Privacy Policy
This Privacy Policy (hereinafter referred to as the Policy) was published on ______2020 and is effective from that date for all: Users of the bezpiecznyskarbiec.pl website (hereinafter referred to as the Website); those who contact us; those who use our social media accounts (Facebook); those who are our Clients .
We reserve the right to make changes to this Policy which will be communicated to you via an announcement on the Website. The message will be presented in a visible way and will inform about the content of the introduced changes and their consequences for your data. The date of implementation of the changes will be determined in each case so that the message about them will appear sufficiently in advance to allow you to familiarize yourself with the content of the message, consider the nature and impact of the changes on the processing of your data.
The deadline will respect the need to create appropriate time limits for you to exercise your rights under the GDPR (such as withdrawing consent or objecting to processing).
Table of contents
I. Information about the Personal Data Controller.
II. Security of personal data processed.
III. How do we collect your data?
IV. Your rights in relation to the processing of personal data.
1. Data subject’s right of access.
2. The right to rectification.
3. The right to erasure (“right to be forgotten”).
4. The right to restrict processing.
5. The right to data portability.
6. The right to object.
7. The right not to be subject to automated decision-making in individual cases, including profiling.
8. The right to withdraw consent.
9. The right to lodge a complaint with a supervisory authority.
V. Collection of data when you use our website.
1. General information.
2. Social media links and plugins.
3 Cookies.
4. Use of third party vendor tools – third party vendor cookies.
I. Information about the Personal Data Controller.
The Collector of your personal data is MS Metale Ltd. with its registered office in Warsaw (00-013) at Jasna 1, Tax Number: 7010337503 , REGON Number: 146065450, entered into the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000415700, with share capital of 400,000 PLN.
Our contact details: CONTACT POINT Antkowiak Gębiak and Partners s.c., Al. Marcinkowskiego 1/6, 61-745 Poznań or e-mail: rodo@poznan-adwokaci.pl.
II. Security of personal data processed.
When processing your personal data, we take reasonable care to ensure that the data is processed in a lawful, fair, transparent and secure manner.
The following are the most important principles we follow when processing personal data:
• we obtain personal data for clearly defined purposes and do not process the data in a way incompatible with those purposes;
• we collect personal information only to the minimum extent necessary to fulfill the purposes for which it is collected, i.e. we do not collect it “to spare”;
• we process personal data only on the basis of the grounds specified in the law;
• we ensure that your personal data is up-to-date and correct, and we respond promptly to your requests to correct or update your data;
• we limit the retention of personal information to the period necessary to fulfill the purposes for which it is collected, unless events occur that may extend the retention period;
• we exercise your right to access and rectify your personal data, as well as to erase your personal data, withdraw consent, restrict processing, object to data portability, not be subject to a decision based solely on automated data processing, including profiling;
• we protect your personal information from unauthorized access and from accidental or unlawful loss, damage or alteration;
• if personal data is shared with other entities, it is done in a secure manner, secured by an appropriate agreement on the entrustment of personal data, in accordance with applicable law;
• we use technical and organizational measures to protect personal data against unlawful or unauthorized access or use, as well as against accidental destruction, loss or compromise of its integrity;
• as part of ensuring the security of the personal data we process, we undertake to take into account:
a) confidentiality – we ensure that your personal information is not accidentally disclosed to unauthorized persons;
b) integrity principle – we protect data from unauthorized modification;
c) availability principle – we provide access to data by authorized persons when necessary. Any of our employees who have access to your personal data are duly authorised and are required to maintain the confidentiality of the personal data processed.
III. How do we collect your data?
Some data is collected when you provide it to us. For example, this may be data you provide to us in an email correspondence you send to us or in a contract you enter into with us.
Other data is collected automatically by our IT systems when you visit our Website. These are data collected by the cookies used on our Website.
IV. Your rights in relation to the processing of personal data.
You have the following rights in relation to the processing of your personal data:
– right of access to data,
– the right to rectification,
– the right to erasure (“right to be forgotten”),
– the right to restrict processing,
– the right to data portability.
The exercise of this right does not release us from our obligation to exercise our other rights. If you store the transmitted data in your own IT system or in another system, you are responsible for finding appropriate measures to secure the data. This applies to data concerning you which you have provided to us and which we process by automated means on the basis of your consent or a contract.
– The right to object to the processing of personal data,
Applies to processing carried out on the basis of our legitimate interest and automated processing involving decision-making in individual cases, including profiling and processing for direct marketing purposes.
– The right not to be subject to automated decision-making in individual cases, including profiling,
You may object to such processing at any time. We do not currently apply automated processing involving decision-making in individual cases, including profiling, to your data.
– The right to withdraw consent,
Revocation of the consent granted will not affect the lawfulness of the processing we have carried out on the basis of consent before its revocation.
– The right to lodge a complaint with a supervisory authority.
You may file a complaint with the supervisory authority both in Poland (to the President of the Office for Personal Data Protection tel.: +48 606-950-000 ) and in the EU Member State of your habitual residence, place of work or alleged infringement.
Requests may be made:
by mail to the following address MS Metale Ltd. with its registered office in Warsaw, Jasna 1 Street, 00-013 Warsaw;
electronically to the following email address: ______________;
in person at our headquarters, i.e. at 1 Jasna Street, 00-013 Warsaw;
We handle requests from data subjects with due diligence, taking into account the law and the rights and freedoms of others who may be affected by the data.
When making a request, you should provide data that allows you to be uniquely identified.
We do not refuse to take action at the request of a data subject who wishes to exercise his or her rights, unless we are unable to clearly identify the data subject.
We will inform you without undue delay – and in any case within one month of receipt of the request – about the action taken on the request. If necessary, we may extend this period by a further two months due to the complexity of the request or the number of requests. Within one month after receipt of the request, we will inform you of such an extension, stating the reasons for the delay.
If we receive your request electronically, we will also provide feedback electronically where possible, unless you request otherwise.
If we do not take action on your request, we shall inform you immediately – at the latest within one month of receipt of the request – of the reasons for not taking action and of the possibility of filing a complaint with the supervisory authority and of pursuing legal remedies before the courts.
If we cannot uniquely identify you or have reasonable doubt about your identity, we may request additional information necessary to confirm your identity. If the additional information requested is not provided by you within 30 days of receipt of the request and you cannot be clearly identified, your request will be refused. You will be informed of the deadline for providing the additional information and the consequences of failure to do so.
We will notify rectification, supplementation, erasure or restriction of the processing of your personal data to any recipient to whom we have disclosed your personal data, unless this would be impossible or involve a disproportionate effort.
1. Data subject’s right of access.
The data subject shall have the right to obtain from the Controller information as to whether the Controller processes data concerning him or her, and if such processing occurs, the data subject shall have the right to access his or her data and to obtain information covering:
• processing purposes,
• categories of personal data collected,
• specifying the recipients to whom the personal information will be or has been disclosed,
• the intended period of data retention or the criteria for determining that period,
• information about the right to rectification, erasure or restriction of processing, the right to object to processing,
• the right to lodge a complaint with a supervisory authority,
• the source of the data, if the data comes from a source other than the data subject,
• to inform about the existence of automated decision-making, including profiling, and the significance and foreseeable consequences of such processing for the data subject,
• providing information on the appropriate safeguards associated with the transfer if the data is transferred to a third country or international organization.
The Controller may provide the person concerned (data subject) with a copy of the personal data held. For each subsequent copy of personal data, the Controller may charge a fee based on administrative costs.
If the data subject requests a copy by electronic means and unless he/she indicates otherwise, the information shall be provided by common electronic means to the e-mail address from which the request came.
If the Controller processes large amounts of information about a data subject, the Controller may request, before providing the information, that the data subject specify the information or processing activity to which the data subject is making the request.
2. The right to rectification.
The person concerned (data subject) may lodge a request with the Controller for the immediate rectification of the data concerning him or her if he or she considers that the data are incorrect.
The person concerned may also submit (e.g. in the form of an additional statement) a request to supplement the data if he or she considers it to be incomplete.
The Controller shall inform any recipient to whom personal data has been disclosed of the rectification, unless this proves impossible or will require a disproportionate effort.
3. The right to erasure (“right to be forgotten”).
The data subject (data subject) has the right to lodge a request with the Controller to erase personal data concerning him or her, if one of the following circumstances applies:
• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
• the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing,
• the data subject objects to the processing under Article 21(1) or (2) of the GDPR,
• personal data was processed unlawfully,
• personal data must be deleted in order to comply with a legal obligation to which the Controller is subject,
• personal data was collected in connection with the offering of information society services,
• referred to in Article 8(1) of the GDPR (services offered to the child).
If the Controller has made the personal data of the data subject requesting erasure public, the Controller is obliged – taking into account the available technology and the cost of implementation – to take steps to inform other Controllers processing the personal data of the fact that the data subject has requested that these Controllers erase any links to the data, copies of the data or replications (duplications) of the data.
The Controller shall promptly exercise the person’s right to erasure unless one of the following grounds applies:
• the processing of personal data is necessary for the exercise of the right to freedom of expression and information,
• the processing of personal data is necessary for compliance with a legal obligation requiring the processing by law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller,
• the processing of personal data is necessary for reasons of public interest in the field of public health in accordance with Article 9(2)(h) of the GDPR (preventive health care or occupational medicine) and Article 9(2)(i) of the GDPR (protection against serious cross-border health threats or ensuring high standards of quality and safety of healthcare and medicinal products or medical devices) and Article 9(3) of the GDPR (data processed for preventive health care or occupational medicine are processed by a person bound by the obligation of professional secrecy),
• the processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, insofar as the exercise of the right to erasure is likely to render impossible or seriously impede the purposes of such processing,
• the processing of personal data is necessary for the establishment, investigation or defense of claims.
The Controller shall inform any recipient to whom the personal data has been disclosed of the deletion, unless this proves impossible or will require a disproportionate effort.
4. The right to restrict processing.
A data subject may request the Controller to restrict the processing of personal data concerning him or her in the following cases:
• the data subject contests the accuracy of the personal data – for a period allowing the Controller to verify the accuracy of the data,
• the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead that the processing be restricted,
• the Controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish, assert or defend a claim,
• the data subject has objected to the processing – until such time as it is ascertained whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection.
If processing has been restricted then personal data can be processed except for storage:
• only with the consent of the data subject,
• for the purpose of establishing, investigating or defending claims,
• to protect the rights of another natural or legal person,
• for compelling reasons of public interest of the Union or of a Member State.onkowskiego.
Before lifting a restriction on processing, the Controller shall inform the data subject who requested the restriction.
The Controller shall inform any recipient to whom the personal data have been disclosed of the restriction of processing, unless this proves impossible or involves a disproportionate effort.
5. The right to data portability.
The exercise of this right does not release us from our obligation to exercise our other rights. If you store the transmitted data in your own computer system or in another system, you are responsible for finding appropriate measures to secure the data.
Applies to data about you that you have provided to us and that we process by automated means based on your consent or contract.
The data subject is entitled to request the transfer of data concerning him/her.
The data subject shall have the right to receive, in a structured, commonly used machine-readable format, the personal data concerning him or her which he or she has provided to the Controller, and shall have the right to transmit such personal data to another Controller without hindrance from the Controller, if:
• the processing is based on consent to the processing of personal data pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on contract pursuant to Article 6(1)(b) of the GDPR, and
• the processing is done by automated means.
When exercising the right to data portability, the data subject shall have the right to request that the personal data be sent by the Controller directly to another Controller, provided that this is technically possible.
The exercise of the right to data portability does not preclude you from requesting erasure of your personal data.
The right to data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
6. The right to object.
Applies to processing carried out on the basis of our legitimate interest and automated processing involving decision-making in individual cases, including profiling and processing for direct marketing purposes.
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) of the GDPR (processing in the public interest or in the exercise of official authority) or Article 6(1)(f) of the GDPR (legitimate interests pursued by the Controller), including profiling pursuant to those provisions. If an objection is lodged, the Controller shall cease to process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Where personal data are processed for scientific or historical research purposes, or for statistical purposes, the data subject shall have the right to object – on grounds relating to his or her particular situation – to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.
7. The right not to be subject to automated decision-making in individual cases, including profiling.
You may object to such processing at any time.
We do not currently apply automated processing involving decision-making on a case-by-case basis to your data, including profiling .
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, insofar as the processing is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
8. The right to withdraw consent.
Withdrawal of granted consent will not affect the legality of the processing that was performed on the basis of consent before its withdrawal.
The data subject, whose data are processed by the Controller on the basis of the data subject’s consent, has the right to withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.
9. The right to lodge a complaint with a supervisory authority.
You may file a complaint with the supervisory authority both in Poland (to the President of the Office of Personal Data Protection) and in the EU Member State of your habitual residence, place of work or alleged infringement.
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his habitual residence, place of work or place where the alleged infringement has been committed, if he believes that the processing of personal data relating to him is in breach of this regulation. The supervisory authority in relation to the Controller is the President of the Office for Personal Data Protection: www.uodo.gov.pl.
V. Collecting data when using our website.
1. General information
If you use our website, we collect data that will be transmitted to our server by the Internet browser you are using (so-called server log). When you call up our website, we collect the following data, which for technical reasons are required to display the website:
• our visited website,
• date and time of entry,
• the amount of data sent in bytes,
• the source/reference through which the user arrived at the website,
• the web browser you are using,
• operating system used,
• IP address used (possibly anonymized).
2. Social media links and plugins.
Our website or fan pages may use plugins of third party social networks, e.g. Facebook (plugins or so-called “plugins” e.g. “Like”, “Share”), identified by the well-known icons of these networks. For this purpose, code referring to these networks is placed on the relevant pages. Content from our websites may be sent to this website or to this service. Depending on your privacy settings, it may be publicly or privately visible (e.g. only to friends, followers or anyone who accesses your profile). With the help of these plugins, you, as a logged-in user of these services, can make the page you are on available within these services. However, the plug-in will only be loaded if you install the corresponding plug-in using the activation icon. The content of the plug-in will then be transmitted by the respective social network directly to your terminal device and displayed there. If you select the corresponding option, this activation will be permanently in force during your visit to our website. You can deactivate the buttons at any time by clicking on “Undo”. Without the right activation, the plugins will remain inactive and no connection to the social networks will be established. If you have activated the use of the plug-in, we process the following data and pass them on to the plug-in provider: (date and time of access, part of our website visited, IP address, domain name).
Our website also contains external links, such as to our Facebook page. When you use these links, you leave the website. You may also be able to communicate with us via the Facebook chat box (after logging in to Facebook), located directly on our pages.
We have no control over what data the provider of plugins or social media pages collects and how it processes it. For information on the purpose and scope of data collection, including the cookies used there, their further processing and use by third-party providers, as well as your rights and the privacy settings options of these providers, please refer to the data protection notice of the respective provider.
3. Cookies.
To make your visit to our website more attractive and to enable you to use certain functions, we use so-called cookies. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted again after the end of the browser session, i.e. when you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partners (third-party vendor cookies) to recognize your browser on your next visit (persistent cookies). The cookies collect and process information about you to a certain extent, such as browser and location data and your IP address. Persistent cookies are deleted automatically after a set period of time, which may vary depending on the cookie.
Please note that you can set your web browser so that you are informed that a website uses cookies, and so that you can decide whether to give or withhold your consent to the use of cookies. Each browser differs as to how you manage your cookie settings. This method is described in each browser’s help menu, which explains to you how you can change your cookie settings. The user can make changes for their browser at the following links:
Internet Explorer: https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
Microsoft Edge: https://support.microsoft.com/pl-pl/help/10607/microsoft-edge-view-delete-browser-history
Firefox: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
By changing the settings, a so-called opt-out cookie will be placed in your browser. This cookie only serves to identify your objection (lack of consent). Please note that the opt-out cookie is only valid for the browser that was used to save the cookie. If you delete all cookies or use a different browser or a different device, the opt-out setting must be made again.
Information on how to configure cookie settings for mobile devices can be found on the websites of the manufacturers of the most popular mobile systems (iOS devices, Android, Windows Phone, BlackBerry).
In connection with the possibility of sharing data collected using cookies with our third party providers, we inform you that some data may be transferred outside the European Economic Area. As Google LLC is based in the USA and uses technical infrastructure located in the USA, ensuring an adequate level of protection of personal data as required by European legislation is done on the basis of standard data protection clauses adopted by the European Commission as referred to in Article 46(2)(c) of the GDPR. Please be informed that restrictions on the use of cookies may affect some of the functionalities available on the website.
4. The use of third party vendor tools – third party vendor cookies.
Due to the use of third-party vendor tools on our site, including site statistics analysis tools, when you use our site, a cookie may be installed on your device:
Google LLC regarding the Google Analytics service:
We use Google Analytics tools that collect anonymous information about your visit to the site, such as the pages you have viewed, the time you have spent on the site, and transitions between pages, in order to generate anonymous statistics about the functioning of the sites and to enable analysis of site activity so that we can best tailor our offerings to your needs. Google Analytics cookies from Google LLC are used for this purpose:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
https://policies.google.com/privacy?hl=pl
INFORMATION CLAUSE
I. Information clause for those who contact, e.g. by sending a message.
The Collector of your personal data is MS Metale Ltd. with its registered office in Warsaw (00-013) at Jasna 1, Tax Number: 7010337503, REGON Number: 146065450, entered into the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000415700, with share capital of PLN 400,000.
Your data is processed for the following purposes:
contacting you and responding to your message and for administrative purposes, which is also our legitimate interest (legal basis: Article 6(1)(a) and 6(1)(f) of the GDPR Regulation) – balance test available upon request;
if the contact is aimed at concluding a contract – in order to take steps to conclude it (legal basis: Article 6(1)(b) of the GDPR Regulation).
Data recipients:
We may share your information with the following categories of entities:
• subcontractors – entities we use to perform our services, including data processing, with whom we are contracted to entrust data processing: e.g. our hosting service provider, software provider (e.g. for customer relationship management), company providing us with IT support;
• controllers distinct from us to whom data is disclosed at their request, based on regulations, e.g., government agencies, state authorities, and governmental bodies.
A detailed list of data recipients is available upon request.
Please note that we do not transfer your data outside the European Economic Area and do not intend to do so in the future.
Data retention period:
Your data will be processed for the time necessary to answer/clarify your query or until you withdraw your consent to data processing or we determine that the data has become obsolete. If the circumstances indicate that the respective state of affairs has been clarified and no statutory retention obligations stand in the way, your data will be deleted after processing your request.
Your rights introduced by the GDPR Regulation:
In connection with our processing of your personal data, you are entitled to:
• the right of access to the content of the processed data and to receive a copy thereof,
• the right to rectification (amendment) of data,
• the right to erasure,
• the right to restrict data processing,
• the right to object to the processing,
• you have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you based on Article 6(1)(f) of the GDPR Regulation, including profiling under these provisions. We are then no longer permitted to process this personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, assertion or defence of claims.
• the right to data portability,
• the right to withdraw consent – in cases where the processing of your data is based on Article 6(1)(a) of the GDPR Regulation, i.e. consent to the processing of personal data, you have the right to withdraw this consent at any time. Withdrawal of granted consent will not affect the legality of processing, which was performed on the basis of consent before its withdrawal.
Your personal data will not be subject to automated decision-making, including profiling.
Complaint to the supervisory authority:
In cases where you consider that the processing of your data violates the provisions of the GDPR Regulation, you have the right to lodge a complaint with the supervisory authority both in Poland (to the President of the Office for Personal Data Protection) and in the EU Member State of your habitual residence, place of work or the alleged violation.
Voluntariness of providing data and consequences of not providing it:
Providing data is voluntary, however, the consequence of failing to provide data will be inability to contact you in order to respond to your message.
II. Information clause for the Clients.
The Collector of your personal data is MS Metale Ltd. with its registered office in Warsaw (00-013) at Jasna 1, Tax Number: 7010337503, REGON Number: 146065450, entered into the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000415700, with share capital of PLN 400,000.
We process your data for the following purposes and on the following legal bases:
• in order to conclude an agreement – on the basis of your interest in our offer and actions taken by you in order to conclude an agreement (legal basis: Article 6(1)(b) GDPR),
• in order to perform the contract you have concluded with us – on the basis of the contract concluded (legal basis: Article 6(1)(b) of the GDPR),
• in order for us to comply with the legal obligations incumbent on us in connection with the conduct of our business and performance of the contract concluded with you, which is also our legitimate interest, protecting us from the consequences of non-performance of our obligations – on the basis of the law (legal basis: Article 6(1)(c) of the GDPR),
• for evidence purposes to secure information in the event of a legal need to prove facts and for the possible establishment, investigation or defence against claims, which is our legitimate interest – on the basis of our legitimate interest (legal basis: Article 6(1)(f) GDPR).
Data recipients:
We may share your information with the following categories of entities:
• subcontractors – entities we use to perform our services, including data processing, with whom we are contracted to entrust data processing: e.g. our hosting provider, software provider (e.g. for customer relationship management, invoicing), our accounting firm, a company providing us with IT support;
• Data Controllers separate from us – if the proper provision of the service to you requires the use of such entities, to the extent agreed with you, or is essential to protect your interests and property, requires disclosure to such entities;
• Controllers distinct from us to whom data is disclosed at their request, based on regulations, e.g., government agencies, state authorities, and governmental bodies.
A detailed list of data recipients is available upon request.
Please note that we do not transfer your data outside the European Economic Area and do not intend to do so in the future.
Data retention period:
Your data will be processed for the period necessary to fulfill the processing purposes indicated above, i.e:
• we retain your data collected for the purpose of entering into a contract for the duration of the contract negotiation and until the end of the calendar year following the year in which you last contacted us,
• we process your data obtained in connection with the conclusion and performance of the contract until the completion of the contract, and thereafter for the period required by law, up to a maximum of 10 years from the end of the year in which the purpose ended,
• your data processed for the purpose of complying with legal obligations incumbent upon us in connection with the conduct of our business and the performance of a contract concluded with you – we process your data for the period until such obligations are fulfilled, for the maximum period for which we are required by law to retain your data or for the period during which we may suffer the legal consequences of non-compliance with the obligations incumbent upon us.
We process your data for evidential purposes in order to secure information in the event of a legal need to prove facts and for the possible establishment, investigation or defense against claims – for the period of the statute of limitations of the claims.
Your personal data will not be subject to automated decision-making, including profiling.
Regarding our processing of your personal data, you are entitled to:
• the right of access to the content of the processed data and to receive a copy thereof,
• the right to rectification (amendment) of data,
• the right to erasure,
• the right to restrict data processing,
• the right to object to the processing,
You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you based on Article 6(1)(f) of the GDPR Regulation, including profiling under these provisions. We are then no longer permitted to process this personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, assertion or defence of claims.
• the right to data portability,
• the right to withdraw consent,
In cases where the processing of your data is based on Article 6(1)(a) of the GDPR Regulation, i.e. consent to the processing of personal data, you have the right to withdraw this consent at any time. Withdrawal of granted consent will not affect the legality of processing, which was performed on the basis of consent before its withdrawal.
Your personal data will not be subject to automated decision-making, including profiling.
Complaint to the supervisory authority:
In cases where you consider that the processing of your data violates the provisions of the GDPR Regulation, you have the right to lodge a complaint with the supervisory authority both in Poland (to the President of the Office for Personal Data Protection) and in the EU Member State of your habitual residence, place of work or the alleged violation.
Voluntariness of providing data and consequences of not providing it:
Insofar as the data is processed in order to conclude a contract and its performance, providing the data is a condition for concluding the contract and its performance. Providing data is voluntary, however, the consequence of failing to provide data will be inability to conclude or perform the contract.
III. Information clause for visitors of Facebook fanpage.
The clause is dedicated in particular to people who:
• have subscribed to the __________ fanpage by clicking the “Like” or “Follow” icon or
• have posted a comment under any of the posts on the fanpage.
The Collector of your personal data is MS Metale Ltd. with its registered office in Warsaw (00-013) at Jasna 1, Tax Number: 7010337503, REGON Number: 146065450, entered into the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under KRS number: 0000415700, with share capital of PLN 400,000.
General information:
The following information has been written for Facebook users, and in particular for fans of our fanpage, in order to provide information about the collection of personal data, the reasons for its processing and the rights that users have.
Any operation of our fanpage is in accordance with the requirements, which are contained in the regulations of Facebook.
All information contained on your profile and activities resulting from its use are directly administered by Facebook.
Our company administers your data only for the purpose of answering your questions, commenting on your posts and communicating with you in the course of our business and the content provided by us.
Personal data collected through communication with users will only be processed for the purpose of responding, if necessary.
Your activity in connection with the use of our fanpage will not be archived by us outside of Facebook.
We have no control over what data the provider of the plugins or social media pages collects and how it processes it. For information on the purpose and scope of data collection, including the cookies used therein, their further processing and use by third-party providers, as well as your rights and the privacy settings options of these providers, you can refer to the data protection notice of the respective provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA https://pl-pl.facebook.com/privacy/explanation.
Through the operation of our fanpage we collect and process the following types of personal data:
• Facebook ID (usually including your first and last name, which is not verified by us in any way to confirm the accuracy of the data);
• basic identification data in the scope published by you on your own profile on the social network Facebook;
• other data to the extent published by you on your own profile on the social network Facebook;
• profile picture (thanks to it we can learn about your image in some cases);
• other images (which may also depict an image) resulting from the fanpage-user relationship. Uploading images under our posts is voluntary on your part;
• the content of your comments and the content of the conversation you have through the Messenger application (which allows us to learn about your email address, phone number and the description you have provided in relation to the circumstances of our correspondence);
• anonymous statistical data about the visitors of the fanpage, accessible by means of the “Facebook Insights” function provided by Facebook in accordance with Facebook’s terms of service, collected through spyware files (“cookies”), each containing a unique user code that can be linked to the connection data of users registered on Facebook, and which are downloaded and processed at the time the fanpage is opened.
Państwa dane przetwarzane są przez nas w następujących celach i na następujących podstawach prawnych:We process your data for the following purposes and on the following legal bases:
• – in order to run a fanpage under our name ____________ on the Facebook social network under the terms and conditions specified by Facebook Inc. and to inform via this fanpage about our activities, to promote various events that we organize and our brand, products and services, to build and maintain the community associated with us and to communicate via available Facebook functionalities (comments, chat, messages), which is our legitimate interest (legal basis: art. 6 par. 1 letter f GDPR);
• – for analytical purposes relating to analysis of the functioning, popularity, manner of use of the fanpage, which is our legitimate interest (legal basis: Article 6(1)(f) GDPR);
• – in order to take action to conclude a contract due to your interest in our services (legal basis: Article 6(1)(b) of the GDPR);
Your personal data may also be processed on the basis of a separately granted consent to the extent and purpose specified in the content of the consent and for the time until the withdrawal of consent (legal basis: Article 6(1)(a) GDPR).
Data recipients:
We may share your information with the following categories of entities:
• public authorities and entities performing public tasks or acting on commission of public authorities, to the extent and for the purposes arising from the provisions of generally applicable law;
• to other entities that process personal data on behalf of the Controller on the basis of relevant data processing agreements signed with us, e.g. a company providing IT support for the fanpage;
• to the owner of the social networking site Facebook under the unchangeable data conditions specified by Facebook available at https://www.facebook.com/about/privacy.
Please note that we do not transfer your data outside the European Economic Area, subject to the transnational nature of the data flow within Facebook. Facebook may transfer your data outside of the European Economic Area. At the same time, we inform you that Facebook may use technical infrastructure located in the USA, but ensures an adequate level of protection of personal data required by European legislation on the basis of the standard data protection clauses adopted by the European Commission referred to in Article 46(2)(c) of the GDPR.
Data retention period:
Your data will be processed for the period necessary to fulfill the processing purposes indicated above, i.e:
• information we hold about you in private messages will be retained for the duration of our response to you or until we terminate our relationship;
• in the case of information that we hold as part of the comments you provide, it will remain available on our site until deleted by the author;
• your personal data collected by Facebook i.e. history of posts, history of activity in Messenger application, history of activity via Instagram application is subject to retention under the terms of Facebook regulations;
• data processed on the basis of consent will be processed until the consent is withdrawn,
• data processed on the basis of the legally justified interest of the Controller will be processed until an objection is lodged effectively or the interest ceases to exist,
• the statistical data of visitors to your fanpage available to you via “Facebook Insights” will be processed for the duration of the availability of the data on Facebook for two years.
Your rights introduced by the GDPR Regulation:
Regarding our processing of your personal data, you are entitled to:
• the right of access to the content of the processed data and to receive a copy thereof,
• the right to rectification (amendment) of data,
• the right to erasure,
• the right to restrict data processing,
• the right to object to the processing,
You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you based on Article 6(1)(f) of the GDPR Regulation, including profiling under these provisions. We are then no longer permitted to process this personal data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, assertion or defence of claims.
• the right to data portability,
• the right to withdraw consent.
In cases where the processing of your data is based on Article 6(1)(a) of the GDPR Regulation, i.e. consent to the processing of personal data, you have the right to withdraw this consent at any time. Withdrawal of granted consent will not affect the legality of processing, which was performed on the basis of consent before its withdrawal.
Your personal data will not be processed by us for automated decision-making, including profiling.
Complaint to the supervisory authority:
In cases where you consider that the processing of your data violates the provisions of the GDPR Regulation, you have the right to lodge a complaint with the supervisory authority both in Poland (to the President of the Office for Personal Data Protection) and in the EU Member State of your habitual residence, place of work or the alleged violation.
Voluntariness of providing data and consequences of not providing it:
Providing data is voluntary, but the consequence of not providing data will be the inability to view the fanpage or leave comments.