Safety – DNA of our operations • Raport Społecznej Odpowiedzialności Grupy Polsat Plus za rok 2020

Due to the nature of services provided by us we acquire a lot of sensitive data every day. To fully protect the data of each customer, the companies from Polsat Plus Group implemented the numerous rules defined in relevant policies and plans: Security Policy, Information Security Policy, Personal Data Security Policy, ICT Security Policy and ICT Security System Development Plan.

We respect legal regulations

[GRI 416-2]

In 2020, following the monitoring of the IPLA on-demand media service, which was conducted by KRRiT (National Broadcasting Council), we received 2 notices from KRRiT. In the notice dated 5 October 2020 Cyfrowy Polsat was requested to discontinue the activities infringing upon the provisions of Art. 46 e of the Broadcasting Act (incorrect marking an audiovisual material), while the notice dated 22 October 2020 requested that we discontinue the activities infringing upon the provisions of Art. 47 e, item 1 of the Broadcasting Act (use of insufficient technical safeguards). None of these notices ended with any proceedings being instituted against Cyfrowy Polsat.

Polkomtel received 3 complaints regarding spontaneous combustion of equipment. Two of the complaints were rejected by handset manufacturers. One complaint was accepted by the manufacturer of a router, however the reasons of the incident were not determined.

[GRI 418-1]

In 2020 at Polkomtel:

12 complaints related to personal data processing. In the case of 2 of these complaints the President of the Personal Data Protection Office (PUODO) refused to accept the requests from the complaining parties. As regards one of the cases, the President of the Personal Data Protection Office dismissed the case. In 6 other cases the Personal Data Protection Office (UODO) asked the Company to provide additional explanations. As of the date, the UODO did not respond to the explanations provided by the Company,
As regards 3 proceedings initiated in the years 2018-2019, the Personal Data Protection Office asked the Company to provide additional explanations. As of the date of the report, the Office has not commented on the explanations submitted by the Company,
We received 4 decisions regarding the Office’s proceedings from 2019 (in two cases the President of the Personal Data Protection Office dismissed the cases while in two other cases he refused to accept the requests from the complaining parties),
In connection with the verification proceedings conducted by the Personal Data Protection Office regarding the implementation of the administrative decision issued by the General Inspector of Personal Data Protection (GIODO) in 2015 which concerned deletion of the copies of the documents collected when concluding subscriber contracts for telecommunication services, UODO filed two requests to the Company for being provided with additional evidence. The Company responded to the requests and sent to the President of the Personal Data Protection Office the protocol which confirmed the execution of the administrative decision. In January the President of the Personal Data Protection Office sent to the Company the information confirming end of the proceedings

Moreover, Polkomtel received 29 requests from the Personal Data Protection Office regarding reported cases of breach of personal data protection.

In 2020 the following notices were sent by the Personal Data Protection Office (UODO) to Cyfrowy Polsat S.A.:

4 complaints regarding personal data processing. In the case of 3 of these complaints UODO applied to the Company for additional explanations. As of the date of this report, the Office has not commented on the explanations submitted by the Company. In the case of one complaint, regarding breach of personal data protection rules, the President of the Personal Data Protection Office issued an admonition regarding breach of the provisions of article 6, item 1 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,
As regards the 3 proceedings initiated in the years 2018-2019, the Company received a decision from the President of the Personal Data Protection Office (one case was dismissed, while in two other cases the President refused to accept the requests from the complaining parties),
As regards a case from 2018, the Personal Data Protection Office asked the Company to provide additional explanations. As of the date of the present report, the Office has not commented on the explanations submitted by the Company,
In August 2020 the Personal Data Protection Office initiated administrative proceedings regarding breach of personal data protection regulations (the breach concerned protection of personal data in connection with the loss of documents by a courier company as well as releasing the documents by a courier company’s employees to an unauthorized third party). The Company provided extensive explanations. The President of the Personal Data Protection Office conducted an investigation as a result of which evidence was gathered which was sufficient to issue a decision in the matter of the logistics process breach. The decision has not been issued yet.

Moreover, Cyfrowy Polsat S.A .received 13 requests from the Personal Data Protection Office regarding reported cases of breach of personal data protection.

Security of products and services

Each new service introduced to the market is analyzed from the point of view of security still at the design stage. Key requirements are defined, and all components are verified before the commercial launch.

Polsat Plus Group is aware that services offered by it have an impact on the daily sense of security of millions of Poles. Apart from the cooperation with water and mountain rescue teams, a good example of this is the service called “Gdzie Jest Bliski” (Where is my relative), or a new generation Parental Control application, which has been developed by parents for parents.

"Gdzie Jest Bliski” (Where is my relative) service

“Gdzie Jest Bliski” (Where is my relative) is a family locator which allows for finding the current location of a child or relative. An SMS or a click in the application is enough for the system to send information with data about location of the person searched for and to have their location displayed on digital maps.

“Where is my relative” means:

Locating relatives 24 hours a day
Locating and protecting even up to 5 persons
Location on request
Easy and fast locating of people
Location schedule
History of locations in a mobile application and on the website
View of location of all persons on one map
Compatibility of locating channels
Locating via GSM, WIFI and GPS
Locating via SMS, website or mobile application.

A mobile phone with an active SIM card is all that is required to start locating relatives. There is no need to install any additional software or enter complicated settings to the phone. A person searching for location – e.g. a parent – activates the service and adds a phone number of his/her relative whom they wish to protect. The person being located must express consent to having their mobile phone located. Such consent means that it will be only the parent who will be able to determine the location, so as to make sure that no unauthorized person can obtain information about the location of a relative or child.

Identity theft, or take-over of user accounts, is one of the threats encountered in the Internet. Identity in the Internet also means passwords, logins, PIN numbers as well as all other information that can be linked to a specific person. Such data is leaked or stolen, and then placed on various platforms of the Internet where the data can be bought by cybercriminals and used for extortions or account hacking. Though you cannot erase the things that went into the Internet, it is worth checking what the Internet knows about us.

Internet Security with Identity Protection

Latest research concerning data leakage proves that the people who used compromised services are much more exposed to cybercrime than others. Identity Protection, offered by Plus, is a solution which can enhance the level of security.

The application allows you to:

check what data was leaked to the Internet,
receive alerts, 24/7, if your private information has been disclosed anywhere. Thanks to this you can respond quickly to change of a password or PIN number, block use of a credit card or inform the bank of the situation and take the actions recommended by the bank in order to secure your financial resources.

In addition the Identity Protection application contains a function of creation and storing of very strong passwords which are automatically completed at the moment when you log in to any service, your e-mail account or your bank account.

Parental Control application– “Dzieci w Plus” (Children in Plus)

“Dzieci w Plus” (Children in Plus) is state-of-the-art solution which allows for safe discovering of the mobile world by children. The service consists of the portal called dzieciwplus.pl and a parental application, both of which are used for setting the rules of usage of the Internet, as well as of a child’s application which is installed on the child’s device.

“Children in Plus” means:

Safe Internet browsing
Control of the time spent in the Internet and the applications used (full support for the application on Android devices, partial support for iOS devices)
Control of installed applications (as above)
Safe Search mode in Google, Bing and Yahoo
Monitoring and reports with information about device use by a child
Protection in any network.

Thanks to this service, parents can easily control the websites which can be viewed by their kids. They just need to select the content categories which can be accessed or blocked. It is also possible to choose the applications which a child will be able to access on his/her phone and the applications will be unavailable. Control of time of usage of the device and time spent in the Internet is another very important feature of this service. The parent may set, separately for each day of the week, the hours within which a child will be able to open e.g. entertainment applications or browse the Internet.

The service is friendly for all users – also for the parents who have less knowledge about online safety.
In such a situation the application will suggest, based on a child’s age, what content in the Internet can be accessed by the child. The parent may accept the prepared suggestion or easily modify the settings.

The service also ensures interaction between the child and the parent. In case of blocking the application or reaching the time limit set for Internet use, a child may send a request to the parent which can be then accepted by him/her (via the parent application of on the web portal).

“Dzieci w Plus” (Children in Plus) is a comprehensive parental control service which can be installed and configured also by the parents who are less experienced in using new technologies..

Fight against piracy

In Poland the level of piracy is much higher than on the developed markets of Western Europe or elsewhere in the world, and the costs of this phenomenon affect not only the authors, but also the State Treasury and the labor market. The services of illegal access to content are usually very well organized and provided in order to obtain financial gains. The sector of such services has grown to the size exceeding the size of legal services offering online video content in Poland. According to Deloitte’s estimates, Polish economy loses over PLN 3bn per year because of piracy. It is the sum which could cover approx. 30% of annual expenditures of the State Treasury on culture and media or make it possible to purchase four cinema tickets for every citizen.

The educational project, called ”Piractwo.tv,” (Piracy.tv) was ultimately completed in 2020 as the last training session was conducted for the policemen and prosecutors involved in combatting theft of intellectual property in the Internet. Thus, thanks to “Piractwo.tv” project, realized in cooperation with the Main Police Headquarters, the trainers from Sygnał Association reached all the police units in Poland which deal with this this type of crime. Due to the pandemics, work has started on developing the web version of the training program and creation of an educational platform for the needs of the policemen and police academies. Sessions for individual police units, interested in training were also held during the early months of 2020.

In 2020 Sygnał Association continued activities aimed at reducing the availability of illegal sources of TV content in the Internet and of reducing the revenues that pirate services obtain from illegal content distribution.. During previous years a campaign called “follow the money” was launched. The campaign involved monitoring of the services which violate the broadcasters’ rights, with a table containing aggregated data on cases of rights violation having been created, as well as permanent cooperation having been initiated with the payment processing companies whose services criminals used to derive financial benefits from their illegal activities. In 2020 the development of this area of the Association’s activity continued, thanks to which it was possible not only to reduce the presence of ads from major advertisers in pirate web services and prevent payments for access to illegal content via trusted providers of financial services and telecommunication operators but also to reduce substantially the scale of the illegal activities involving sale, via Internet auctions, of activation codes enabling access to illegal content. In 2020, thanks to the daily, systematic work covering this area the number of such illegal auctions was reduced fourfold compared to 2019.

The year of the pandemics did not weaken the activities related to enforcement of protection of intellectual property rights in the Internet. The year saw issuing of record, in terms of value, rulings in Poland related to compensation for the loss incurred by a harmed party, regarding both, the practice of sharing and of streaming of content. This led to the growth of the awareness of harsh penal and financial consequences for the parties which made illegal distribution of other parties’ content via the Internet a permanent source of their revenue. 2020 also saw closing of more than 30 pirate services which violated the rights of the members of Sygnał Association, which meant increase by 30 percent compared to 2019.

Elections of the organization’s authorities took place in June 2020. Teresa Wierzbowska, Advisor to the Management Board of Cyfrowy Polsat for public affairs, has been reelected the President of “Sygnał” Association. Also Łukasz Sternowski, Manager of the Intellectual Property Protection Unit in Cyfrowy Polsat, is a Member of the Management Board of the Association.