Pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: “the GDPR”), Stoczek Natura Sp. z o.o. with its registered office in Stoczek Łukowski (hereinafter referred to as “the Company”) hereby informs about the principles of your personal data processing in the Company:
1. Who is the controller of my personal data?
The controller of your personal data is the company operating under the business name Stoczek Natura Sp. z o.o. with its registered office in Stoczek Łukowski at ul. Dwernickiego 5, entered into the register of entrepreneurs kept by the District Court Lublin-Wschód in Lublin with its registered office in Świdnik, 6th Commercial Division of the National Court Register under KRS number 0000050439.
2. What are the purposes (prerequisites) of my personal data processing by the Company?
Your personal data shall be processed – depending on the specific situation – for the purposes of: advertisement, statistics, direct marketing, promotion, information about the Company’s activity, in order to perform a contract to which you are a party or to take actions upon your request which may be necessary to enter into any contract with us, and finally, for the purposes resulting from the legitimate interests pursued by the data controller – hereinafter indicated.
In all cases of personal data processing by our Company at least one of the above-mentioned prerequisites occurs. The Company does not process the personal data if it is not able to demonstrate the necessity of processing for the achievement of any of the above-mentioned objectives.
3. Where does the Company have my personal data from?
We have probably obtained personal data directly from you – that is the basic source of data which the Company has. So most often, through your direct contact with the Company whoever initiated this contact.
However, it may happen that you have not given us your personal data – in such a case, your personal data most often come from your relatives or direct colleagues who, when contacting us, thought for any reasons that we should also have your personal data. Most frequently it is about the situations when the Company is to target its activities not only directly at the person who contacted the Company, but at the request of these persons – also at the interested third parties who do not address the Company directly or do not initiate any contact with the Company in this regard (it refers, for example, to persons indicated in “for the attention of” in the mailing list in the email inquiries addressed to the Company).
The moment we came into possession of your data in the above-described manner, we may take actions against you for the achievement of the objectives described above in paragraph 2.
4. What is the legal basis for my personal data processing by the Company?
Personal data processing requires the legal basis. The GDPR provides for a few types of such legal bases and in the case of the Company, there are essentially three legal bases of personal data processing:
- Article 6(1)(a) of the GDPR – consent of the person to whom the data relate to the data processing – this prerequisite of legality of personal data processing occurs basically only when we want to provide you with marketing, commercial information of the Company or its trusted partners;
- ⦁Article 6(1)(b) of the GDPR – necessity for the performance of a contract whose party is the person to whom the data relate or for taking actions at the request of the person to whom the data relate, before entering into a contract – this prerequisite of legality of personal data processing by the Company shall occur relatively frequently – in the situation when we will enter into a contract with you concerning the purchase of the product or products of the Company or when we will be taking preparatory activities at your request for the conclusion of such a contract;
- Article 6(1)(f) of the GDPR – legitimate interest pursued by the data controller – it relates to the cases when personal data processing is justified due to our justified needs.
5. What is the legitimate interest pursued by the data controller?
The controller’s legitimate interest is the marketing of the Company’s own products and the need for performing the Company’s primary activity.
6. Who may the Company lawfully make my personal data available to?
Your personal data, depending on the specific need justified by our legal or actual relationship, may be made available to: (1) the Company’s direct marketing, legal and accounting advisors – for the purposes connected with the preparation of the offer conditions or draft contracts concerning the purchase of the Company’s product or products and for the legal and formal assessment; (2) audit firms – for the purposes connected with the audit of annual reports on the Company’s activity; (3) IT company supporting (servicing) the Company’s ICT system; (4) certain state institutions and trade organisations in accordance with the Polish legislation in force; (5) the Company’s shareholders – for the purposes connected with the fulfilment of the Company’s reporting or information obligations towards its shareholders and for the purpose of ensuring the exercise by the shareholders of the rights resulting from the possession of rights to the shares in the Company; (6) your direct advisors (legal, accounting, investment advisors brokering in the purchase of the property, etc.) – at your explicit request.
The above catalogue and list are exemplary and in a specific situation your data shall be made available only to the selected recipients and as reasonably necessary.
7. Will the company transfer my personal data to a third country (i.e. outside the EEA) or international organisation?
Your personal data shall not be transferred to a third country/international organisation without your consent, whereby it is possible to transfer your data to a third country when the administrator of email which you use for contacting the Company uses mail servers physically located outside the EEA (e.g. Gmail, Yahoo, Hotmail).
8. How long will my personal data be stored in the Company?
Your personal data shall be stored until the basis for their processing exists – in the case of the consent – until its withdrawal, limitation or other activities on your side limiting this consent; if the data are necessary for the performance of a contract – during its performance or the time necessary for the satisfaction of the claims resulting from the contract by the parties to this contract, and if the basis for the data processing is the controller’s legitimate interest – until this legitimate interest exists (i.e. until the day when further processing of your personal data proves to be unjustified due to the objective it was supposed to pursue).
9. What am I entitled to with regard to the personal data processing by the Company?
With regard to the processing of your personal data by the Company, you are entitled to:
- the right to withdraw the consent to the personal data processing at any time if the processing of your personal data in the Company is based on this consent – without affecting the lawfulness of the processing based on the consent before its withdrawal, pursuant to Article 13(2)(c) of the GDPR,
- the right to access your data, pursuant to Article 15 of the GDPR,
- the right to rectify your data, pursuant to Article 16 of the GDPR,
- the right to erase your data, pursuant to Article 17 of the GDPR (this right may not contradict the legislative acts in force in Poland),
- the right to restrict the processing of your data, pursuant to Article 18 of the GDPR,
- the right to object to the data processing, pursuant to Article 21 of the GDPR,
- the right to transmit your data, pursuant to Article 20 of the GDPR,
- if you think that the processing of your personal data violates the provisions of the GDPR, you have additionally the right to lodge a complaint to the President of the Personal Data Protection Office.
10. Do I have to provide my personal data to the Company?
Providing your necessary personal data is a condition for the achievement of the objective referred to in paragraph 2 above by the Company. Providing your data is voluntary, however, the consequence of not providing your data is the lack of possibility of performing the activities referred to in paragraph 2 above by the Company.
11. Will the Company make decisions regarding me by automated means or conduct automated profiling (e.g. using the algorithms)?
The Company does not make automated decisions or conduct automated profiling of personal data. The processing of your data shall be carried out both manually and with the use of the ICT system.
12. Are there any special procedures in the Company for my personal data protection?
In the Company we pay special attention to the protection of personal data which we have obtained. For this purpose, we have implemented in our activity the Personal Data Protection Procedures compliant with the GDPR requirements, the observance of which ensures the protection of personal data entrusted to us against unauthorised processing. Compliance with the implemented Personal Data Protection Procedures is one of the most important priorities for us.
Personal Data Protection Team