There are no holidays for personal data protection
A few tips on how to take care of your personal data during the holidays and protect yourself against potential problems
ID card deposited for borrowed recreational equipment, lost wallet with documents - these are the most common situations during the holidays, when our data may fall into the wrong hands and can be used e.g. to get loans on our behalf. The Personal Data Protection Office encourages you to take care of your personal data security to avoid unnecessary problems this summer.
Pedal boat, kayak or boat are rented for pleasure and relaxation for one hour or so believing our ID card is safe in a drawer of a company renting water equipment. We can’t take a full advantage of the attractions offered without depositing the document. But during this one hour someone (not necessarily an employee of the company) can take out our documents from the drawer, make a copy and that’s where the problems begin.
A person who obtains our data may use them to take a loan or shop online. Our data can be used also to conclude contracts, e.g. with a mobile telephony operator, renting expensive equipment and then stealing it.
Do not deposit ID card
The Personal Data Protection Office reminds that in accordance with the law, no one can require us to deposit our identification documents (e.g. ID card, passport, driving license) for renting equipment. Documents are issued for purposes strictly defined by law. They contain a wide range of personal data that is not needed in all situations.
It should be also remembered that documents can be used only by persons to whom they were issued. The law prohibits the retention of documents confirming the identity and processing of data contained in them. Only institutions indicated in legal acts regulating the functioning of specific entities or sectors are entitled to do so. This is why, for example, the Personal ID Act stipulates that retaining our ID card without a legal basis may result in a penalty of restriction of liberty or a fine.
What is more, the passport is not even our property but it belongs to the Republic of Poland. It has been issued to us only to cross the border, stay abroad and to confirm Polish citizenship as well as identity. Therefore, it cannot be used for purposes other than those for which it was issued.
The retention of these and other documents confirming the identity leads not only to a violation of national law, but also the principles contained in Art. 5 of the General Data Protection Regulation: lawfulness, purpose limitation and accuracy.
Do not allow to make a photocopy
Some service providers don’t want document to be deposited but they ask to make a photocopy of it when we rent recreational equipment like boats or kayaks. They are also not allowed to do so. This practice exposes us to the same dangers as described above. Therefore we shouldn’t agree to it, even when the entrepreneur explains that it is required to pursue any claims, e.g. for damaged or unreturned equipment. In this case it should be enough just to write down information from the document, which will be helpful when pursuing possible claims, e.g. name and surname or national identification number (PESEL). However, it is unnecessary to process all data appearing in documents confirming identity. Paying a deposit for the loaned equipment should be also an option.
If the entrepreneur has decided to write down your personal data from documents, after you return the borrowed equipment, you should demand to remove your data or to return the form or note on which data were written.
Similar requests to leave a document or to make a photocopy can be observed at the hotel reception. Don’t allow to do so. The receptionist can only ask you to show a document in order to establish your identity. This means that the receptionist has the right to inspect our ID card, but not to copy or retain it.
Don’t lose control over your data
Holidays are an opportunity not only to steal our money but also our personal data. Concerts or festivals are an example of when the organizers offer us a ticket at an attractive price or for free after we fill out an additional form and consent to data processing. But this is the way to lose control to whom and for what purpose we have provided our data. It can get even worse when those entities made our data available to theirs partners for marketing purposes. Very often after the holidays we wonder why so many companies possess our phone number not realising that we had given them all possible consents.
It also happens that dishonest entities forward our data to other companies without our consent. After several months the number of companies which possess our data increases, which complicates the possibility of claiming our rights and addressing requests for the removal of our data.
Watch out for advertisements
Another example of situation when we are exposed to data loss during the summer is searching for temporary work such as harvesting fruits or gastronomy. Unfortunately, among the real job offers there are also those that try to obtain more detailed information about us. The Personal Data Protection Office recommend to analyse such offers very carefully and keep caution when a prospective employer wants us not only to provide basic personal data and contact details but also our national identification number (PESEL) and provide scans of our identity documents, which is not necessary in the recruitment process.
The advertisement which gives a link to an additional on-line form should raise our vigilance. We should also be careful when a potential unknown employer has sent us a form in an attachment that may be infected with malware.
It is also important to remember that for recruitment purposes the employer is entitled to obtain only such data as: name and surname, date of birth, contact details, education and professional qualifications and the course of previous employment.