I. Personal data
We are publishing this document in order to clarify the reasons for collecting and processing personal data within the scope of our operations:
- What are personal data?
These are all the information that allows one to easily distinguish one person from others. Personal data may refer directly (like name and surname, ID number, and sometimes even an e-mail address or internet account) or indirectly to a given person. Examples of the latter include health condition, beliefs, address, addictions, race or religion.
- What personal data are we talking about in our case?
We process data provided to us by customers, business partners and staff in conjunction with using our services, cooperation or employment.
- What is data processing?
Processing means all the operations which we can perform on personal data – associated both with their active use such as collecting, downloading, saving, combining, modifying or making available as well as passive use such storing, limiting, deleting or destroying.
- Who is the Data Controller (that is who affects its processing and security)?,
Your Data Controller is: Fabryka Mebli Biurowych MDD Sp. z o.o. in Sępólno Krajeńskie, at ul. Koronowska 22, 89 – 400 Sępólno Krajeńskie, NIP 5611437378, REGON 092911632, represented by the Company Management Board, Tel. No.: +48 (52) 389 44 00, correspondence address: email@example.com
- Pursuant to what legal basis and why do we process your data?
An appropriate legal basis in accordance with the regulations as in force at present has to be behind every processing of your data. This basis may constitute your consent to data processing or other legal provisions allowing for such actions set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as GDPR) or various national legislation, such as acts or resolutions.
We may process your data for a number of purposes, such as:
- you can make your data available to us by sending an e-mail. Then we process your data on the basis of your consent which you automatically grant when sending your data (e.g. your e-mail address) to us. Your consent is voluntary – you may retract it at any time. In such case we shall delete all the information you provided, as long as you have note become our customer.
- is you are a customer of ours or interested in our services, then we process your data pursuant to an agreement you signed with us or within the scope of preparations for concluding such an agreement. This always takes place with your knowledge and according to your intention. In expressing an intention to conclude an agreement, you know what personal data will be required to sign it, and once signed you know what data you handed over or shall hand over at a later date.
- if you become a user of our services, a recipient of marketing information which we have put together for example, we will process your data on the basis of your consent. Your consent can be given verbally, during the course of a telephone conversation or by responding to a question sent by us wherein we ask whether you agree to receive information about our products and services. Your consent is voluntary – you may retract it at any time. In such case we shall cease providing our services and delete all the information you handed over immediately.
- we may also process your data in conjunction with the need to ensure the security of our information network. This might come to pass when you use or connect to our IT infrastructure for example by browsing our website or sending messages to us. This comprises our legitimate interest.
- if you are interested in working for us, your data is processed in the form of an application or CV which you sent. This always takes place with your knowledge and pursuant to a written consent, which you may retract at any time. In such case we shall not consider your application and delete all the information you handed over immediately. Whereas the moment you become employed with us, further data processing principals and the obligatory scope for their provision and further processing are governed by the provisions of law.
- Who do we transfer your data to?
According to the law we can transfer your data to subcontracted processors such as: the post operator, accounting firm, internet services provider or those service subcontractors specified in your agreement. We are also obliged to make your data available to entities authorised pursuant to other provisions of law (such as the courts or enforcement bodies). The data will only be made available if such entities submit a request on the matter, indicating the legal basis pursuant to which such a request is justified.
We do not foresee transferring your data to third countries or international organisations, that is outside of the European Union economic area. Pursuant to GDPR, in the European Union all member states provide the same level of protection for your data. For the Polish language version of GDPR see: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=OJ:L:2016:119:TOC
How long will we process your data for?
We make every effort to limit the scope of collected data to the necessary minimum, and this includes the processing period. To that end we perform systematic reviews of our documents, both paper and in electronic versions and delete surplus data. Remember that the processing time of your data, depending on the grounds pursuant to which we obtained it, may be governed by separate, independent provisions of law subject to which we may be obliged to store your data regardless of your will or intent. Here the labour law, social insurance law or accounting regulations are just some examples.
We may also obtain your data in conjunction with a training seminar, in which case we may only process it for a short period of time, for purposes associated with financial settlements with the entity which contracted us to perform the training seminar or to issue you with a certificate confirming training participation. After these actions we will delete your data immediately and we will certainly not use them other purposes – such as advertising our services, unless you explicitly and expressly consent to such.
If you were the end recipient of our services and we concluded an agreement on the matter, pursuant to accounting regulations, your data will be held as part of relevant drafted financial and accounting documentation and processed for 5 subsequent calendar years starting from the purchase/agreement date.
If the data we hold are going to be used for any purpose other than that for which they were obtained, we will always inform you and you will have an opportunity to object.
- What are your rights in relation to your data?
If we are processing your personal data, you always have the right to:
- request access to data – within the scope of GDPR Article 15,
- rectify data – within the scope of GDPR Article 16,
- request an erasure – within the scope of GDPR Article 17,
- or limit data processing – within the scope of GDPR Article 18,
- object to data processing – within the scope of GDPR Article 21
- data portability and to obtain copies of it – within the scope of GDPR Article 20.
All these rights are set forth in detail in Article 15 to 21 of GDPR, for the Polish language version see: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=OJ:L:2016:119:TOC
You can also withdraw your consent to data processing at any time. In such an event we will immediately erase your data unless we are otherwise legally obliged to continue processing.
If you consider that we have breached your rights in any way – we certainly wish this does not happen – or have failed to ensure the security of your data, then you have the right to lodge a complaint with a supervisory authority, currently the President of the Personal Data Protection Office .
- Automated decision-making and profiling information
We will not make any automated decisions on the basis of your data, that is ones of automated nature, made without human intervention. Also, we do not engage in any activities for the purpose of profiling you.
- How do we protect your data?
We use the legally required technical and organizational measures to safeguard your data. At our site we have installed the required physical safeguards to prevent unauthorized data access. Our staff hold the required certificates and may process data in a limited manner, that is only within the scope required to perform their professional duties.
The TLS 256 bit security protocol we use in the most up to date version 1.2, ensures the safety of your data sent electronically. A green padlock in your web browser by our web address may show this. As the site was encrypted before it was sent, you can be sure that you are entering our site which has not been modified in any way en-route to you via the Internet.
- Protecting the privacy of minors
Our site does not monitor or verify information pertaining to the age of users, senders and recipients of messages or persons interested in receiving our news and updates, including in the form of a newsletter. Contact details for visitors (such as users’ telephone numbers and e-mail addresses) are used to perform orders, send company and marketing information.
Minors should not send any information and should not subscribe to the services rendered by our company, without the consent of their parents or legal guardians. We will require such a consent in each case where we discover that a user is a minor (“child”) in the meaning of GDPR Article 8, i.e. the child is below the age of 16 years.
- Contact details for the person responsible for personal data protection.
Biuro Doradczo-Usługowe OIN Jerzy Gerszewski, Sławomir Rzepecki Spółka Cywilna in Bydgoszcz, whose representative, Sławomir Rzepecki is our Data Protection Officer, shall represent us in all personal data protection issues. His contact details are as follows: e-mail: firstname.lastname@example.org and mobile telephone number: +48 602-734-255.
II. Visual monitoring
- Legal basis:
The legal basis for monitoring is the legitimate interest pursued by us as the Controller (Article 6, paragraph 1f of GDPR), and in particular it stems from the necessity to protect property, settle conflict situations associated with complaints, to identify perpetrators of incidents and collect evidence in order to demonstrate facts or as defence against possible claims.
- The purpose of monitoring:
The purpose of our visual monitoring is:
- to ensure safety and to protect the health and life of our members of staff, customers as well as other persons at the premises of our Company;
- to secure moveable and immovable property within the premises of our Company, including to prevent theft and devastation;
- to keep secret information, the disclosure of which could expose our Company to loss.
- Form of monitoring:
We use visual monitoring in the form of cameras which facilitate the recording of images of persons within premises of the Company. The area subject to monitoring is clearly marked using pictograms together with our contact details. Such pictograms are displayed by all entrances to the area subject to monitoring.
- Scope of personal data processing:
The scope of possible information processing associated with the images recorded on a device monitoring the site includes:
- images of natural persons,
- vehicle registration number,
- date and location of the event subject to monitoring,
- the behaviour of persons whose images were recorded by the image recording device.
- Storage period and making data available:
Monitoring records are only processed for purposes for which they were collected and stored for a period of up to 30 days. That time may be extended by periods dictated by statutory obligations or to protect the rights of the Controller or of third parties, including in order to pursue or defend against claims.
The recordings may be made available only to our members of staff who have been authorised by name as well as entities authorised to access the video recordings pursuant to the law.
We have no plans to transfer your personal data to a third country or an international organisation. The recorded data shall not be profiled, and shall only be consulted in the event of a breach or suspected breach of security or in association with a submitted complaint.
- Rights of persons whose image was recorded:
Persons, whose data constitute part of the materials obtained from monitoring are entitled to the same rights as those specified in item, I.8.
III. Cookie files
- What are cookie files and what are they used for?
Cookies are text files, saved on your device and used by the server to remember your device when it connects again. Cookies are downloaded every time you “enter” and “exit” a site. Cookies are not used to identify users, but only your device, in order to, amongst others, once the type of browser you are using has been identified, display an image best suited for the performance capabilities (e.g. resolution) or type ( desktop or mobile version) of your hardware.
Cookies are most often used for counters, surveys, Internet shops, pages which require a log-in, adverts and to monitor the activity of visitors. Cookies also make it possible to remember your interests and adjust the site content and adverts displayed accordingly.
- What do cookies do?
In general, cookies function as follows:
- they identify the details of the computer and browser used to browse websites – this can be used to find out if a given computer has opened a given site before,
- data obtained from cookies are not associated with the users’ personal data obtained during registration for example,
- they are not harmful to you or your computers or smart phones – they do not impact performance,
- they do not change the configuration of end devices or in the software installed on those devices,
- by default, cookies’ parameters allow them only to be opened by the server which created them,
- they provide the server with information based on your activity on websites which you browse, which is then used to display a site better adjusted to your individual preferences.
- What types of cookies are there?
There are three types of cookies:
- “Session cookies” – are temporary files, stored in the memory of the browser until the session ends (or when the browser is closed). These files are required by some applications or functions to work properly. Once the browser is closed, they should be automatically removed from the device used to browse the site,
- “Persistent cookies” – make it easier to use sites which are visited often (e.g. they remember the colour layout of the site or the menu layout on your favourite sites). These files are stored in an appropriate folder for longer periods which you can adjust using your browser settings. Every time you visit a given page, information from these files is sent to the server. This type of cookies is sometimes referred to as tracking cookies.
- “Third party cookies” – are files usually from advertising servers, search servers, etc., which cooperate with the owner of a given site. They are used to display adverts adjusted to your preferences and habits, which is often the reason elements of a given web service are free. They are also used to record “click rates” for adverts, user preferences, etc.
Remember, you can manage cookie settings independently. You can do that in your browser settings (usually by default the mechanism is enabled). The most popular browsers allow you to:
- enable cookie files to take advantage of all the functions of given websites,
- manage cookies on the level of particular websites which you select,
- configure settings for different types of cookies, for example to accept persistent cookies as session cookies, etc.,
- block or delete cookies.
For information on enabling and disabling cookies in the most popular browsers follow these links:
If you do not change the settings of your browser, cookies will remain enabled. If you block cookies or disable some types of cookies, you may be prevented from using all functions of a given site or interfere in its proper functioning.
Our website uses both session cookies as well as persistent cookies. We use them for the following purposes:
- statistics, facilitating improvement to site content and structure,
- keeping the user’s session open.
In order to function correctly, websites collect the following information: name and version of the browser, language settings, date and time of the server request, IP from which was sent, the requested URL. The data are collected to ensure the website functions correctly.
Google collects data on its servers obtained from cookies it placed on devices and uses this information in order to assess website usage by a user, create reports on website traffic for website operators and to provide other services associated with website traffic and Internet use. Google may also provide this information to third parties if it is obliged to do pursuant to the provision of law or if those entities process such information on behalf of Google.
The data collected by our website are not disclosed or made available to third parties with the exception of enforcement bodies authorised to conduct criminal proceedings instigated in conjunction with a request we submitted. This will only take place if you engage in unlawful activity or activity to our detriment.