I. About us
III. What we use your personal data for
IV. On what terms and on what basis we process your data
VII. Subcontractors/processors
VIII. Subcontractors/processors
IX. How we take care of your data processing
XI. Authorisations
XII. Cookies
I. About us
As a responsible organisation that is aware that information has a certain value being a resource that requires proper protection, we are committed to duly informing you on matters related to the processing of personal data, especially in view of the content of new data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”). For this reason, in this document we set out the key information about the legal grounds for processing personal data, the means by which the data is collected and used, and the rights of data subjects.
We inform you that the Controller of your personal data is POLONEZ PLUS sp. z o.o. with its registered office in Warsaw, ul. Złota 59, 00-120 Warsaw, address for correspondence: ul. Ściegiennego 252, 25-116 Kielce, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number: 0000096766, Tax Id. Numer (NIP): 6571026504, National Business Registry Number (REGON): 290604078.
Contact on matters related to data protection is possible at: [email protected]. Personal data shall be obtained and processed in the manner and on the terms set out in this Policy.
II. General provisions
At POLONEZ PLUS Sp. z o.o. we attach particular importance to protecting privacy of our clients, contractors, partners, subcontractors, employees and associates. One of its key aspects is the protection of rights and freedoms of natural persons in relation to the processing of their personal data.
We ensure that the processing of your data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “GDPR”), the Act of 10 May 2018 on the protection of personal data, as well as specific provisions (contained, among others, in the Labour Law or the Accounting Act).
POLONEZ PLUS sp. z o.o. is a controller of personal data within the meaning of art. 4 item 7 of the GDPR, we also use the services of processors referred to in art. 8 of the GDPR – they process personal data on behalf of the controller (these are e.g. IT companies, software providers, security companies).
POLONEZ PLUS sp. z o.o. implements appropriate technical and organisational measures to ensure a level of security corresponding to the potential risk of infringement of rights or freedoms of natural persons with various probability of occurrence and seriousness of threat. Our activities in the field of personal data protection are based on the adopted policies and procedures, as well as regular training sessions to improve the knowledge and competences of our employees and collaborators.
III. What we use your personal data for
As an employer, we process the data of employees and persons who cooperate with us on a basis other than employment relationships. Contact data collected from contractors (e.g. their employees) are used for the conclusion and smooth execution of contracts. We use our clients’ data for the purpose of performing contracts and providing our services. We also conduct marketing activities, and in this context we try to reach as many interested parties as possible in order to provide them with up-to-date information about our products and services.
We share your data with third parties with your consent or when we are obliged to do so by law.
IV. On what terms and on what basis we process your data
We take care to protect the interests of data subjects and in particular ensure that the data shall be:
We normally process your data based on your consent, which can be withdrawn at any time. Another case is when the processing of your data is necessary for the performance of a contract to which you are party or to take action at your request, even before the conclusion of the contract.
In some situations, processing is necessary for the fulfilment of a legal obligation incumbent on us as a controller. Such obligations arise, for example, under labour law or the Accounting Act.
Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the pursuit of claims related to our business activities.
V. What rights you have
We take appropriate measures to provide you with all relevant information in a concise, transparent, understandable and easily accessible form and to conduct all communications with you regarding the processing of your personal data in connection with the exercise of your right:
Furthermore, if your personal data is processed on the basis of your consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of the processing carried out before its withdrawal.
If you wish to contact us regarding the exercise of a particular right, please contact us via email: [email protected]
The security of your data is our top priority, however, if you feel that we are in breach of the GDPR by processing your personal data, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
VI. How we contact you
We provide information in writing or by other means, including, where appropriate, electronically. If you request it, we may provide the information orally if we otherwise confirm your identity. If you communicate your request electronically, the information shall also be provided electronically where possible, unless you indicate another preferred form of communication.
VII. When we comply with your request
We endeavour to provide information promptly – in principle within one month of receipt of the request.
If necessary, this period may be extended by a further two months due to the complexity of the request. However, in any event, within one month of receipt of the request we shall inform you of the action taken and (where applicable) of the time extension, stating the reason for such delay.
VIII. Subcontractors/processors
f we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
We thoroughly check the entities to which we entrust the processing of your data. We conclude detailed agreements with them, and we perform periodic checks on the compliance of the processing operations with the content of such agreements and the provisions of law.
We may also transfer your personal data:
IX. How we take care of your data processing
To meet the requirements of the law, we have developed detailed procedures covering issues such as:
We regularly review and update our documentation to be able to demonstrate compliance with legal requirements in accordance with the principle of accountability formulated in the GDPR, but also, out of concern for the interests of data subjects, we strive to incorporate best market practices.
X. Data retention
We keep personal data in a form which allows for identification of the data subject for no longer than is necessary for the purposes for which the data is processed. After such a period, we either anonymise (de-identify) or delete the data. In the retention procedure we ensure that the retention period of personal data is limited to the strict minimum.
The period of data processing is determined primarily on the basis of legal regulations (e.g. the duration of storage of employee records, accounting documents), as well as the justified interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.
The period for which personal data is stored, depends primarily on the purpose for which the data is collected, according to the following criteria:
XI. Authorisations
We ensure that any person acting under our authority who has access to your personal data processes it only on our instructions, unless otherwise required by European Union or Member State law.
XII. Cookies
Cookies are used for:
The following types of cookies are used within the Website:
The description of the technical and organisational security measures is contained in the Security Policy (protection of personal data) of the website owner. In particular, the following safeguards are applied:
tel./fax (041) 348 90 19, (041) 348 90 31
email: [email protected]
Headquarters Warsaw
ul. Złota 59,
00-120 Warsaw PL
ul. Ściegiennego 252,
25-116 Kielce PL
Poznań office
ul. Dąbrowskiego 290,
60-406 Poznań PL
Wrocław office
ul. Irysowa 1,
55-040 Bielany Wrocławskie PL