Joint controlling of personal data
Essential information regarding joint controlling of personal data
Adam Śledzikowski, conducting business as “Adam Śledzikowski MERIXSTUDIO” with his registered office at Małachowskiego 10 in Poznań, holder of VAT-EU number: PL7772427860, hereinafter referred to as “Merixstudio”,
GoDealla sp. z o. o. (limited liability company with headquarters in Poznań at Małachowskiego 10, 61-129 Poznań, entered into the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto i Wilda w Poznaniu, 8th Commercial Department of the National Court Register under KRS (NCR) number: 0000406039, VAT-EU number: PL7831685435), hereinafter referred to as “GoDealla”,
hereinafter jointly referred to as “Joint controllers” or separately as “Joint controller”,
jointly inform that:
- Due to the strong personal, infrastructural and business ties connecting them, they have entered into an agreement on the joint controlling of personal data.
- Joint controlling was established by Joint controllers in order to achieve the fuller implementation of the principle of security of processed personal data arising from Regulation (EU) 2016/679 of The European Parliament and of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and to exclude the possibility of a negative competence dispute between the Joint controllers in the implementation of the rights of data subjects, i.e. a situation in which none of the Joint controllers feels responsible for the implementation of these rights.
- Joint controlling includes all personal data processed by the Joint controllers, including in particular personal data of: candidates for work, employees and co-workers, clients, potential clients, suppliers of goods and services, and people recorded by video monitoring.
- Joint controlling covers all processing of personal data carried out by each of the Joint controllers in connection with the controlling of personal data.
- The Joint controllers will decide jointly on the purposes and methods of processing personal data by agreeing and implementing a common Personal Data Protection Policy and, if necessary, on the basis of additional arrangements.
- The Joint controllers inform that regardless of the duration of the contract on joint controlling concluded by them, joint controlling of personal data will take place for the time necessary to achieve the purposes for which personal data are processed. Periods of processing of particular personal data have been defined in registers of personal data processing activities maintained separately by each of Joint controllers due to art. 30 clause 1 of the GDPR.
- The Joint controllers shall divide the obligations resulting from the GDPR in the manner specified in the following points.
- Merixstudio will be obliged to fulfill the information obligations referred to in art. 13 and 14 of the GDPR, as well as to exercise the rights of subjects of personal data referred to in art. 15-22 of the GDPR in relation to persons whose data was acquired by Merixstudio and persons whose data was obtained jointly by Joint controllers.
- GoDealla will be obliged to fulfill the information obligations referred to in art. 13 and 14 of the GDPR, as well as to exercise the rights of subjects of personal data referred to in art. 15-22 of the GDPR in relation to persons whose data was acquired by GoDealla.
- The Joint controllers agreed that in case of any doubt it shall be presumed that the entity obliged to fulfill the obligations regarding personal data protection is Merixstudio.
- Regardless of the provisions referred to in points 8-10 above, the data subject may exercise his rights resulting from the GDPR against each of the Joint controllers, as well as to direct requests in this regard to the common contact point referred to in point 13 below.
- In the event that the data subject directs a request to exercise the right under the address of the Joint controller which, due to concluded joint controlling agreement, is not obliged to handle the request of that particular person, this Joint controller shall immediately forward the request to the other Joint controller.
- The Joint controllers decided to establish a common contact point for the data subjects, available under the following e-mail address: firstname.lastname@example.org.
- Towards third parties, the Joint controllers will be jointly and severally liable for all consequences of the processing of personal data in a manner that violates the provisions of the laws regarding protection of personal data.