Information group security policy. Personal data.

Processing personal data is an important process related to the functioning of our company, affecting the services we offer and the organization of the company.

We believe that ensuring proper, efficient and effective protection of personal data is possible by building an organizational culture appropriate for this purpose and applying security measures appropriate to the identified threats.

This information security policy regarding personal data, together with the established security standards, constitutes the fulfillment of the obligation indicated in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) imposed on Nais as the Administrator and Processor.

Aware of the responsibility for ensuring the security of personal data and the consequences related to the breach of the security of personal data processed by Nais, we declare our full readiness and support in the construction of a comprehensive Information Security Management System taking into account the processing of personal data and supporting all activities aimed at ensuring an appropriate level of protection while taking into account threats.

We undertake to create a comprehensive Management System covering the scope of personal data protection and protection of the rights of data subjects by:

• monitoring the organization and processes in order to maintain an appropriate level of personal data protection and compliance with legal regulations;
• monitoring threats and checking the susceptibility of the solutions used to identified threats;
• identifying risks related to information security and applying adopted risk management standards;
• continuously improving employee competences in the scope related to the security and protection of personal data;
• creating an organization and implementing procedures, instructions and processes focused on ensuring the security and protection of personal data;
• designating roles in the processes of personal data processing and assigning them appropriate tasks and competences;

We oblige all employees to constantly take care of the security of personal data of all persons, regardless of the form and purpose of processing such data, in particular to apply the principles of this policy and the established information security standards.

Our primary goal is to maintain the confidentiality, availability, integrity of personal data and to process them in accordance with the adopted principles and legal regulations, and in particular to maintain the highest security standards regarding the implemented processes and IT systems used to process personal data and in such a way that in no case does the fundamental rights and freedoms of personal data subjects violate.