INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA at Oręcz ORD Sp. z o.o.
Pursuant to Article 13 paragraphs 1 and 2 and Article 14 paragraphs 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/56/EC (hereinafter referred to as the “GDPR”), applicable from 25 May 2018, we hereby inform you about the manner and purpose for which we process your personal data (hereinafter referred to as “data”), as well as your data protection rights.
1. Who is responsible for data processing and who can be contacted? The controller of your data is Oręcz ORD Sp. z o.o., which can be contacted in writing at ul. Siewierska 25, 61-323 Poznań, or by email at osprzet@osprzet.com.
2. Why, for what purpose, and on what legal basis do we process your data?
2.1. The data is processed for the purpose of carrying out activities, concluding or performing the contract for which it was provided to the Controller (including order fulfillment, billing, communication related to the provision of services, communication via the contact form). The basis for processing is the necessity for the performance of the contract (Article 6, paragraph 1, letter b of the GDPR).
2.2. The data is processed for the Controller’s commercial activities and for the provision of other services as part of the performance of contracts concluded with customers or for the performance of activities performed at the customer’s request before or in connection with the conclusion of the contract.
2.3. The data is processed for the purpose of handling complaints and any other claims. The basis for processing is the Controller’s legitimate interest in securing information
about cooperation in order to handle potential claims.
2.4. The Controller’s fulfillment of administrative and public law obligations,
2.5. We process data based on your written or oral consent (Article 6, Section 1, Letter a of the GDPR),
granted for specific purposes (e.g., marketing).
2.6. Consents granted to the processing of personal data remain in force.
2.7. Consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness
of data processing until the consent is withdrawn or in circumstances where
the Controller processes data based on a basis other than your consent.
3. Where do we obtain your data and what are its categories?
3.1. Most of the data processed by the Controller comes directly from the interested
entity (e.g., customer, employee),
3.2. Entrepreneur data is also obtained from public sources, such as the National Court Register, the Central Register of Business Activity, or similar sources located in other countries, as well as from private entities specializing in collecting and sharing information about entrepreneurs.
3.3. In the case of data relating to individuals representing entrepreneurs or otherwise acting on their behalf, the data is obtained in the manner described above, as well as from the entrepreneurs themselves.
4. To whom can we transfer data?
4.1. Data may be shared with other recipients for the purpose of performing a contract with you, for the purpose of fulfilling a legal obligation to which the Controller is subject, based on your consent, or for purposes arising from the legitimate interests of the Controller or a third party.
4.2. Recipients may include authorized employees of the Controller and other persons acting with their authorization. Data is transferred to entities processing data on behalf of the Controller,
whereas such entities process data based on an agreement with the Controller and only
in accordance with its instructions and subject to professional secrecy.
4.3. The Controller does not sell your personal data to other entities.
5. Will your data be transferred to a third country (outside the European Union)?
Data may be transferred to recipients in countries outside the European Union if it is necessary for
the performance of a contract concluded between you and the Controller or to take steps prior to
entering into such a contract, as well as as part of the Controller’s use of
IT infrastructure (cloud, email).
6. Is the provision of personal data mandatory?
Providing personal data is voluntary.
7. How long will your data be processed (stored)?
Your data will be processed for the period necessary to achieve the purposes indicated in point. 2, i.e.:
- Within the scope of the performance of the concluded contract – until its completion, and additionally after
termination of the contract, data will be stored due to the obligations arising from accounting and tax regulations, for their duration, and for legal security reasons, until the statute of limitations for any claims expires. - Within the scope of fulfilling the legal obligations incumbent on the Controller in connection with
conducting business activities and implementing concluded contracts – until these obligations are fulfilled. - Within the scope of processing carried out solely based on consent – until the data is immediately
deleted, based on your request. - Until the Controller’s legitimate interests constituting the basis for
this processing are fulfilled or until you object to such processing,
unless there are legitimate grounds for further data processing.
8. What rights do you have to ensure your data is adequately protected?
You have the right to:
- Request access to, rectification of, restriction of processing of, or deletion of your data,
- Withdraw your previously granted consent to data processing at any time within the scope of that consent, provided that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal,
- Load a complaint to the supervisory authority, which in the Republic of Poland is the President of the Personal Data Protection Office, if you believe that the processing of your data violates the provisions, including the GDPR,
- Object to data processing on grounds relating to your particular situation, when the Controller processes data for purposes arising from legitimate interests (Article 21, Section 1 of the GDPR),
- Object to data processing for marketing purposes direct marketing,
including profiling for marketing purposes, to the extent that data processing is
related to direct marketing.