Learn about the assumptions of GDPR and its consequences for you, the roles of controllers and processors of data, our responsibilities towards you and data security.

What is the aim of GDPR?

GDPR regulates the issue of personal data protection throughout the European Union and it assumes the harmonisation of legislation to the greatest possible extent across individual Member States. That means new rights for natural persons and new obligations for data controllers.

Controller of personal data

The personal data controller is an entity that determines the purposes and means of personal data processing.


The controller has the right to mandate certain activities which may involve the processing of personal data. GDPR indicate the elements to be included in the agreement between the processor and the controller.

Basic rules

The processing of personal data by the controller must be compliant with basic rules: legality, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality, and accountability.

Lawfulness of the processing depends on the basis for the processing, referred to in Article. GDPR. The examples of such basis include: explicit consent of the data subject; agreement; compliance with legal obligations.

Data security

Every controller should check whether the organizational and technical measures applied by them ensure safe processing of personal data. Ensuring the security of personal data may be effected, among other things, through pseudonymization and data encryption. Depending on the type of processing, the controller may be required to assess the impact of the planned operations on the personal data safety.

Obligation to provide information

The administrator may be required to inform data subjects about several matters concerning the processing of personal data. Information should be provided in plain and clear language.

Download documents for particular categories of persons.

Download documents

Documentation and certification

Below you will find the relevant documents relating to the processing of personal data by us. Personal data controller will be able to obtain certification indicating the lawfulness of data processing. Certification will be issued by independent certification bodies. Other measures to ensure the lawfulness of the processing of personal data, such as approved codes of conduct, are also envisaged.

See our Privacy and Safety Policy