INFORMATION ABOUT PERSONAL DATA PROCESSING
Pursuant to Art. 13(1)(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, henceforth “GDPR”) (Journal of Laws UE L 119 of 04/05/2016, p. 1), we hereby advise of the following:
1. Your Data Controller is Małkowski-Martech S.A., a company with the registered seat in Czołowo, street address ul. Leśna 57, 62-035 Kórnik, Poland, incorporated in the register of entrepreneurs managed by the District Court in Poznań, 9th Commercial Division of the KRS (the National Court Register) under the reference KRS:0000350585, phone no. (+48) 61 222 75 00, e-mail: biuro@malkowski.pl.
2. You may contact the Data Controller regarding all matters concerning personal data protection by e-mail at biuro@malkowski.pl or mail to the Data Controller’s registered seat address, providing the annotation “Personal Data Protection”.
3. The Data Controller processes the following personal data: (1) of its customers: (a) pursuant to GDPR Article 6(1)(b) – to act in order to conclude contracts and fulfil the concluded contracts (which includes contact by phone or e-mail, transmission of documents relevant to the services being rendered, and more) – until the contract is discharged; (b) pursuant to GDPR Article 6(1)(c) – to discharge the obligations of the Data Controller mandated as obligatory by the prevailing law, especially the obligations resulting from the tax law – until these obligations are discharged in full or expire; (c) pursuant to GDPR Article 6(1)(f) – for purposes stemming from the lawful interests pursued by the Data Controller, especially the pursuit, determination, and defence of claims, for archiving and statistical processing, and for direct marketing operations – until the data processing is objected to or the claims expire, or the validity of lawful interests of the Data Controller expire; (d) pursuant to GDPR Article 6(1)(a) – whenever an appropriate consent is granted for transmission of marketing information and promotion of proprietary services – until such consent is revoked; (2) of the business partners who are natural persons: (a) pursuant to GDPR Article 6(1)(b) – to conclude and discharge the contract binding to the Data Collector – for the duration of each contract; (b) pursuant GDPR Article 6(1)(c) – to discharge the obligations of the Data Controller mandated as obligatory by the prevailing law, especially the obligations resulting from the tax law – until these obligations are discharged in full or expire; (c) pursuant to GDPR Article 6(1)(f) – for purposes stemming from the lawful interests pursued by the Data Controller, especially the pursuit, determination, and defence of claims, for archiving and statistical processing, and for direct marketing operations – until the data processing is objected to or the claims expire, or the validity of lawful interests of the Data Controller expire; (d) pursuant to GDPR Article 6(1)(a) – whenever an appropriate consent is granted for transmission of marketing information and promotion of proprietary services – until such consent is revoked; (3) of the individuals present at the registered seat of the Data Controller – pursuant to GDPR Article 6(1)(f) – in the form of an image recorded by visual monitoring systems – to ensure the security of the personnel at the registered seat of the Data Controller, protection of property, and confidentiality of the information the disclosure of which would be damaging to the Data Controller.
4. The recipients of personal data may include other entities cooperating with the Data Controller to pursue the objectives of processing specified in Section 3 herein (and these entities may include IT service providers or entities cooperating with the Data Controller to provide the services of sale of goods). The entities to which personal data may be transmitted oblige themselves to maintain confidentiality of the data and implement suitable engineering and organisational measures to ensure protection of the transmitted personal data.
5. To the extent resulting from GDPR, you have the right to access the contents of your data, to rectify the data, to erase the data, to restrict the processing of the data, and to revoke your consent for data processing at any time (which will have no effect on the lawfulness of the data processing completed before the revocation of consent).
6. You have the right to lodge a complaint with the President of the Personal Data Protection Office concerning the processing of personal data in violation of GDPR, the Polish Personal Data Protection Act of 10 May 2018 (Dz.U. 2018.1000, as amended), and any other domestic regulations designed to enforce GDPR.
7. Your personal data will not be processed by the Data Controller by automated decision-making, including profiling.
8. The Data Controller will not transmit your personal data to non-EU countries (outside of the European Union or the European Economic Area), or to any international organisations.
9. Your submission of personal data is voluntary; however, it is a mandatory prerequisite for the objectives of data processing specified in Section 3 hereof.