Company Social Benefits Fund and the GDPR
The Company Social Benefits Fund and the GDPR is a complex topic that raises many doubts among entrepreneurs and employees. From May 25, 2018, in each EU Member State, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation, GDPR). Therefore, it has become obligatory to make numerous changes adjusting Polish regulations to new legal norms. The necessary changes were included in the draft act - Provisions introducing the act on the protection of personal data. Currently, all the implementing provisions for the GDPR are still missing.
Company Social Benefits Fund and GDPR - changes
Entrepreneurs obliged by the Act of March 4, 1994 on the company social benefits fund (consolidated text, Journal of Laws of 2017, item 2191) to establish a company social benefits fund (ZFŚS) and to properly manage its funds are also subject to the obligation concerning personal data protection. So far, the above-mentioned the Act on the Company Social Benefits Fund did not regulate matters related to the processing of personal data by the employer in connection with conducting social activities. You had to rely on court judgments and the interpretation of GIODO.
Pursuant to Art. 8 sec. 1 of the Act on the Company Social Benefits Fund, the granting of concessionary services and benefits and the amount of subsidies from the fund depend on the life, family and material situation of the person entitled to use the Company Social Benefits Fund. Therefore, the employer is obliged to investigate the social situation of people applying for help from the Social Fund, because the granting of reduced services and benefits and the amount of subsidies from the Social Fund is carried out in such a way that the most help is received by people who are in the most difficult situation.
What if the employee or pensioner refuses to submit an income declaration?
It happens that employees interested in obtaining support from ZFŚS funds refuse to submit income / life, family and material statements, referring to the protection of personal data. Sometimes employers included a provision in the ZFŚS Regulations that people who did not agree to disclose their income are automatically included in the group of people with the highest income and receive the lowest support. Such proceedings were found by the Court of Appeal in Lublin in its judgment of 10 October 2013 (III AUa 752/13) as inconsistent with the Act on the Company Social Benefits Fund, may be contrary to the provisions of this Act. The provision on granting social benefits in the lowest amount without examining the social criterion does not comply with the Act. According to the act, the social criterion is the life, family and material situation, which should be assessed and examined jointly.
So far, the position of GIODO has been supported, which decided that the Act on the Protection of Personal Data allows the processing of personal data when other provisions allow it, and since the Act on the Company Social Benefits Fund makes the amount of assistance dependent on the life, financial and family situation of the entitled person, the employer has the right to demand the data and information that gives credibility to these circumstances. Otherwise, he could not apply the Act on the Company Social Benefits Fund.
Therefore, it is obvious that the employer must examine the life, family and financial situation of people entitled to use the Company Social Benefits Fund in order to properly direct the aid.
Company Social Benefits Fund and the GDPR
The draft Act of 12 September 2017, the provisions introducing the Act on the Protection of Personal Data, assumed certain changes to the Act on the Company Social Benefits Fund. On May 8, 2018, this draft changed its name to: the Act on Amending Certain Acts in connection with ensuring the application of Regulation 2016/679 and regulates matters related to the protection of personal data in the Company Social Benefits Fund in a different way than originally assumed. Currently, the bill is still in the preparation phase. You can follow his fate at: http://legislacja.rcl.gov.pl/projekt/12302951
Originally, the project assumed that from May 25, 2018, in order to obtain a discounted service and provision, the entitled person agrees to provide his personal data, personal data of his family members and personal data of other people living in the same household with him. These personal data may be: name and surname, date of birth, degree of kinship, address of residence, as well as other personal data of these persons, if providing such data is necessary to determine the life, family and financial situation of the entitled person (i.e. e.g. data on income , health). Therefore, the catalog of personal data that may be requested by the employer is open and is determined by the need to determine the social situation.
Start a free 30-day trial period with no strings attached!
The draft amendment to the Act on the Company Social Benefits Fund in the new wording does not mention the data that may be requested by the employer, it leaves it to be regulated in the regulations, but it emphasizes written authorizations for persons who process personal data, especially health data, and the maintenance of their secrecy. Please remember that the employer may request documentation of personal data to the extent necessary to confirm it.
The draft assumes that the employer may store personal data only for a period not longer than necessary in order to grant funds from the Social Benefits Fund and determine their amount, as well as for the period of asserting rights or claims. The employer reviews personal data at least once a calendar year in order to determine the necessity of their further storage. If no further storage is required, the data must be deleted. It should be noted that this is a project that may change for the time being.
This will not change that the terms and conditions for using the services and benefits financed from the Social Fund, taking into account the life, family and material situation of the person entitled to use the fund, as well as taking into account the new regulations on the protection of personal data and the principle of allocating the fund's resources to individual the goals and types of social activity are defined by the employer in the ZFŚS Regulations.
Therefore, it will be necessary to amend the Regulations of the Company Social Benefits Fund to include provisions on the protection of personal data. However, you have to wait until the planned changes to the Act on the Company Social Benefits Fund enter into force. It is worth recalling that the ZFŚS Regulations must be agreed with the company's trade union organization. An employer who has no company trade union organization agrees the regulations with an employee selected by the staff to represent its interests.
It is worth remembering that the consent of the data subject means a voluntary, specific, informed and unambiguous demonstration of the will to which the person allows the processing of personal data concerning him;
The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.The data subject is informed of this before giving his consent. It must be as easy to withdraw consent as it is to express it.
The person consents to the disclosure of personal data, and the employer must ensure that the obtained data is properly secured.
The employer (or other persons on his behalf, e.g. members of the social commission) has access to and processes the personal data of applicants. Anyone who deals with personal data must be authorized to process such data. This should also be done in the case of members of the social committee who often have access to sensitive data, e.g. on health, which must be kept secret.
Therefore, people interested in support from the Company Social Benefits Fund submit, in addition to a declaration of income, life, family and material situation and an application for a benefit, also a declaration of consent to disclose personal data to the employer, and the employer must make every effort to protect the personal data obtained.
Can the employer provide other people with personal data obtained for the purposes of the Company Social Benefits Fund and can it be written down in the regulations?
Yes, personal data may be transferred or made available, for example, to entities authorized to do so on the basis of regulations, such as ZUS or the tax office. The employer may include in the ZFŚS Regulations a provision: personal data may be transferred or made available to entities authorized to do so under the law.
Can the employer request a PIT-37 declaration when determining the right to use the Company Social Benefits Fund and can it be included in the Company Social Benefits Fund Regulations?
Yes, the employer may request PIT-37 and other tax declarations and documents to be inspected in order to determine the right to use the Company Social Benefits Fund, and it can write it down in the Company Social Benefits Fund Regulations. However, he should not copy the tax returns and keep them with him, it is enough if he has them available for review. In the Regulations, it is good not to close the catalog of documents that may be requested by the employer, because when making entries in the Regulations, it may not foresee all types of settlements used by persons entitled to receive benefits (e.g. PIT-36, PIT 40A is also very common in addition to PIT 37). / 11A, PIT 8c and others).