Hereby, out of concern for the integrity of your personal data and your rights, meeting the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (referred to as “GDPR”), I would like to update and supplement my knowledge about the details of the processing of your personal data.
The administrator of personal data is:
Arkadiusz Waliczek, running a business under the name of HYDROTRADE Poland, Arkadiusz Waliczek, 43-200 Pszczyna, ul. Piwowarska 24/5, NIP: 638 116 23 39, REGON: 072319501, hereinafter referred to as the “Administrator.”
- CATEGORIES OF ADDRESSEES
This clause is addressed to:
2.1. Recipients of the Administrator’s goods and services and suppliers of goods and services to the Administrator, regardless of their legal form (also hereinafter referred to as the “other party”).
2.2. Persons providing work/services on behalf of or for the benefit of the other party, only within the scope of the legal relationship between the Administrator and the other party, i.e., in particular, its employees, contractors, subcontractors, service providers, proxies or proxies of the other party (hereinafter collectively referred to as “”).
- DATA SOURCE AND CATEGORIES OF RELATED PERSONAL DATA
The personal data have been obtained from the data subject. The personal data of the persons involved have been obtained either directly from the data subject or from the other party or other persons involved. In the event that the personal data of the persons involved have been obtained from the data subject – this person has full control over the scope of the disclosed data. In the event that the personal data of the persons involved have been obtained from the other party or other persons involved, these are the data necessary for identification and identity verification (contact details), such as: name, surname, telephone number, professional license number, vehicle registration number, function, position, e-mail address, company (name).
- BASIS OF PROCESSING, PURPOSES OF PROCESSING, STORAGE PERIOD
4.0.1. The basis for processing – consent of the data subject. Purpose – business contacts for which separate consent is required.
The purpose of data processing on the basis of the cited basis is acquiring and maintaining business contacts, i.e., the purpose of marketing, for which separate consent is required (e.g., in the case of marketing performed using telecommunications end devices, i.e., computers connected to the network or phones). The period of personal data processing lasts until the consent is withdrawn. The consent may be withdrawn at any time, but its withdrawal does not affect the legality of the processing before the consent is withdrawn.
4.0.2. Purpose – answer to a request, dispel doubts.
Filling in the contact form or submitting the inquiry in another form (e.g., e-mail, telephone, social networking site) is considered as consenting to the Administrator’s contact related to the implementation of the request/inquiry or the desire to solve the problem. The period of personal data processing lasts until the consent is withdrawn. The consent may be withdrawn at any time, even before giving the answer, but its withdrawal does not affect the legality of the processing before the consent is withdrawn.
4.0.3. Purpose – newsletter.
The purpose of data processing on the basis of the cited basis is to provide access to up-to-date information about the Administrator’s offer and activities as well as other information in the scope of the Administrator’s activities (e.g., industrial filtration). The period of personal data processing lasts until the consent is withdrawn. The consent may be withdrawn at any time, but its withdrawal does not affect the legality of the processing before the consent is withdrawn.
4.0.4. Goal – more effective/convenient functioning of websites.
The administrator currently owns five active websites: hydrotrade.pl, wf-sedziszow.hydrotrade.pl, mahle.hydrotrade.pl, and cronne.pl.
The websites act as business cards and present the Administrator’s contact details to encourage the other party to contact them on their initiative. These websites are unable to create an account and fill in the contact form, and thus transfer personal data through it (the “business card” page). The above websites use cookie files (cookies). These are small text files sent by the Administrator’s website servers and stored by the other party’s computer browser software. When the browser reconnects with the websites, the website recognizes the type of device from which the other party connects. The parameters allow reading the information contained therein only to the server that
4.2. The basis for processing – performance of the contract. Purpose – conclusion and performance of the contract.
The purpose of data processing on the basis of the cited basis is the need to perform and settle the contract; the form of its conclusion (e.g., oral form) is invalid. The discussed purpose includes, for example, the possibility of making a complaint or debt collection, as well as the transfer of data of recipients of the Administrator’s goods and services to a courier or shipping company. The data processed for the purpose in question are, for example: name, surname, company (name), telephone number, e-mail address, correspondence address, home address, delivery address, address of the main/additional place of business, tax identification number, data enabling settlement including a bank account number. The period of personal data processing lasts for the duration of the contract, as well as after its termination, i.e., for the duration of the limitation period for claims resulting from applicable regulations; for the time necessary to prevent abuse and fraud; for the time necessary for statistical and archiving purposes.
4.3. The basis for processing – the legal obligation of the Administrator. Purpose – fulfillment of the legal obligation to prepare and store documentation.
In the case of the performance of the contract or other service, the Administrator will also process personal data contained in invoices, accounting books, or other documentation confirming the conclusion and performance of the transaction, to satisfy the obligations resulting from the provisions of applicable law. This obligation results mainly from the provisions of tax and accounting law. The discussed situation also applies to the situation where the personal data belongs to the person involved (e.g., as part of the execution of the other party’s instructions). The period of personal data processing lasts for the duration of the obligations arising from legal provisions, in particular tax and accounting obligations.
4.4. The basis for processing – the legitimate interests of the Administrator or a third party. Purpose – business contacts for which no separate consent is required.
The essence of the discussed goal is the will to conduct direct marketing and sale of goods and services on an ongoing basis, as well as building and strengthening business relationships, including presenting and promoting the Administrator’s offers (including on the Administrator’s websites) – unless a separate consent is required for these activities (see the second page). In the discussed case, data processing will be undertaken to implement the Administrator’s legitimate interest, which is marketing and the sale of goods and services, as well as building and caring for business relationships necessary for the proper prosperity of the Administrator. The data subject has the right to object in accordance with Art. 21 GDPR. The period of personal data processing lasts until the objection submitted pursuant to Art. 21 GDPR.
Purpose – performance of the contract through the person involved and settlement of this contract.
The discussed purpose applies to the situation when the personal data of the person involved is processed in connection with the performance of the contract between the Administrator and the other party. It may be a situation in which an employee of the other party personally performs a service for the Administrator and places his signature on the handover protocol or on the attendance list, then handing over these documents to the Administrator. It may also be a situation in which the other party first discloses to the Administrator the contact details of an employee (e.g., a driver) in order to verify his identity. In such a case, data processing will include ongoing contacts related to the implementation of such a contract, preparation, and archiving of documentation from the performance of the contract, as well as pursuing claims or refusing to meet claims against the other party or the person involved. The processing of the data in question will, in this case, be undertaken to implement the legitimate interest of the Administrator, which is the protection (security) of his rights, performance of concluded contracts, and obtaining payment due on this account. The data subject has the right to object in accordance with Art. 21 GDPR. The period of personal data processing lasts for the duration of the contract, as well as after its completion (i.e., for the period of limitation of claims resulting from applicable regulations; for the time necessary to prevent abuse and fraud; for the time necessary for statistical and archiving purposes) or until the objection submitted in accordance with Art. 21 GDPR is considered.
Purpose – proving the fulfillment of obligations and pursuing claims or defending against claims.
The purpose in question concerns data disclosed on contact and registration forms (including electronic), in contracts, or otherwise disclosed – which may be processed for the purpose of archiving information or documents confirming the performance of the Administrator’s obligations and pursuing claims or refusing to meet them. This objective covers situations where a party to the contract is the other party and situations in which the Administrator was obliged to provide services to the other party or an involved person (archived data may contain data of involved persons). Archiving is to protect not only against claims of the other party or the person involved but also to enable the fulfillment of the accountability obligation. The legal interest of the Administrator (but also the other party and the person involved) is to protect (secure) the Administrator’s rights, confirm the fulfillment of obligations, and obtain payment on this account. The data subject has the right to object in accordance with Art. 21 GDPR.
The period of personal data processing lasts for the period of performance of obligations, as well as after its termination (i.e., for the period of limitation of claims resulting from applicable regulations; for the time necessary to prevent abuse and fraud; for the time necessary for statistical and archiving purposes) or until the objection submitted in accordance with Art. 21 GDPR is considered.
- RECIPIENT CATEGORIES
The recipients of the data made available to the Administrator (i.e., data of the other party or the person involved) may be:
5.1. Persons authorized by him on the basis of a separate authorization (in particular, the Administrator’s sales representatives).
5.2. Persons entrusted with the processing of personal data pursuant to Art. 28 GDPR (e.g., accounting office; IT system administrator; legal services; forwarding entities; entities providing hosting services; in the case of providing services by electronic means (e.g., sales via the public network) – entities providing payment services (including payment intermediation), credit, insurance, platform (e.g., Allegro)).
5.3. Authorized persons or processors as a result of further authorization or subordination; public authorities fighting fraud and abuse.
5.4. Public bodies such as ZUS, NFZ, tax administration bodies – on the basis of a legal obligation; entities (including, in particular, shipping entities) to the extent that they do not qualify for the category of persons from points 1) and 2) and act, after sharing the data, as a separate administrator of the other party or the person involved.
According to the GDPR, the other party and the person involved have the right to:
6.1. Access to data.
6.2. Rectification of data.
6.3. Deletion of data.
6.4. Data processing restrictions.
6.5. Data portability.
6.6. Objection (when the basis for processing is the legitimate interest of the Administrator or a third party).
6.7. Withdraw consent (when consent is the basis for processing). The implementation of the above rights depends on the conditions set out in the GDPR. In the event of refusal to exercise the above rights, the Administrator will provide a justification for the refusal, invoking these conditions, so that the person concerned has the right to analyze the correctness of the justification.
Ad 6.3. – The administrator may refuse to delete personal data despite submitting such a request, provided that one of the exceptions listed in the GDPR applies, e.g., when data processing is necessary to establish, assert, or defend claims.
Ad 6.3 and 6.4 – The right to delete data and the right to demand restriction of their processing only apply in the cases specified in the GDPR.
Ad 6.5 – The right to transfer data applies only in cases where the legal basis for processing is consent or performance of a contract (when this processing is carried out in an automated manner).
Ad 6.6 – In some cases, the administrator may refuse to take into account the objection to the processing of data on the basis of the legitimate interest of the Administrator or a third party when there are valid, legally justified grounds for data processing that override the objecting interests, rights, and freedoms or there are grounds for establishing, investigating, or defending claims. The Administrator does not have the right to refuse when the data is processed for direct marketing.
Ad 6.7 – Consent to data processing can be withdrawn at any time without affecting the lawfulness of processing. The data subject has the right to lodge a complaint with the relevant supervisory authority. In Poland, the authority competent to lodge a complaint is the President of the Office for Personal Data Protection (currently the Inspector General for Personal Data Protection), address: ul. Stawki 2, 00-193 Warsaw. For other European Union Member States, the supervisory authorities are listed on the website: link.
- FAILURE TO PROVIDE PERSONAL DATA and CONSEQUENCES
Concerning personal data necessary to issue an invoice, bill, or other settlement document, their provision is a requirement resulting from tax and accounting regulations (e.g., name, surname, company (name), address, NIP number, EU VAT number, price). Regarding personal data such as, for example, a bank account number, place of delivery, address of residence/main business activity, telephone number, e-mail address, login – failure to provide them may, in a specific case, prevent the conclusion and performance of the contract, including debt collection (mainly in the case of purchasing the Administrator’s goods and services via the impregnacja.com.pl website). If the other party does not provide the data referred to in the two paragraphs above, the delivery of goods and services to him will be impossible. The scope of these data is most likely, but as part of an individualized order, it may be wider or narrower (e.g., in the case of purchases of goods and services by consumers, directly). Providing data other than the above-mentioned is important due to the possibility of concluding and maintaining business contacts and the possibility of answering the other party’s questions – failure to do so is voluntary but will result in breaking commercial ties and a lack of access to information about the Administrator’s goods and services and assistance with his pages. Providing data in the form of an image and a signature on the attendance list is required due to the need to maintain the safety of people and property on the premises of the plant, and although they are not necessary for the performance of the contract, they are absolutely required due to the vital interests of the person concerned and other natural persons – failure to provide this personal data will prevent the performance of the contract for which the presence of the other party or a person involved in the plant will be required.
- AUTOMATED DATA PROCESSING
The personal data of the data subject – only as part of cookies – will be processed in an automated manner, but it will never have any legal effects on this website or similarly significantly affect its situation (no automated decision-making). Profiling personal data on the Administrator’s websites consists of processing data (also in an automated manner) by using them to evaluate certain information about a person, in particular to analyze or forecast personal preferences and interests.
- GOOD PRACTICES – GIVING THE INFORMATION CLAUSE TO THE PERSON INVOLVED
Without resolving the nuances of the factual circumstances affecting whether the Administrator is the actual administrator of the data of the persons involved, as part of good practice, it is highly desirable that the other party provides this information clause to the persons involved as part of its information obligation (mainly the obligation to indicate the category of recipients). It seems that fulfilling the Administrator’s (possible) information obligation towards the involved persons is not necessary because the mere fulfillment of the Administrator’s information obligation towards the other party also fulfills it with regard to the persons involved; however, one should be careful and sensitive in this regard. Additionally, it is possible that fulfilling the (possible) obligation of the Administrator towards the persons involved may prove impossible or require a disproportionate effort. Therefore, as a good practice, the other party should pass this document on to the person involved.
- CONTACT DETAILS
CONTACT DETAILS In all matters related to the subject of this information clause, including clarifying any doubts or ambiguities, and above all to exercise your rights, including the possibility of submitting a request for information about data or their processing, in electronic form, please contact the person responsible for issues related to the security of personal data at the Administrator’s e-mail address: firstname.lastname@example.org