According to Article 13 paragraph 1-2 of Regulation (UE) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on protection of natural persons in relation to personal data processing and on free movement of such data as well as on revocation of Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) we inform as follows.
I. Personal Data Controller
The Controller of your personal data is HSKI Andrzej Hyc, Tysiąclecia 22/29, 31-607 Kraków, NIP: 736-155-33-91.
The Personal Data Controller has not indicated a Data Protection Supervisor. In all matters relating to personal data processing by the Personal Data Controller you can obtain information by contacting with the Personal Data Controller via e-mail: email@example.com.
II. Purposes and means of processing
We will process your personal data:
- on the basis of your consent for marketing of our services purposes, including analytical purposes and profiling;
- on the basis of your consent for sending of trade information, newsletter in matters of our activity;
- on the basis of your consent for publishing of your image in social media;
- for conclusion of a services contract (according to Article 6 paragraph 1 (B) GDPR);
- for realization and on the basis of a contract, when we have concluded it (according to Article 6 paragraph 1 (B) GDPR);
- for archival purposes (testimonial) being a realization of our legitimate interest in reassurance of information in case of legal necessity to show the facts (according to Article 6 paragraph 1 (F) GDPR);
- for potential determination, investigation or defense against claims, being a realization of our legitimate interest in it (according to Article 6 paragraph 1 (F) GDPR);
- for analytical purposes (better assortment of services to our customers’ needs, general optimization of support processes, knowledge building about our customers, finacial analysis of our company, etc.) being a realization of our legitimate interest in it (according to Article 6 paragraph 1 (F) GDPR);
- for customer satisfaction survey being a realization of our legitimate interest in determination of quality of our support and of level of our customers’ satisfaction from products and services (according to Article 6 paragraph 1 (F) GDPR);
- for offering of products and services directly (direct marketing) being a realization of our legitimate interest in it (according to Article 6 paragraph 1 (F) GDPR).
III. Data retention period
- in case that we process personal data on the basis of consent, the processing period lasts until the consent is withdrawn;
- in case that we process personal data on the basis of the Personal Data Controller’s legitimate interest, the processing period lasts until the interest mentioned above stops (e.g. period of expiration of civil law claims) or until the data subject objects to such farther processing – in situations when such an objection, according to the law, applies;
- in case that we process personal data because it is necessary due to obligatory legal provisions, the processing period for this purpose is determined by these regulations;
- in case of lack of exact legal or contractual requirements, basic period of data storage, in case of records and other evidential documentary made during performance of the contract, lasts maximally 10 years.
IV. Data recipients
Your personal data may be forwarded to:
- institutions defined by legal provisions, e.g. Revenue Agency, Social Insurance Instituton, or other
- our subcontractors (processors), e.g. banks and payment operators, subjects providing accounting, legal, audit or consulting services, couriers (in relation to order realization), marketing agencies (in matters of marketing services).
The Controller will store assembled personal data in European Economic Area (“EEA”). Personal data may be also forwarded to a country out of this area and transferred there. Every operation of personal data transfer is performed according to applicable law. If data is transferred out of EEA, the Controller uses standard contractual clauses and privacy shield as security measures with regard to countries for which the European Commission have not stated appropriate level of data protection.
V. Data subjects’ rights
According to GDPR, you are entitled to:
- access to your personal data and receiving its copy;
You have a right to demand from the Personal Data Controller an access to personal data concerning your person. This right includes entitlement to demand from the Controller a copy of your personal data which are subject to processing. For any next copies, for which you will ask for, the Controller may charge a fee in reasonable amount that results from administrative costs. If you ask for a copy by e-mail and you do not point out differently, the information is provided by widely used electronically.
- correction of your personal data;
You have a right to demand from the Personal Data Controller to correct your personal data (this right includes demanding of immediate correction of your personal data which are incorrect) and a right to demand, taking into account the purposes of processing, to complement the personal data which are incomplete, also by submission of additional declaration.
- removal or restraint of personal data processing;
You have a right to remove your personal data (this right includes entitlement to demand from the Controller an immediate removal of personal data in rightful cases) or to constrain personal data processing – this last right applies in such cases:
– when you question correctness of personal data – investigation of application will take place within due time allowing the Controller to check correctness of this data;
– the processing is against the law and you object to removal of personal data, demanding to constrain its use instead;
– the Personal Data Controller does not need your personal data anymore for data processing purposes, but it is necessary for establishment, investigation or defense of claims.
- objection to personal data processing;
You have a right to object to personal data processing (this right includes entitlement to object to stand up at any time – for reasons connected with your special situation – against personal data processing based on Article 6 paragraph 1 (E) or (F) GDPR, including profiling on the basis of these provisions). If your personal data are being processed for direct marketing needs, you have a right, at any time, to object to such personal data processing for marketing purposes, including profiling, in so far as the personal data processing is connected with direct marketing. The right to objection may be realized via automated means using technical specifications.
- transmission of personal data;
You have a right to receive, in structured, widely used format which is machine-readable, personal data that you provided to the Controller and a right to send the personal data to another controller without any mishap from the Controller, if:
– the processing takes place on the basis of consent in accordance with Article 6 paragraph 1 (A) or Article 9 paragraph 2 (A), or on the basis of the contract in accordance with Article 6 paragraph 1 (B) GDPR;
– and the processing takes place in an automated way.
Exercising the above right to transmission of personal data, you have a right to demand from the Controller to send the personal data to the other controller directly, as far as it is technically possible. The above right cannot influence adversely on rights and freedoms of other people.
- lodging a complaint to the supervisory authority.
You have a right to lodge a complaint to the supervisory authority, particularly in member country of your common stay, your workplace or a place of commission of supposed violation, if personal data processing violates GDPR.
VI. Information about voluntariness of data provision
Provision of your personal data is not obligatory, however failure to give it will cause that conclusion and realization of a contract will be impossible.
VII. Automated decision-making
Your personal data will not be processed in an automated way.
VIII. Consent and information about opportunity to withdraw consent
At any time you have a right to withdraw consent to process your personal data only in situations that the agreement was required, but withdrawal of consent does not influences on accordance with the law of data processing which took place earlier, on the basis of your consent before the withdrawal.