PRIVACY POLICY
01. What issues this document covers?
We make effort to protect the personal data we collect in accordance with national legislation and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Official Journal of the EU. L No. 119/1) – hereinafter referred to as “GDPR”. We make this Privacy Policy available to you so that every person with whom we have a relationship is aware:
- who is the administrator of personal data,
- to what extent and for what purpose the data are processed,
- to whom the data is shared and how it is protected.
02. What is the scope of the privacy policy? Who does it apply to?
In providing our services, we collect and process information relating primarily to investors (companies). However, in the process we also process data that may qualify as personal data. This includes information about individuals such as attorneys, sales representatives, contact persons or sole traders. Additionally, we store the contact details of natural persons with whom we maintain business relations, as well as individuals submitting internal reports of legal violations, the individual(s) concerned by the report, and any third party/parties mentioned in the report. This privacy policy contains information regarding the processing by Kome Polska sp. z o.o. – limited company (hereinafter: Kome Polska, or as “we”) personal data of current, former and potential customers:
- contractors,
- persons representing our counterparties or contact persons appointed by our counterparty,
- service providers,
- visitors of our website,
- candidates for work and cooperation,
- visitors to our facilities,
- individuals submitting internal reports of legal violations, the individual(s) concerned by the report, and any third party/parties mentioned in the report.
03. How to contact the Administrator?
Kome Polska processes personal data as data controller (administrator), data recipient or data processor. Our registered office is located at Modra 90/108, 02-661 Warsaw, and our project office is located at Domaniewska 39B (floor 3), 02-703 Warsaw. In matters relating to data protection, you can contact us at: dane.osobowe@kome-polska.pl.
04. How do we collect personal data?
Personal data processed by Kome Polska may come from various sources:
- directly from you,
- from your employers or principals,
- from our contractors and business partners,
- from publicly available sources.
05. What personal data do we collect and for what purpose?
We collect or receive all or part of the following categories of personal data, for the following purposes:
- If you are our contractual partner, we process data such as your name, phone number, e-mail address, company name, NIP, Regon, function/position in order to conclude or perform a contract. In contracts, we include data to a minimum extent, mostly publicly available data from the KRS (National Court Register) and CEiDG (Central Registration and Information on Business) registers. The data will be stored for a period of min. 5 years from the end of the year in which the deadline for payment of tax in connection with the agreement concluded or services rendered expired.
- If you are a representative or contact person of our contractor, we will only use your data to the extent provided to us by the contractors, i.e. name, function/position, business email address, business telephone number.
- If you provide services to us, on the basis of a contract, we process data such as: name, telephone number, e-mail address, company name, NIP, Regon, function/position. In contracts, we include data to a minimum extent, most often publicly available data from KRS and CEiDG registers – KRS (National Court Register) and CEiDG (Central Registration and Information on Business). The data will be stored for a period of min. 5 years from the end of the year in which the deadline for payment of tax in connection with the agreement concluded or services rendered expired.
- If you contact us through our website, we may process information that enables us to remember your preferences in using the website. We use cookies to collect this type of data (see section 10 for more information). When you ask us to send you an offer via the form available on the website, we will need your contact details, i.e. name, company name, email address. if you are interested in our job offers or cooperation offers, we will process your data on the basis and to the extent specified in Article 221 of the Labour Code in order to select a suitable person for the given position and carry out activities related to the conclusion of a contract or employment.
- In the event that you submit an internal report of a legal violation, we process data such as your name, phone number, email address, correspondence address, as well as the details of individuals who committed the legal violation (name and job position) and those connected to the reported violation, including witnesses (name and job position), in order to fulfill the obligations specified in the Act of June 14, 2024, on the Protection of Whistleblowers.
Your data will be stored until the recruitment process is completed. If you wish to cooperate, on the basis of a civil law contract, it is voluntary.
When you are on the premises of our headquarters, office, project office or facility under construction, we may record your image for purposes related to ensuring the safety of persons and property. Data will be stored for a maximum of 30 days.
We process your data to the minimum extent that is necessary to achieve one or more purposes. We will use the data needed to comply with legal obligations (legal basis: Article 6(1)(c) GDPR):
- for the duration of duties,
- for as long as we are required by law to keep the data (the law may provide for different retention periods).
In our legitimate interest, we will process your data in cases (legal basis: Article 6(1)(f) GDPR):
- correspondence;
- the establishment, defence and assertion of claims, which includes, among other things, the sale of our claims to another entity – for the period after which the claims become time-barred;
- to promote the company and our services – until you object;
- the compilation of summaries, analyses and statistics – for the duration of the contract and thereafter for no longer than the period after which claims become time-barred;
identification on the facilities we implement; - establish business or partnerships;
- your personal data will not be processed on this basis if, in certain cases, your interests prove to be more important;
- the receipt of internal reports of legal violations, the undertaking of follow-up actions related to the submission of a report, and the maintenance of a register of reports in accordance with the provisions of the Act of June 14, 2024, on the Protection of Whistleblowers.
06. Where is your data processed?
We are committed to ensuring that the collection, receipt, using, sharing or other operations on your personal data are carried out in accordance with applicable law, this privacy policy and our internal policies, orders, procedures and standards. Kome Poland has strict standards for data access and processing. Only a group of authorised or authorised employees will have access to your data.
As a general rule, we do not pass on your personal data to anyone outside of Kome Poland. However, we may share your personal data with trusted third parties who perform business functions for us or provide other services to us (for example, entities that assist us in providing services, such as IT support).
Such third parties will be obliged to adequately protect your personal data, based on contracts that meet the requirements of applicable law in this regard or on the basis of relevant laws.
Your personal data may also be transferred to relevant public authorities when required by law (e.g. to avoid crime or fraud or to comply with a court order or other legal obligation of a Polish or EU authority or court).
07. Who are the recipients of your data?
Sometimes we may share your data with other third parties who support us in the running of our business. These may be postal or courier operators who enable us to carry out remote payment operations, banks, government bodies or other entities authorised by law. We may also share your data with our business partners who help us to provide a specific service.
08. How long do we process your data?
Your personal data will only be kept for the period necessary to fulfil the purpose for which they were collected or for the period indicated by law:
- data processed on the basis of a signed contract or for the purpose of entering into a contract – until the contract is signed and, once contracted, for the period required by law (5 years counting from the beginning of the year following the financial year to which the data refer);
- data recorded by means of video surveillance for the purpose of ensuring the security of persons and property – for a maximum period of 30 days from the time the image was recorded;
- data processed on the basis of the consent given – until the consent is withdrawn, without affecting the lawfulness of the processing carried out before the consent is withdrawn;
- personal data processed in connection with the receipt of an internal report of a legal violation or the undertaking of follow-up actions, as well as documents related to such reports, are stored for a period of 3 years after the end of the calendar year in which the follow-up actions were completed or after the conclusion of any proceedings initiated by those actions.
Once the purpose for which the personal data was collected has been fulfilled, it may only be stored for archival purposes, for a period of time which is exclusively determined by the relevant legal provisions. However, irrespective of the above-mentioned periods, your data may be processed by us for the purpose of establishing the assertion, or defence of civil law claims in the course of our business, as well as for the defence against such claims – for the respective periods of limitation of such claims, i.e. as a general rule for no less than 6 years from the occurrence of the event giving rise to the claim.
09. How do we secure your data?
Kome Polska undertakes to adequately protect your personal data in accordance with adopted internal policies, orders, procedures and standards so that your personal data is protected against unauthorised use or access, unlawful modification, loss or destruction. Your personal data will not be kept longer than necessary for the purpose for which it was collected, including the need to comply with legal obligations and for the handling of disputes or the assertion or defence of claims.
10. International transfer of personal data
We process your personal data locally (in Poland). Your personal data will not be transferred to countries outside the European Economic Area, where the law may not provide the same level of personal data protection.
11. What rights do you have?
At any time you have the right:
- to access and obtain a copy of personal data,
Upon your request, we will provide information on whether we process your personal data. We are also obliged, upon separate request, to provide you with more detailed information on: the purposes of the processing, the categories of personal data, the recipients of the data or their categories, the storage period of the personal data or the criteria for determining it, the source of the data acquisition, about the automated processing of the personal data and the consequences of such processing for you. In case of transfer of personal data to a third country, we will also inform you about the safeguards applied for the transfer.
Upon your request, we will make a copy of your personal data. This will be made available to you in a friendly file format. The first copy will be provided free of charge. However, we may charge a fee for each subsequent copy, which we will determine based on the provisions of the GDPR.
- to correct, update and amend data,
If we discover that your personal data is incorrect, we will delete the inaccuracies. We will do this on our own initiative – or, if you bring it to our attention, at your request. the right to erasure,
- to erasure,
If you do not wish your personal data to be processed and we determine that there is no other legal basis that allows us to process your data – we will delete it from our databases. Please note, however, that the deletion of certain data may prevent us from providing services to you – this applies to those services in connection with which it is necessary to process the personal data you have provided. For example, we will not be able to answer your questions if you request the deletion of your e-mail address. However, despite such a request, we will still be able to process certain personal data under the terms of the GDPR.
- to restrict data processing,
In the cases provided for by the GDPR, we will restrict the processing of your personal data at your request. A restriction on the processing of your personal data prevents you from using it beyond storage. In this case, any other actions on the data subject to the processing restriction will only be carried out with your consent.
- to transfer parts of the data to other organisations,
Under the terms of the GDPR, you can request the transfer of your personal data stored in a standard machine-readable file format. If your aim is to transfer them to another administrator, we will send the file containing your personal data directly to him.
- to not being subject to profiling and automated decisions,
No automated decisions will be taken against you (without human involvement) and your personal data will not be subject to profiling.
- to object certain types of processing of personal data,
In some cases, even if we process your personal data lawfully, without your consent, you can request us to stop processing your personal data by lodging an objection. This will be justified if you demonstrate that our lawful activities nevertheless harm your interests, rights or freedoms.
- as well as, if we have asked for your consent, to withdraw this consent at any time.
Once you have given your consent to the processing of information, it is not granted forever. If (for any reason) you reconsider, you may withdraw your consent to the processing of your personal data.
In such a situation, unless we have a separate basis for processing, we will stop using your personal data for the purpose for which consent was given. Withdrawal of consent may sometimes result in failure to provide you with interesting content or information. You can withdraw your consent at any time, for example via a link in the marketing material you receive.
The rights listed above may be limited in certain situations, such as when we can demonstrate that we are legally obliged to process your data. If you wish to exercise your due rights, all you need to do is send an appropriate request to dane.osobowe@kome-polska.pl. You may also contact us if you have any questions, comments or complaints in relation to this privacy policy. However, if you still have any doubts or believe that your rights have been violated by our data processing activities, you may lodge a complaint with the President of the Office for Personal Data Protection (Stawki 2 Street, 00-193 Warsaw).
12. Cookies
When you visit our website, we may collect standard log-in information and details of behaviour patterns on the website. This allows us, for example, to determine the number of visitors to certain parts (tabs) of the site. The information is collected in a way that does not identify specific individuals. We do not take any steps to learn personal information about our users. We never use the data collected to link it to personal information from other sources. The information collected is used to compile reports and to make changes to improve the site.
13. How do we take care of the Privacy Policy?
This privacy policy comes into effect on 15.04.2019. We keep this policy updated and we will notify you of any changes by posting the updated policy on our website.