This privacy policy has been adopted following the entry into force of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Official Journal of the European Union No L 119/1 of 4.5.2016; General Data Protection Regulation, hereafter: GDPR). The policy aims in particular at implementing the information obligation referred to in Articles 13 and 14 of the GDPR.
Definitions
We use the following phrases in this policy:
1) We, the Polish Cluster Employers' Association administrator - the Polish Cluster Employers' Association with its registered office in Warsaw, at Street Księcia Bolesława1/3 (01-452 Warsaw) registered in the Register of Entrepreneurs of the National Court Register kept by the Regional Court for the Capital City of Warsaw, XIII Department of the National Court Register under number 420283, Tax ID 5223002197 REGON 146405672.
2) You, Mr., Mrs., you - persons whose personal data are processed by the Polish Cluster Employers` Association.
Who is the data controller?
A data controller is a person who determines the purposes and methods of personal data processing. The administrator of your personal data is the Polish Cluster Employers' Association with its seat in Warsaw, at 1/3 Ksiecia Bolesława Street (01-452 Warsaw).
What personal data do we process?
In connection with our business activity, we process in particular personal data of: our contractors who are natural persons (including: customers, suppliers, etc.), contact persons indicated by the said contractors (including: sales representatives, persons indicated as responsible for the implementation of joint projects, drivers, etc.), persons with whom we conduct correspondence, persons obtaining the opportunity to enter our premises, as well as persons interested in employing us. The scope of data processed each time is adequate for the purposes of processing.
For what purposes do we process data?
Your personal data may be processed for the following purposes:
1. to perform contracts concluded or to take action to conclude a contract at your request (based on Article 6 (1) (b) of the GDPR). In this case, your data will be processed for the duration of the contract as well as for the further period necessary for the full exercise of your rights and obligations arising from it.
2) the performance of our legal obligations, in particular with regard to tax law, accounting or archiving regulations, anti-money laundering regulations etc. (Article 6(1)(c) of the GDPR). The time of the data processing is then determined by the regulations which form the basis of the obligation in question.
3) The fulfilment of our legitimate interest (Article 6.1.f of the GDPR), which is to say:
a) conducting direct marketing of our goods or services
(b) the compilation of summaries, analyses and statistics - this includes, in particular, marketing research, analysis of commercial data, planning of service development, etc.
(c) establishing, investigating or defending against claims
(d) Correspondence by any known technology, including traditional mail, electronic mail (email) or other communication methods (e.g. instant messaging, etc.).
(e) establishing contact by telephone.
(f) initiating and maintaining business contacts.
(g) correctly displaying our websites,
h) conducting video monitoring of our plant(s) - to the extent necessary to ensure the security of persons and property located on its (their) premises and to keep secret information the disclosure of which could expose us to harm.
In the cases listed in points 3 - the data will be processed for as long as the interest in relation to which they are processed persists. In particular: (i) marketing activities will be carried out until you raise an appropriate objection, and (ii) the video surveillance record will be kept for no longer than 3 months, unless otherwise required by generally applicable law.
2) sometimes your personal data may be processed for other purposes, on the basis of your consent, which is voluntary, specific, informed and unambiguous (Article 6(1)(a) of the GDPR). In particular, consent is the basis for the processing of data collected for the purposes of recruitment procedures (contained in the CV, etc.).
In this case: (i) the data will be processed for a period appropriate to the purpose stated in your consent, (ii) you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent before withdrawal.
Is it mandatory to provide personal data?
You are not obliged to provide us with your personal data. However, a refusal may result in the impossibility of concluding or performing a contract concluded with us or of performing other activities (e.g. sending correspondence, gaining access to the premises, participating in the recruitment process etc.).
Could the data be processed in processes involving automated decision making, including "qualified" profiling?
Currently, we do not use any operations which would involve automated decision making, which would have legal effects on the addressees or which would significantly affect them in a similar way. In case such operations related to the processing of personal data are implemented in the future, we will ensure their compliance with the relevant provisions, including Article 22 of the GDPR.
Who can we share your personal data with?
Your personal data can only be shared with third parties if we are obliged or entitled to do so under the law. In particular, we may receive your data:
1. Processors, including:
a) persons operating our infrastructure or IT systems as well as disposing of unnecessary documentation or data carriers,
(b) subcontractors participating in the implementation of commitments entered into with you,
(c) persons providing services related to the execution or improvement of the sales process (e.g. payment intermediaries, couriers or carriers, advertising agencies, appraisers involved in complaint procedures),
(d) persons providing auditing or advisory services to us - e.g. legal, tax or accounting assistance.
2) other administrators, including
a) public administration bodies entitled to request access to data,
(b) companies associated with us,
c) other entities - in cases where the nature of the benefits provided by them to us results in the indicated entities independently determining the purposes and methods of personal data processing and thus becoming personal data controllers. This may concern in particular: advertising agencies, agencies participating in the organization of competitions or promotional events, banks, couriers and carriers, as well as entities cooperating with us in handling accounting, tax or legal matters,
(d) the purchaser of the claim against you, where we decide to dispose of such claims, in particular because of the existence of significant arrears.
We will not disclose your personal data to persons who are not authorised to process them.
Can your personal data be transferred outside the European Economic Area (EEA)?
We do not currently envisage transferring your data outside the European Economic Area. However, we do not rule out the possibility that we may consider this to be justified in the future. In such a case, your data will be secured as required by generally applicable law, in particular through the use of so-called Standard Contractual Clauses (SCC).
What rights do you have in connection with data processing?
You may in particular apply to us:
1. access to the data we are processing (including: information about our processing or the provision of a copy of the data),
2. rectification (correction) of data,
3. restriction of processing (suspension of data operations or non-deletion of data),
4) deletion of data ("right to be forgotten"),
5) transferring the data to another controller.
The above requests may be sent, in particular, in the manner specified in point A.1. 13 below - and will be handled in accordance with the relevant provisions, including Articles 15-20 of the GDPR.
Right to object
Irrespective of the above, you are entitled to object to data processing that is carried out on the basis of our legitimate interest. In this case:
1) if your personal data is processed for marketing purposes, we will immediately cease such processing.
2) if the processing is based on any other interest, we will cease such processing unless we demonstrate: a) that such interest overrides your interests, rights and freedoms or b) that there is a basis for establishing, asserting or defending claims.
The right of objection may be exercised, in particular, by sending a statement to that effect in the manner set out in points (a) and (b). 13 below.
Complaint to the supervisory authority
If you believe that the processing of data concerning you violates the applicable regulations, you have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
Place of publication and updates of the privacy policy
This privacy policy may change from time to time. A current version of this policy will be available at all times on our website at the following address: https://klastrypolskie.pl/
How can you contact us?
If you have any questions about how we use your personal data, you can contact us by phone, e-mail or post at the following numbers and addresses:
The Polish Cluster Employers Association, Księcia Bolesława Street 1/3, 01-452 Warsaw - with a note: "personal data protection
Mobile: +48 533 911 904; e-mail: poczta@klastrypolskie.pl