GDPR

INFORMATION ON HOW PERSONAL DATA IS PROCESSED

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) Schwarz Technology Poland sp. z o.o. provides the following information concerning the processing of personal data:

1. Personal Data Controller:

The Personal Data Controller is Schwarz Technology Poland spółka z ograniczoną odpowiedzialnością, ul. Karola Olszewskiego 6, 25-663 Kielce, entered in the Register of Entrepreneurs kept by the District Court in Kielce, 10th Commercial Department of the National Court Register, under KRS (National Court Register) number: 0000631890, NIP (Tax Identification Number): 9591975926, REGON (National Business Registry Number): 365195370, info@schwarztec.pl.

2. Categories of data processed:

The Data Controller may process the following categories of personal data: identification data, address and contact details and possibly other data if necessary for the purposes for which the Data Controller processes data.

3. Purposes of personal data processing:

Personal data may be processed by the Data Controller for the following purposes:

  1. To perform the agreement you have concluded with the Data Controller, or to act on your request, prior to concluding the agreement – pursuant to Article 6(1)(b) of the GDPR;
  2. To conduct direct marketing of the Data Controller’s products and services, which is a legitimate interest of the Data Controller – pursuant to Article 6(1)(f) of the GDPR;
  3. To respond to your enquiry or correspondence sent to the Data Controller, which is a legitimate interest of the Data Controller – pursuant to Article 6(1)(f) of the GDPR;
  4. To fulfil the legal obligations incumbent on the Data Controller – pursuant to Article 6(1)(c) of the GDPR;
  5. To pursue or defend against claims, which is a legitimate interest of the Data Controller – pursuant to Article 6(1)(f) of the GDPR.

4. Source of personal data

The Data Controller processes personal data that comes from you or an entity with which you are associated with (for example, your employer).

The Data Controller may also process data from publicly available sources.

5. Data recipients

The Data Controller may make personal data available to its subcontractors (entities which it uses for the processing) such as:

  1. IT service providers;
  2. Entities providing accounting services;
  3. Entities providing marketing services.

The Data Controller is entitled to make personal data available to other entities as well, if such obligation results from legal regulations.

The Data Controller shall also be entitled to make personal data available to entities participating in the performance of the concluded agreement, if it is necessary for said performance.

The Data Controller shall not transfer personal data outside the European Economic Area except in two cases.

The first is to make the data available to the Data Controller’s subcontractors (entities that process data on the Data Controller’s behalf), who provide the Data Controller with IT services. The Data Controller shall use only entities participating in the EU-U.S. Privacy Shield programme, which ensures that their actions are consistent with the GDPR.

The second case is the processing of data by the Data Controller within Switzerland. The European Commission has adopted a decision that Switzerland ensures an adequate level of protection of personal data (Commission Decision No 2000/518/EC).

6. The period of processing of personal data:

The Data Controller may store your personal data for the following periods::

  1. In the case of data processed for the purpose of performing the agreement or taking action on your request – for the period required by law and for the period necessary to pursue the Data Controller’s claims or defend against claims made against the Data Controller;
  2. In the case of data processed for the purpose of marketing – until objection is made to such processing on the basis of its purpose, until withdrawal of consent or until the Data Controller decides to delete the data;
  3. In the case of data processed for the purpose of answering your enquiry or correspondence – for a period of 3 years from receiving said enquiry or correspondence;
  4. In the case of data processed for the purpose of fulfilling legal obligations imposed on the Data Controller – for the period required by law;
  5. In the case of data processed for the purpose of pursuing claims or defending against claims – for the period of limitation of potential claims.

7. Rights of the data subjects

You have the following rights:

  1. The right to access the personal data you have provided and the right to obtain a copy thereof;
  2. The right to rectify your personal data;
  3. The right to delete your personal data;
  4. The right to demand a restriction on the processing of your personal data;
  5. The right to transfer your personal data;
  6. The right to object to the processing of your personal data;
  7. The right to lodge a complaint with the supervisory authority: the President of the Personal Data Protection Office.

If the processing of your data is based on your consent, you also have the right to revoke your consent to the processing of your personal data at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

The Data Controller does not make decisions based solely on automated processing, including profiling.

In order to exercise the above rights, you may contact the Data Controller.

Company data

Schwarz Technology Poland Sp. z o.o.
Ul. Karola Olszewskiego 6
25-663 Kielce
KRS 0000631890
NIP 9591975926
Regon 365195370
BDO 000202700