Information regarding the processing of your Personal Data
Intergraph Polska Sp. z o.o. ("we” or “Hexagon”) respects your privacy and protects the Personal Data we process about you. All processing of Personal Data is made in accordance with the GDPR. The following describes how we collect, process and share your Personal Data.
What Personal Data will be processed?
Intergraph Polska Sp. z o.o. will collect and process your personal data (your ”Personal Data”). The Personal Data is collected from you directly. In case of the incident report sent via the Mobile Alert application the data includes location, photos and text attached by you as well as an optional phone number (you decide on the phone number in app settings). In case of the application crash it is Country, Language, Device Model, OS (name and version), Phone Service Provider, App Store Version, App Build Number.
What is the purpose of processing your Personal Data?
The processing of your Personal Data is necessary for sending your incident report to the organization that collects information in the area you are sending it for, for example your local government office, for them to take care of your report.
The Personal Data sent is not mandatory by any law and creates no legal obligation on you.
What is the Legal Basis for Processing your Personal Data?
The processing of your Personal Data for the purpose of reporting an incident is based on legitimate interest of Hexagon since Hexagon runs a service that delivers this information to the subscribing organization, for example your local government office. When you use the application for the first time you are informed on who that subscribing organization is and presented with their privacy notice.
Who has Access to your Personal Data?
The Personal Data collected by us is stored in the EU. We have implemented appropriate technical and organisational measures to protect your Personal Data against loss or unlawful access etc. The number of persons with access to your Personal Data is limited. Only individuals associated with Intergraph Polska Sp. z o.o. that need to process your Personal Data in accordance with the purposes above will have access to your Personal Data.
We will share your Personal Data with the subscribing organization that will receive your incident report.
For How Long is your Personal Data Stored?
Your Personal Data will be stored for the period of maximum two years. The subscribing organization that receives your report may change it to be shorter. When this time expires, your Personal Data will be automatically deleted.
What are your Rights?
Intergraph Polska Sp. z o.o., reg. no. 5210120486, address ul. Stawki 40, 01-040 Warszawa, is the controller of the processing of your Personal Data.
This means that we are responsible for your Personal Data being processed correctly and in accordance with applicable laws. Maria Lothamer is the Data Protection Officer and can be contacted by e-mail: maria.lothamer@isecure.pl.
You are entitled to know what Personal Data we are processing regarding you, and you can request a copy of such data. You are entitled to have incorrect Personal Data regarding you corrected, and in some cases you may request that we delete your Personal Data (if, for example, the Personal Data is no longer necessary for the purpose for which it was collected or if you withdraw your consent). You also have the right to object to certain processing of your Personal Data, and request that the processing of your Personal Data be limited. Please note that limitation or deletion of your Personal Data may result in us not being able to fulfil our commitments. You are also entitled to extract your Personal Data in a machine-readable format and to transfer the Personal Data to another controller.
If you have questions regarding how we process Personal Data concerning you, you are most welcome to contact us at privacy.sig@hexagon.com or by mail to the address above.
If you have any objections or complaints with the way we process your Personal Data, you have the right to lodge a complaint with the relevant data protection supervisory authority, where the applicable laws provide for such remedy.