Article 1 The rule of privacy protection
- The data controller is Martin Bauer Polska Sp. z o.o. with the registered office at Witaszyczki 67-68, 63-230 Witaszyce, Poland, entered into the register of entrepreneurs kept by the District Court in Poznań- Nowe Miasto and Wilda, 9th Commercial Division of the National Court Register (KRS) under KRS number 0000059216, NIP (tax identification number) 621-10-03-949.
- Martin Bauer Polska Sp. z o.o., as the personal data controller (hereinafter: “the Controller”) attaches great significance to protection of privacy and confidentiality of the personal data processed in the scope of the conducted business, including the data entered by the Internet users into electronic forms on a website, shared on the martin-bauer-group.pl domain (hereinafter “martin-bauer-group.pl”).
- The Controller selects and applies appropriate technical and organizational matters ensuring the protection of personal data processing with due diligence. Only persons diligently authorized by the Controller have full access to data.
- The Controller protects personal data from sharing them with unauthorized persons, as well as from their processing with infringement on the rules of law.
Article 2 The basis for personal data processing
- Personal data are processed by the Controller in compliance with law regulations, in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (hereinafter: “GDPR”) in order to:
Providing your data is voluntary, but the consequence of not providing them, depending on the case, may be among others: inability to receive a reply to the posted question, inability to participate in the recruitment process.The user should not provide the Controller with third party personal data. However, if they provide such data, they guarantee each time that they have a legal basis for sharing such data.
- provide answers to questions posted through forms and contact addresses, listed on the martin-bauer-group.plwebsite, based on the Controller’s legally justified interest, connected with the necessity to immediately respond to letters (article 6 section 1 point f GDPR);
- run and decide on recruitment of persons who have applied to the recruitment processes, based on the Controller’s legal obligation and expressed consent (article 6 section 1 point a and b GDPR);
- establish and maintain trade relationships and enter and execute agreements with the Client’s clients, suppliers and service providers, and also to document them and process them, pursue and protect claims and complaints related to them, based on the Controller’s legal obligation, in relation to carrying out their legally justified interest or in the scope necessary to take action before entering or executing agreements (article 6 section 1 point b, c and f GDPR);
- process requests sent to the Controller for sponsoring, financing or support, in particular requests made by institution or persons in need, based on the Controller’s legally justified purposes, connected with the necessity to immediately reply to letters, based on the Controller’s legal obligations (article 6 section 1 point c GDPR);
- fulfilling Controller’s other legal obligations under article 6 section 1 point c GDPR (e.g. accounting and tax obligations).
Article 3 The scope of personal data processing
- The Controller processes:
The Controller uses IP addresses collected during internet connections for technical purposes connected with server administration. Moreover, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
- data included in questions sent to the Controller through contact addresses and forms on the martin-bauer-group.plwebsite;
- data included in application documents sent to the Controller, connected with conducted recruitment;
- data of the Controller’s clients, suppliers and service providers who are natural persons, and if it is necessary to carry out the agreement or fulfil the Controller’s legal obligations, e.g. connected with safety of production or distribution, also data of the Controller’s clients’ employees, suppliers and service providers;
- data included in requests by persons who contacted the Controller for financing or sponsoring, or employees of institutions who made contact for such support, in particular data categories (e.g. information about health condition) – provided that they were included in the request sent to the Controller – if they are of importance for processing the filed request.
Article 4 Control of personal data processing
- The User is obligated to provide full, up-to-date and true data.
- Every person whose personal data are processed by the Controller, has the right to:
Using the rights determined in the section above may be done by sending a suitable request with the user’s stated name and surname and email address to firstname.lastname@example.org.
- access their data and rectify or transfer them, so to receive them in an organized form, suitable to transfer them to a third party, including another personal data controller;
- object to the processing of their data in the cases where it is based on justified interest of the Controller;
- if the processing is based on a consent – the right to withdraw it at any time, with no effect on the compliance with the right to process which was done based on the agreement prior to it being withdrawn;
- request to have their data removed (the right to be forgotten) or to limit their processing, among others, in the case of withdrawing the expressed agreement or objecting while not having other bases for processing such data by the Controller;
- file a complaint to the President of the Personal Data Protection Office if they think that their actions infringe the provisions of law.
Article 5 Sharing of personal data
User data may be shared with subjects authorized to receive them based on the law regulations, including the appropriate judicial authorities. Personal data may be transferred to subjects processing them on an order, i.e. marketing agencies, subjects providing services in the area of organizing workshops, conferences, partners providing technical services (development and maintenance of IT systems and websites), a subject running the accounting or delivery service companies. Personal data shall not be transferred to a third party country/international organization.
Article 6 The period of storing data and other information about data processing
- Personal data shall be stored only for the period necessary to carry out a specific purpose for which they have been sent in or for the purposes of maintaining the compliance with law regulations, including the scope regarding:
Personal data shall not be processed in an automated way by the Controller.
- providing a reply to the question posed (contact), personal data shall not be processed for more than 12 months after the end of the contact;
- the recruitment process, personal data shall be processed for the period of the process and six months from its conclusion, and if an additional agreement is given – for 6 months from the moment of submitting the application documents;
- clients, suppliers and service providers who are natural persons, personal data shall be processed for a period necessary to maintain trade relationships, and if they are terminated – for the time necessary to pursue and protect possible claims, defence against them or processing submitted complaints but not more than 6 years.
Article 7 Cookie files
- The Controller informs that he uses cookie files (cookies).
- Cookies are data files stored on the User’s devicethat the Website sends to the web browser used by the User (person using the Website) enabling saving the information about the User and his/her preferences as well as acceleration of the User’s identification process.
- Cookies usually contain the name of the Website they originate from, the period of storage on the User’s device and a unique number.
- The Website managed by Controller collects only information contained in the cookie files but does not collect any data concerning the User.
- The Controller informs that the cookie files are used exclusively for the following purposes:
- creation of statistics which shall be basis for analysis regarding the use of websites by the Users;
- adjustment of the Website’s contents to the preference of a User and optimalisation of use of the Website; specifically such files help to identify the User’s device and accordingly display the Website adjusted to his/her individual needs;
- maintain the session of the logged in User which means that the User does not have to log in again on each and every subsite.