Joint Privacy Policy

Introduction

Data protection and information security have always been a priority in the activities of the .mdd Company and its subsidiaries.

As a responsible organisation that is aware that information has a certain value and is a resource that needs to be properly protected, we are keen to be duly informed about matters relating to the processing of personal data, especially given the content of the data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and the Council of 27.04.2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC ("GDPR"). For this reason, in this Privacy Policy (the "Policy") we set out key information relating to the processing of personal data of the Companies hereafter referred to for this Policy as the MDD Group or “we” i.e., in particular:

  1. .mdd Sp. z o.o. (Ltd.) with registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS (National Court Register): 0000097731, NIP (Taxpayer Identification Number): 5611437378, REGON (National Offical Business Register): 092911632,
  2. DIRECT DIGITAL Sp. z o.o. (Ltd.) with its registered office in Bydgoszcz, Poland, at (85-023), ul. Toruńska 33, KRS: 0000915881, NIP: 9532784828, REGON: 389662490,
  3. .mdd Dąbrowski Sp. Komandytowa (Limited Partnership) with its registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000394682, NIP: 5040068981, REGON: 341092676
  4. .mdd Design with registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000478469, NIP: 5040072652, REGON: 341482450.

This Policy applies to all cases in which MDD Group companies are controllers and process personal data.
As part of the Policy, we, therefore, present both information regarding the processing of personal data in connection with the use of our website and social networks, as well as other information clauses regarding the processing of personal data by MDD Group companies outside these channels.
In this Policy, you will also find precise information regarding the situation of co-management of personal data.

Personal Data Controllers

The Controller of your personal data is one of the MDD Group companies:

  1. .mdd Sp. z o.o. (Ltd.) with registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000097731, NIP: 5611437378, REGON: 092911632,
  2. DIRECT DIGITAL Sp. z o.o. (Ltd.) with its registered office in Bydgoszcz, Poland, at (85-023), ul. Toruńska 33, KRS: 0000915881, NIP: 9532784828, REGON: 389662490,
  3. .mdd Dąbrowski Sp. Komandytowa (Limited Partnership) with its registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000394682, NIP: 5040068981, REGON: 341092676,
  4. .mdd Design with registered office in Sępólno Krajeńskie, Poland, at (89-400), ul. Koronowska 22, KRS: 0000478469, NIP: 5040072652, REGON: 341482450;

of which it communicates to you in the abridged version of the information obligation provided under Article 13.1 and Article 14.3 GDPR in direct or indirect communication.

Joint Personal Data Controllers

The companies .mdd Sp. z o.o. (Ltd.) and DIRECT DIGITAL Sp. z o.o. (Ltd.) , to achieve their business objectives and ensure the highest standards of services provided, also process your personal data, not only as independent Controllers but also within the framework of a joint-control relationship, based on a co-management agreement concluded according to Article 26(1) and (2) of the GDPR, specifying in particular the purposes of such processing.
The companies .mdd Sp. z o.o. (Ltd.) and DIRECT DIGITAL Sp. z o.o. (Ltd.) - acting as Joint Controllers, jointly determine the purposes and means of processing personal data in the processing of data on the mdd.eu website and other standalone [landing page] pages dedicated to actions and events organised by these companies and social networking services.

In fulfilment of the obligation set out in the provision of Article 26(2) of the GDPR, we set out below the main content of the arrangements between the Joint Controllers, made within the framework of the joint control agreement:

  1. the Joint Controller, which has a decisive influence on the selection and provision of technical means for the processing of personal data, including in particular hardware and software, is .mdd Sp. z o.o. (Ltd.) (hereinafter: ".mdd");
  2. for the involvement of any processor in the processes covered by the joint-control relationship, the approval of that processor by .mdd is required in each case;
  3. each of the Joint Controllers is responsible for implementing the information obligations under the provisions of the GDPR. The content of the information obligations is the result of a joint agreement between the Joint Controllers;
  4. each Joint Controller shall independently maintain a Register of Processing Activities and, if applicable, a Register of Categories of Processing Activities;
  5. the Joint Controller is obliged to conduct preliminary personal data protection risk analyses and, where necessary, data protection impact assessments is .mdd;
  6. in the case of international transfers of personal data, in particular involving countries that are outside the EEA, the Joint Controllers are required to apply additional, GDPR-compliant safeguards and to establish rules for informing individuals of such transfers and their responsibilities;
  7. each of the Joint Controllers is an entity responsible for the processing of personal data following the GDPR, including in particular the exercise of data subjects' rights;
  8. data subjects may request the exercise of their rights under the GDPR to each of the Joint Controllers, at their discretion and choice, in particular by raising them through the point of contact indicated in the "Joint Privacy Policy" at mdd.eu ;
  9. data subjects have the right to lodge a complaint related to the processing with any supervisory authority of their choice, territorially competent for any of the Joint Controllers, including in particular the President of the Office for the Protection of Personal Data;
  10. the Joint Controllers shall cooperate closely with each other concerning the fulfilment of requests from data subjects, .mdd shall maintain a joint register of requests, which shall be stored in a manner that ensures the integrity and confidentiality of the data contained therein;
  11. in the event of a breach of the protection of personal data under joint control, each Joint Controller is obliged to inform the other Joint Controllers of the suspected breach immediately, but no later than 24 hours after the breach is identified;
  12. the Joint Controllers are required to participate in the investigation of the identified breach. The Joint Controller who has identified a breach is obliged to carry out a preliminary analysis of the risk of the breach to the rights and freedoms of the individuals affected and communicate the results to the other Joint Controllers;
  13. the Joint Controllers - based on the results of the risk analysis carried out - jointly decide on the notification of the breach to the competent supervisory authority and to the data subjects and identify the Joint Controller responsible for the implementation of the above information obligations.

How to contact us about your personal data?

Would you like to notify us of a breach of protection of your personal data, send us a request regarding your rights as a data subject? Do you have questions or concerns about the protection of your personal data?

The MDD Group companies have appointed a Data Protection Officer (Ms. Patrycja Żarska-Cynk), hereafter referred to as the DPO. You can contact the DPO at the following email address: iod@mdd.pl

Where can you find information on the processing of your data?

We may process your personal data in different ways and in different situations, depending on whether you are a Customer, a Supplier or interested in working for one of the MDD Group companies.

We have organised the information on the processing of personal data into sets dedicated to various categories, so that you can more quickly find the scope of information that applies to you.

  1. If you are a current or potential customer - further information on our processing of your personal data can be found here.
  2. If you are a current or potential supplier of services, equipment or software - further information on our processing of your personal data can be found here.
  3. If you are a representative/employee of our business customers or providers of services, equipment or software, collectively referred to as Contractors - further information regarding our processing of your personal data can be found here.
  4. If you are communicating with us on any matter but have not yet declared your intentions at this stage - further information regarding our processing of your personal data can be found here.
  5. If you are interested in collaborating or working for one of the MDD Group Companies - further information on our processing of your personal data can be found here.
  6. If you are registering for an online or onsite event/training event hosted by one of the MDD Group Companies - further information on our processing of your personal data can be found here.
  7. If you would like to find out more about the .mdd and DIRECT DIGITAL Joint Controllers' use of your data on the website in the domain mdd.co.uk other standalone websites created by us [landing page] and social networking services, you can find information here.

Within the framework of the website in the domain mdd.eu (hereinafter: “Website”) and on stand-alone websites created by us [landing page], we use information recorded using Cookies, i.e. IT data stored on users' terminal devices intended for the use of websites (e.g. computer, tablet, phone). They usually contain the name of the originating website, the length of time they are stored on your terminal device and a unique number when you visit our website, but you can read more about this in the Cookie Policy.

Whatever the case may be, we are committed not to sell, commercialise or use your personal data in breach of applicable data protection legislation.

Exercise of rights

Concerning our processing of your personal data, you have the right to:

  1. withdraw your consent to cookies and processing (if we are acting based on such consent),
  2. request access to your personal data,
  3. request the rectification of your personal data,
  4. request the erasure or restriction of the processing of your personal data,
  5. object to processing based on legitimate interests (unless there is an overriding legal basis) or for direct marketing purposes,
  6. not be subject to automated decision-making that has a significant impact on you,
  7. have your data transferred in a machine-readable format to you or to another data controller,
  8. complain with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
If you have any questions about this policy, our general processing of your personal data or your data protection rights, you can contact .mdd and DIRECT DIGITAL using the information below:

Other information

To protect personal data from unauthorised access, disclosure, alteration or destruction, we have taken appropriate organisational and technical measures, including physical, electronic and governance procedures, to ensure the protection and security of information collected by MDD Group Companies.
We are developing our competencies, modernising our processes, and subjecting the adopted data processing model and security measures to audits, as a consequence of which there may be changes to the communications addressed to you and made available here. We reserve the right to update them.
Information on changes to the documents will be published on mdd.eu in the Privacy Policy section.
update date: 2024-03-11