In accordance with Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as DPA), we inform you that:
1. Personal data controller
The controller of your personal data hereinafter referred to as "Administrator", "We" or "Company" is
Ecotec Polska Sp. z o.o. with registered office: 02-229 Warsaw, ul. Światowa 22.
2. Contact Us
Administrator contact details:
email address: firstname.lastname@example.org
Correspondence address: 02-229 Warsaw, ul. Światowa 22.
Use of our contact information
The use of contact details published as part of the required legal notice by third parties for the purpose of sending unsolicited advertising and marketing material is hereby expressly prohibited. The administrator reserves the right to take legal action against unsolicited advertising or marketing information, including spam.
3. The purpose of data processing by the controller, the legal basis of processing, the period for which the personal data will be stored and whether the provision of personal data is a statutory or contractual requirement or a condition for entering into a contract
|Purpose of personal data processing:||Legal basis for processing:||Storage period and information whether the provision of personal data is a statutory or contractual requirement or a condition of entering into a contract and whether the data subject is obliged to provide such data and what are the possible consequences of failing to do so:|
|(a) communication, in particular answering the questions asked using the contact form at https://www.ecotec-polska.pl/en/contact or sent to us by e-mail||Art. 6, par. 1, letter b) GDPR (taking action on your request, i.e. answering the question asked by you, request for contact made by you using the form on the website or by e-mail)||Personal data are stored for the period of limitation of claims under the law, when a complaint, request, etc. is filed. (as a rule 3 years, maximum 6 years calculated from the date of termination of the contract/relationship), unless there is another legal basis for further processing, e.g. our processing of the data for the purpose of dealing with possible complaints or demands and satisfying the principle of accountability referred to in Article 5(2) of the GDPR. Provision of data is voluntary, but failure to do so prevents communication by electronic means.|
|(b) communication with those who contact us via social networks (responding to comments and messages etc.)||Art. 6(1)(f) GDPR ("legitimate interests of the Administrator")||The data shall be stored for the period of existence of the legally justified interest pursued by the Administrator and for the period after which potential claims become time-barred (in principle 3 years, maximum 6 years calculated from the date of termination of the relationship/contract).
Providing data is voluntary, but failure to provide it will prevent communication through social networks.
|(c) marketing the Administrator's products and services||Art. 6(1)(a) GDPR (your consent to processing) and/or
Article 6(1)(f) GDPR ("legitimate interests of the Administrator")
|Data is stored until you withdraw your consent. The consent you have given can be withdrawn at any time by contacting the Administrator.|
|(d) storing cookies or using other similar technologies on your end device (PC, laptop, tablet, phone/smartphone, Smart TV)||Art. 6(1)(a) GDPR (your consent to processing)||The data will be stored until the data subject withdraws, by the data subject, consent to further processing of their personal data.
Provision of data is not a contractual or statutory requirement. Failure to provide such data (blocking the installation of cookies) may result in limited functionality of the website.
|(e) conducting direct marketing of the Administrator's products and services||Art. 6(1)(f) GDPR ("legitimate interests of the Administrator"), which is an independent ground that legalises the processing of personal data and no consent is required. Recital (47) of the Preamble of the GDPR states that "The processing of personal data for the purposes of direct marketing may be considered as an activity carried out in the legitimate interest.").||The data shall be stored for the duration of the legitimate interest pursued by the Controller, or until an objection is raised to further processing of personal data for marketing purposes (Art.21(3) GDPR).
The data subject will object to the processing of his/her data (e.g. e-mail address, name, surname, employer's name) for direct marketing purposes, the personal data will no longer be processed by the Administrator for this purpose.
|(f) conclusion and performance of the contract (including quality assurance)||Art. 6(1)(b) GDPR (the data subject is a party to the contract)||The data shall be stored for the period necessary for the performance, termination or expiry of the contract and settlements, as well as for the period after which potential claims become time-barred (as a rule 3 years, maximum 6 years calculated from the date of termination of the contract/relationship) unless there is another legal basis for further processing, e.g. for our processing of the data in the scope of handling possible complaints or demands and satisfying the accountability principle referred to in Article 5(2) of the GDPR.
Provision of data is a statutory requirement (Compary of the parties to the contract), failure to provide such data prevents you from receiving the conclusion and/or performance of the contract.
|(g) insertion, collection and storage of invoices and accounting documents and bookkeeping||Art. 6(1)(c) GDPR ("fulfilment of a legal obligation") in relation to art. 74(2) of the Accounting Act and in relation to art. 86 § 1 of the Tax Ordinance Act.||The data shall be stored for the period in which the regulations prescribe the storage of accounting books and accounting evidence (i.e. for 5 years, counting from the beginning of the year following the financial year to which the data refer) and for the period after which any tax liabilities become statute-barred.
Provision of data is a statutory requirement, failure to do so prevents the fulfilment of a legal obligation.
|(h) Fraud detection and prevention||Art. 6(1)(c) GDPR ("fulfilment of a legal obligation")||The data are stored for the duration of the contract and thereafter for the period after which claims arising from the contract become time-barred. In the event of the Administrator asserting claims or notifying the competent authorities - for the duration of such proceedings and "for 5 years from the beginning of the year following the financial year in which operations, transactions and proceedings are finally completed, paid off, settled or time-barred"|
|(i) Responding to complaints within the time and in the form prescribed by law||Art. 6(1)(c) GDPR ("fulfilment of a legal obligation")||The data will be stored for a period of 1 year after the expiry of the warranty or settlement of the claim, and thereafter for the period after which any claims become time-barred.
Provision of data is a contractual requirement, failure to do so will prevent the fulfilment of the complaint.
|(j) establishment, defence and vindication of claims, raised by or against the Administrator||Art. 6(1)(f) GDPR ("legitimate interests of the Controller")||
The data is stored for the period:
|(k) processing of possible complaints or requests, processing for archiving and security purposes,||Art. 6(1)(f) GDPR ("legitimate interests of the Administrator"||The data are stored for the period of existence of the legitimate interest pursued by the Administrator.
The data shall be stored until the legal conclusion of the proceedings and for the period after which potential claims become time-barred (in principle 3 years, maximum 6 years calculated from the date of termination of the relationship/contract).
If the personal data and the content of the correspondence constitute evidence in the proceedings conducted on the basis of the law or the Administrator became aware that they may constitute evidence in the proceedings, the data storage period shall be extended until the proceedings are finally concluded.
|(l) Recruitment||Article 6(1)(c) of the GDPR ("legal obligation incumbent on the controller"), Labour Code, Article 6(1)(a) of the GDPR and Article 9(2)(a) of the GDPR ("consent of the data subject")||Data is kept until 9 months after the end of the recruitment.
Provision of data is a statutory requirement, failure to provide such data makes it impossible to take part in the recruitment
|(m) Maintenance of employment records||Article 6(1)(c) of the GDPR ("legal obligation incumbent on the controller")||Data are stored for a period in accordance with current legislation i.e. 10 years or 50 years.
Provision of data is a statutory requirement, failure to do so will prevent employment.
3. Data recipients
The Administrator uses the services of external entities cooperating with it. Personal data are transferred to external entities only if and to the extent that this is necessary for the purpose of processing. External entities may use the transferred (entrusted) personal data only for the purpose of carrying out the task commissioned by the Administrator.
The Administrator is not responsible for the processing of personal data. Personal data may be transferred to the following recipients who cooperate with the Administrator:
- entities providing the Administrator with technical support services and suppliers of IT solutions enabling the Administrator to conduct its business (for example, software providers, e-mail providers and hosting providers),
- entities providing technical support services and suppliers of IT solutions enabling the Administrator to conduct its business (for example, software providers, e-mail providers and hosting providers)
- entities providing postal, courier and similar services (e.g. courier brokers) - to the extent necessary to carry out deliveries and correspondence,
- selected entities acting on behalf of the Administrator in handling accounting, tax, consulting, translation and legal matters - to the extent necessary to achieve the specific purpose of processing,
5. Transfer of data outside the European Economic Area
Your personal data will not be transferred outside the EEA or made available to international organisations. In exceptional situations, your personal data may also be transferred to third countries, i.e. outside the European Economic Area, if this is necessary for the provision of Services to you or if this is required by another valid legal basis. In this case, the transfer of data shall be based on appropriate safeguards in accordance with data protection legislation. You can find out more about these safeguards, as well as how and where to obtain a copy of these safeguards, by contacting us at the details provided above.
6. Your rights (rights of the person whose data is processed by the Controller)
Where consent is necessary in order to process personal data for a specific purpose, the Controller shall obtain such consent. The consent granted may be withdrawn at any time by contacting the Administrator. If the consent is withdrawn, the data will no longer be processed to the extent to which the consent pertained, but the withdrawal of consent shall not affect the legality of the processing which was performed on the basis of the consent before its withdrawal.
The processing of personal data does not always require consent. Consent is not required for data processing if any other prerequisite legalizing data processing in accordance with Art. 6(1) GDPR is met, e.g. if processing is necessary for the Administrator's legitimate interest (e.g. defence against claims) or if we take action at your request or on your initiative. You also have the following rights under the terms of the GDPR:
- the right to request from the Controller access to your personal data processed by the Controller,
- the right to rectify that personal data,
- the right to erasure of personal data ("to be forgotten") or to restriction of processing of such personal data- (unless there are no legitimate grounds for further processing),
- the right to object to the processing, and
- the right to portability of this personal data.
If your personal data is processed for direct marketing purposes, you may object at any time to the processing of that data for that purpose.
If you wish to exercise the above rights, you should submit a request to the Administrator. The contact details of the Administrator are given in section (2). In order to ensure that the person submitting the request is authorised to do so, the Administrator may ask for additional information confirming the identity of the submitter.
The Data Controller is obliged to provide the relevant information in writing. The provisions of GDPR indicate to what extent each of these rights may be exercised. This will depend in particular on the legal basis and purpose of the processing of personal data by the Administrator.
You also have the right to lodge a complaint to the supervisory authority, i.e. to the Office for Personal Data Protection, if in your opinion the processing of your personal data takes place in violation of the law.
7. Server log files
Our server saves certain information that your browser sends automatically. This applies in particular to the following data:
- the IP address of your device,
- time and date of the server request,
- information about the browser you are using (type/name, version),
- operating system,
- referring URL,
Records of server log file data are analyzed to:
- manage server performance,
- protect against
- protect against DDoS attacks
- adaptation of content,
We cannot attribute this information to any specific individual; we do not cross-reference it with other data sources. However, we reserve the right to inspect this information at a later date if we reasonably suspect a breach of the law.
Our website uses "cookies" to identify repeat users. A "cookie" is a small text file that is stored on the hard drive of a user's computer. It is not able to read data from your computer. Most browsers are set to accept cookies. You can disable this feature or ensure that your browser asks for your permission each time it sets a cookie.
9. Automated decision-making and profiling
Personal data will not be used for automated decision-making producing legal effects against you, including profiling.
10. Final provisions
The Administrator's websites may contain links (references) to external websites of third parties, the content of which we have no influence on. Consequently, we cannot assume any responsibility for the content of such third-party sites. The provider or operator of the website is solely responsible for the content of the linked pages. The linked sites were checked for possible legal violations at the time the links were created. No illegal content could be identified at this time. However, a permanent check of the content of the linked pages is not justified without concrete evidence of a legal violation. If we become aware of such a legal violation, we will remove the relevant link or links immediately.
© This document is protected by copyright. The author, as the creator, enjoys exclusive personal and property copyrights and disposes of these rights. The document is a "business secret" of the author within the meaning of the Act on Combating Unfair Competition. The document has been prepared for the use of the recipient of the document (customer) only. The author does not authorise, without his prior written consent, any other making available, use, reproduction, distribution or resale of this document or parts thereof. Violation of the above conditions may result in liability, including criminal liability, as defined in the Act on Combating Unfair Competition, the Criminal Code Act and/or the Act on Copyright and Related Rights. In particular, but not exclusively, the author shall have the right to demand that the prohibited activities be discontinued, that the consequences of the prohibited activities be rectified, that the damage caused be repaired, that the unjustly obtained benefits be handed over and that the author make one or more statements of appropriate content and form. Without the prior written consent of the author, it is also prohibited to send this document or otherwise make it available to persons or entities who may provide services competitive to those provided by the author - e.g. lawyers, auditors, consultants, IT specialists, consultants, accountants, auditors, legal advisors, lecturers, trainers, etc.