INFORMATION CONCERNING THE PROCESSING OF PERSONAL DATA FOR REPRESENTATIVES AND CONTACT PERSONS ON THE BASIS OF ART. 13 AND 14 GDPR

Privacy notice regarding the processing of personal data for persons whose data has been provided to PROMAR in connection with concluding and performing a contract.

  1. [Controller and contact details] The Controller of the personal data is “PROMAR” Przedsiębiorstwo Produkcyjno Handlowe sp. z o.o. with its registered office in Zawiercie, ul. Cerefisko 2, 42-400 Zawiercie, entered in the register of entrepreneurs, kept by the District Court for Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register, under number 0000063171, NIP 1180010695, REGON 008052670, with the share capital of PLN 1,000,000.00.
  2. [Contacting the Controller] The Controller can be contacted by regular mail at the registered office address indicated above or by email at info@promar.pl
  3. [Purposes and legal bases for the processing] Your personal data will be processed for the following purposes, based on the following legal bases:
    • concluding and performing a contract to which an individual acting on his/her own behalf is a party, as the processing of personal data is necessary for the performance of the aforementioned actions and to take action at your request prior to its conclusion (based on Article 6(1)(b) GDPR);
    • for the purpose of entering into and performing a contract with respect to a party other than an individual due to the Controller’s legitimate interest consisting in contacting through persons designated to maintain contact/represent/perform the contract (based on Article 6(1)(f) GDPR);
    • for the purpose of fulfilling by the Controller its legal obligations under the laws applicable to its operations, in particular tax and accounting obligations, and those arising from other regulations governing the Controller’s activities (based on Article 6(1)(c) GDPR);
    • for the purpose of archiving documentation and communications, including correspondence produced by the Controller in the course of its business operations, due to its legitimate interest consisting in the necessity to document evidence of its activities, among other things, in accordance with applicable regulations, and to use the archived material for the purpose of pursuing, establishing or defending against claims (based on Article 6(1)(f) GDPR).
  4. [Sources and categories of personal data] Personal data was obtained directly from the person or was provided by the employer/client/employer in connection with concluding a contract. In some situations, a representative’s data is obtained from public sources (public records, website, etc.). The scope of the processed data includes: first and last name, position or function, e-mail address, telephone number, company name and contact details.
  5. [Data recipients] The Controller has the right to transfer your personal data to other recipients if necessary to achieve the purpose of the processing, i.e.: entities that provide IT support services to the Controller, including operation and maintenance of IT systems, data hosting and cloud services, our authorized employees and associates, postal operators and couriers, law firms, auditors, banks, insurers, entities responsible for archiving or destroying data, group companies for internal administrative purposes (based on Article 6(1)(f) GDPR). 
  6. [Processing outside the EEA] Your personal data may be transferred to a third country (i.e. a country outside the European Economic Area). Such transfer of your personal data may take place on the basis of standard safeguard clauses (based on Article 46(2)(c) and (d) GDPR) or on the basis of any another mechanism that is lawful and legalizes such transfer and will provide adequate safeguards for the protection of personal data in accordance with applicable laws in this regard. The transfer to the United States is based on the decision of the European Commission dated 10.07.2023, finding an adequate level of personal data protection provided under the EU-US data protection framework (Article 45 GDPR).  
  7. [Data retention period] If a contract is concluded or performed, the Controller will process personal data for the duration of the contract, after which time data will be processed for 5 years from the end of the year in which a tax or accounting obligation arose, unless a longer period arises from legal provisions or limitation periods for claims. 
  8. [Rights of data subjects] You have the right to request from the Controller access to, rectification, erasure of data, restriction of processing and portability of your personal data. You have the right to object to the processing of personal data for the purpose of pursuing the legitimate interests of the Controller, whereby the right to object will not be exercised if there are valid legitimate grounds for processing that override your interests, rights and freedoms.
  9. [Right to lodge a complaint with an authority] You may complain about the actions of the Controller to the competent supervisory authority, in particular in the country of your habitual residence, your place of work or the place where the alleged breach was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
  10. [Voluntariness of providing data] The provision of your personal data indicated by the Controller as necessary to conclude the contract is a contractual condition, and the consequence of not providing it will be the inability to conclude or implement the contract. 
  11. [Profiling] No automated decision-making, including profiling, will be undertaken with respect to you.