NOTICE ON PERSONAL DATA PROCESSING
In connection with the implementation of the requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), we hereby inform you on the processing of your personal data for the purposes of concluding and performing contracts, for compliance with legal requirements, implementation of legitimate interests and based on consent and we inform you of your associated rights. The following rules are applicable from 25 May 2018.
EMPERIA HOLDING Spółka Akcyjna, based in Warsaw (02-566), ul. Puławska 2B, entered into the register of companies at the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number 0000034566, NIP 712-10-07-105, REGON 430450457, share capital: PLN 12 342 027, fully paid up, hereinafter the Controller.
a) executing and performing contracts with the Controller’s counterparties (legal basis: art. 6 sec. 1b GDPR) – for the term of contract and settlements after it expires,
b) compliance with a legal obligation to which the Controller is subject, e.g. issuing or storing invoices and other accounting documents, responding to complaints (legal basis: art. 6 sec. 1c GDPR),
c) establishing, defending and seeking claims (legal basis: art. 6 sec. 1f GDPR) – for a period after which such claims expire,
d) verifying payment credibility (legal basis: art. 6 sec. 1 f GDPR) – for a period necessary to carry out such assessment when concluding, extending or expanding the scope of a contract,
e) direct marketing (legal basis: art. 6 sec. 1f GDPR) – for the contract term or until a complaint is lodged,
f) detecting and counteracting fraud (legal basis: art. 6 sec. 1c and 1f GDPR) – for the contract term and subsequently for a period after which claims expire or for the duration of proceedings conducted by appropriate public authorities,
g) in any other cases, your personal data is processed exclusively based on consent, within the scope and for the purposes specified in such consent (art. 6 sec. 1a GDPR) – for the duration of the consent.
a) entities processing personal data on behalf of the Controller based on appropriate contracts, e.g. servicing the Controller’s IT systems, subcontractors, advertising agencies, intermediaries, entities providing the Controller with advisory, legal, debt recovery, accounting, audit, mailing and courier services
b) entities from the group to which the Controller belongs,
c) entities authorised to receive such personal data on the basis of existing legal regulations, e.g. courts and state authorities.
a) right to access your personal data, including the right to copy this data,
b) right to demand rectification (correction) of personal data – if this data is incorrect or incomplete,
c) right to demand erasure of personal data (right to be forgotten) in the following events:
- the data is no longer necessary for the purposes for which it was collected or processed in another manner,
- the data subject objects to the processing of personal data,
- the data subject withdraws the consent for the processing of personal data that is the basis for data processing and there are no other legal grounds for data processing,
- personal data is being processed unlawfully,
- personal data must be erased in order to comply with a requirement resulting from legal regulations,
d) right to demand restriction of personal data processing – if:
- the data subject questions the correctness of the personal data,
- data processing is unlawful and the relevant person objects to data erasure, instead demanding a restriction,
- the Controller no longer needs the data for its purposes but the relevant person needs it to establish, defend or seek claims,
- the data subject objects to data processing, for as long as it takes to establish whether or not the Controller’s legitimate grounds have priority over the grounds of the objection,
e) right to transfer data – if the following conditions are met jointly:
- data processing takes place on the basis of a contract executed with the data subject or on the basis of consent granted by this person,
- processing takes place in an automated manner,
f) right to object to data processing if a special situation arises and the basis for processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6 sec. 1f GDPR), except where the Controller:
- proves the existence of legally important legitimate interests that override the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child, or
- proves grounds for establishing, seeking or defending claims.
However, if data is processed for direct marketing purposes (including profiling), you have the right to object at any time and the Controller will no longer be allowed to process this data for these purposes.