phone +48 33 475 05 50 | srubena@srubena.pl | PL | EN | DE

INFORMATION ON PERSONAL DATA PROCESSING

1. The Controller

The Controller of personal data is Srubena Unia Sp. z o.o. with its registered office at Żywiec, ul. Grunwaldzka 5, 34-300. ("the Controller"). 

Contact with the Controller is possible by post to the above address of the Controller's registered office or by e-mail: dane.osobowe@srubena.pl

2. Data processing

In connection with its business activity, the Controller collects and processes personal data, making every effort to ensure that the processed personal data is adequately secured.

Data is collected directly from data subjects (e.g. as part of direct contact) as well as from third parties (e.g. from an entity cooperating with the Controller).

The processing of personal data is based on the applicable law, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("the GDPR").

3. Purposes and legal basis for data processing

The legal basis for the personal data processing is defined in Article 6 of the GDPR which governs general rules on the compliance of the personal data processing. In any case, the Controller shall process the data relevant to a given case and for the purpose for which it was collected, ensuring its appropriate protection.

The  controller  processes  personal  data  for  the  purposes  related  to  the  conducted  business  activity,  in particular, the conclusion and performance of contracts (under Article 6(1)(b) of the GDPR), the performance of legal obligations incumbent on the Controller (under Article 6(1)(c) of the GDPR), as well as - pursuant to Article 6(1)(f) of the GDPR - for marketing purposes, keeping business contacts, securing, asserting as well as defending against claims and ensuring data security.

Przetwarzanie danych na podstawie art. 6 ust. 1 lit. f) RODO zapewnia realizację prawnie uzasadnionych interesów Administratora takich jak zapewnienie bezpieczeństwa, marketing produktów własnych, czy ochrona przed roszczeniami i dochodzenie należności.

Data processing under Article 6(1)(f) of the GDPR shall ensure that the Controller's legitimate interests, such as security, marketing of own products, protection against claims and asserting claims, are fulfilled.

In order to ensure security of persons and property, the Controller informs that he applies video surveillance. Personal data from video surveillance is not used for other purposes. In other cases, the Controller processes personal data on the basis of granted consents.

To the extent that the data is processed for the contract performance, the provision of the data is a condition for  the  contract  conclusion.  The  data  provision  is voluntary  but  necessary  for  the  conclusion  and performance of the contract. If personal data is not provided, the contract may not be concluded. Providing certain information is also a legal obligation, e.g. necessary to issue an invoice.

4. Data recipients

In connection with the conducted business activity, in some cases the Controller discloses the data to third parties, in particular, to legal and accounting service providers, couriers and transport companies, providers of IT systems and equipment, marketing agencies, banks and payment institutions or public bodies. Data is also disclosed to entities related to the Controller, including companies being part of the Controller’s capital group. 

5. Data processing period

If personal data is collected for the purpose of performing an order or concluding a contract, the personal data is stored from the moment of data collecting until the contract termination or contract performance after the moment of its termination.

In the case of personal data collection in order to fulfill obligations resulting from the law, the data shall be kept for the period of fulfilling obligations and tasks resulting from individual law provisions.

In the case of personal data processing for the purposes of the legitimate Controller’s interests, the data shall be kept for no longer than six years from the date of contract termination or until a reasoned objection is raised to the processing for such purposes.

In the case of personal data collection on the basis of consent, until the consent is revoked.

The period of personal data processing may be extended when the processing is necessary to establish, assert or defend against a possible claim, and after that period only if required by law and to the extent required by law.

6. Rights related to personal data processing

Data subjects’ rights:

  • access to their personal data,
  • rectify the personal data,
  • erase the personal data,
  • limit personal data processing,
  • object to the personal data processing,
  • data portability,
  • withdraw the consent at any time – if the processing is carried out on that basis,without prejudice to the lawfulness of processing carried out on the basis of the consent before its withdrawal)

In addition, the data subject has the right to lodge a complaint with the supervisory authority. In Poland, since 25 May 2018  the supervisory authority has been the President of the Office for Personal Data Protection.