Information about the processing of personal data
Purposes of processing
We process your data to the extent necessary for the relevant purpose – e.g. so that we can enter into an employment or business relationship with you and, for the duration of this relationship, fulfill our obligations arising from this relationship.
We process personal data for the following purposes:
a)If you are our potential clients or suppliers
- Service offering and marketing (purpose no. 1)
b) If you are our clients or suppliers
- Concluding and fulfilling commercial contracts, including providing support (purpose no. 2),
- Managing relationships with customers, suppliers and third parties (purpose no. 3),
c) If you are our employees or interested in employment with us
- Internal identification (purpose no. 4),
- Marketing activities (purpose no. 5),
- Concluding, changing, managing or terminating employment or similar relationships (purpose no. 6),
- Management of personnel, payroll and accounting agenda (purpose no. 7),
- Internal communication and access data management (purpose no. 8),
- Protection of employee health (purpose no. 9)
-
d) If you are a visitor to our website
- Analysis of your preferences, marketing (purpose no. 10).
Legal basis for processing
The legal basis for the processing of personal data is Article 6, paragraph 1 of the GDPR, as follows:
a) The data subject has given consent to the processing of his/her personal data (purposes 1, 4, 5, 10);
b) Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of measures taken prior to entering into a contract at the request of the data subject (purposes 2, 3, 6);
c) processing is necessary for compliance with a legal obligation to which the controller is subject (purpose no. 7, 9);
d) Processing is necessary for the purposes of the legitimate interests of the relevant controller or a third party (purpose no. 8).
Scope of personal data processed
We process personal data to the extent necessary to fulfill the above purposes and only such personal data that you provide to us, in particular:
- In connection with business cooperation, business cases or projects between the Administrator and you or a natural or legal person you are employed by, represent or cooperate with,
- In connection with the performance of work or as an applicant for work or cooperation with the Administrator.
-
We therefore process the following personal data about you:
- Identification data, which includes in particular your name and surname, birth registration number, nationality, citizenship, business registration number and tax identification number (if you are an entrepreneur);
- Contact information, which means personal data that allows us to contact you, in particular e-mail address, telephone number, permanent residence, billing address, corporate Skype account;
- Data about your orders, which are in particular data about the goods and services you ordered, the method of delivery and payment, including the payment account number and data about complaints;
- Visual identification data such as a photograph;
- Data related to the existence of an employment contract with us, e.g. records of working hours, completed training, overview of salaries, bonuses, overtime, travel allowances;
- Data necessary for processing and managing financial affairs, e.g. number of children, existence of insurance and pension contracts, health insurance company;
- Data about your behavior on our website, such as the parts of our pages that you view, the links you click on, the way you move around our website and scroll the screen, as well as data about the device from which you view our website, such as the IP address and the location derived from it, device identification, its technical parameters such as the operating system and its version, screen resolution, the browser used and its version, as well as data obtained from cookies and similar technologies for device identification;
- Health records (result of a test for antibodies to the SARS-CoV-2 virus).
Personal data processing time
We only keep your data for as long as is necessary and we respect data minimization rules when handling your data. This means that we have strict internal archiving rules in place to ensure that we do not keep data for longer than we are authorized to. The processing periods for personal data are set as follows:
- When processing data that is required by law, we follow the time period prescribed by these laws (e.g. the Wage Act, the Social Security Act, the Health Insurance Act, the VAT Act, and others),
- tax documents and records with detailed data relating to the selected services provided for 10 years from the end of the tax period in which the performance took place,
- We use data that we process on the basis of a contractual relationship for at least the duration of this contractual relationship and for a further period of 4 years due to a possible legal dispute,
- We use the data we process with your consent for the period for which the consent is validly granted to us,
- Data stored in cookies according to the period set in individual cookies (e.g. Google analytics for 1 year and 20 days),
- Health data for testing purposes for 3 years from the date of purchase.
For the avoidance of doubt, we may retain the consent itself and the change or withdrawal of consent for the purposes of our legitimate interests even after the consent has expired.
Sources of personal data
We obtain personal data in particular:
a) From our own activities, namely by processing and evaluating other personal data,
b) From business partners, suppliers or sponsors
c) From employees or job applicants, directly, e.g. when concluding contracts, based on selection procedures,
d) From publicly available sources (public registers, records or lists),
e) From third parties authorized to handle the client’s personal data.
Recipients of personal data
Your personal data of clients is made available in particular to our employees in connection with the performance of their work duties, during which it is necessary to handle personal data, but only to the extent that is necessary in the particular case and in compliance with all security measures. In addition, your personal data is transferred to third parties who participate in the processing of personal data, or these personal data may be made available to them for another reason in accordance with the law. The administrator has the right to entrust the processing of personal data to a processor who has concluded a processing agreement with the administrator and provides sufficient guarantees for the protection of your personal data. Therefore, before any transfer of your personal data to a third party, we always conclude a written contract with this person, in which we adjust the processing of personal data so that it contains the same guarantees for the processing of personal data that we ourselves observe in accordance with our legal obligations.
Transfer of personal data
In accordance with the relevant legal regulations, we are entitled to directly, without your consent, transfer your personal data to:
a) The relevant state administration authorities, courts and criminal prosecution authorities for the purpose of fulfilling their obligations and for the purposes of enforcing decisions;
b) Banks and other payment service providers;
c) Other persons to the extent specified by legal regulations, for example, third parties for the purposes of collecting our receivables.
Your rights
The controller complies with data protection laws applicable in the European Economic Area, which, where applicable, include the following rights:
a) If the processing of personal data is based on your consent, you have the right to withdraw your consent for future processing at any time (see below).
b) You have the right to request from us as the data controller, as required by law, access to and rectification of your personal data.
c) You have other rights such as the right to erasure, the right to restriction of processing, the right to object to direct marketing, and the right to data portability.
d) You have the right to object to the processing of your personal data.
e) You have the right to lodge a complaint with a data protection authority.
Right to withdraw consent
In this document, we have tried to explain why we need your personal data and that we may process it for some purposes only with your consent. You are not obliged to give the Controller your consent to the processing of your personal data and you are also entitled to withdraw this consent. We would like to remind you that we are entitled to process some personal data for certain purposes without your consent. If you withdraw your consent, we will stop processing the relevant personal data for the purposes requiring the relevant consent. If you wish to withdraw your consent to the processing of personal data, you may do so in the manner defined in the Contact us section.
Final provisions
Changes to the Privacy Policy Statement
We will update this Privacy Policy from time to time based on feedback from our customers. When we post changes to this Policy, we will revise the last updated date at the end of this Policy, including a description of the changes. If there are material changes to this Policy or to the ways in which the Controller will use your personal information, we will notify you of these changes by posting a prominent notice or sending you a personal notification prior to the implementation of these changes. We encourage you to review this Policy regularly to be informed of how we are protecting your personal information.
Contact us
In case of any query regarding personal data protection, withdrawal of consent to further processing of your personal data or in case of your complaint, you can use the following options:
- By written, officially certified notice delivered to the address of the Administrator’s registered office,
- In person at the personnel department,
- By data message sent to the data mailbox, ID: nnhmgws
Changes
- 2021-04-06 Revision of purposes when changing legislation.
- 2020-12-12 First version.
