- Personal Data Controller
The Perspnal Data Controller of your personal data is "Metalbud" Sp. z o.o. with headquarters in Podlas, ul. Tomaszowska 90, 96-200 Rawa Mazowiecka, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register, under the number: 0000039826, with the following NIP: 8351148991, and REGON: 750034969 and share capital in the amount of PLN 30,033.300.00 (hereinafter referred to as Personal Data Controller).
The Personal Data Controller can be contacted at the following e-mail address: firstname.lastname@example.org or by mail to the address of the Personal data Controller's office indicated above.
2. Legal basis and purpose of personal data processing
The Personal Data Controller processes personal data in accordance with the relevant regulations, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repeal Directive 95/46 / EC (General Data Protection Regulation, hereinafter referred to as: GDPR).
Depending on the situation, the Personal data Controller processes your personal data for the following purposes and on the basis of the following provisions of the GDPR:
- In order to conclude and execute the contract concluded with you or to take, at your request, actions aimed at concluding the contract (e.g. sending an offer) - pursuant to art. 6 par. 1 letter b) of GDPR - not longer than until the claims have expired in connection with the contract;
- In order to implement the legitimate interests of the Personal Data Controller, i.e.:
- Promote and advertise of the Personal Data Controller’s products and services, entities belonging to the Personal data Controller’s capital group or third parties which are directly related to the subject of the contract concluded between you and the Personal Data Controller,
- Inquire into any possible claims of the Personal Data Controller,
- Archive in order to protect the Personal Data Controller's legal interest,
- Provide you with security in connection with recording the image using industrial cameras while staying in the Personal Data Controller's premises,
- Reply to your queries addressed to us not related to the contract concluded with the Personal Data Controller,
Processing in order to implement the legitimate interests of the Personal Data Controller is carried out on the basis of art. 6 par. 1 letter f) of the GDPR, no longer than until the attainment of the purposes set out above, except for the processing of personal data regarding promotion and advertising of products and services - then no longer than until you raise your objection.
3. In order to fulfill the obligations imposed on the Personal Data Controller by relevant regulations, e.g. tax law provisions, the Accounting Act - pursuant to art. 6 par. 1 letter c) of the GDPR - no longer than during the period of limitation for claims regarding public claims;
4. In order to send the newsletter you ordered - pursuant to art. 6 par. 1 letter a) of the GDPR - no longer than until the consent is withdrawn;
5. To promote and advertise products and services of entities cooperating with the Personal Data Controller, if they do not fall within the scope defined in section 2 above (in the case of persons who have given their consent) and only to the extent specified by such consent) - based on
Art. 6 par. 1 letter a) of the GDPR - no longer than until the consent is withdrawn.
3. Rights of persons whose personal data is processed
in the case of your refusal to provide personal data.
Due to the fact that the Personal Data Controller processes your personal data, you have the following rights:
- The right to access your personal data;
- The right to request the rectification of your personal data if it is incorrect and to supplement it when incomplete;
- The right to demand the removal of your personal data (the so-called "right to be forgotten")in any of the following cases:
- When you have withdrawn the consent on which the processing is based and there is no other legal ground for processing;
- When your personal data is no longer necessary for the purposes for which it was collected or
- When your personal data has been processed unlawfully;
- When you object to the processing of data and there are no overriding legitimate grounds for processing this data;
- When the data was collected in connection with the provision of information society services specified in art. 8 sec. 1 of the GDPR.
- When personal data must be removed in order to comply with the legal obligation provided for in European Union law or Polish law.
The Personal Data Controller will not, however, have to delete your personal data to the extent to which its processing will be necessary (i) to exercise the right to freedom of expression and information; (ii) to comply with a legal obligation requiring processing under the European Union law or Polish law or to perform a task carried out in the public interest; (iii) to determine, assert or defend claims; (iv) for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, as long as it is probable that the right to request the deletion of the data will prevent or significantly impede the purposes of such processing.
4. The right to limit the processing of data in cases where:
- You question the accuracy of personal data - for a period allowing the Personal Data Controller to check the correctness of this data;
- The processing is unlawful and you oppose the removal of personal data, requesting instead to limit its use;
- The Personal Data Controller no longer needs personal data for processing, but it is are needed to establish, assert or defend claims;
- You have objected - pending the determination of whether the legitimate grounds on the part of the Personal Data Controller take priority over the grounds of your objection.
5. The right to raise objections to processing due to reasons related to your special situation - regarding data processing carried out in order to implement the legitimate interests of the Personal Data Controller.
6. The right to withdraw consent - at any time with regard to the situation where your personal data is processed on the basis of your consent. Withdrawal of consent does not affect the legality of the processing which was carried out on the basis of consent before its withdrawal.
7. Right to data transfer - if your data is processed on the basis of consent or under a contract and the processing takes place in an automated manner, you have the right to obtain your personal data that was given to the Personal Data Controller from the Personal Data Controller in a structured, commonly used machine-readable format. You also have the right to request the transfer of such personal data to another personal data controller, if technically possible.
8. The right to file a complaint regarding the processing of personal data by the Personal Data Controller to the competent supervisory authority (the President of the Office for Personal Data Protection), if you believe that the processing is carried out in violation of the GDPR.
4. Personal data recipients
The Personal Data Controller may share your personal data with the following recipients:
- Entities from the Personal Data Controller's capital group,
- Entities cooperating with the Personal Data Controller for purposes related to the implementation of the contracts concluded with you, including suppliers, subcontractors, intermediaries,,
- Entities providing IT services,
- Entities providing marketing services,
- entities providing accounting, legal and debt collection services,
- Entities providing personal and property protection services to the Personal Data Controller.
In some cases, your personal data may be transferred outside of the EEA, which is usually necessary for undertaking activities related to the conclusion of a contract with you or related to the ongoing implementation of a contract already concluded with you. We make reasonable efforts to ensure that recipients of your data apply the necessary security standards. However, due to the global activities of the Personal Data Controller, sometimes some data and only to the extent necessary is transferred to countries outside the EEA, which do not guarantee legal standards that fully comply with the rules of the GDPR. All the other transfers outside of the EEA may be related to the use of the Personal Data Controller website or the Personal Data Controller’s profiles on social networking sites, whereby your personal data is processed in compliance with the necessary legal standards, i e. in accordance with the EU USA Privacy Shield Agreement or by applying standard contractual clauses in accordance with Commission Decision 2010/87 / EU on standard contractual clauses on the transfer of personal data to data processors established in third countries under Directive 95/46 / EC of the European Parliament and of the Council ( Journal of Laws UE L 39 p. 5 of 12/02/2010), issued on February 5, 2010.
5. The period of storage of personal data
6. Links to external websites
The Personal Data Controller is not responsible for policies regarding the processing of personal data of other entities and organizations, providers of social media platforms (YouTube), operating systems, portals, services, including any data that is disclosed to other entities using social media features.
The Personal Data Controller will be able to access some of the data of the users of the portals mentioned above, like age, gender, location, activity on external websites within the Personal Data Controller profile; the data will not allow users to be identified. This data can be used to target advertising, which is the legitimate purpose of the Personal Data Controller.
Acceptance or non-acceptance of the use of the above data within the above-mentioned portals can be carried out in the account settings on social media platforms, e.g. in the case of YouTube in privacy settings after logging in to your Google account.
The Personal Data Controller uses two types of cookies:
- Session cookies - stored on your device and remain there until the end of the browser session. The information saved is then permanently deleted from the memory of your device.
- Permanent cookies - stored on your device and remain there until they are deleted. Ending the browser session or turning off the device does not delete them.
You have the option of restricting or disabling cookies access to your device - in this case, the use of the Personal Data Controller's website will be possible, however, some of its features requiring access to cookies may not be available.
The Personal Data Controller uses own cookies for the correct configuration and full functionality of the website, in particular to:
- Adapt the content of the website to your preferences and optimize its use,
- Recognize your device and its location and display, respectively, the website, its functions and information provided, tailored to individual needs,
- Store your settings and personalize the interface, e.g. in the area of the chosen language or region, from which the user comes,
- Remember the history of visited pages on the site in order to recommend content,
- Remember the size of the font, the appearance of the website, etc.,
- Conduct correct operation of the partner program, enabling in particular verification of sources of redirections to the Personal Data Controller's website,
- Conduct analyses and research, and audience audits, and in particular to create anonymous statistics that help understand how you use the Personal Data Controller's website, which allows the improvement of its structure and content.
The Personal Data Controller also uses external cookies provided by Google Inc with its registered office
in the US, to collect general and anonymous static data via analytical tools Google Analytics. In order to block the collection of the above data by Google Analytics, you can, among other things, install the plugin for your browser available at the following link: https://tools.google.com/dlpage/gaoptout
You can change your cookie settings yourself and at any time by specifying the conditions for storing and accessing your device. Changes to the settings referred to in the previous sentence can be made using web browser settings or through service configuration. These settings can be changed in particular in such a way as to block the automatic handling of cookies, in the settings of the web browser, or to inform about their every posting on your device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.