Information concerning the processing of personal data
Based on this data protection declaration, we wish to provide all visitors at our website and users of our company’s services with clear information about the type, scope and purpose of personal data collected, used and processed by us, as well as to inform you about your rights.
Using our website is generally possible without providing personal data.
Should data be collected automatically when visiting our website, it is processed in accordance with applicable legal regulations on the protection of personal data.
Should the processing of your personal data be necessary and there are no statutory grounds for such processing, we shall obtain the consent necessary to process the data.
As a company responsible for the processing of personal data, we have implemented technical and organisational measures to guarantee the highest possible level of protection of your personal data.
1. Contact data:
Personal Data Controller is the company:
INTECHSTAL sp. z o.o.
ul. Jana Pawła II 38
89-200 Szubin
tel.: 52 506 67 00
e-mail: intechstal@intechstal.pl
2. Principles we apply when processing personal data.
- Pursuant to GDPR, the processing is carried out in compliance with the provisions of law, reliably and transparently for the data subject, under the principle of compliance with law, reliability and transparency.
- Personal data is collected and processed for specific, explicit and legitimate purposes in accordance with the principle of data minimization.
- We observe the principle of your data correctness, which means that we take reasonable steps to delete or rectify incorrect data.
- Personal data processed by us are stored in a form that allows identification of the data subject for no longer than it is necessary for the purposes for which personal data is processed.
- We make every effort by implementing appropriate steps and procedures to maintain the integrity and confidentiality of your data and to maintain the principle of accountability.
3. Where do we get your data from?
We got your personal data from:
- directly from you (e.g. recruitment process, inquiries)
- from publicly available sources, e.g. National Court Register, Central Register and Information on Business Activities, or other similar sources.
4. What data do we process?
We may process the following data:
- identification data (e.g., name, surname)
- contact data
- data concerning your inquiries, orders, complaints
- information provided during conversation or in correspondence between us.
5. For what purpose will we use your personal data?
We will process your personal data for one or more of the following purposes:
- to enter into and perform an agreement: agreement for the provision of services, other civil law agreements,
- to fulfil legal obligations of AD, e.g. to fulfil obligations when issuing invoice or receipt.
- to present the company’s offer.
6. Recipients of personal data
Recipients of personal data processed by us may be entities to which AD provides personal data under applicable provisions of law (e.g. law enforcement authorities, ZUS [Social Insurance Company], Tax Office) and entities to which AD entrusts personal data under personal data processing agreements (e.g. accounting office, IT services). The list of current processors is available in our company.
7. Rights of personal data subjects
Should you have any questions concerning your personal data, you may contact us at any time in writing, by e-mail, or phone and we will respond to your questions.
Pursuant to GDPR, your rights are as follows:
Right to information (Article 15 GDPR)
You have the right at any time to obtain information about which categories of personal data and which information we process about you, as well as what the purpose of such processing is, for how long and according to what criteria we store data and whether profiling is used in connection with the above.
Furthermore, you have the right to know to which recipients or categories of recipients the data has been disclosed or is being disclosed, especially if this it to recipients in third countries or international organisations. In such an event, you also have the right to be informed about appropriate guarantees in connection with the transfer of your personal data.
In addition to the right to lodge a complaint with the supervisory authority and the right to obtain information about the origin of your data, you have the right to erase your data (unless other regulations require AD to further process your data), rectify your data, as well as the right to limit processing or object to processing your personal data.
In all of the said events, you have the right to request from the Data Controller a free copy of your personal data which is processed by us.
For all other copies that you request or that go beyond the data subject’s right to information, we are entitled to charge an appropriate administrative fee.
Right to rectification (Article 16 GDPR)
You have the right to demand the rectification of processed personal data without undue delay, and – taking into account the purposes of the processing – the right to have incomplete personal data completed.
Should you wish to exercise your right to rectification, you may at any time contact Data Controller to make the required rectification.
Right to erasure (Article 17 GDPR)
You have the right to request immediate erasure of your data (“right to be forgotten”), in particular when data collection is no longer necessary, when you have revoked your consent to data processing, when your data is unlawfully processed or unlawfully collected and there is a legal obligation to erase your data under laws of European Union or national law.
However, the right to be forgotten does not apply when there is an overriding right to freedom of expression or information, data collection is necessary to fulfil legal obligation (e.g. obligation to keep data), data erasure is not possible due to obligation of AD to keep files, or data collection is used to assert, exercise or defend legal claims.
Right to restriction of processing (Article 18 GDPR)
You have the right to request that the processing of your personal data is restricted when you question data correctness, when data processing is unlawful, when you refuse to erase your personal data and request the restriction of processing instead, when the necessary purpose of processing ceases to exist or you objected to the processing of data under Article 21(1) until it has been determined whether the legitimate interests on our part outweigh your interests.
Right to data portability (Article 20 GDPR).
You have the right to exercise data portability rights, in a commonly used form, to transfer your data without prejudice to another entity, if, e.g., you gave your consent and the processing is carried out automatically.
Right to object (Article 21 GDPR).
You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct acquisition or market and opinion research as well as marketing (promotional) data processing, unless we can provide convincing and protection requiring evidence of the data processing, where such evidence outweighs your interests, rights and freedoms.
Furthermore, you cannot exercise your right to lodge an object should provisions of law provide for the collection, processing and use of data or require the collection, processing or use of such data.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority should you believe there was an event of violation in the course of processing.
Right to withdraw consent in connection with the right to protect personal data (Article 7.3 GDPR)
You can withdraw your consent to the processing of your personal data
at any time for no cause. This also applies to withdrawal of statements
on granting the consent, which we were granted prior to implementing regulation of the European Union on Personal Data Protection (GDPR).
8. Legal basis for the processing of personal data.
In the event of the processing of personal data, in connection with which we have obtain the consent of the data subject, the legal basis of processing is Article 6(1)(a) GDPR.
In the event of processing personal data necessary to perform the agreement,
in which the party to the agreement is the data subject, the legal basis of processing is
Article 6(1)(b) GDPR. This regulation also applies to the events of data processing that are necessary for the performance of pre-contractual activities.
In the event the processing of personal data is necessary to fulfil legal obligation of AD, the legal basis of processing is Article 6(1)(c) GDPR.
In the event data processing is necessary to protect vital interests of the data subject, the legal basis of processing is Article 6(1)(d) GDPR.
In the event the processing of your personal data is necessary for the purposes resulting
from our legitimate interests, the processing of which is based on Article 6(1)(f) GDPR, we make sure that your fundamental rights and freedoms prevail.
9. Transfer of data to third parties.
Transfer of data to third parties beyond the scope specified in this data protection declaration is only made if this is necessary for the performance of the requested service.
We only transfer data if there is a corresponding legal obligation. This occurs when state entities (e.g. criminal law enforcement authorities) request information in writing or a court order is issued.
Your personal data is not transferred to the so-called third countries outside the European Union/European Economic Area.
10. Until when will we keep your data?
If your personal data will be processed in order to fulfil legal obligation imposed on the Controller, personal data will be kept for the time necessary to fulfil such obligation.
Data processed based on your consent will be processed untill you withdraw your consent.
11. Automated decision making process – profiling
Being aware of our responsibility under our obligations, services we offer, and our website, we do not use profiling of visitors to our website.