Protection of privacy

In accordance with the generally applicable regulations, including the Personal Data Protection Act, PKO Bank Polski SA has internal personal data protection regulations, including instructions on managing the IT system used to process personal data.

These regulations apply to the principles of personal data processing at the Bank, in particular the method in which they are processed, as well as the technical and organizational measures ensuring security of the data being processed. Additionally, the Bank applies regulations regarding, inter alia:

  • security of protected information;
  • IT System security;
  • protection of people and property;
  • security incident management;
  • conducting clarification proceedings;
  • preparation and implementation of security mechanisms.

These regulations are supplemented by:

  • the regulations that directly apply to personal data regarding physical and IT security, and
  • the regulations on clarification proceedings related to breaches of personal data security;

thereby creating a network of provisions comprehensively regulating the issue of personal data protection at the Bank.

Management of the risk of unauthorized access to customer information

The risk of unauthorized access to customer information is managed in accordance with the Bank’s security policy. This policy regulates the principles of confidentiality of information and the maintenance of bank secrecy, as well as personal data security, including, in detail, the liability of the Bank’s employees regarding personal data protection.
In accordance with these principles:

  • Access to protected information at the Bank is only given to employees within the scope of their corporate tasks and duties.
  • The employees undergo training on security of protected information before starting to process protected information.
  • If materials containing protected information are provided to external entities, a non-disclosure agreement is concluded between the parties, whereas, in the case of entrusting the processing of personal data, an agreement is concluded on entrusting the processing of personal data.

Each of the Group’s entities processing personal data, which is required to have appropriate regulations on this, has such regulations and applies them in practice. They are in line with the generally applicable regulations and standards applied at the Bank and, to the extent necessary, contain specific regulations which are adequate to the specific nature of the particular entity’s business.

None of the Group’s entities, including the Bank, recorded a case of a “leak” or unauthorized use of personal data processed in these organizations in 2017 and no administrative procedures were conducted in this area (e.g. by the Inspector General for Personal Data Processing), which could result in the imposition of a fine. 

Concern for Polish art
history and tradition

No Title, 1997

Krzysztof Bednarski Sculpture, bronze
Dimensions: 166x28x27cm

Discover more

Sounds V, 1994

Jan Dobkowski Painting, acryl/canvas
Dimensions: 120x160cm

Discover more

No Title, 1997

Tomasz Ciecierski Painting, oil, collage/canvas
Dimensions: 171,5x244cm

Discover more

No Title, Fish 1992

Ryszard Grzyb Painting, oil/canvas
Dimensions: 140x80cm

Discover more

Under the hill, 1991

Łukasz Korolkiewicz Painting, oil/canvas
Dimensions: 136x200cm

Discover more

The roofs 1, 1990/91

Robert Maciejuk Painting, oil/canvas
Dimensions: 116x138cm

Discover more

Diary No. 87c, 1997

Włodzimierz Pawlak Painting, oil, pencil/canvas
Dimensions: 24x18cm

Discover more

Franz Kafka's letters to Felice Bauer, before 1998

Andrzej Szewczyk Sculpture, own technique, wood, lead
Dimensions: 40x17,5x4cm

Discover more