In compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC Official Journal of the European Union L 119, page 1 (hereinafter referred to as “GDPR”), we would like to provide you with some information about the processing of your personal data by TEZET Sp. z o.o. in Lublin.
1. Who controls your personal data?
We kindly inform you that the entity deciding on the purpose and manner of processing of the personal data collected from you is TEZET Sp. z o.o. in Lublin with its registered office at Puławska 38, NIP (tax identification number) 712 01 63 547 and REGON (National Business Registry Number) 001326324, registered in the National Court Register kept by the District Court Lublin-Wschód in Lublin with its registered office in Świdnik under KRS: 0000064980 (hereinafter referred to as the “Controller”).
2. Contact with the data Controller.
In matters related to the processing of personal data, please contact us at: e-mail: tezet@tezet.pl, tel. +48 81 740 50 10.
3. Purpose, legal basis and retention period of your data.
| Pos. | Purpose of processing | Basis of processing | Data retention |
|---|---|---|---|
| 1 | Conclusion and execution of a contract e.g.: purchase, gas supply, installation of equipment, services of own laboratory establishment and use of an account on the website, and commissioning of services. | Article 6, paragraph 1(b) of the GDPR – performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. | The period of processing of the data at the disposal of the Controller depends in particular on the legal basis and the purpose of the processing, which result from:
• the need to conclude and perform a contract – until the date of validity and settlement of the contract; • execution of legal regulations – for the period specified in these regulations; • the legitimate interest of the Controller – for the period enabling the realization of a given interest or until • an effective objection against such processing is made; • a consent – until it is withdrawn. If necessary for the assertion of claims or defence against them, these periods may be extended by the period of the statute of limitations of the claims or the end of the ongoing proceedings before the relevant authorities. |
| 2 | Financial reporting (issue and storage of VAT invoices and other financial and accounting documents). | Article 6, paragraph 1(c) of the GDPR – compliance with a legal obligation to which the Controller is subject in connection with its activities. | |
| 3 | Handling complaints and other claims arising from the business activities. | Article 6, paragraph 1(f) of the GDPR – legitimate interest pursued by the Controller, which is the assertion or defence of claims. | |
| 4 | Direct marketing of products and services offered by the Controller, and answering addressed questions. | Article 6, paragraph 1(f) of the GDPR – legitimate interest pursued by the Controller, which is direct marketing of products and services. | |
| 5 | Communications and marketing activities using an individual’s email address or telephone number. | Article 6, paragraph 1(a) of the GDPR – consent to the communication or sending of commercial information by electronic means. | |
| 6 | Video surveillance (image of persons on Company premises e.g.: customers, employees). | Article 6, paragraph 1(f) of the GDPR – legitimate interest pursued by the Controller, which is ensuring the safety of persons and property. | |
| 7 | Recruitment of employees. | Article 6, paragraph 1(a) or Article 9, paragraph 2(a) of the GDPR – providing additional data – other than that indicated in the Labour Code; Article 6, paragraph 1(c) of the GDPR – compliance with a legal obligation to which the Controller is subject. |
4. The recipients of your data may be entities:
1) to whom the Controller is obliged to make the data available on the basis of applicable legal regulations,
2) providing the following services for the Controller: legal, IT, postal, courier, transport, customs and other services resulting from the execution of a given process or service.
5. Depending on the legal basis for processing your data, you have the right or entitlement to:
1) obtain confirmation from the Controller as to whether your personal data is being processed and, if this is the case, to obtain access to it, including obtaining a copy of it (and other information described in Article 15 of the GDPR) – obtaining information as to what sort of data is being processed and for what purpose;
2) demand the rectification of personal data which is inaccurate and the completion of incomplete data (Article 16 of the GDPR) – by exercising this right, you can notify the Controller of the need to correct inaccurate data or to complete data resulting from a data processing error;
3) demand the erasure of personal data (“right to be forgotten” – the demand granted in cases described in Article 17 of the GDPR) – however, this right does not apply when personal data is processed for the purposes of fulfilling the legal obligations of the Controller;
4) request to restrict processing of personal data ((the request is entitled in the cases described in Article 18 of the GDPR);
5) exercise the right to the portability of personal data where the processing is carried out by automated means on the basis of the consent given (Article 6, paragraph 1(a) or Article 9, paragraph 2(a) of the GDPR) or where the processing is necessary for the performance of a contract (Article 6, paragraph 1(b) of the GDPR) (Article 20 of the GDPR).
6. Notwithstanding the aforementioned rights, you may at any time:
1) submit an objection to the Controller, at the aforementioned contact details, against the processing of your data based on legitimate interests pursued by the Controller on grounds related to your particular situation. In that case, the Controller shall no longer be able to process the personal data to which the objection relates on that ground, unless the Controller proves that there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment or defence of claims;
2) withdraw consent to the processing of your personal data in a situation where it constitutes the basis for processing, however without affecting the lawfulness of processing carried out by the Controller on the basis of consent before its withdrawal;
3) lodge a complaint with the President of the Personal Data Protection Office (UODO) based in Warsaw at Stawki 2, 00-193 Warsaw, in case the processing of personal data violates the provisions of law.