:

    1. Your personal data controller is Port of Gdańsk Authority S.A. with its registered office in Gdańsk Poland (80-955) at ul. Zamknięta 18, registered by the District Court Gdańsk – Północ in Gdańsk, 7th Commercial Division of the
      National Court Register, under KRS no: 0000040398, NIP 583 24 61 866, hereinafter “PGA S.A.”.
    2. Data subjects may contact the Data Protection Officer appointed by PGA S.A. in all matters relating to the processing of their personal data and the exercise of their rights under the GDPR.
      The Data Protection Officer can be contacted via email: iod@portgdansk.pl or in writing: Zarząd Morskiego Portu Gdańsk S.A., ul. Zamknięta 18, 80-955 Gdańsk, Poland with the note
      ‘Inspektor Ochrony Danych’ or ‘IODO’.

      Information about the collected data

    3. Shareholders’ personal data are processed primarily on the basis of Article 6(1)(c) of the GDPR – for the purpose of fulfilling the obligations arising from the provisions of applicable law set out by the Commercial Companies Code, in particular Article 328[1-3] and Article 406 of the Commercial Companies Code (Journal of Laws of 2019, item 505, as amended).
    4. The register of shareholders referred to in Article 328[1] of the Commercial Companies Code is maintained in electronic form by a specialised, authorised entity, processing data on behalf of and upon the order of PGA S.A. pursuant to Article 28 of the Code of Commercial Companies. Shareholders’ personal data are also processed in the Register of Heirs programme, which is used by PGA S.A. to register the heirs to PGA S.A.’s shares in order to prepare share purchase agreements.
    5. The legal basis is also the implementation of the legitimate interest of PGA S.A. within the meaning of Article 6(1)(f) of the GDPR related to providing efficient tools to identify shareholders – in particular in the identity verification process when holding a general meeting online (copies or scans of documents are destroyed immediately after the identity of a shareholder or proxy has been confirmed, in accordance with the procedure described in the relevant regulations).
    6. The consent referred to in Section 9 of this information notice also serves as a legal basis within the meaning of Article 6(1)(a) of the GDPR.
    7. As a rule, the provision of personal data by a shareholder is mandatory and is a condition for the fulfilment of the obligation under Article 328[1] of the Commercial Companies Code consisting in entering the necessary data in the register of shareholders.

      Scope of data processing 

    8. PGA S.A. processes the following categories of shareholders’ personal data: full name, shareholder’s address or mailing address, quantity and numbers of registered shares, number of votes, and also, at the request of an entitled person,
      a record concerning the transfer of shares to another person together with the record date (data resulting from art. 328 [3] of the Commercial Companies Code) and additionally (to exclude the possibility of misidentification) the PESEL number or the number and series of an identity document. PGA S.A. also requires the shareholders’ bank account numbers to perform its monetary obligations.
    9. Shareholders can also agree to receiving communications from the company via telephone or e-mail, in particular for the purposes of keeping the register of shareholders, voluntarily and at their own discretion, by providing the relevant contact data in an appropriate form. Please note that the provision of these data is voluntary and that the consent given can always be withdrawn, although this does not affect the lawfulness of the processing before the withdrawal.

      Data recipients

    10. The recipients of your personal data will only include entities entitled to obtain personal data on the basis of separate provisions of law, authorised employees/partners of the Controller, entities providing services to PGA S.A. such as: postal operators/couriers, providers of legal services, accountants, providers of IT systems and services, entities running general meetings. You will be notified if such entities are to process data as separate controllers, and in other cases, the data may be made available or transferred only in accordance with Article 28 of the GDPR, i.e. upon the conclusion of a personal data processing agreement imposing data security and confidentiality obligations on the processor.
    11. Please be aware that your data disclosed in the register of shareholders are open to any other shareholder and to the company, pursuant to Article 328[5] of the Commercial Companies Code.
    12.  The Controller has concluded a personal data processing agreement within the meaning of Article 28 of the GDPR with Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna, Branch of the Brokerage Office in Warsaw, with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warsaw, Poland, registered in the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000026438, on the provision of services connected with keeping the register of shareholders.
    13.  The entity in question is also entitled to perform monetary obligations towards shareholders on behalf and upon the order of PGA S.A.
    14.  Shareholders’ personal data will be kept for the duration of the company’s existence (historical data concerning the owners of shares).

Information on the rights of data subjects

  1. Data subjects have the right to lodge a complaint with the data protection supervisory authority if they believe that the processing of their personal data violates the provisions of the GDPR. Supervisory authority:
    President of the Personal Data Protection Office based in Warsaw, at
    ul. Stawki 2; Tel. 22 531 03 00). However, if you have any questions or concerns about the processing of your personal data, please
    consider reaching out to the Personal Data Officer appointed by PGA S.A. first (contact data provided in Section 2), as he will help you get the necessary information and will conduct an investigation, if necessary.
  2. Please note that the entity keeping the register of shareholders referred to in Section 12 is entitled to contact the shareholders (on behalf of and upon order of PGA S.A.), which shows that most of the current issues, such as data updates, should be communicated directly to that entity.
  3. Shareholders, as data subjects, have the right to:
    – access their data and receive a copy of the data;
    – correct (rectify) their personal data;
    – restrict the processing of their personal data;
    – object to the processing of certain data for a specific purpose;
    – have their personal data erased.
    In some cases PGA may not obliged to fulfil your request; however, we will notify you of the reasons behind any refusal and the possibility to lodge a complaint or take legal action;
  4.  If the Controller has reasonable doubt as to the identity of the natural person making the request, it may request additional information necessary to confirm the identity of the data subject. The information shall be provided in writing or otherwise, including, where appropriate, by electronic means. If the data subject so requests, information may be provided orally, on condition that the identity of the data subject is confirmed by other means.

    Please note that all updates of this information notice will be published on the website of Port of Gdańsk Authority S.A. at www.portgdansk.pl


Rate our website
Rate our website
Did you use the previous version of the service?
How do you evaluate the current service?
What influenced your evaluation the most?