Data Protection Policy

PDF Document available

download here

 

1.Purpose

International Operations Center Sp. z o.o. (“IOC”) is fully committed to protecting the personal data of its employees, customers, and partners. This policy explains how we handle personal information in compliance with the EU General Data Protection Regulation (GDPR) and relevant Polish data protection laws.

All personal documents — including CVs, IDs, and personal graphic materials — are used exclusively for internal administrative procedures, service delivery, internal or client security clearance processes, and related documentation handling.

 2.Scope

This policy applies to all personal data processed by IOC, regardless of the medium (digital, paper, or other). It covers all employees, contractors, suppliers, and third-party service providers acting on behalf of IOC.

 

3. Data Protection Principles

IOC adheres to the following fundamental data protection principles:

  • Lawfulness, Fairness, and Transparency: Data is processed legally, fairly, and transparently.

  • Purpose Limitation: Data is collected for specific, legitimate purposes and not used in ways incompatible with those purposes.

  • Data Minimization: Only necessary information is collected and processed.

  • Accuracy: Personal data is kept accurate and up to date.

  • Storage Limitation: Data is retained only as long as necessary for its intended purpose.

  • Integrity and Confidentiality: Robust technical and organizational measures ensure data protection from unauthorized access, loss, or damage.

  • Accountability: IOC demonstrates ongoing compliance with all data protection obligations.

4. Data Subject Rights

Individuals have the following rights concerning their personal data:

  • Access: Request a copy of your personal data held by IOC.

  • Rectification: Request corrections to inaccurate or incomplete information.

  • Erasure (“Right to be Forgotten”): Request deletion of your data, provided it doesn’t interfere with ongoing legal obligations or government investigations.

  • Restriction: Request limits on how your data is processed.

  • Portability: Request transfer of your data in a structured, machine-readable format.

  • Objection: Object to data use for direct marketing or other legitimate interests.

  • Automated Decisions: Request not to be subject to automated decisions or profiling that significantly affects you.

All requests are handled promptly and in accordance with legal requirements.

 

5. Data Processing and Consent

  • Lawful Basis: We process personal data only when there is a lawful basis (e.g., contractual necessity, consent, legal obligation, or legitimate interest).

  • Consent: When consent is required, it must be explicit, informed, and voluntary. You can withdraw consent at any time.

  • Marketing: For electronic marketing, IOC complies with GDPR and the Polish Electronic Communications Act, ensuring explicit consent before sending commercial communications.

 

6. Data Security

IOC employs appropriate technical and organizational measures — including encryption, access management, and ongoing security assessments — to protect all personal data.

In case of a personal data breach posing a risk to individuals’ rights, IOC will notify the supervisory authority within 72 hours and inform affected individuals where applicable.

7. Data Protection Impact Assessments (DPIA)

IOC conducts DPIAs for processing operations that might pose a high risk to individuals’ rights and freedoms, as required by GDPR and Polish law.

8. Data Protection Officer (DPO)

The appointed Data Protection Officer oversees compliance, provides guidance, and serves as a point of contact for data protection matters:
Rafael Prieto Pizarro
📧 support@ioc-hq.com

9. Training and Awareness

All IOC personnel who handle personal data receive regular training on GDPR, data protection, and the company’s internal policies. This ensures a consistent culture of privacy and compliance.

 

10. Data Retention and Disposal

Personal data is stored only for as long as needed for the purpose for which it was collected. Once no longer required, data is securely deleted, anonymized, or disposed of according to internal retention procedures.

 

11. Governing Legislation

IOC’s data protection practices are based on the following legal frameworks:

European Union Regulations

  • General Data Protection Regulation (EU) 2016/679 (GDPR)

  • Law Enforcement Directive (EU) 2016/680 (LED)

  • Regulation (EU) 2018/1725 (EUDPR)

Polish Regulations

  • Personal Data Protection Act of 10 May 2018 (Ustawa o ochronie danych osobowych)

  • Act on Amendments to Sectoral Acts of 21 February 2019

  • Electronic Communications Act (Ustawa o świadczeniu usług drogą elektroniczną)

Contact Our Data Protection Officer For any questions or requests related to data protection, please reach out to: 📧 support@ioc-hq.com

IOC regularly reviews this policy to ensure legal compliance and continuous privacy protection.

Scroll to Top