I BASIC INFORMATION
Personal data is understood as any information about an identified or identifiable individual.
- The Wielkopolski Indyk company processes personal data provided voluntarily by the Customer/Collaborator/Contractor/Employee/User, in particular when:
– submitting offers;
– placing orders for the offered products and services;
– negotiating, concluding and performing civil law contracts, including sales agreements, delivery agreements, cooperation agreements, service agreements, transport agreements and others;
– delivering supplies;
– submitting and handling complaints or other reported claims,
– video monitoring in the premises, facilities and yards occupied by the Company.
- The Wielkopolski Indyk company processes personal data provided to it voluntarily by an Employee during the recruitment process, when concluding an employment contract and during the employment period.
- Personal data is collected only for the purpose of:
– allowing the User to fully use the functionality of the Website;
– placing, accepting and fulfilling orders;
– negotiating, concluding and performing agreements;
– delivering the goods ordered;
– handling complaints or other reported claims;
– meeting the requirements of the provisions of law, in particular tax and accounting regulations;
– securing the safety of people and property and ensuring the proper functioning of video surveillance,
– others individually agreed with the Client/Contractor/Collaborator.
- The personal data provided by an Employee are processed for purposes related to employment, being subject to social insurance or group life insurance, or in order to benefit from other benefits arising from the provisions of law.
- The User’s e-mail address may only be used for sending links to purchased files or other messages related to handling the activity on the Website, including in particular those related to the fulfilment of the order placed. The data collected when exchanging correspondence between the User and the Website will be used only to respond to the query sent by the User.
Providing personal data is voluntary, however, failure to provide data in cases where it is necessary for the conclusion or performance of the agreement or to undertake other actions may prevent the conclusion of the agreement or its performance or undertaking other actions.
II SAFETY OF PERSONAL DATA
Personal data provided to the Wielkopolski Indyk company are stored in the database of the Wielkopolski Indyk company (the personal data Controller) and are processed in compliance with applicable provisions of law, including the GDPR and generally applicable provisions of Polish law. The Controller’s databases have all safeguards against an access by third parties or their loss which are necessary and required by law.
The Controller ensures their full security and protection.
III PROCESSING OF PERSONAL DATA
The Controller of the collected personal data is Wielkopolski Indyk sp. z o.o. with its registered office in Bolesławiec at Bolesławiec 12A, 62-050 Mosina, entered into the National Court Register under the number 0000646404, NIP 7773271756, REGON 365834337, hereinafter referred to as the “Controller”.
- The Controller processes personal data in compliance with and on the basis of:
a) Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals in connection with personal data processing and on free flow of such data and repealing the Directive 95/46/EC (hereinafter referred as the “GPRD”),
b) national regulations on the protection of personal data, in particular the provisions of the Act of August 29, 1997 on the protection of personal data, consolidated text Journal of Laws of 2016, item 922 of 2018 item 138, 723.
- The processing of personal data takes place only in cases where – and to the extent that – at least one of the following conditions is met:
a) data subject has consented to the processing of his/her data;
b) processing is indispensable for the performance of an agreement to which the data subject is a party or in order to take action at the request of the data subject prior to the conclusion of an agreement;
c) the processing is indispensable to fulfil the legal obligation imposed on the Controller;
d) the processing is indispensable to perform a task carried out in the public interest;
e) the processing is indispensable for the purposes arising from the legitimate interests pursued by the Controller.
- The data is collected to the extent which is necessary in relation to the purposes for which they are processed.
- The Controller has appropriate technical and organizational measures so that the processing of data meets the requirements of the GDPR and national law and protects the rights of data subjects.
The Controller makes every effort to protect personal data against unauthorized access by third parties.
- The recipients of personal data may only include institutions authorized to receive them under applicable provisions of law or entities cooperating with the Controller and performing some ordered services, such as, for example, IT service, courier companies, transport or forwarding companies, companies providing accounting or legal services, to the extent that it is indispensable for the provision of a given service.
- Entrusting the recipients with the processing of personal data is done in compliance with the requirements of the GDPR and the provisions of national law. The Controller uses only the services of such processing entities that provide sufficient guarantees of implementation of appropriate technical and organizational means so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
The data Controller will not transfer personal data to a third country or an international organization.
The Controller stores personal data to the extent and for the period necessary to handle the order placed or assignment and fulfilling the obligations arising from the contract concluded with the Customer / Collaborator / Contractor by the Controller and from applicable provisions of law (tax law in particular), as well as for a period corresponding to the period for limitation of claims. If any court proceedings are initiated, the period of storage of personal data is extended until the enforcement of a final court judgment or court settlement.
Employees’ personal data provided in connection with an employment are stored for the entire period of employment and for 50 years from the date of termination of employment. In the case of persons employed on the basis of a contract of mandate, personal data on the basis of which the basis of assessment of pension or disability living allowance is determined, are stored for the duration of the contract and for a period of 50 years from the end of cooperation.
IV RIGHTS OF DATA SUBJECTS
- Each data subject has at any time the right in relation to the Controller to:
a) access the content of his/her personal data, i.e. requesting the Controller to provide information whether and which personal data it stores and to obtain a copy thereof;
b) correct his/her personal data if they are incorrect, as well as to complete incomplete data;
c) delete his/her personal data if:
– these data are no longer necessary for the purposes for which they were collected;
– consent to their processing has been withdrawn pursuant to the provisions of § 4.2 and there is no other legal basis for processing these data;
– after raising an objection referred to in § 4.3, if there are no overriding legally justified grounds for processing; the data is deleted each time if the objection concerns data processed for direct marketing purposes;
– personal data has been processed illegally;
– the obligation to delete data arises from applicable provisions of law.
d) limit the processing when:
– the data subject questions their correctness – for a period allowing the Controller to check the correctness of this data;
– the processing is illegal and the data subject opposes the removal of data and requests the limitation of their use instead;
– the Controller no longer needs the data for the purposes of processing, but they are needed by the data subject to establish, pursue or defend claims;
– the data subject has raised an objection referred to in § 4.3 – until it is examined;
e) transfer his/her data to another entity, if the data is processed in an automated manner and, moreover, their processing is based on a prior consent or in order to perform an agreement.
- The above rights are exercised by contacting the Controller at the address indicated in
§ 3.1 or at the e-mail address email@example.com.
- Anyone who has consented to the processing of his/her personal data by the Controller has the right to withdraw this consent at any time by contacting the Controller at the address indicated in § 4.1 or at the e-mail address firstname.lastname@example.org.
- The withdrawal of consent does not affect the legality of the processing that was done on the basis of consent before its withdrawal.
- The right to withdraw consent referred to in item 1 does not apply to data processed on the basis of at least one of the premises specified in § 3.2. item 2 sub-item b) to e).
Each data subject has the right at any time to raise an objection to the processing of his/her data for purposes arising from legitimate interests pursued by the Controller or for the purposes of direct marketing.
Anyone who is of the opinion that his/her personal data is processed by the Wielkopolski Indyk company in the wrong manner has the right to file a complaint with the supervisory body – the President of the Office for Personal Data Protection.
- The Wielkopolski Indyk company is also the Controller of personal data obtained by means of video monitoring, which can be installed at the company’s head office, manufacturing plants or points of sale.
- On each facility or area within the range of video monitoring of the Wielkopolski Indyk company, there is information one is able to see indicating that the area or facility is monitored and cameras are installed on it.
- The processing of personal data obtained from video monitoring is indispensable for the purposes arising from the legitimate interests pursued by the Controller, in particular to guarantee the safety of people and property against external and internal threats, including increasing the safety of employees and other people staying in buildings, premises and yards occupied by the Wielkopolski Indyk company and to increase technological security, protect the property, limit the devastation and theft, record events enabling the determination of the perpetrator of damage or theft.
- An access to the monitoring and personal data collected through it is available only to persons appointed to deal with the monitoring and other persons designated by the Controller who have the appropriate authorization of the Controller to process personal data and are obliged to maintain their confidentiality.
- The Wielkopolski Indyk company may entrust external companies with the operation of the monitoring system, testing its operation, making repairs, and expanding the monitoring network. To the extent that it is indispensable to perform the above services, these companies may be recipients of personal data obtained from video monitoring, referred to in § 3.3.
- All data recorded by monitoring system are saved on the data logger and are available for 30 days.
After this date, the data is automatically deleted (overwritten) subject to item 2 below.
- The Wielkopolski Indyk company secures, for evidence purposes, events recorded by monitoring system, which pose or could pose a threat to the safety of people and property or meet the criteria of a prohibited act or constitute another violation of the law, including contractual obligations:
a) at the request of third parties,
b) at the request of the authorities conducting the proceedings, e.g. the police, prosecutor’s office, courts,
c) if it deems it appropriate and necessary for the protection of its own interests.
- Securing the data from the monitoring consists in recording them on a data carrier that allows for their duplication.
- Data carriers containing the data registered are secured and stored in a specially designated place that may be accessed only by authorized persons.
- The secured monitoring data are made available only to the authorities conducting the proceedings in the case of the registered event, e.g. the police, prosecutor’s office, courts that operate on the basis of separate regulations. The data secured may also be transferred to the insurer of the Wielkopolski Indyk company as part of the liquidation of damage caused to a third party, as well as to the insurer of a third party liable for a damage as part of the liquidation of damage caused to the Wielkopolski Indyk company.
- The monitoring data secured at the request of the authorized entity are stored for a period of one year from the date of submitting the request. After this dated, the secured data are deleted.
Bolesławiec, on May 24, 2018