Dear Business Partners,
Since May 25th, 2018, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), are in force. The aim of this regulation is above all to ensure a coherently high standard of personal data protection in the entire European Economic Area. With data processing being so common practice, this legal change will have significant influence on functioning of all business entities.
As your business partner, we would like to inform that we are ready for the aforementioned legal changes. Your personal data are processed by Dynaxo Sp. z o.o. with legal address in Popowo, Poland, in a way compliant with GDPR requirements, most importantly in a way guaranteeing their safety and confidentiality.
In order to further clarify all matters related to GDPR, we present below a short glossary of the most important legal terms, defined and mentioned in GDPR regulations and used hereinafter.
Personal data – all information about an identified or identifiable natural person, meaning one that can be directly or indirectly identified, especially based on name and surname, ID number, location data, Internet ID or one or several specific features defining a natural person’s physical, genetical, psychological, economical, cultural or social identity.
Personal data administrator – a natural or legal person, administrative body, unit or another entity that on their own or in cooperation with others defines purposes and ways of data processing, and therefore makes important decisions regarding data processing and implements relevant technical and organizational means to ensure data are processed in compliance with GDPR.
In compliance with GDPR Article 13, which introduces on the administrator’s side a specific responsibility for providing information to persons whose data are being processed, we attach below the rules related to processing your personal data:
- The personal data administrator is:
Dynaxo Sp. z o.o. with legal address in Popowo 2a, 64-510 Wronki, POLAND (register number: 0000163601, e-mail: email@example.com)
- Your personal data will be processed for the purpose of:
- executing various contracts, specifically concerning cooperation, sales or commissioning, of which you are a party;
- sending out offers, newsletters and other marketing information as defined in the 2002 Services Provided through Electronic Channels Act, Article 10 par. 1 (Ustawa z dnia 8 lipca 2002 r. o świadczeniu usług drogą elektroniczną);
- organizing contests and promotional events;
- fulfilling legally justified interests of the Personal Data Administrator with relation to:
- personal data processed for the purpose of vindication of claims and defence against third party claims, in view of the intention to protect the administrator’s interests,
- personal data processed with relation to visual monitoring (CCTV), in view of the intention to prevent the administrator’s assets from theft, destruction or damage;
- The legal basis of data processing is:
- for the purpose of executing various contracts, specifically concerning cooperation, sales, commissioning – GDPR Article 6 par. 1 letter b), i.e. the indispensability of personal data processing for executing a contract or instigating any action at your request before the contract is signed,
- for the purpose of sending out offers, newsletters and other marketing information as defined in the 2002 Services Provided through Electronic Channels Act, Article 10 par. 1 – GDPR Article 6 par. 1 letter a), i.e. a voluntarily and consciously granted permission to process personal data,
- for data processed for the purpose of participating in contests and promotional events organized by the administrator – GDPR Article 6 par. 1 letter a), i.e. a voluntarily and consciously granted permission to process personal data,
- for personal data processed for the purpose of vindication of claims, as well as for personal data from visual monitoring – GDPR Article 6 par. 1 letter f), i.e. data processing is indispensable for purposes resulting from legally justified interests of the person whose data is being processed;
- The recipients of personal data are: tax and revenue administration, authorized employees and contractors of the administrator as well as technical, organizational and consulting service providers, specifically software and IT systems providers, legal advisors, HR and accounting contractors;
- Personal data will be stored for the time duration required by relevant provisions of law on storing accounting and tax-related documents, or by the statute of limitations of claims resulting from contracts relevant to business activities of the administrator; in case of data processed based on a voluntarily granted permission – for the time duration that is necessary for fulfilling the purpose for which the data are shared, or until the permission is revoked, whichever happens earlier; and in case of data processed in connection to the administrator’s legally justified interest – as required by the statute of limitations for relevant claims;
- In relation to processing of personal data you are granted:
- the right to access your data according to GDPR Article 15,
- the right to correct your data according to GDPR Article 16,
- the right to remove your data (“the right to be forgotten”) according to GDPR Article 17, in case of circumstances indicated therein,
- the right to limit the scope of data processing according to GDPR Article 18, in case of circumstances indicated therein,
- the right to object against data processing according to GDPR Article 21 if data are processed based on GDPR Article 6 par. 1 letter e) or f), including profiling based on these regulations,
- the right to move the data according to GDPR Article 20, if processing is automatic and based on voluntarily granted permission or contract,
- the right to submit a complaint to a supervisory authority – Inspector General for Personal Data Protection (GIODO) – if you are of the opinion that processing of your data violates the provisions of the GDPR,
- in cases where your data are processed based on GDPR Article 6 par. 1 letter a), i.e. based on voluntarily granted permission, you have a right to revoke this permission at any moment even if the processing for which permission was originally granted is compliant with the law;
- Providing your personal data is a contractual requirement and a condition for concluding and fulfilling a contract; while providing personal data is not mandatory, without it contracts cannot be concluded and fulfilled, offers, newsletters and other marketing information cannot be sent, and you cannot participate in contests and promotional events organized by the administrator;
- Your personal data will not be processed automatically;
- Your personal data will not be shared with a third country or an international organization.
In case of any questions we are at your disposal by e-mail: firstname.lastname@example.org