The Personal Data Controller, as defined in art. 4 item 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of the 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) is the Company.
THE PURPOSE BEHIND THE PROCESSING OF USERS’ PERSONAL DATA
Personal data of Users are collected and processed in relation to their use of the Website and the services provided electronically by the Company via said Website.
Processing of the Users’ data is necessary for the following purposes:
- communication with Users by means of the contact form provided on the Website,
- ensuring safe provision of services by the Company, in particular preventing fraud and misuse,
- performing obligations imposed directly by the applicable law,
- statistics and record-keeping.
The Company processes collected personal data solely within the scope of the purposes listed above.
PROCESSING OF PERSONAL DATA
The Company collects, uses and processes the following personal data of the Users:
- first and last name,
- name of company or person conducting business activity,
- e-mail address,
additionally, in case of recruitment:
- telephone number,
- address of residence,
- education, professional experience,
In addition, the Company’s servers automatically register the so-called “system logs” of the Website’s visitors – anonymous information such as the time of visit, the IP address, the URL address, the Internet browser, etc.
LEGAL FRAMEWORK FOR THE PROCESSING OF PERSONAL DATA
The Company processes the Users’ personal data based on the following legal regulations:
- art. 6 item 1(a) of GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- art. 6 item 1(b) of GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- art. 6 item 1(f) of GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Company.
- Consenting to the processing of personal data is voluntary; However, the Company will not be able to contact the User, or carry out the recruitment processes, unless the consent is given.
RULES FOR THE COLLECTION, USE AND PROCESSING OF PERSONAL DATA
The Company shall protect the Users’ personal data with due diligence, in accordance with the following rules:
- the personal data of the Website’s Users are processed in accordance with the requirements of GDPR and other applicable legal regulations, which supplement and/or implement GDPR, including the Act of the 10th of May 2018 on the protection of personal data (Polish Journal of Laws Dz.U. of 2018, item 1000);
- the personal data of the Users of the Website shall not be disclosed to other entities or third parties, unless the following conditions are met:
- The User has agreed to the disclosure,
- disclosure is obligatory under applicable provisions of the law or justified demands of state authorities,
- disclosure is necessary for the detection and prevention of fraud, as well as solving other problems related to fraud, safety and technical issues,
- disclosure is necessary for the recovery of claims due to the Company;
- within the scope permitted by applicable legal regulations, the Company shall have the right to disclose the personal data to entrusted entities and third parties for the purposes related to the provision of services by the Company, i.e. accounting offices, postal, courier, hosting service providers and third-part content providers etc. only within the scope necessary for the purposes specified herein.
- the personal data of Users may only be used for the purposes for which they were collected;
- the personal data of Users shall not be processed for longer than necessary for the due provision of services by the Website. Thereupon the personal data shall be deleted;
- the personal data shall not be disclosed to entities from outside of the European Economic Area (countries other than the European Union states, Iceland, Norway and Liechtenstein).
OTHER RELEVANT RIGHTS OF USERS
- Every User shall have the right to:
- review their personal data held by the Company,
- demand that their personal data be corrected, if they decide said data are outdated, incomplete, or false,
- demand that the processing of their personal data be limited,
- demand deletion of their personal data,
- demand a copy of their personal data,
- object to the processing of their personal data in cases specified in art. 21 of GDPR,
- demand that their personal data be transferred to a different data controller, if it is technically possible.
- The User may take advantage of the rights listed above by means of submitting an application:
- in person, at the Company’s place of business (Xyzum sp. z o.o., ul. Twarda 18, 00-105 Warsaw),
- by post, to the Company’s above-mentioned address,
- by electronic mail, to the address: email@example.com
- The User shall also have the right to submit a complaint to the relevant data protection authority – President of the Data Protection Authority (PUODO).
In case of questions or doubts related to the protection of personal data, please contact the Company at: firstname.lastname@example.org.
Document v. 3.0
Warsaw, 17th of February 2020