Dear Sirs,
We make every effort to protect the personal data we collect in accordance with national legislation and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, as amended by Official Journal of the EU L 127 of 23.05.2018, p. 2), (hereinafter: ‘GDPR’).
We are making this privacy policy available to you so that every person with whom we enter into a relationship knows:
- who is the controller of their personal data,
- to what extent, for what purposes and on what legal basis we process the data and with whom we share it,
- what rights you have in relation to data processing
in accordance with Articles 13 and 14 of the GDPR.
The privacy policy may be detailed in the information provided at the time of collection of personal data or within a reasonable time – at the latest within one month – in case of collection of data from indirect sources, i.e. not from the data subjects.
§ 1 Controller
- The controller of your personal data is AllSafe sp. z o.o. (limited liability company) with its registered office in Warsaw at 43 Grzybowska St., 00-855 Warsaw (hereinafter: ‘AllSafe’, ‘controller’ or ‘we’).
- In certain cases, we may also process your data as a recipient or processor.
§ 2 Point of contact
In order to supervise matters related to personal data protection and to provide you with detailed information, we have appointed a special contact point. You can contact us by our contact form or by telephone at +48 22 213 92 81.
§ 3 Data processing
1. Customers
If you are one of our customers, then:
- we process your data in order to conclude or perform a contract (Article 6(1)(b) of the GDPR), to comply with our legal obligations under the law (Article 6(1)(c) of the GDPR), and in certain cases for the purposes of legitimate interests (Article 6(1)(f) of the GDPR); cases of our legitimate interests are described in § 4;
- the categories of personal data processed may include: first and last name, address (residence, correspondence, registered office), PESEL, telephone number, e-mail address, company name, NIP, Regon, financial and billing data;
- recipients of the data may be entities providing courier, postal, legal or IT services;
- the data will be stored for min. 5 years from the end of the calendar year in which the deadline for payment of tax in connection with the concluded agreement expired, however, the provisions of law may provide for a longer storage period, in particular with regard to the assertion or defence of claims; cases of a longer data processing period are described in § 4;
- in connection with the processing you have the right to access and rectify your data, the right to restrict processing, the right to object to processing, the right to lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw); detailed information on individual rights can be found in § 5;
- your personal data may be processed in the form of analytical, sales and marketing profiling; binding decisions are not automated – they are never taken without human involvement;
- the provision of data is a contractual requirement, and the refusal to provide such data may prevent the conclusion or performance of the contract.
2. Suppliers
If you provide us with goods or services, then:
- we process your data for the purpose of entering into or performing a contract (Article 6(1)(b) of the GDPR), to fulfil legal obligations incumbent on us, (Article 6(1)(c) of the GDPR), and in certain cases for the purposes of legitimate interests (Article 6(1)(f) of the GDPR); cases of our legitimate interests are described in § 4;
- the categories of personal data processed may include: first and last name, telephone number, email address, company name, NIP, Regon, function/position;
- the recipients of the data may be entities providing courier, postal, legal or IT services;
- the data will be stored for min. 5 years from the end of the calendar year in which the deadline for payment of tax in connection with the concluded agreement expired, however, the provisions of law may provide for a longer storage period, in particular with regard to the assertion or defence of claims; cases of a longer data processing period are described in § 4;
- in connection with the processing you have the right to access and rectify your data, the right to restrict processing, the right to object to processing, the right to lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw); detailed information on individual rights can be found in § 5;
- providing data is a contractual requirement, and the refusal to provide it may prevent the conclusion or performance of the contract.
3. Those who contact us via our website
If you contact us via our website, then:
- we process your data for the purpose of our legitimate interests, which is the communication between us and you (Article 6(1)(f) of the GDPR);
- the categories of personal data processed may include your name, company name, email address, contact telephone number;
- recipients of the data may be entities providing IT and marketing services;
- the data will be stored for the period necessary to answer the sent enquiries; cases of longer data processing periods are described in § 4;
- in connection with the data processing you have the right to access and rectify your data, the right to restrict processing, the right to object to processing, the right to withdraw consent at any time (without affecting the legality of the processing performed before its withdrawal), the right to erase data, the right to lodge a complaint to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw)
- providing the data is voluntary, refusal to provide the data will make it impossible to answer the sent enquiry;
- we may also process information which enables us to remember your preferences in using the website – to collect this type of data we use ‘cookie’ files; more about ‘cookies’ in § 9;
- data relating to the use of our website may be used for internal statistical purposes and website functionality and to ensure information security. In this situation, we only use aggregated data and do not use names, e-mail addresses or other information that allows you to be directly identified.
§ 4 Other grounds for processing
- In addition to the situations mentioned in § 3, we may also process your data for other purposes in certain cases. These may involve an extension of the storage period for your data.
- For the purposes necessary to comply with our legal obligations (Article 6(1)(c) of the GDPR), we will process your data:
-
- for the duration of the legal obligations imposed on us by the relevant legislation, including but not limited to tax law, social security law, etc;
- for the period that we are required by law to retain the data (these laws may provide for different retention periods).
- In addition, we may also process your data for other purposes arising from our legitimate interests (Article 6(1)(f) of the GDPR) consisting of, among others:
-
- conducting correspondence;
- establishing, defending and pursuing claims, which includes, but is not limited to, the sale of our receivables to another entity;
- promoting the company and our services;
- producing compilations, analyses and statistics;
- establishing business relationships or partnerships;
- archiving;
- providing information on data protection and information security.
- Your personal data will not be processed on the basis of our legitimate interests, if in certain cases your rights and freedoms prove to override them.
§ 5 Rights
- The right to access and obtain a copy of your personal data – upon your request, we will provide information on whether we process your personal data. We are also obliged, upon separate request, to provide you with more detailed information regarding: the purposes of the processing, the categories of personal data, the recipients of the data or their categories, the storage period of the personal data or the criteria for determining it, the source of the data, about the automated processing of the personal data and the consequences of such processing for you. In case of transfer of personal data to a third country, we will also inform you about the safeguards applied for the transfer upon your request. Upon your request, we will also make a copy of your personal data. This will be made available to you in a common computer file format. The first copy will be provided free of charge. However, we may charge a fee for each subsequent copy, which we will determine based on the provisions of the GDPR.
- Right to rectification – if we find that your personal data is incorrect we will rectify the inaccuracies. We will do this on our own initiative – or, if you bring it to our attention, at your request.
- The right to erasure, including the ‘right to be forgotten’ – if you do not wish your personal data to be processed and we determine that there are no other legal grounds that allow us to process your data – we will erase it from our databases. However, please note that the deletion of some data may prevent us from providing services to you – this applies to those services in connection with which it is necessary to process the personal data you have provided. For example, we will not be able to answer your questions and present you with our offer if you request that we delete your e-mail address. However, despite such a request, we will still be able to process certain personal data in specific cases under the terms of the GDPR.
- Right to restrict processing – in the cases provided for by the GDPR, we will restrict the processing of your personal data at your request. In simplest terms, restricting the processing of your personal data prevents you from using it beyond storage. In this case, any other activities on the data subject to the processing restriction will only be carried out with your consent.
- Right to data portability – under the terms of the GDPR, you may request that your personal data be transferred stored in a standard machine-readable file format. If your aim is to transfer it to another controller, we will send the file containing your personal data directly to that controller.
- Right to object – in some cases, even if we process personal data lawfully, without your consent, you may request us to stop processing your personal data by lodging an objection. This will be justified if you demonstrate that our lawful activities nevertheless infringe your interests, rights or freedoms.
- Right not to be subject to automated decisions in individual cases, including profiling – you have the right not to be subject to decisions that would be based solely on automated processing, including profiling, if they were to produce legal effects or similarly significantly affect you.
- The right to withdraw consent at any time – where we have asked for your consent you may withdraw that consent at any time. Unless we have a separate basis for processing, we will stop using your personal data for the purpose for which you have given your consent. However, please note that withdrawing your consent may sometimes prevent us from providing you with interesting content or information.
- The right to lodge a complaint to the supervisory authority – if you believe that your rights have been infringed by our actions related to the processing of your personal data, you may lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
- The rights mentioned above may be restricted in certain situations, e.g. when we can demonstrate that we are legally obliged to process your data.
- If you wish to exercise your rights, all you need to do is send a request using the contact details indicated in § 1 or § 2.
§ 6 Data sources
- As a general rule, most of the data that we process is information that you have provided to us of your own free will.
- In some occasional cases, especially if you use our specific services, we may process personal data that we are able to infer about you from other information that you provide to us and that we acquire in the course of our relationship. This data will not be processed for longer than is necessary for the purpose for which it was collected or will be deleted immediately.
- Where we have not obtained personal data directly from you, we inform you that:
-
- the data may have been obtained from a person or entity that has indicated you as a representative or designated contact person;
- in the case of persons participating in the recruitment process or persons interested in establishing cooperation based on a civil law contract, personal data may have been obtained from recruitment agencies or personnel consultancy companies with which we cooperate or from our employees, co-workers (in the case of referrals).
§ 7 Technical and organisational measures
- We are committed to properly protecting your personal information in accordance with established internal policies, orders, procedures and standards so that your personal information is protected from unauthorized use or access, unlawful modification, loss or destruction.
- We use physical and logical security measures of a high standard.
- Your personal data will not be kept longer than necessary for the purpose for which it was collected, including the need to comply with legal obligations and for the handling of disputes and the assertion or defence of claims.
- As part of ensuring the security of the personal data we process, we are committed to considering:
-
- confidentiality – we will protect your data from accidental disclosure to third parties;
- integrity – we will protect your data against unauthorised modification
- availability – we will ensure that only authorised persons have access to your data, only when necessary.
- Your personal data may be processed by third parties only if such party undertakes to provide appropriate technical and organisational measures to ensure the security of the processing of personal data as well as to maintain the confidentiality of such data.
- Any of our employees or associates who have access to personal data have the appropriate authorisation and are obliged to maintain confidentiality.
- The personal data you enter on our website is encrypted and protected with an SSL certificate. It secures the data transmission within the domain and confirms its authenticity.
§ 8 International data transfer
- The transfer of personal data may take place on the basis of an adequacy decision (Article 45 of the GDPR), subject to appropriate safeguards, including standard data protection clauses, an approved code of conduct, an approved certification mechanism (Article 46 of the GDPR), in accordance with binding corporate rules (Article 47 of the GDPR), subject to exceptions in specific situations (Article 49 of the GDPR).
- International data transfers based on standard contractual clauses may relate in particular to services provided to us by: Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, United States of America) and Google LLC (1600 Amphitheatre Parkway Mountain View, California 94043, United States of America).
§ 9 Cookies
- Our website uses ‘cookies’.
- Cookies are information in the form of small text files that are stored on your computer by a server. They are important because they allow the server to read information each time you connect to a particular computer.
- The information collected by cookies does not constitute personal data; however, it may be used to provide you with certain functions. Such data is encrypted to prevent unauthorised access.
- By default, the software you use to browse the Internet allows cookies to be placed on your computer – you have given your consent via your browser settings (Article 6(1)(a) of the GDPR).
- You can make the appropriate configuration of your browser to block the automatic acceptance of ‘cookies’ or to be informed each time a file is sent to your device. More information about the handling of cookies and the possible configurations can be obtained from the settings of your browser. The level of restrictions on the use of cookies may affect the availability and functionality offered by our websites, including the possibility to block their full functioning.
- Our website uses ‘cookies’ for correct configuration, in particular to:
-
- adapting the content of the website to your preferences;
- correct configuration of selected website functions, in particular to verify the authenticity of a browser session
- recognise your device and appropriately display the website, tailored to your individual needs;
- remembering your settings and personalizing the interface, e.g. with respect to the chosen language or region;
- remembering the history of pages you have visited on the site in order to recommend content, font size, design of the website, etc.
- We may collect data on your activity within our websites. This data will be used for internal statistical purposes and to develop and improve our products, services, communication methods and the functionality of our websites, as well as to ensure information security. In this situation, we only use aggregated data and do not use names, email addresses, or other directly identifiable information.
- The legal basis for our processing of this type of data is our legitimate interest (Article 6(1)(f) of the GDPR), consisting in particular of improving our websites, in order to ensure the high quality of service and functionality of our websites.
- The storage periods for personal data indicated above in this section will occur most frequently. Due to the multiplicity of possible situations, please address any questions regarding the storage periods for personal data in a given situation to the contact details indicated in § 1 or § 2.
§ 10 Closing remarks
- We reserve the right to make changes to this privacy policy, which may result from the need to adapt to changes in legislation or applicable privacy standards or in connection with the expansion of our offer.
- We shall inform you of any changes in data processing by means of an appropriate notice on our website or by e-mail.
Contact us
Take the first step to achieving GDPR compliance.
Call, come to the office or send a message!•