While respecting our individual customers' right to privacy and bearing in mind the high sensitivity of these issues, we in the Agora Group pay special attention to matters related to the protection of personal data. The organisation respects the generally applicable laws and observes the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – General Data Protection Regulation (hereinafter referred to as GDPR).
The Agora Group companies instilled a number of procedures and processes to ensure compliance with the GDPR provisions, in particular those concerning the rules on the processing and protection of personal data. The aspect of personal data protection is also taken into account in the process of submitting new business initiatives and in the process of selecting suppliers.
The Agora Group conducts regular training on personal data protection, in particular on the following subject areas: processing of data of employees and job candidates, ICT security, carrying out balancing tests, risk assessment and data protection impact assessment, cooperating with and verifying contractors, carrying out marketing activities, concluding entrustment agreements, fulfilling information obligations and constructing consent clauses, identifying and assessing breaches, agreements on joint controlling, transfers of personal data.
The Group also pursues activities aimed at raising employee awareness of personal data protection issues, including whistleblowing, notification of new business projects or rules on remote work.
Supervision over all issues related to the protection of personal data, in particular compliance with the GDPR provisions and internal regulations, is being carried out by the Data Protection Officer appointed in the following companies: Agora S.A., Agora TC Sp. z o.o., Doradztwo Mediowe Sp. z o.o., GoldenLine Sp. z o.o., Grupa Radiowa Agory Sp. z o.o., IM40 Sp. z o.o., Manfred Sp. z o.o., NEXT FILM Sp. z o.o., Next Script Sp. z o.o., HRlink Sp. z o.o. and Yieldbird Sp. z o.o.
INVESTIGATIONS CONDUCTED BY THE SUPERVISORY AUTHORITIES, PENALTIES AND SANCTIONS:
In 2020, the Agora Group did not report any incidents of leakage, theft or loss of personal data, and no financial penalties were imposed for the violation of personal data protection regulations. There was one reprimand (referred to Agora company) and one complaint from the President of the Personal Data Protection Office, to which the company (it referred to Domiporta Sp. z o.o.) responded within the prescribed time limit and the case is currently pending.
Apart from the correspondence concerning the above-mentioned cases, the President of the Personal Data Protection Office does not conduct any proceedings against the Agora Group companies.
In 2020, Agora submitted one complaint to the Provincial Administrative Court against the decision of the President of the Personal Data Protection Office which ordered the company to make personal data of users of the Gazeta.pl portal available to entities other than the authorised state authorities.