PRIVACY POLICY
P. P. H. MARC-TH M. B. Kamińscy sp. j.
1. INFORMATION ON DATA CONTROLLER
- Controller of personal data received at concluding agreements/presenting commercial offer is P. P. H. MARC-TH M. B. Kamińscy sp. j. entered to the register of entrepreneurs of National Court Register kept by District Court for Warsaw Capital City in Warsaw, IV Commercial Department – National Court Register under number: KRS 0000090223, VAT no. 1130026530 REGON 012067147.
- You may contact Data Controller in writing, using traditional and electronic mail, and also by phone as follows:
- Address: ul. Norwida 26, 05-071 Sulejówek
- Tel.: (22) 783 48 38
- e-mail: marcth@marcth. pl
- In accordance with valid regulations concerning personal data protection, in particular with Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter ’GDPR’), in order to ensure proper personal data protection, Controller presents below information for data subjects concerning personal data processing.
- Controller takes all efforts to ensure any means of physical, technical and organizational personal data protection against their accidental or intentional damage, loss, change, unauthorized disclosure, use or access, in accordance with all valid regulations.
2. PURPOSE, LEGAL BASIS AND TIME OF PERSONAL DATA PROCESSING
Your personal data obtained by us are used:
- To enter and perform contractual relationship, i. e. to complete any product sale agreement and provision of services for Clients, including assurance of correct quality of services – throughout a period of agreements and settlements and thereafter, as well as for expiration time of claims – art. 6 par. 1 b GDPR;
- Processing is necessary for compliance with a legal obligation: issuing and storing invoices and accounting documents, responding to complaints in due time and in the form required by regulations – for the time of performing obligations and the time required by law to keep documents – art. 6 par. 1 let. C GDPR;
- To establishment, exercise or defence of legal claims resulting from made contract – for the time when any claims under contract expire – art. 6 par. 1 let b GDPR;
- Lawful interest, which is advertising out services/products, i. e. presentation our offer of services/products, if you contact us for this purpose – art. 6 par. 1 let f GDPR – for the time when Controller’s business needs continue to exist;
- Lawful interest, which is maintaining good business relations and within professional relations – art. 6 par. 1 let f GDPR – for the time when Controller’s business needs continue to exist;
3. TYPES OF PROCESSED PERSONAL DATA
- To perform a contract Controller needs the following personal details: identification data (full name, VAT reg. no., PESEL (personal id no.), ID card series and number) address data (e-mail, street, locality, postal code). Lack of these details prevents performance of any order.
- In addition, Controller may ask to give optional details (e. g. contact number), which have no effect on a contract conclusion, but facilitate contact with Client, and the same make order completion more efficient.
- In a contract period we may ask for other, additional data (documents that contain data), in extent needed to perform any made contract, which were not necessary during the contract conclusion, but they appeared as required at the later stage of the contract performance.
- In case when party a contract with us is a legal person, then for the purpose and during performance of this contract we shall process personal data of representatives/employees and agents of such legal persons that were defined as contact persons, including: full name, e-mail, telephone.
- Data are processed in accordance with requirements of applicable laws and contractual terms.
- DATA TRANSFER TO OTHER ENTITIES (DATA RECIPIENTS)
Data Recipient means a physical or legal person, public authority, unit or other entity, to whom Controller disclose your personal data.
We transfer your data to:
- Entities that process data for Controller, that participate in Controller’s operations, i. e. in Customer service process (e. g. suppliers);
- Entities that operate our tele-information systems and provide tele-information tools for us;
- Entities that provide for Controller consulting/legal assistance, audit services.
If data are provided to third entities, Controller requires them to maintain confidentiality and security of information, and only use data for providing given service or product.
5. RIGHTS OF THE DATA SUBJECT
- Data Controller ensures the following rights that allow applying for:
- Rectification (correction) of data that are inaccurate, in particular, because they have been collected with errors or they changed after collection. The above right also applies to completion of lacking data;
- Erasure of data processed unlawfully or placed in our Internet services. You may exercise the above right only when:
- Your data are no longer necessary in relation to the purposes for which they were collected, in particular after expiration of the period planned by Controller or mandatory period of data processing;
- You withdrawn consent on which the processing is based according to point, unless Controller has other legal ground for the processing;
- You objected to the processing and there are no overriding legitimate grounds for the processing.
Controller may refuse to erase personal data in cases anticipated by law, in particular if further processing is required to fulfill lawful obligation that requires processing of these data under law of Union or Member State, or the establishment, exercise or defence of legal claims.
- Restriction of processing (stopping operations on data – respectively to request) when:
- You question accuracy of personal data – for the period allowing Controller to check these data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their processing instead (their use);
- Controller no longer needs the personal data, but they are required by you for the establishment, exercise or defence of legal claim.
- Access to data (information on data we process and copy of the data), including request to obtain copy of personal data subject to processing. First copy is free of charge. For any further copy requested from Controller may be reasonably charged due to handling costs (postal costs, xerox copies, etc.);
- Data transmit to another controller. You have the right to receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- Right to object data processing, when processing is performed based on lawful Controller’s interest. Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject;
- Right to withdraw consent for data processing in any time (if processing Was based on your consent). However, the consent withdrawal shall not affect lawfulness of processing before the consent withdrawal.
- Rights indicated in par. 1 may be exercised submitting request to Controller’s premises or calling number given in sec. 1 (Information on Controller). Controller may ask for additional information that allows to authenticate a person who exercises said rights. To make sure you are entitled to the request, we may ask you for additional information that allows authentication.
- If data use by Controller is not necessary to perform a contract, fulfilling legal obligation or is not lawfully justified Controller’s interest, you may request specified data processing method. Given consent may be withdrawn in any time (this will not affect lawfulness of data processing before this consent withdrawal).
- You may lodge complaint to the Chairman of Personal Data Protection Office, if you believe that processing your data is unlawful.
- PROCESSING METHOD
Your personal data are processed by Controller electronically and manually.