01. What issues this document covers?
- who is the administrator of personal data,
- to what extent and for what purpose the data are processed,
- to whom the data is shared and how it is protected.
- persons representing our counterparties or contact persons appointed by our counterparty,
- service providers,
- visitors of our website,
- candidates for work and cooperation,
- visitors to our facilities.
03. How to contact the Administrator?
Kome Polska processes personal data as data controller (administrator), data recipient or data processor. Our registered office is located at Modra 90/108, 02-661 Warsaw, and our project office is located at Bukowinska 22b, 02-703 Warsaw. In matters relating to data protection, you can contact us at: firstname.lastname@example.org.
04. How do we collect personal data?
Personal data processed by Kome Polska may come from various sources:
- directly from you,
- from your employers or principals,
- from our contractors and business partners,
- from publicly available sources.
05. What personal data do we collect and for what purpose?
We collect or receive all or part of the following categories of personal data, for the following purposes:
- If you are our contractual partner, we process data such as your name, phone number, e-mail address, company name, NIP, Regon, function/position in order to conclude or perform a contract. In contracts, we include data to a minimum extent, mostly publicly available data from the KRS (National Court Register) and CEiDG (Central Registration and Information on Business) registers. The data will be stored for a period of min. 5 years from the end of the year in which the deadline for payment of tax in connection with the agreement concluded or services rendered expired.
- If you are a representative or contact person of our contractor, we will only use your data to the extent provided to us by the contractors, i.e. name, function/position, business email address, business telephone number.
- If you provide services to us, on the basis of a contract, we process data such as: name, telephone number, e-mail address, company name, NIP, Regon, function/position. In contracts, we include data to a minimum extent, most often publicly available data from KRS and CEiDG registers – KRS (National Court Register) and CEiDG (Central Registration and Information on Business). The data will be stored for a period of min. 5 years from the end of the year in which the deadline for payment of tax in connection with the agreement concluded or services rendered expired.
Your data will be stored until the recruitment process is completed. If you wish to cooperate, on the basis of a civil law contract, it is voluntary.
When you are on the premises of our headquarters, office, project office or facility under construction, we may record your image for purposes related to ensuring the safety of persons and property. Data will be stored for a maximum of 30 days.
We process your data to the minimum extent that is necessary to achieve one or more purposes. We will use the data needed to comply with legal obligations (legal basis: Article 6(1)(c) GDPR):
- for the duration of duties,
- for as long as we are required by law to keep the data (the law may provide for different retention periods).
In our legitimate interest, we will process your data in cases (legal basis: Article 6(1)(f) GDPR):
- the establishment, defence and assertion of claims, which includes, among other things, the sale of our claims to another entity – for the period after which the claims become time-barred;
- to promote the company and our services – until you object;
- the compilation of summaries, analyses and statistics – for the duration of the contract and thereafter for no longer than the period after which claims become time-barred;
identification on the facilities we implement;
- establish business or partnerships.
Your personal data will not be processed on this basis if, in certain cases, your interests prove to be more important.
06. Where is your data processed?
As a general rule, we do not pass on your personal data to anyone outside of Kome Poland. However, we may share your personal data with trusted third parties who perform business functions for us or provide other services to us (for example, entities that help us provide investigative services).
Such third parties will be obliged to adequately protect your personal data, based on contracts that meet the requirements of applicable law in this regard or on the basis of relevant laws.
Your personal data may also be transferred to relevant public authorities when required by law (e.g. to avoid crime or fraud or to comply with a court order or other legal obligation of a Polish or EU authority or court).
07. Who are the recipients of your data?
Sometimes we may share your data with other third parties who support us in the running of our business. These may be postal or courier operators who enable us to carry out remote payment operations, banks, government bodies or other entities authorised by law. We may also share your data with our business partners who help us to provide a specific service.
08. How long do we process your data?
Your personal data will only be kept for the period necessary to fulfil the purpose for which they were collected or for the period indicated by law:
- data processed on the basis of a signed contract or for the purpose of entering into a contract – until the contract is signed and, once contracted, for the period required by law (5 years counting from the beginning of the year following the financial year to which the data refer);
- data recorded by means of video surveillance for the purpose of ensuring the security of persons and property – for a maximum period of 30 days from the time the image was recorded;
- data processed on the basis of the consent given – until the consent is withdrawn, without affecting the lawfulness of the processing carried out before the consent is withdrawn.
Once the purpose for which the personal data was collected has been fulfilled, it may only be stored for archival purposes, for a period of time which is exclusively determined by the relevant legal provisions. However, irrespective of the above-mentioned periods, your data may be processed by us for the purpose of establishing the assertion, or defence of civil law claims in the course of our business, as well as for the defence against such claims – for the respective periods of limitation of such claims, i.e. as a general rule for no less than 6 years from the occurrence of the event giving rise to the claim.
09. How do we secure your data?
Kome Polska undertakes to adequately protect your personal data in accordance with adopted internal policies, orders, procedures and standards so that your personal data is protected against unauthorised use or access, unlawful modification, loss or destruction. Your personal data will not be kept longer than necessary for the purpose for which it was collected, including the need to comply with legal obligations and for the handling of disputes or the assertion or defence of claims.
10. International transfer of personal data
We process your personal data locally (in Poland). Your personal data will not be transferred to countries outside the European Economic Area, where the law may not provide the same level of personal data protection.
11. What rights do you have?
At any time you have the right:
- to access and obtain a copy of personal data,
Upon your request, we will provide information on whether we process your personal data. We are also obliged, upon separate request, to provide you with more detailed information on: the purposes of the processing, the categories of personal data, the recipients of the data or their categories, the storage period of the personal data or the criteria for determining it, the source of the data acquisition, about the automated processing of the personal data and the consequences of such processing for you. In case of transfer of personal data to a third country, we will also inform you about the safeguards applied for the transfer.
Upon your request, we will make a copy of your personal data. This will be made available to you in a friendly file format. The first copy will be provided free of charge. However, we may charge a fee for each subsequent copy, which we will determine based on the provisions of the GDPR.
- to correct, update and amend data,
If we discover that your personal data is incorrect, we will delete the inaccuracies. We will do this on our own initiative – or, if you bring it to our attention, at your request. the right to erasure,
- to erasure,
If you do not wish your personal data to be processed and we determine that there is no other legal basis that allows us to process your data – we will delete it from our databases. Please note, however, that the deletion of certain data may prevent us from providing services to you – this applies to those services in connection with which it is necessary to process the personal data you have provided. For example, we will not be able to answer your questions if you request the deletion of your e-mail address. However, despite such a request, we will still be able to process certain personal data under the terms of the GDPR.
- to restrict data processing,
In the cases provided for by the GDPR, we will restrict the processing of your personal data at your request. A restriction on the processing of your personal data prevents you from using it beyond storage. In this case, any other actions on the data subject to the processing restriction will only be carried out with your consent.
- to transfer parts of the data to other organisations,
Under the terms of the GDPR, you can request the transfer of your personal data stored in a standard machine-readable file format. If your aim is to transfer them to another administrator, we will send the file containing your personal data directly to him.
- to not being subject to profiling and automated decisions,
No automated decisions will be taken against you (without human involvement) and your personal data will not be subject to profiling.
- to object certain types of processing of personal data,
In some cases, even if we process your personal data lawfully, without your consent, you can request us to stop processing your personal data by lodging an objection. This will be justified if you demonstrate that our lawful activities nevertheless harm your interests, rights or freedoms.
- as well as, if we have asked for your consent, to withdraw this consent at any time.
Once you have given your consent to the processing of information, it is not granted forever. If (for any reason) you reconsider, you may withdraw your consent to the processing of your personal data.
In such a situation, unless we have a separate basis for processing, we will stop using your personal data for the purpose for which consent was given. Withdrawal of consent may sometimes result in failure to provide you with interesting content or information. You can withdraw your consent at any time, for example via a link in the marketing material you receive.
When you visit our website, we may collect standard log-in information and details of behaviour patterns on the website. This allows us, for example, to determine the number of visitors to certain parts (tabs) of the site. The information is collected in a way that does not identify specific individuals. We do not take any steps to learn personal information about our users. We never use the data collected to link it to personal information from other sources. The information collected is used to compile reports and to make changes to improve the site.