May 25th 2018 was the day of coming into force of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). Below we provide key information you should know about our processing of personal data as required under applicable laws and in order to afford appropriate personal data protection to data subjects.
Who is the data controller?
The data controller of your personal data is PELION S.A., with its registered office at ul. Zbąszyńska 3, 91-342 Łódź, entered in the Register of Businesses of the National Court Register maintained by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register, under No. 0000049482, with a share capital of PLN 15,568,750 (paid in full) and NIP (Tax Identification Number) 7261009357.
You may contact us by calling +48 42 200 77 66 or at iod@pelion.eu
What data do we process?
We process the data you provide in connection with you or your employer or principal having entered into a contract with us. The data may include, without limitation, your name, surname, email address, phone number, position and employer data. If you are an independent entrepreneur, we will also process your tax identification number (NIP), industry identification number (REGON), registered address and bank account number.
What is the purpose and legal basis of processing? How long do we process personal data?
The legal basis and retention period for your personal data used for the individual purposes are provided in the table below.
Purpose |
Legal basis |
Retention period |
|
1 |
Performance of contract between the Parties |
Processing is necessary for the performance of a contract to which the data subject is party (Article 6(1)(b) of the GDPR) |
Until a contract expires; thereafter the data may only be retained if this is required or permitted by law, for instance for the purposes of enforcing legal claims. |
2 |
Communication for the purposes of performing a contract with a person other than the other party to the contract, for instance communication with employees authorised to act as points of contact. Communication to maintain business relationships. Processing of data of authorised representatives, for instance attorneys-in-fact, proxies or managers signing a contract. |
Processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1)(f) of the GDPR). |
Until the business relationship is terminated or a valid objection is made by the data subject. |
3 |
Sending promotional and marketing materials by electronic means. |
The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6(1)(a) of the GDPR) |
Until the consent is withdrawn. |
Who do we transfer personal data to?
We use the services of entities providing and maintaining our IT systems and entities providing day-to-day business support. We may transfer your personal data to those entities. However, we will only disclose your data to them under relevant outsourcing agreements, and we will ensure that they have implemented appropriate technical and organisational data protection measures. These entities will only process your data on our instruction and in line with the agreed purpose.
Your data may also be transferred to entities who have the right to request such data in accordance with applicable laws, for instance to law enforcement authorities, based on a valid legal basis (e.g. for the purposes of pending criminal proceedings).
Do you have to provide your personal data?
Your decision to provide your personal data to us is always voluntary. However, if you decide not to provide your personal data, we may be unable to work with you.
What are your rights?
You have the following rights in relation to the processing of your personal data by us:
- the right to request access to your personal data and obtain copies of the data,
- the right to rectification of your data,
- the right to erasure of your data (in specified circumstances),
- the right to lodge a complaint with a supervisory authority competent for personal data protection,
- the right to restriction of processing.
If you have consented to the processing of your personal data by us, you also have the right to:
- withdraw the consent to the extent it provides the basis for its processing. The withdrawal of consent will not have an impact on the lawfulness of processing based on consent before its withdrawal.
- receive your personal data in a structured, commonly used, machine-readable and interoperable format and transmit it to another controller.
In order to enforce these rights, you should contact the data controller or the Data Protection Officer.
Contact details of the Data Protection Officer
In order to protect your personal data, facilitate contact regarding all aspects of personal data processing and enable you to enforce your rights related to data processing, we have appointed a Data Protection Officer. The details of the Data Protection Officer are given below.
Mailing address: Pelion S.A. ul. Zbąszyńska 3, 91-342 Łódź, marked: Data Protection Officer or DPO. Email: iod@pelion.eu