We respond on an ongoing basis to all questions, requests and complaints from external stakeholders regarding personal data, although we do not keep detailed statistics of the various types of notifications.
One of the most important aspects of security is the human factor and building awareness among employees. All our employees receive training in security policy and the GDPR (including general information, as well as internal policies and procedures), which take place during onboarding sessions and are repeated every year. During the onboarding training, we also conduct security awareness workshops with case studies to help recognize phishing campaigns.
In 2021, in connection with complaints submitted to the President of the Personal Data Protection Office, Allegro was a party to 5 new proceedings. The five proceedings completed in 2021 resulted in a reprimand issued by the Office (4 concerning Allegro.pl and 1 concerning eBilet.pl) and one positive decision (Allegro.pl). In 2021, no penalties were imposed on Allegro for violating personal data protection regulations. At every stage of data collection and processing, we make sure to comply with the obligation to inform the customer about the purpose and scope of processing their data and the right to access and rectify them.