I. GENERAL PROVISIONS
- The controller of personal data is Protektel Spółka z ograniczoną odpowiedzialnością entered into the register of entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 14th Commercial Division of the National Court Register under the KRS number: 0000670659, NIP: 7611539128, REGON: 142212143, business address and correspondence address: ul. Marszałka Józefa Piłsudskiego 92, 06-300 Przasnysz, e-mail address: protektel@protektel.pl, tel. 29 752 57 84.
- Protektel Sp. z o.o. is the administrator of personal data and processes personal data. The collected data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.
- The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him/her is:
- processed in accordance with the law,
- collected for specified, lawful purposes and not subject to further processing incompatible with these purposes,
- substantively correct and adequate in relation to the purposes for which it is processed and stored in a form enabling identification of data subjects for no longer than is necessary to achieve the purpose of processing.
II. PURPOSE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
- Protektel Sp. z o.o. processes personal data of its customers, contractors, potential customers, potential contractors, its employees, contractors and persons interested in taking up employment at Protektel Sp. z o.o. Personal data of this type are processed in IT systems used by Protektel Sp. z o.o. as well as in paper form.
- The Administrator processes personal data for the purpose and on the basis of the legal provisions specified below:
- in order to conclude and execute a contract for the execution of an order or the provision of services and to establish, pursue or defend against claims – pursuant to Article 6 paragraph 1 letter b of the GDPR – for this purpose the Controller will process the following personal data:
- name and surname/company
- adress e-mail
- phone number
- work position – if it was voluntarily provided.
- Providing the above personal data is voluntary, but failure to provide them will prevent the conclusion and execution of the contract for the provision of services.
- for the purpose of recruiting employees – pursuant to Article 6 paragraph 1 letters a and c of the GDPR and Article 22 (1) § 1 of the Labour Code – for this purpose the Controller will process the following personal data:
- name and surname
- date and surname
- contact information
- education
- professional qualifications
- previous employment history
- Providing the above-mentioned personal data is obligatory and necessary to conduct the recruitment process.
- for the purpose of recruiting collaborators – pursuant to Article 6 paragraph 1 letter f of the GDPR – for this purpose the Controller will process the following personal data:
- name and surname
- date of birth
- contact information
- education
- professional qualifications
- previous employment history
- Providing the above personal data is voluntary, but necessary to conduct the recruitment process (the consequence of not providing them will be the inability to participate in the recruitment process).
- in order to handle the contact form – pursuant to Article 6 paragraph 1 letter f of the GDPR – for this purpose the Controller will process the following personal data:
- name and surname
- phone number
- e-mail address
- Providing the above personal data is voluntary, but necessary in order to receive a response to the sent message (the consequence of not providing them will be the inability to receive a response).
- in order to maintain the Administrator’s profiles on Facebook, Instagram, LinkedIn and YouTube – pursuant to Article 6 paragraph 1 letter f of the GDPR – for this purpose the Administrator will process the following personal data:
- user profile name
- data that the user has set to “public” on their profile
- personal data placed by the user in comments under content published on the Administrator’s profile or sent in a private message to the Administrator’s profile,
- statistical and advertising data collected by the social networking site;
- Providing the above personal data is voluntary, but necessary in order for you to use the Administrator’s profile on a given Website (the consequence of not providing them will be the inability to use the Administrator’s profile).
- sending commercial information by electronic means (Newsletter) to inform the interested person about promotional offers and new products in the commercial offer – pursuant to art. 6 sec. 1 letter a of the GDPR – for this purpose the Controller will process the following personal data:
- e-mail address
- Providing the above personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter).
- analysis of user activity on the website – pursuant to Article 6 paragraph 1 letter f of the GDPR – for this purpose the Controller will process the following personal data:
- date and time of visit
- Device IP number
- type of device operating system
- approximate location
- type of internet browser
- time spent on website
- visited subpages and other actions taken within the website
- Providing the above-mentioned personal data is voluntary, but necessary in order for the Administrator to obtain information about your activity on the Website (the consequence of not providing them will be the inability of the Administrator to obtain the above-mentioned information).
- in order to conclude and execute a contract for the execution of an order or the provision of services and to establish, pursue or defend against claims – pursuant to Article 6 paragraph 1 letter b of the GDPR – for this purpose the Controller will process the following personal data:
III. PERSONAL DATA STORAGE PERIOD.
- If the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
- In the event that the basis for data processing is consent, you have the right to withdraw your consent to the processing of your personal data at any time, but the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal. In the case of personal data obtained in the recruitment process, the Administrator will process this data until the recruitment process is completed or the candidate resigns from applying for employment, unless the candidate consents to the processing of their personal data also for the purposes of any future recruitments.
- The data processed in connection with the handling of the contact form will be processed by the Administrator until you object to their processing for this purpose or we determine that they have become outdated. In the absence of an objection, the above-mentioned data will be deleted after 6 years from the date of the last telephone/email contact.
- Personal data collected for the purpose of profiling will be processed by the Administrator until an objection is effectively raised or the purpose of their processing is achieved.
- If the basis for data processing is the settlement of a service provided or the delivery of ordered products, unless specific provisions provide otherwise, the data is stored for as long as required by the Accounting Act of 29 September 1994, i.e. 5 years from the end of the year in which the tax settlement took place.
- If the basis for data processing is the performance of a contract concluded under the Act of 29 January 2004 – Public Procurement Law, unless specific provisions provide otherwise, the data are stored for 10 years.
IV. PPROFILING
- For marketing purposes and to direct marketing to the user tailored to the user’s preferences, the Administrator will process the user’s personal data in an automated manner, including profiling them.
- Profiling will not have any legal effects on the user. In the event that profiling could result in decisions being made that have legal effects on the user or affect the user in a similarly significant way, the user has the right to demand not to be subject to decisions based on profiling.
V. SHARING PERSONAL INFORMATION
- Personal data processed by the Administrator may be entrusted to subcontractors of services used by the Administrator to perform its tasks. Subcontractors to whom personal data are transferred are subject to the Administrator’s instructions regarding the purposes and methods of processing such data (processing entities) and these are law firms and IT services, based on data processing entrustment agreements.
- Personal data may be disclosed to the Administrator’s partners, i.e. companies with which the Administrator cooperates by combining products or services, solely for the purposes necessary to complete the order.
- Personal data obtained by the Administrator are stored exclusively within the European Economic Area (EEA).).
VI. DATA SUBJECT RIGHTS
- In accordance with the GDPR, the data subject has the right to:
- the right to access data – i.e. to obtain information on whether personal data is being processed, to what extent, and to obtain a copy of this data
- the right to rectify data – i.e. correct personal data if it is incorrect or incomplete
- the right to be forgotten – i.e. the deletion of personal data, provided that one of the conditions listed in Article 17 of the GDPR is met
- the right to limit data processing – i.e. the processing of personal data is limited solely to their storage
- the right to object – i.e. you can object to the processing of your personal data at any time
- the right to withdraw consent – i.e. you may withdraw your consent at any time on the basis of which your data is processed.
- In order to exercise the rights referred to in point 1, you can send an appropriate e-mail message to the following address: protektel@protektel.pl
- If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
VII. „COOKIES” FILES
- The Administrator’s website, i.e. www.protektel.pl, uses “cookies” files.
- The installation of “cookies” is necessary for the proper provision of services on the website. “Cookies” files contain information necessary for the proper functioning of the website, and they also allow for the development of general statistics of website visits.
- The website uses two types of cookies: “session cookies” and “persistent cookies”
- “Session” cookies are temporary files that are stored on the user’s end device until logging out (leaving the website)
- “Persistent” cookies are stored on the user’s end device for the time specified in the “cookie” file parameters or until they are deleted by the user.
- The Administrator uses its own cookies to better understand how users interact with the content of the website. The files collect information about how the user uses the website, the type of website from which the user was redirected, and the number of visits and the time of the user’s visit to the website. This information does not register specific personal data of the user, but is used to develop statistics on the use of the website.
- The Administrator uses external cookies to collect general and anonymous static data via Google Analytics analytical tools. Please read the details of Google’s privacy policy https://policies.google.com/privacy
- The Administrator uses external cookies to use the Google Maps offer, thanks to which it can display interactive maps directly on the website, allowing users to conveniently use the map functions. Please read the details of Google’s privacy policy https://policies.google.com/privacy
- The Administrator uses market
- The Administrator uses marketing tools such as Meta Pixel or LinkedIn Insight Tag to target advertisements to its recipients. This involves the use of Meta and/or LinkedIn cookies. Please read the individual privacy policies: https://www.facebook.com/about/privacy/ and https://pl.linkedin.com/legal/privacy-policy
- The Administrator uses Google AdWords (Google Ads) remarketing tools. This involves the use of Google cookies for the Google AdWords (Google Ads) service. Please read the details of Google’s privacy policy: https://policies.google.com/privacy
- The Administrator uses the HotJar tool, which allows tracking user behavior on the site. HotJar cookies are used for this purpose. Please read the details of HotJar’s privacy policy: https://www.hotjar.com/legal/policies/privacy/
- The Administrator provides the ability to use social functions, such as sharing content on social media and subscribing to a social profile. Using these functions involves the use of cookies from social media administrators such as Facebook, Instagram, YouTube, LinkedIn.
- The user has the right to decide on the access of “cookies” to their computer by selecting them in their browser window. Detailed information on the possibilities and methods of handling “cookies” is available in the software (internet browser) settings.
VIII. FINAL PROVISIONS
- The Administrator applies appropriate technical and organisational measures to ensure the protection of processed data, and in particular protects data against disclosure to unauthorised persons, processing in violation of the law and change, loss, damage or destruction.
- Only persons authorised by the Administrator and acting on his instructions are permitted to process data within the Administrator’s organisation.
- Data may be made available to entities authorized to receive them under applicable law, including competent judicial authorities. The Administrator transfers collected personal data to state administration authorities, law enforcement authorities and judicial authorities at their express request and only in cases specified by law.
- In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.We undertake to regularly review this Privacy Policy and change it when it proves necessary or desirable due to, for example, new legal regulations. We also reserve the right to change this Privacy Policy in the event of changes in the technology by which we process personal data (if the change affects the wording of this document), as well as in the event of changes in the methods, purposes or legal basis for processing personal data by us.
- This document was last updated on 10.10.2024.