Privacy policy

Controller:

DMJ Polska Sp. z o.o. with its registered seat in Gdańsk
at ul. Norwida 1, 80-280 Gdańsk
NIP 5833221704, REGON 365941033

1. Introductory information

A. Definitions

  1. 1. For the purpose of the Privacy Policy:
    • a) „The Controller” means DMJ Polska Spółka z ograniczoną odpowiedzialnością with its
      registered seat in Gdańsk, ul. Norwida 2, 80-280 Gdańsk, entered into the register of
      entrepreneurs maintained of the National Court Register under KRS number
      0000649108, Tax Identification Number (NIP) 5833221704, Statistical Number
      (REGON) 365941033
    • b) „Personal Data” means the following types of Personal Data relating to the Data
      Subjects or their representatives: name, surname, e-mail address, contact telephone
      number, tax identification number, business name, address, business address,
      information on professional experience, education, competences and qualifications,
      nationality and citizenship , date of birth,
    • c) „The Provider” means a body that delivers goods or services to the Controller,
      d) „The Client” means a body which the Controller provides or has provided a service with,
      under a separate contract or which expresses the will to be provided with the service by
      the Controller,
    • e) „the supervisory body”means the President of the Personal Data Protection Office,
    • f) “Data Subject ” means a body whose Personal Data is processed by the Controller,
      including the Client, the Provider and their representatives,
    • g) „Privacy Policy”means this document,
    • h) „GDPR” means the Regulation of the European Parliament and of the Council (EU)
      2016/679 of 27 April 2016 on the protection of natural persons with regard to the
      processing of personal data and on the free movement of such data, and repealing
      Directive 95/46/EC
    • i) „The IT System” means a set of cooperating devices, programs, information processing
      procedures and software tools used by the Controller for data processing.
  2. 2. For the purpose of the Privacy Policy, the definitions specified in the GDPR also apply, provided they do not contradict the definitions contained in section 1.1. above.

B. The aim of creating The Privacy Policy

Privacy Policy is a feature implemented by the Controller, the purpose of which is to
define actions taken by the Controller in the protection of Personal Data made available
to the Controller by Data Subjects, and also to inform Data Subjects about the procedure
for handling Personal Data in the company run by the Controller, particularly on the
purposes and legal basis of processing and the categories of recipients to whom Personal
Data processed by the Controller are further transferred, and the Controller’s
implementation of the disclosure obligation as specified in the Article 13 of the GDPR.

2. The purposes and legal basis of the processing and the period of storage of Personal Data regarding the Client.

  1. 1. The Controller processes Personal Data regarding the Client or their representatives for the following purposes:
    • a) correct and lawful execution of contracts concluded with the Client,
    • b) conducting direct marketing of the services offered by the Controller, including via
    • e-mail correspondence, such as a newsletter,
    • c) performance of obligations resulting from legal provisions, including tax and
    • accounting regulations,
    • d) conducting court, arbitration, administrative, court-administrative, execution and
    • mediation proceedings,
    • e) investigation, determination or defence of claims or other rights resulting from legal
    • provisions,
    • f) handling complaints and other claims resulting from the provisions of laws. The legal basis for the processing of the Client’s Personal Data for the purposes set out above in section 2.4. point a) is necessary to perform the contract concluded. The legal basis for the processing of Client’s Personal Data for the purpose set out above in section 2.4. point b) is the Client’s consent to the processing of Personal Data.. The legal basis for the processing of Personal Data for the purposes set out above in section 2.4. point c) is that the processing is necessary to fulfil the legal obligations incumbent on the Controller. The legal basis for the processing of Personal Data for other purposes indicated above in section 2.4. is the legitimate interest pursued by the Controller..
    • Processing of Personal Data for the purposes outlined in item 2.4 above. includes: collecting, modifying, storaging, viewing, updating, analyzing, archiving, deleting.
  2. 2. Client’s Personal Data may be transferred for processing to other entities under a separate Personal Data processing agreement, in order for the Controller or these entities to properly carry out the business contracts between the Controller and these entities.
  3. 3. The transfer of Personal Data to other bodies will be made in accordance with the provisions of the GDPR, and moreover, before transferring Personal Data for processing. The Controller undertakes, if it is required by the provisions of generally applicable law on the territory of the Republic of Poland, to obtain the consent of the Client for the transfer of Personal Data to another body.
  4. 4. Client’s Personal Data may also be transferred to public administration bodies or other persons or third parties—to the extent that, and in cases in which the obligation to disclose it is imposed on the Controller by the provisions of the law. In addition, Client’s Personal Data, to the extent necessary to achieve the purpose set out in paragraph 2.4. point c) above, may also be transferred to entities performing accounting and bookkeeping services for the Controller based on a separate agreement.
  5. 5. Client’s Personal Data may be transferred to courts or other bodies appointed to hear cases or enforce claims, as well as to entities that perform for the Controller the services in the field of debt collection or legal assistance on the basis of a separate agreement.
  6. 6. Client providing Personal Data for the purpose indicated in item 2.4 above. point a) is a required condition of concluding an agreement with the Controller and it is not obligatory, but failure to do so will prevent the implementation of the indicated aims.
  7. 7. Personal Data concerning the Client will be kept by the Controller for the following period:
    • h) in the case of Personal Data, the legal basis for the processing of which is the fact that it is necessary for the proper performance of a contract—until the claims arising from the contract are time-barred,
    • i) in the case of Personal Data, the legal basis for the processing of which is a legitimate interest—until such basis for processing ceases to exist, in particular until the time of expiration of the Controller’s or the Client’s claims resulting from the legal relationship between them, the end of legal existence of the Controller,
    • j) in the case of Personal Data, the legal basis for the processing of which is that it is necessary to fulfil the legal obligations incumbent on the Controller—until this legal basis for processing ceases to exist.
    • k) in the case of Personal Data, the legal basis for the processing of which is the consent given by the Client – until the time of the withdrawal of this consent or until the economic basis for processing ceases to exist.

3. The purposes and legal basis of the processing and the period of storage of Personal Data regarding the Provider.

  1. 1. The Controller processes Personal Data regarding the Provider or their representatives for the following purposes:
    • a) correct and lawful execution of contracts concluded with the Provider,
    • b) conducting direct marketing of the services offered by the Controller, including via e-mail correspondence, such as a newsletter,
    • c) performance of obligations resulting from legal provisions, including tax and accounting regulations,
    • d) conducting court, arbitration, administrative, court-administrative, execution and mediation proceedings,
    • e) investigation, determination or defence of claims or other rights resulting from legal provisions,
    • f) handling complaints and other claims resulting from the provisions of laws. The legal basis for the processing of the Provider’s Personal Data for the purposes set out above in section 2.4. point a) is necessary to perform the contract concluded. The legal basis for the processing of Provider’s Personal Data for the purpose set out above in section 2.4. point b) is the Provider’s consent to the processing of Personal Data.. The legal basis for the processing of Personal Data for the purposes set out above in section 2.4. point c) is that the processing is necessary to fulfil the legal obligations incumbent on the Controller. The legal basis for the processing of Personal Data for other purposes indicated above in section 2.4. is the legitimate interest pursued by the Controller..
  2. 2. Processing of Personal Data for the purposes outlined in item 2.4 above. includes: collecting, modifying, storaging, viewing, updating, analyzing, archiving, deleting.
  3. 3. Provider’s Personal Data may be transferred for processing to other entities under a separate Personal Data processing agreement, in order for the Controller or these entities to properly carry out the business contracts between the Controller and these entities.
  4. 4. The transfer of Personal Data to other bodies will be made in accordance with the
    provisions of the GDPR, and moreover, before transferring Personal Data for processing.
    The Controller undertakes, if it is required by the provisions of generally applicable law
    on the territory of the Republic of Poland, to obtain the consent of the Provider for the
    transfer of Personal Data to another body.
  5. 5. Provider’s Personal Data may also be transferred to public administration bodies or
    other persons or third parties—to the extent that, and in cases in which the obligation
    to disclose it is imposed on the Controller by the provisions of the law. In addition,
    Provider’s Personal Data, to the extent necessary to achieve the purpose set out in
    paragraph 2.4. point d) above, may also be transferred to entities performing accounting
    and bookkeeping services for the Controller based on a separate agreement.
  6. 6. Provider’s Personal Data may be transferred to courts or other bodies appointed to hear
    cases or enforce claims, as well as to entities that perform for the Controller the services
    in the field of debt collection or legal assistance on the basis of a separate agreement.
  7. 7. Providing Personal Data for the purpose indicated in item 2.4 above. point a) is a
    required condition of concluding an agreement with the Controller and it is not
    obligatory, but failure to do so will prevent the implementation of the indicated aims.
  8. 8. Personal Data concerning the Provider will be kept by the Controller for the following
    period:
    • g) in the case of Personal Data, the legal basis for the processing of which is the fact
      that it is necessary for the proper performance of a contract—until the claims
      arising from the contract are time-barred,
    • h) in the case of Personal Data, the legal basis for the processing of which is a legitimate
      interest—until such basis for processing ceases to exist, in particular until the time
      of expiration of the Controller’s or the Provider’s claims resulting from the legal
      relationship between them, the end of legal existence of the Controller,
    • i) in the case of Personal Data, the legal basis for the processing of which is that it is
      necessary to fulfil the legal obligations incumbent on the Controller—until this legal
      basis for processing ceases to exist.
    • j) in the case of Personal Data, the legal basis for the processing of which is the consent
      given by the Provider – until the time of the withdrawal of this consent or until the
      economic basis for processing ceases to exist.

5. Rights of the Data Subject related to the protection of Personal Data

A. Right to information

The Controller shall, at the time when Personal Data are obtained, provide the Data Subject with
all the following information:

  • a) the identity and the contact details of the Controller and, where applicable, of the Controller’s representatives,
  • b) the contact details of the data protection officer, where applicable,
  • c) the purposes of the processing for which the Personal Data are intended as well as the legal basis for the processing,
  • d) the recipients or categories of recipients of the Personal Data, if any,
  • e) where applicable, the fact that the Controller intends to transfer Personal Data to a third country or international organisation,
  • f) the period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period,
  • g) whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into contract, as well as whether the Data Subject is obliged to provide the Personal Data and of the possible consequences of failure to provide such data.

Where the Controller intends to further process the Personal Data for a purpose other than that for which the Personal Data were collected, the Controller shall provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information.

B. The right to withdraw consent to the processing of Personal Data

The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the Data Subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

C. Right of access by the Data Subject

  1. 1. The Data Subject shall have the right to obtain from the Controller confirmation as to
    whether or not Personal Data concerning him or her are being processed, and, where
    that is the case, access to the Personal Data and the following information:
    • a) the purposes of the processing;
    • b) the categories of Personal Data concerned;
    • c) the recipients or categories of recipient to whom the Personal Data have been or will
      be disclosed, in particular recipients in third countries or international
      organisations;
    • d) where possible, the envisaged period for which the Personal Data will be stored, or,
      if not possible, the criteria used to determine that period;
    • e) the existence of the right to request from the Controller rectification or erasure of
      Personal Data or restriction of processing of Personal Data concerning the Data
      Subject or to object to such processing;
    • f) the right to lodge a complaint with a supervisory authority;
    • g) where the Personal Data are not collected from the Data Subject, any available
      information as to their source;
    • h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
  1. 2. The Controller shall provide a copy of the Personal Data undergoing processing. For any
    further copies requested by the Data Subject, the controller may charge a reasonable fee
    based on administrative costs. Where the Data Subject makes the request by electronic
    means, and unless otherwise requested by the Data Subject, the information shall be
    provided in a commonly used electronic form.

C. Right to rectification and right to erasure of the Personal Data

  • 1. The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement
  • 2. The Data Subject shall have the right to obtain from the controller the erasure of Personal Data concerning him or her without undue delay and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
    • a) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
    • b) the Data Subject withdraws consent on which the processing is based according to point (a) of Article 6 section 1, or point (a) of Article 9 section 2 of the GDPR, and where there is no other legal ground for the processing, c) the Data Subject objects to the processing pursuant to Article 21 section 1 of the GDPR and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21 section 2 of the GDPR,
      d) the Personal Data have been unlawfully processed,
      e) the Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,
      f) the Personal Data have been collected in relation to the offer of information society services referred to in Article 8 section 1 of the GDPR.
  • 3. The right to erasure described herabove in the section 5.7. shall not apply to to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 section 2 of the GDPR as well as Article 9 section 3 of the GDPR, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 section 1 of the GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing or for the establishment, exercise or defence of legal claims.
  • 4. The Controller shall communicate any rectification or erasure of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. The Controller shall inform the Data Subject about those recipients if the Data Subject requests it.

E. Right to restriction of processing of the Personal Data

  1. 1. The Data Subject shall have the right to obtain from the Controller restriction of
    processing where one of the following applies:
    • a) the accuracy of the Personal Data is contested by the Data Subject, for a period
      enabling the Controller to verify the accuracy of the Personal Data;
    • b) the processing is unlawful and the Data Subject opposes the erasure of the Personal
      Data and requests the restriction of their use instead;
    • c) the Controller no longer needs the Personal Data for the purposes of the processing,
      but they are required by the Data Subject for the establishment, exercise or defence
      of legal claims;
    • d) the Data Subject has objected to processing pursuant to Article 21 section 1 of the
      GDPR pending the verification whether the legitimate grounds of the Controller
      override those of the Data Subject
  2. 2. The Controller shall communicate any restriction of processing of Personal Data to each
    recipient to whom the Personal Data have been disclosed, unless this proves impossible
    or involves disproportionate effort. The Controller shall inform the Data Subject about
    those recipients if the Data Subject requests it.

F. The right to transfer Personal Data

  1. 1. The Data Subject shall have the right to receive the Personal Data concerning him or her,
    which he or she has provided to a controller, in a structured, commonly used and
    machine-readable format and have the right to transmit those data to another controller
    without hindrance from the controller to which the Personal Data have been provided,
    where (1) the processing is based on consent pursuant to point (a) of Article 6 section 1
    of the GDPR or point (a) of Article 9 section 2 of the GDPR or on a contract pursuant to
    point (b) of Article 6 section of the GDPR and (2) the processing is carried out by
    automated mean.
  2. 2. In exercising his or her right to data portability pursuant to section 5.12. of this
    document, the Data Subject shall have the right to have the Personal Data transmitted
    directly from one Controller to another, where technically feasible.

G. The right to object and the rights associated with automated decision-making in
individual cases

  1. 1. The Data Subject shall have the right to object, on grounds relating to his or her
    particular situation, at any time to processing of Personal Data concerning him or her
    which is based on point (e) or (f) of Article 6 section 1 of the GDPR, including profiling
    based on those provisions. The Controller shall no longer process the Personal Data
    unless the Controller demonstrates compelling legitimate grounds for the processing
    which override the interests, rights and freedoms of the Data Subject or for the
    establishment, exercise or defence of legal claims
  2. 2. Where Personal Data are processed for direct marketing purposes, theData Subject shall
    have the right to object at any time to processing of Personal Data concerning him or her
    for such marketing, which includes profiling to the extent that it is related to such direct
    marketing.
  3. 3. At the latest at the time of the first communication with the Data Subject, the right
    referred to in sections 5.14. and 5.15. shall be explicitly brought to the attention of the
    Data Subject and shall be presented clearly and separately from any other information.
  4. 4. Where the Data Subject objects to processing for direct marketing purposes, the
    Personal Data shall no longer be processed for such purposes.
  5. 5. The Data Subject shall have the right not to be subject to a decision based solely on
    automated processing, including profiling, which produces legal effects concerning him
    or her or similarly significantly affects him or her, unless it is necessary for entering into,
    or performance of, a contract between the Data Subject and a data controller, is
    authorised by Union or Member State law to which the Controller is subject and which
    also lays down suitable measures to safeguard the Data Subject’s rights and freedoms
    and legitimate interests or is based on the Data Subject’s explicit consent.

6. „Cookies” Policy

  1. 1. The Controller, managing the website ___, obtains access to cookie files and
    uses them. The cookie files (the so-called “cookies”) are IT data, in particular text files,
    which are stored in the user’s end device. Cookie files usually contain the name of the
    website from which they originate, their storage time on the end device and a unique
    identification number.
  2. 2. Cookies are used to create statistics that help to understand how users use the website,
    which then allows improving its structure and content.
  3. 3. The website _ uses two basic types of cookies: “session” and “persistent”
    cookies. Session cookies are temporary files that are stored on the user’s end device until
    they log out, leave the website or turn offthe software (web browser). Persistent cookies
    are stored on the user’s end device for the time specified in the cookie file parameters
    or until they are deleted by the user.
  4. 4. The web browser allows you to delete cookies. It is also possible to automatically block
    cookies. More detailed information on this subject is provided in the help section or
    documentation of the web browser. Restrictions on the use of cookies may affect some
    of the functionalities available on the website _______.
  5. 5. Cookie files are stored on the end device of the user of the Internet website
    ________ and may also be used by advertisers and partners cooperating with
    the Controller. Cookie files may be used by advertising networks, in particular the
    Google network, to display advertisements tailored to the way the user uses the website.
    For this purpose, information about the user’s navigation path or the time of staying on
    a given page may be preserved.

7. Security of Personal Data

  1. 1. The Controller processes Personal Data in a manner consistent with the provisions of
    the generally applicable law on the territory of the Republic of Poland. The Controller
    declares that he/she has implemented appropriate technical and organisational
    measures ensuring an adequate level of security corresponding to the risk related to the
    processing of Personal Data entrusted to him/her, as referred to in the Article 32 of the
    GDPR. The Controller regularly verifies and updates the technical and organisational
    measures that he/she uses to ensure that the Personal Data entrusted to him/her are
    adequately protected.
  2. 2. The Controller declares that he/she has introduced the Personal Data Protection Policy
    in order to ensure the security of data processing. The Personal Data Protection Policy
    is a feature implemented by the Controller in accordance with the Article 24 (1) and (2)
    of the GDPR, the purpose of which is to introduce the procedure for handling Personal
    Data in the company run by the Controller, based on which their processing by the
    Controller will take place in accordance with the GDPR.

8. Contact details of the Controller

In all matters related to the processing of Personal Data, especially in matters related to the
provisions of this Privacy Policy, the Data Subject should contact the Controller using the
following contact details: DMJ Polska Spółka z ograniczoną odpowiedzialnością with its
registered seat in Gdańsk, ul. Norwida 1, 80-280 Gdańsk, entered into the register of
entrepreneurs maintained of the National Court Register under KRS number 0000649108, Tax
Identification Number (NIP) 5833221704, Statistical Number (REGON) 365941033