We respect and protect privacy

Introduction

One of the indispensable aspects of business activity is the need to process personal data. Data allowing for the identification of natural persons are used as part of our daily work and concern, m.in others: potential and current employees, customers and contractors of the Budimex Group companies. Due to the high impact of the breach of security of such data on the personal rights of private individuals, their processing must be carried out with prudence, compliance with the law and the principles of internal information security policy.
On May 25, 2018, the General Data Protection Regulation (GDPR) came into force.

The GDPR unifies the approach to personal data protection across the European Union, increasing the visibility and influence of each individual over what happens to their data and promoting principles such as:

• legality, reliability and transparency,
• Goal limitation
• minimization of the scope of data,
• storage limitation,
• integrity and confidentiality,
• accountability of personal data processing.

Budimex SA and other companies from the Budimex Group approach the protection of personal data with seriousness and diligence and ensure a high level of security of data processing. Implemented m.in. A security policy covering the protection of personal data was implemented, adequate personal data protection measures were selected to meet the identified risks, and rules for handling personal data breaches were established. Periodic security audits and analysis of the risk of loss of integrity, availability or confidentiality of personal data are carried out and measures are taken to minimize this risk.

More information on the processing of personal data by Budimex SA can be found in the Transparency Policy.

Personal data protection:

The Group companies, recognizing the importance of personal data protection, decided to establish organizational structures and Data Protection Officer(s) capable of managing and supervising personal data processing.
The basis on which the safeguards for the protection of personal data in the Budimex Group are built is the Information Security Policy of Budimex S.A., established and approved by the President, General Director of Budimex SA, Mr. Artur Popko.
As part of the Integrated Management System of Budimex S.A., which also includes ISO 9001, ISO 14001, OHSAS 18001 standards and the rules for participation in the WSE RESPECT index, an Information Security Management System was created.

As a result, in our organization there are a number of formal and technical regulations related to access to and the possibility of processing personal data, depending on the type of process being carried out. The principles discussed are uniform both inside and outside our organization – they apply to the Group’s employees, as well as all persons and entities that process information, including personal data, for and on behalf of the Group Companies.

The compliance of these regulations with international information security standards is confirmed by independent certification centers and first, second and third party audits.
This is evidenced by the fact that since 2015 Budimex SA has successfully passed independent, annual certification audits of compliance with the information security management standard ISO/IEC 27001:2013 and the IT service management standard ISO/IEC 20000-1:2011.
The requirements of the above-mentioned standards indicate the implementation of strict rules of responsible, supervised information processing, ensure effective and systematic improvement of the system and prove the maturity of the organization in this area.

Handling requests regarding personal data

Any requests and inquiries regarding the protection of personal data should be sent to the e-mail addresses and in accordance with the procedure published on the link.