GDPR - Promar

Information concerning the processing of personal data regarding contact with PROMAR PPH Sp. z o.o. (including by email and electronic form) on the basis of ART. 13 & 14 GDPR

Privacy notice regarding the processing of personal data for persons who contact PROMAR via email or electronic form.

1.[Controller and contact details]

The Controller of the personal data is “PROMAR” Przedsiębiorstwo Produkcyjno Handlowe sp. z o.o. with its registered office in Zawiercie, ul. Cerefisko 2, 42-400 Zawiercie, entered in the register of entrepreneurs, kept by the District Court for Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register, under number 0000063171, NIP 1180010695, REGON 008052670, with the share capital of PLN 1,000,000.00.

2.[Contacting the Controller] The Controller can be contacted by regular mail at the registered office address indicated above or by email at info@promar.pl.

3.[Purposes and legal bases for the processing]

Your personal data will be processed for the following purposes, based on the following legal bases:
a.for the purpose of correspondence, including responding to emails – on the basis of Article 6(1)(f) GDPR (the processing is necessary for the purposes of the legitimate interest pursued by the Controller, which is to maintain contact with persons interested in the Administrator’s business operations, timely provide all communications in connection with the business operations, ensure the quality of cooperation with customers and contractors and other interested parties), and possibly:
b.for the purpose of ent
ering into and performing a contract to which an individual acting on his/her own behalf is a party – on the basis of, inter alia, Article 6(1)(b) GDPR, as the processing of personal data is necessary to perform the aforementioned activities and to take action at your request prior to entering into a contract;
c.for the purpose of entering into and performing a contract with respect to a party other than an individual due to the Controller’s legitimate interest consisting in contacting through persons designated to maintain contact/represent/perform the contract (based on Article 6(1)(f) GDPR);
d.for the purpose of fulfilling by the Controller its legal obligations under the laws applicable to its operations, in particular tax and accounting obligations, and those arising from other regulations governing the Controller’s activities (based on Article 6(1)(c) GDPR);
e.for the purpose archiving of documentation and communications, including correspondence produced by the Controller in the course of its business operations, due to its legitimate interest consisting in the necessity to document evidence of its activities, among other things, in accordance with applicable regulations, and to use the archived material for the purpose of pursuing, establishing or defending against claims (based on Article 6(1)(f) GDPR).

4.[Sources and categories of personal data]

Personal data was obtained directly from the sender of the correspondence or was provided by the sender of the correspondence in its content or by your employer/client/employer. In some situations, data is obtained from public sources (public records, website, etc.). The scope of the processed data generally includes: first and last name, position or function, e-mail address, telephone number, company name and contact details, and the content of the correspondence.

5.[Data recipients] The Controller has the right to transfer your personal data to other recipients if necessary to achieve the purpose of the processing, i.e.: entities that provide IT support services to the Controller, including operation and maintenance of IT systems, data hosting and cloud services, our authorized employees and associates, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, group companies for internal administrative purposes (based on Article 6(1)(f) GDPR).

6.[Processing outside the EEA] Your personal data may be transferred to a third country (i.e. a country outside the European Economic Area). Such transfer of your personal data may take place on the basis of standard safeguard clauses (based on Article 46(2)(c) and (d) GDPR) or on the basis of any another mechanism that is lawful and legalizes such transfer and will provide adequate safeguards for the protection of personal data in accordance with applicable laws in this regard. The transfer to the United States is based on the decision of the European Commission dated 10.07.2023, finding an adequate level of personal data protection provided under the EU-US data protection framework (Article 45 GDPR).

7.[Data retention period] Personal data will be processed for the duration of the correspondence. After this time, personal data will be processed for the period specified by the statute of limitation of claims, unless an effective objection to such processing is made earlier. In the case of the conclusion or performance of a contract, the Controller will process personal data for the duration of the contract, after which time they will be processed for 5 years from the end of the year in which the tax or accounting obligation arose, unless a longer period is provided for by law or the statute of limitations of claims.

8.[Rights of data subjects] You have the right to request from the Controller access to, rectification, erasure of data, restriction of processing and portability of your personal data. You have the right to object to the processing of personal data for the purpose of pursuing the legitimate interests of the Controller, whereby the right to object will not be exercised if there are valid legitimate grounds for processing that override your interests, rights and freedoms.

9.[Right to lodge a complaint with an authority] You may complain about the actions of the Controller to the competent supervisory authority, in particular in the country of your habitual residence, your place of work or the place where the alleged breach was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

10.[Voluntariness of providing data] The provision of your personal data within the framework of the correspondence is voluntary, but failure to provide data will prevent you from contacting the Controller via e-mail. Provision of data indicated by the Controller as necessary for the conclusion of the contract is a contractual condition, and the consequence of not providing it will be the inability to conclude or implement the contract. Provision of certain data (e.g. related to the settlement of remuneration) may be required by generally applicable laws.

11.[Profiling] No automated decision-making, including profiling, will be undertaken with respect to you.

Information concerning the processing of personal data for job applicants on the basis of ART. 13 GDPR

Privacy notice regarding the processing of personal data for persons whose data is processed in connection with the recruitment process.

1.[Controller and contact details]

2.[Contacting the Controller]

The Controller can be contacted by regular mail at the registered office address indicated above or by email at info@promar.pl.

3.[Purposes and legal bases for the processing]

Your personal data will be processed for the following purposes, based on the following legal bases:
a.for the purposes of recruitment
i. in the case of hiring based on an employment contract, as it is necessary for the performance of obligations under legal provisions; such processing includes the following personal data: first name(s) and surname, date of birth, contact details indicated by the candidate, education, professional qualifications, history of previous employment (based on Article 6(1)(c) GDPR in conjunction with Article 221(1) of the Labor Code) and, to a greater extent than indicated above, on the basis of voluntary consent, which the Controller considers to be the sending of a resume and/or cover letter containing additional data, other data than that required by the provisions of the Labor Code and provided on the candidates own initiative (Article 6(1)(a) GDPR);
b.in the case of hiring based on a civil law contract, as this is necessary to take pre-contractual action at the request of the candidate (Article 6(1)(b) GDPR);
c.in the case of hiring of a foreigner under an employment contract or a civil law contract, in addition to the bases indicated under item a. and b. above, also for the purpose of verifying the legality of the hiring or for the purpose of carrying out the hiring legalization procedure due to the Controller’s obligation under the provisions of the Act on Foreigners, the Act on Employment Promotion and Labor Market Institutions and the Act on the Consequences of Entrusting Work to Foreigners Unlawfully Present on the Territory of the Republic of Poland (Article 6(1)(c) GDPR) and because it is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR);
d.for the purposes of verifying the competence of the candidate(s) through competency tests performed in the course of the recruitment process due to the Controller’s legitimate interest in verifying the subject-specific competence of the candidate(s), and the Controller conducted the balance test (Article 6(1)(f) GDPR);
e.for the purposes of conducting future recruitment processes based on the candidate’s voluntary consent, if given (Article 6(1)(a) GDPR);
f.for the purposes of archiving of documentation and communications, including correspondence produced by the Controller in the course of its business operations, due to its legitimate interest consisting in the necessity to document evidence of its activities, among other things, in accordance with applicable regulations, and to use the archived material for the purpose of investigating, establishing or defending against claims (based on Article 6(1)(f) GDPR).

4.[Data recipients]

The Controller has the right to transfer your personal data to other recipients if necessary to achieve the purpose of the processing, i.e.: entities that provide IT support services to the Controller, including operation and maintenance of IT systems, data hosting and cloud services, our authorized employees and associates, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, group companies for internal administrative purposes (based on Article 6(1)(f) GDPR).

5.[Processing outside the EEA]

Your personal data may be transferred to a third country (i.e. a country outside the European Economic Area). Such transfer of your personal data may take place on the basis of standard safeguard clauses (based on Article 46(2)(c) and (d) GDPR) or on the basis of any another mechanism that is lawful and legalizes such transfer and will provide adequate safeguards for the protection of personal data in accordance with applicable laws in this regard. The transfer to the United States is based on the decision of the European Commission dated 10.07.2023, finding an adequate level of personal data protection provided under the EU-US data protection framework (Article 45 GDPR).

6.[Data retention period]

Personal data will be processed for 12 months from the date of submission of the recruitment application. In the case of consent for future recruitment, personal data will be processed until the candidate withdraws his/her consent to processing of personal data, but for no longer than 12 months from the date of submission of the recruitment application.

7.[Rights of data subjects]

You have the right to request from the Controller access to, rectification, erasure of data, restriction of processing and portability of your personal data. You have the right to object to the processing of personal data for the purpose of pursuing the legitimate interests of the Controller, whereby the right to object will not be exercised if there are valid legitimate grounds for processing that override your interests, rights and freedoms.
8.[Right to withdraw consent]

You have the right to withdraw your consent at any time, as long as the processing is based on the consent previously given; withdrawal of consent to processing does not affect the lawfulness of processing carried out on the basis of the consent given before its withdrawal.

9.[Right to lodge a complaint with an authority]

You may complain about the actions of the Controller to the competent supervisory authority, in particular in the country of your habitual residence, your place of work or the place where the alleged breach was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

10.[Voluntariness of providing data]

Your provision of personal data is voluntary. Failure to provide data will result in your inability to participate in the recruitment process. If you fail to provide data processed on the basis of consent, this fact will not affect your participation in the recruitment process and selection of the candidate.

11.[Profiling]

No automated decision-making, including profiling, will be undertaken with respect to you.

Information concerning the processing of personal data for representatives and contact persons on the basis of ART 13 & 14 GDPR

Privacy notice regarding the processing of personal data for persons whose data has been provided to PROMAR in connection with concluding and performing a contract.

1.[Controller and contact details]

2.[Contacting the Controller]

The Controller can be contacted by regular mail at the registered office address indicated above or by email at info@promar.pl.

3.[Purposes and legal bases for the processing] Your personal data will be processed for the following purposes, based on the following legal bases:

a.concluding and performing a contract to which an individual acting on his/her own behalf is a party, as the processing of personal data is necessary for the performance of the aforementioned actions and to take action at your request prior to its conclusion (based on Article 6(1)(b) GDPR);
b.for the purpose of entering into and performing a contract with respect to a party other than an individual due to the Controller’s legitimate interest consisting in contacting through persons designated to maintain contact/represent/perform the contract (based on Article 6(1)(f) GDPR);
c.for the purpose of fulfilling by the Controller its legal obligations under the laws applicable to its operations, in particular tax and accounting obligations, and those arising from other regulations governing the Controller’s activities (based on Article 6(1)(c) GDPR);
d.for the purpose of archiving documentation and communications, including correspondence produced by the Controller in the course of its business operations, due to its legitimate interest consisting in the necessity to document evidence of its activities, among other things, in accordance with applicable regulations, and to use the archived material for the purpose of pursuing, establishing or defending against claims (based on Article 6(1)(f) GDPR).

4.[Sources and categories of personal data]

Personal data was obtained directly from the person or was provided by the employer/client/employer in connection with concluding a contract. In some situations, a representative’s data is obtained from public sources (public records, website, etc.). The scope of the processed data includes: first and last name, position or function, e-mail address, telephone number, company name and contact details.

5.[Data recipients]

6.[Processing outside the EEA]

7.[Data retention period]

If a contract is concluded or performed, the Controller will process personal data for the duration of the contract, after which time data will be processed for 5 years from the end of the year in which a tax or accounting obligation arose, unless a longer period arises from legal provisions or limitation periods for claims.

8.[Rights of data subjects]

9.[Right to lodge a complaint with an authority]

10.[Voluntariness of providing data]

The provision of your personal data indicated by the Controller as necessary to conclude the contract is a contractual condition, and the consequence of not providing it will be the inability to conclude or implement the contract.

11.[Profiling]

No automated decision-making, including profiling, will be undertaken with respect to you.