THE CONTROLLER
The Controller of personal data is Codespheric limited liability company, entered to the Register of Entrepreneurs maintained by the District Court for Warsaw – Śródmieście, No 12 Business Division of the National Court Register under the entry number 0000971711, NIP 5252909913 with the seat in Warsaw 00-105 (“the Controller”). Contact with the Controller is possible by post to the above address of the Controller’s registered office.
DATA PROCESSING
In connection with its business activity, the Controller collects and processes personal data, making every effort to ensure that the processed personal data is adequately secured. Data is collected directly from data subjects (e.g. as part of direct contact) as well as from third parties (e.g. from an entity cooperating with the Controller). The processing of personal data is based on the applicable law, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“the GDPR”).
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
The legal basis for the personal data processing is defined in Article 6 of the GDPR which governs general rules on the compliance of the personal data processing. In any case, the Controller shall process the data relevant to a given case and for the purpose for which it was collected, ensuring its appropriate protection. The controller processes personal data for the purposes related to the conducted business activity, in particular, the conclusion and performance of contracts (under Article 6(1)(b) of the GDPR), the performance of legal obligations incumbent on the Controller (under Article 6(1)(c) of the GDPR), as well as – pursuant to Article 6(1)(f) of the GDPR – for marketing purposes, keeping business contacts, securing, asserting as well as defending against claims and ensuring data security. Data processing under Article 6(1)(f) of the GDPR shall ensure that the Controller’s legitimate interests, such as security, marketing of own products, protection against claims and asserting claims, are fulfilled. In order to ensure security of persons and property, the Controller informs that he applies video surveillance. Personal data from video surveillance is not used for other purposes. In other cases, the Controller processes personal data on the basis of granted consents. To the extent that the data is processed for the contract performance, the provision of the data is a condition for the contract conclusion. The data provision is voluntary but necessary for the conclusion and performance of the contract. If personal data is not provided, the contract may not be concluded. Providing certain information is also a legal obligation, e.g. necessary to issue an invoice.
DATA RECIPENTS
In connection with the conducted business activity, in some cases the Controller discloses the data to third parties, in particular, to legal and accounting service providers, couriers and transport companies, providers of IT systems and equipment, marketing agencies, banks and payment institutions or public bodies. Data is also disclosed to entities related to the Controller, including companies being part of the Controller’s capital group.
DATA PROCESSING PERIOD
If personal data is collected for the purpose of performing an order or concluding a contract, the personal data is stored from the moment of data collecting until the contract termination or contract performance after the moment of its termination. In the case of personal data collection in order to fulfill obligations resulting from the law, the data shall be kept for the period of fulfilling obligations and tasks resulting from individual law provisions. In the case of personal data processing for the purposes of the legitimate Controller’s interests, the data shall be kept for no longer than six years from the date of contract termination or until a reasoned objection is raised to the processing for such purposes. In the case of personal data collection on the basis of consent, until the consent is revoked. The period of personal data processing may be extended when the processing is necessary to establish, assert or defend against a possible claim, and after that period only if required by law and to the extent required by law.
RIGHTS RELATED TO PERSONAL DATA PROCESSING
Data subjects’ rights: – Access to their personal data, – Rectify the personal data, – Erase the personal data, – Limit personal data processing, – Object to the personal data processing, – Data portability, – Withdraw the consent at any time – if the processing is carried out on that basis, without prejudice to the lawfulness of processing carried out on the basis of the consent before its withdrawal), In addition, the data subject has the right to lodge a complaint with the supervisory authority. In Poland, since 25 May 2018 the supervisory authority has been the President of the Office for Personal Data Protection.
FINAL INFORMATION
Information on the personal data processing is updated in order to adapt it to the Controller’s business activity. The current version has been in force since 25 May 2018.