Processing of personal data as part of contact with clients and other cooperating entities
Who is the Controller of your data?
he Controller is e-point SA with its registered seat in Warsaw, ul. Filona 16, 02-658 Warszawa (hereinafter referred to as the "Controller" or the "Company"). If you need any information related to the protection of personal data or you want to exercise your rights regarding data processing, contact the Controller or the Data Protection Officer appointed by him. Such contact may be made by e-mail or in writing to the Controller's address:
- e-point SA, IOD, ul. Filona 16, 02-658 Warszawa, e-mail: firstname.lastname@example.org
What data are we processing?
As part of our business activities, we collect and process, i.a., personal data of the following persons:
- clients or potential clients,
- other cooperating entities or potential cooperating entities (such as suppliers or subcontractors),
- employees, associates, authorised representatives or representatives of the above mentioned entities.
Depending on the purpose of processing, personal data processed may include data related to the conclusion and performance of contracts, contact details, data contained in correspondence, data regarding settlements.
For what purpose and on what basis do we process your data?
Your data will be processed in order to:
- onclude and perform a contract, if you are a party to this contract – Article 6 section 1 letter b) of the GDPR,
- perform our obligations arising from legal provisions, including tax and accounting regulations – Article 6 section 1 letter c) of the GDPR,
- resulting from the legitimate interests of the Controller or a third party – Article 6 section 1 letter f) of the GDPR. Such an objective resulting from the Controller's legitimate interest is:
- conclusion and performance of contracts with clients and cooperating entities,
- kcommunication with clients and cooperating entities or potential clients and cooperating entities,
- keeping internal registers, lists, analyzes, conducting audits, document archiving, data exchange using IT systems,
- direct marketing of the Controller's services and entities affiliated with the Controller ("entities from the e-point Group"),
- establishment, exercise or defense against claims.
Providing personal data in order to perform the obligations arising from legal provisions is obligatory. Providing data for the conclusion and performance of the contract is necessary, and failure to provide data may result in the inability to conclude the contract or inability to properly perform it. In other cases, providing data is voluntary.
How do we collect your data?
We will process your data if you give us access to it. In addition, if you are an employee, co-worker, authorised representative or representative of a client or potential client or cooperating entity, we may receive your personal data from the entity you represent or work for. We may also receive your data from publicly available registers or internet portals, as well as from internal databases of e-point Group entities. We will process data collected from third parties if there is an appropriate legal basis for it.
Who can your data be transferred to?
The Controller may transfer your personal data to other recipients entrusted with the processing of personal data on behalf of and for the benefit of the Controller in connection with conducting business or operating IT systems. In addition, the Controller will share your personal data with other recipients, such as public administration bodies, courts, as long as such an obligation results from legal provisions. The Controller may also share data with entities from the e-point Group. Your data may be transferred to third countries and international organizations, provided that entities established in these countries adequately protect personal data. In this case, the Controller will apply appropriate measures, such as e.g. standard contractual clauses approved by the European Commission or ensure that the transfer of data takes place within the country which is the subject of the European Commission decision on the appropriate protection of personal data. You can also get additional information regarding the transfer of data outside the EEA and a copy of appropriate security by directing the question to the contact address indicated above.
How long will we process your data?
In the case of data processed for the purpose of concluding and performing a contract, the data will be processed for the duration of the contract and its settlement. With regard to data processed to perform our obligations under the law, the data will be processed as long as required by law, as well as for the period necessary to demonstrate to the relevant authorities that the legal obligations have been met. Data processed to implement the legitimate interests of the Controller or a third party will be processed for the period necessary to achieve this purpose. Data processed to establish, exercise or defend against claims will be processed for the time necessary to assert specific claims or until the expiry of the limitation period (in principle, 6 years). Data processed for marketing purposes will be processed until an objection is lodged. In any case, the Controller will process your personal data no longer than it is necessary to achieve a specific purpose.
What are your rights?
You have the right to:
- access your personal data and receive a copy of the personal data being processed,
- rectify your incorrect data,
- request deletion of data (right to be forgotten) in the event of circumstances provided for in Article 17 of the GDPR,
- request to limit data processing in cases indicated in Article 18 of the GDPR,
- object to data processing in cases indicated in Article 21 of the GDPR,
- transfer the data provided, processed in an automated manner.
If you think that your personal data is being processed unlawfully, you can lodge a complaint to the supervisory body, which is the President of the UODO [Personal Data Protection Office], ul. Stawki 2, 00-193 Warszawa.