PRIVACY POLICY
– PERSONAL DATA PROTECTION INFORMATION CLAUSES
1. GENERAL PROVISIONS
2. CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER
3. SCOPE OF PERSONAL DATA PROCESSED BY THE CONTROLLER
4. INFORMATION CLAUSE FOR JOB APPLICANTS
5. INFORMATION CLAUSE FOR CUSTOMERS – CONTRACTORS
6.INFORMATION CLAUSE OF CUSTOMER'S/CONTRACTOR'S EMPLOYEES/MANAGEMENT/SHAREHOLDERS/PROXIES
7. INFORMATION CLAUSE FOR AGENTS
8. INFORMATION CLAUSE FOR PERSONS CONTACTING THE CONTROLLER BY EMAIL AND POST
9. INFORMATION CLAUSE FOR PERSONS CONTACTING THE CONTROLLER BY PHONE (CONVERSATIONS RECORDED)
10. INFORMATION CLAUSE FOR RECIPIENTS OF COMMERCIAL INFORMATION
11. DATA SUBJECT'S RIGHTS RELATED TO THE PROTECTION OF PERSONAL DATA
12. INFORMATION ON COOKIES
1. GENERAL PROVISIONS
1st This Policy incorporates information clauses on the processing of personal data by the Data Controller - KANEX Spółka z o.o. ul. Zdrojowa 22, 16-001 Kleosin.
2nd We use personal data only for the purposes and in the manner described in this Policy. The Data Protection Policy satisfies KANEX Spółka z o.o.'s obligation to provide information within the meaning of Article 13(1) and (2) of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR.
3rd Below you can find information on what personal data we collect, process and store. We always indicate for which specific purpose we process data and what rights data subjects have.
4th For the purposes of this Policy, the following definitions shall mean:
a) “Job applicant” – shall mean a natural person taking part or planning to take part in the recruitment conducted by the Controller or in the future recruitment processes conducted by the Controller, or who gave their consent in the past to store their data in the job applicant database,
b) “Data subject” – shall mean a subject – a natural person – whose data is processed by the Controller,
c) “Supervisory body” – shall mean the President of the Data Protection Office, ul. Stawki 2, 00-193 Warszawa,
d) “GDPR” – shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
5. The Controller shall not transfer personal data to countries outside the European Economic Area.
6. Personal data is not profiled unless it has been clearly stated below.
2. CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER
1. The Controller of personal data is KANEX Spółka z o.o. ul. Zdrojowa 22, 16-001 Kleosin, hereinafter "Controller".
2. You can contact the Controller at any time regarding data protection issues, the way it is processed by the Controller, any remarks concerning this Policy or to exercise their rights as data subjects in relation to their personal data processed by KANEX Spółkę z o.o., in the following way:
a) using the contact form available on the website: https://kanex.com.pl/PL/kontakt.html
b) by traditional post to the address of the Data Controller: ul. Zdrojowa 22, 16-001 Kleosin
c) by e-mail: inspektor@kanex.com.pl
3. The Data Protection Officer at KANEX Spółka z o.o. is Agnieszka Kondel. You can contact the Data Protection Officer at the following email address: inspektor@kanex.com.pl
3. SCOPE OF PERSONAL DATA PROCESSED BY THE CONTROLLER
1. "Personal data" shall mean information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular, based on an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. This includes the following information: IP address, form of addressing, name, address, email address, and telephone number.
2. KANEX Sp. z o.o. process the personal data of:
a) Job applicants,
b) Clients, Customers and the data of their employees/co-workers/representatives/proxies/members of the management board, persons acting on behalf of the customers and trade partners – in respect to the following: name and surname, email address, position, phone number, data of the company they represent,
c) Employees and co-workers of KANEX Sp. z o.o.,
d) Persons who consented to marketing communication, newsletter, persons contacting the Company by phone or traditional or electronic correspondence.
4. INFORMATION CLAUSE FOR JOB APPLICANTS
1. The submission of personal data included in the CV to the Controller, including in a broader scope than that set out in Article 22(1) of the Labour Code, constitutes consent to the processing of such data by the Controller for the purpose of the recruitment process, regardless of the preferred legal basis for employment. The Controller processes the personal data as soon as the Job applicants' data is made available, which is always performed with the prior consent of the data subject (Job applicant).
2. Personal data obtained during the recruitment process shall be processed:
a) In the case of recruitment aimed at employment based on an employment contract, in order to carry out obligations resulting from law, related to the recruitment process, most importantly the Labour Code – the legal basis for the processing is the legal obligation of the Controller (Article 6(1)(b) and (c) of GDPR in relation to the provisions of the Labour Code),
b) In the case of recruitment aimed at employment based on a civil law agreement – the legal basis for the processing of the data contained in the application documents is the action taken prior to concluding the agreement (Article 6(1)(b) of GDPR),
c) For the purpose of future recruitment, including the addition of the job applicant to the job applicant database in the case of the consent to the data processing for this purpose – the legal basis for the processing is the consent (Article 6(1)(b) of GDPR),
d) To select the job applicants, verify their qualifications and skills and determine the cooperation conditions – the legal basis for the data processing is the legitimate interest of the Controller (Article 6(1)(b) of GDPR). The legitimate interest of the Controller is the verification of the job applicants for work and the determination of possible cooperation,
e) To determine or settle possible claims or defend against such claims by the Controller – the legal basis for data processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR).
3. Data recipients are entities providing recruitment services to the Controller and other supporting services, i.e. providers of IT systems and IT services [email hosting and database systems], postal operators and couriers.
4. Personal data shall be processed until the completion of the current recruitment process and the selection of the job applicant(s) by the Controller and, to the extent that the processing is based on consent, until the consent is withdrawn, however, in the event that you consent to the processing of your data for the purposes of future recruitment, your data shall be processed for no longer than 4 years. Each time, the time of processing may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for establishing or asserting possible claims or defending against such claims by the Controller. After this period, data shall be processed only to the extent and for the time required by law.
5. The consents referred to in the paragraph above can be withdrawn at any time. The withdrawal of the consent does not affect the legality of the processing carried out before it was withdrawn. The Controller shall ask you to withdraw your consent in writing or electronically.
6. Data subjects have the rights set out in point 11 of this Policy.
7. Providing data within the scope of Article 22(1) of the Labour Code is required:
a) By law – in the case of employment based on an employment contract – including, in particular, the Labour Code. The consequence of not providing these data is no possibility to consider the application during the recruitment process,
b) In the case of employment based on a civil law agreement – by the Controller. The consequence of not providing these data is no possibility to consider the application during the recruitment process,
c) the provision of other data is completely voluntary.
8. The personal data of Job applicants may be profiled [but no automated decision-making is used] to select job applicants who match the requirements of the Controller's Customer in terms of education, skills and expected financial requirements or work conditions.
5. INFORMATION CLAUSE FOR CUSTOMERS – CONTRACTORS
1. Data shall be protected and processed to:
a) Execute contracts to which the data subject is a party, i.e. the Customer or Contractor or undertake actions on demand of the data subject prior to concluding the contract (based on Article 6(1)(b) of GDPR),
b) Promote company products or services (based of Article 6(1)(a) of GDPR) – if the consent to the data processing was given for this purpose or based on Article 6(1)(f) of GDPR, because it is our legitimate interest to inform about our trade offer,
c) Exercise our legitimate interest to establish, assert or defend against any possible claims (the legal basis for the processing is Article 6(1)(f) of GDPR).
3. Personal data shall be kept for the period necessary to fulfil the purpose for which the data subject has given their consent, with a systematic review of the assessment of its relevance. In particular, the data shall be processed for the duration of the contract, but not beyond the end of its term. Each time, the time of processing data may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for asserting possible claims or defending against such claims by the Controller. After this period, data shall be processed only to the extent and for the time required by law, including tax and accounting law. To the extent that data is processed for the purpose of directing marketing content to data subjects, it shall be processed until they withdraw their consent or object to such processing.
4. The recipients of the data shall be: carriers delivering shipments/deliveries for the company, banks intermediating in payments, selected entities assisting in handling marketing campaigns and promotion of offers if data subjects have consented to receive commercial information electronically, including information about the current offer of the company, suppliers of IT systems and services of the company, entities rendering services to the company necessary for the performance of a contract concluded with a data subject, including legal services, postal operators and couriers.
5. Data subjects have the rights set out in point 11 of this Policy.
6. Data subjects are entitled to object to the processing of their personal data for the purpose of directing marketing content to them. Moreover, with regard to the processing of personal data for purposes arising from the company's legitimate interests, data subjects are entitled to object on grounds relating to their particular situation.
7. Should the personal data be processed based on consent – the consent given above may be withdrawn at any time. The withdrawal of the consent does not affect the legality of the processing carried out before it was withdrawn. The Controller shall ask you to withdraw your consent in writing or electronically.
8. The provision of personal data is necessary for the execution of the contract concluded with the customer, and is otherwise voluntary.
6. INFORMATION CLAUSE CUSTOMER'S/CONTRACTOR'S EMPLOYEES/MANAGEMENT/SHAREHOLDERS/PROXIES
1. Personal data has been made available to the Controller by our contractor, whom the data subject represents/is an employee/co-employee, or obtained from public registers (e.g. business registers, KRS/CEIDG court registers) in connection with the performance by the Controller of a commercial contract between the Controller and the entity the data subject represents/is an employee/co-employee of. We shall process the following categories of personal data:
a) In the case of representatives: name(s) and surname, function in representative body, position, email address, telephone number, identification details,
b) In the case of other persons: name(s) and surname, email address, telephone number, position, identification details.
2. The Controller shall process data when it is necessary for purposes resulting from the legitimate interest executed by the Controller or a third party – based on Article 6(1)(f) of GDPR – which the Controller considers to be the conclusion and performance of a commercial contract between the Company and the subject which represents/is an employee/co-worker of the data subject and also the establishment, investigation and defence of claims.
3. The recipients of the data shall be: carriers delivering shipments/deliveries for the company, banks intermediating in payments, selected entities assisting in handling marketing campaigns and promotion of offers if data subjects have consented to receive commercial information electronically, including the current offer of the company, suppliers of IT systems and services of the company, entities rendering services to the company necessary for the performance of a contract concluded, including legal services, postal operators and couriers.
4. Data subjects have the rights set out in point 11 of this Policy.
5. Data subjects have the right to object to the processing of personal data – against the processing of data for purposes resulting from the legitimate interests of the company, they have the right to object for reasons relating to the particular situation of the data subject.
6. The provision of personal data is necessary for the execution of the contract concluded with the customer, and is otherwise voluntary.
7.INFORMATION CLAUSE FOR AGENTS
1. Data shall be processed to:
a) Execute contracts to which the data subject is a party, i.e. the agent/ordering party, or undertake actions on demand of the data subject prior to concluding the contract (Article 6(1)(b) of GDPR),
b) Comply with legal obligations resulting from legislation, insurance regulations, tax regulations – in this regard, the legal basis is the legal obligation of the Controller (Article 6(1)(c) of GDPR),
c) Determine or settle possible claims or defend against such claims by the Controller – the legal basis for data processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR).
3. The recipients of the data shall be: entities providing services to the Controller, i.e. providers of IT systems and services, postal operators and couriers, banks with regard to the payment of remuneration, entities authorised by law, entities providing the company with services necessary for the performance of the contract concluded, including legal services.
4. Data shall be processed for the duration of the contract, and after its termination – in general, no longer than 6 years. Each time, the time of processing may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for establishing or asserting possible claims or defending against such claims by the Controller. After this period, data shall be processed only to the extent and for the time required by law, e.g. for the archiving of documentation.
5. Data subjects have the rights set out in point 11 of this Policy.
6. With regard to the processing of personal data for purposes arising from the company's legitimate interests, data subjects are entitled to object on grounds relating to their particular situation.
7. The provision of data is a contractual requirement. The consequence of not providing this data is that a contract cannot be concluded.
8. INFORMATION CLAUSE FOR PERSONS CONTACTING THE CONTROLLER
1. Data shall be processed for the purpose of handling an enquiry/correspondence – answering questions, as the legitimate interest of the Controller is to handle enquiries and correspondence, establish or assert possible claims or defend against such claims by the Controller (Article 6(1)(f) of GDPR).
2. The recipients of the data shall be entities providing services to the Controller, i.e. the providers of IT systems and services [email hosting and database systems], legal services, postal and courier operators, and entities authorised by law.
3. Data shall be processed for the duration of the correspondence, and after their completion – in general, no longer than for the period of the statute of limitations for claims. Each time, the time of processing may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for establishing or asserting possible claims or defending against such claims by the Controller. After this period, data shall be processed only to the extent and for the time required by law, e.g. for the archiving of documentation.
4. Data subjects have the rights set out in point 11 of this Policy.
5. With regard to the processing of personal data for purposes arising from the company's legitimate interests, data subjects are entitled to object on grounds relating to their particular situation.
6. The provision of data is a contractual requirement. The consequence of not providing this data is that a contract cannot be concluded.
9. INFORMATION CLAUSE FOR PERSONS CONTACTING THE CONTROLLER BY PHONE (CONVERSATIONS RECORDED)
1. Data shall be processed to handle a query/phone call – to provide answers. Personal data shall also be processed to monitor the quality of the Controller's service to the Client, secure the legal interest of the person whose personal data is recorded in the phone recording system, and the legal interest of the Controller.
2. Data shall be processed based on consent under Article 6(1)(a) of GDPR.
3. The recipients of the data shall be entities providing services to the Controller, i.e. the providers of IT systems and services, telecommunication services, legal services, postal and courier operators, and entities authorised by law.
4. Data shall be processed for the duration of the conversations, and after their completion – not longer than 12 months. Each time, the time of processing may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for establishing or asserting possible claims or defending against such claims by the Controller. After this period, data shall be processed only to the extent and for the time required by law, e.g. for the archiving of documentation.
5. Should the personal data be processed based on consent – the consent given may be withdrawn at any time. The withdrawal of the consent does not affect the legality of the processing carried out before it was withdrawn. Please withdraw your consent in writing or electronically.
6. Data subjects have the rights set out in point 11 of this Policy.
7. The provision of data is completely voluntary.
10. INFORMATION CLAUSE FOR RECIPIENTS OF COMMERCIAL INFORMATION/MARKETING INFORMATION
1. Data shall be processed:
a) For the purpose of sending marketing information based on the consent (Article 6(1)(a) of GDPR), for the purpose of marketing the company's own products or services (Article 6(1)(f) of GDPR) – where it is our legitimate interest to inform about our commercial offer.
2. The recipients of the data shall be: entities providing services to the Controller, i.e. providers of IT systems and services [email hosting and database systems, email marketing, marketing agencies], entities entitled under the provisions of law, legal services, postal and courier operators, and entities authorised by law.
3. Data shall be processed until the withdrawal of the consent, verifying periodically its relevance. Each time, the time of processing may be extended by the period of the statute of limitations for claims, if the processing of personal data is necessary for establishing or asserting possible claims or defending against such claims by the Controller.
4. Data subjects have the rights set out in point 11 of this Policy.
5. Data subjects are entitled to object to the processing of their personal data for the purpose of directing marketing content to them. Moreover, with regard to the processing of personal data for purposes arising from the company's legitimate interests, data subjects are entitled to object on grounds relating to their particular situation.
6. Should the personal data be processed based on consent – the consent given may be withdrawn at any time. The withdrawal of the consent does not affect the legality of the processing carried out before it was withdrawn. The Controller shall ask you to withdraw your consent in writing or electronically.
7. Profiling - we profile, i.e. automatically assess certain personal factors, based on the personal data provided. We use profiling to better understand your interests and needs regarding the products and services we offer. Based on your profile, we shall send you information matching your preferences in terms of, among other things, customising the subject of the content and promotional, educational and informational material we send you, offering products, market research and public opinion polling, and taking measurements to improve our services. We use the following data for profiling: name, surname, age, gender, language, date of birth, town/city, type of product purchased, and source of data acquisition.
8. The provision of data is voluntary but necessary to contact the Controller for the purposes described in Section 2 above.
11. DATA SUBJECT'S RIGHTS RELATED TO THE PROTECTION OF PERSONAL DATA
1. Should you assert your rights, please address your correspondence to the e-mail address set out in point 2. or via a contact form. At the same time, please send us all the information necessary to enable us to identify you unambiguously.
2. You are entitled to:
a) Access the content of your personal data, including requesting a copy.
b) Require rectification of your data.
c) Have your personal data deleted (the right to be forgotten).
d) Restrict personal data processing.
e) Have your personal data transferred to another controller if the processing is based on a contract [Article 6(1)(b) of GDPR] or consent [Article 6(1)(a) of GDPR].
f) Object to the processing of personal data, in particular, to direct marketing based on Article 6(1)(f) of GDPR. You have the right to object to the processing of your personal data for purposes based on Article 6(1)(f) of GDPR due to your particular situation.
g) Complain with the President of the Data Protection Office.
h) Withdraw your consent, which may be done at any time. The withdrawal of consent shall not affect the processing carried out before it. Consents may be revoked by them at any time, without affecting the legality of the processing.
3rd To exercise the above-mentioned rights, contact the Data Protection Officer at the following email address: inspektor@kanex.com.pl, alternatively by contacting the company using the contact form available on the website: https://kanex.com.pl/PL/kontakt.html or by traditional post to the address of the Data Controller: ul. Zdrojowa 22, 16-001 Kleosin.
4th Should the processing of personal data be considered to breach the applicable regulations, every data subject shall have the right to lodge a complaint with the Supervisory Body. To do so, you may contact the data protection office competent for your place of residence. You may also contact the data protection office locally competent for our Company. You can find contact details below:
Data Protection Office, ul. Stawki 2, 00-193 Warszawa, kancelaria@uodo.gov.pl
12. INFORMATION ON COOKIES
Visiting this website, with the setting of the browser on the device from which the website is accessed, which allows the use of cookies, is tantamount to the user's consent to the use of such cookies.
Cookies are used by KANEX Sp. z o.o. to optimise the functioning of the website and for statistical analysis. This website uses the following Cookies: Google Analytics - this website uses a web analytics service provided by Google, Inc. Cookies are used for this purpose. You can find more about privacy in the use of Google Analytics at the following link:
Google.com
Session-specific cookies – are used exclusively to improve the functionality of the website.
Session-specific cookies expire (are deleted) when the user closes the browser.
Google Analytics cookies generally expire no later than 6 months after your last visit to the website.
The user can delete cookies at any time using the functions available in the browser or the operating system.
It is entirely up to the website visitor to decide whether cookies are stored on their device.
Cookies can be blocked and managed (in particular deleted) using the settings of the browser – usually in the privacy settings – for more information, please refer to the documentation of the browser.
Should the user not agree to Google Analytics tools, they can use the official add-on for the browser, available at the following address: Browser add-on to block Google Analytics
Please note that if you disable cookies, you may not be able to use the full functionality of the website or may find it significantly more difficult.
Any changes to the Privacy Policy regarding the processing of personal data and cookies will be published on this website.