INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"), we present this document containing information on the rules for the processing of your personal data by the Personal Data Controller.
1. Personal Data Controller:
The controller of your personal data within the meaning of the GDPR is:
Barbara Plichta, sole trader operating under the name CP Consulting Barbara Plichta, address: ul. Zaopusta 48C, 40-748 Katowice, NIP: 7742679835, REGON: 242872913, e-mail: office@cp-consulting.pl (hereinafter referred to as the "Controller").
Please send any enquiries and comments regarding the processing of personal data using the contact details provided above.
2. For what purpose is personal data processed:
The Administrator may process your personal data for the following purposes:
on the basis of your consent, for clearly specified purposes – pursuant to Article 6(1)(a) of the GDPR;
proper performance of the contract in connection with the services provided or other activities necessary for the performance of the services pursuant to Article 6(1)(b)-(c) of the GDPR;
to present offers or consider enquiries about services offered by the Controller pursuant to Article 6(1)(b) or (f) of the GDPR;
fulfilment of obligations under the law, including the performance of tasks carried out in the public interest pursuant to Article 6(1)(c) and (e) of the GDPR;
marketing, including the promotion of services offered by the Controller in order to tailor products and services to your preferences pursuant to Article 6(1)(f) of the GDPR;
correspondence regarding the provision of necessary information concerning the performance of services, as well as any requests and enquiries you may have, pursuant to Article 6(1)(f) of the GDPR;
establishing, investigating and recovering any claims by the Controller or defending against claims in connection with its business activities pursuant to Article 6(1)(f) of the GDPR;
other purposes pursued within the framework of the so-called legitimate interest of the Data Controller, including the storage of data for archiving and statistical purposes, ensuring the possibility of performance and accountability in terms of demonstrating compliance with legal obligations pursuant to Article 6(1)(f) of the GDPR.
3. Categories of personal data that are processed:
The controller may process the following categories of personal data:
personal data (e.g. first name, surname);
contact details (e.g. telephone number, e-mail address, postal address);
identification data (e.g. PESEL number, date of birth);
professional data (e.g. education, position, earnings);
In addition, the Administrator may process other personal data if it cannot be classified into any of the above groups and this is done for the purposes described in this document.
4. Where personal data is obtained from:
The Controller processes personal data obtained directly from data subjects (e.g. provided in writing, by email, verbally or on forms), as well as obtained from other sources in accordance with the law.
5. Sharing personal data:
Personal data may be transferred to other entities for the purpose of providing services (Article 6(1)(b) of the GDPR), as well as to the extent necessary to achieve the purposes specified in accordance with Article 6(1)(f) of the GDPR. Such data recipients may be authorised employees of the Controller, entities cooperating with the Controller and entities providing the Controller with payment, technical, IT, telecommunications, accounting, legal and other services, as well as entities cooperating in the field of archiving and statistics. In addition, the data may be made available to entities and authorities to which the Administrator is obliged or authorised to disclose personal data on the basis of generally applicable laws, including public authorities.
6. Data processing and storage period:
Personal data will usually be processed for the duration of the services provided – in order to ensure the performance of the services (Article 6(1)(b) of the GDPR), as well as for the time necessary to achieve the objectives resulting from the legitimate interests pursued by the Controller or by a third party (Article 6(1)(f) of the GDPR).
The period for which your personal data will be stored is determined on the basis of the following criteria:
legal provisions that may oblige the Controller to process data for a specified period of time;
the period during which the Controller performs its obligations and exercises its rights in relation to the service provided;
the period necessary to secure the Administrator's interests against claims and to pursue claims by the Administrator, including in particular the period until the expiry of the limitation period or the expiry of any claims;
other purposes pursued within the scope of the so-called legitimate interest of the Data Controller, including data storage for archiving and statistical purposes, as well as for promotion and marketing purposes for a period of 10 years.
7. Your rights:
In connection with the processing of personal data by the Data Controller, you have the following rights:
the right to access your data, i.e. you can obtain information about whether the Data Controller processes your personal data. If so, you can access it, e.g. request a copy. You can also obtain detailed information, including what data is processed and for what purpose, and to whom it is transferred;
the right to rectify data, i.e. if it is incorrect, you can request that it be corrected;
the right to erasure (the right to be forgotten) or restriction of processing in cases provided for by law;
the right to object to the processing of personal data in the case of processing for the purposes of the legitimate interests pursued by the Controller;
the right to transfer data;
the right to lodge a complaint with the supervisory authority responsible for personal data protection – the President of the Personal Data Protection Office – if you believe that your data is being processed in violation of the law;
in addition, if the processing of personal data is based on consent, you have the right to withdraw your consent to the processing of personal data at any time, but the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
To exercise your rights, please contact the Controller.
Personal data may be profiled by the Controller.
9. Information on the requirement to provide data
To the extent that personal data is processed for the purpose of providing services by the Controller, the provision of data is necessary for the performance of the services. The provision of personal data is voluntary, but without it, it is not possible to conclude and perform a contract/provide a service.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR"), we present this document containing information on the rules for the processing of your personal data by the Personal Data Controller.
1. Personal Data Controller:
The controller of your personal data within the meaning of the GDPR is:
CP ENGINEERING SERVICES Sp. z o.o., address: ul. Braci Mieroszewskich 122, 41-219 Sosnowiec, KRS: 0001107357, NIP: 6443583133, REGON: 528717918 e-mail: office@cp-consulting.pl (hereinafter referred to as the "Controller").
Please send any enquiries and comments regarding the processing of personal data using the contact details provided above.
2. For what purpose is personal data processed:
The Administrator may process your personal data for the following purposes:
on the basis of your consent, for clearly specified purposes – pursuant to Article 6(1)(a) of the GDPR;
proper performance of the contract in connection with the services provided or other activities necessary for the performance of services pursuant to Article 6(1)(b)-(c) of the GDPR;
to present offers or consider enquiries about services offered by the Controller pursuant to Article 6(1)(b) or (f) of the GDPR;
fulfilment of obligations arising from legal provisions, including the performance of tasks carried out in the public interest pursuant to Article 6(1)(c) and (e) of the GDPR;
marketing, including the promotion of services offered by the Controller in order to tailor products and services to your preferences pursuant to Article 6(1)(f) of the GDPR;
correspondence regarding the provision of necessary information concerning the performance of services, as well as any requests and enquiries you may have, pursuant to Article 6(1)(f) of the GDPR;
establishing, investigating and recovering any claims by the Controller or defending against claims in connection with its business activities pursuant to Article 6(1)(f) of the GDPR;
other purposes pursued within the framework of the so-called legitimate interest of the Data Controller, including the storage of data for archiving and statistical purposes, ensuring the possibility of performance and accountability in terms of demonstrating compliance with legal obligations pursuant to Article 6(1)(f) of the GDPR.
3. Categories of personal data that are processed:
The controller may process the following categories of personal data:
personal data (e.g. first name, surname);
contact details (e.g. telephone number, e-mail address, postal address);
identification data (e.g. PESEL number, date of birth);
professional data (e.g. education, position, earnings);
In addition, the Administrator may process other personal data if it cannot be classified into any of the above groups and this is done for the purposes described in this document.
4. Where personal data is obtained from:
The Controller processes personal data obtained directly from data subjects (e.g. provided in writing, by email, verbally or on forms), as well as obtained from other sources in accordance with the law.
5. Sharing personal data:
Personal data may be transferred to other entities for the purpose of providing services (Article 6(1)(b) of the GDPR), as well as to the extent necessary to achieve the purposes specified in accordance with Article 6(1)(f) of the GDPR. Such data recipients may be authorised employees of the Controller, entities cooperating with the Controller and entities providing the Controller with payment, technical, IT, telecommunications, accounting, legal and other services, as well as entities cooperating in the field of archiving and statistics. In addition, the data may be made available to entities and authorities to which the Administrator is obliged or authorised to disclose personal data on the basis of generally applicable laws, including public authorities.
6. Data processing and storage period:
Personal data will usually be processed for the duration of the services provided – in order to ensure the performance of the services (Article 6(1)(b) of the GDPR), as well as for the time necessary to achieve the objectives resulting from the legitimate interests pursued by the Controller or by a third party (Article 6(1)(f) of the GDPR).
The period for which your personal data will be stored is determined on the basis of the following criteria:
legal provisions that may oblige the Controller to process data for a specified period of time;
the period during which the Controller performs its obligations and exercises its rights in relation to the service provided;
the period necessary to secure the Administrator's interests against claims and to pursue claims by the Administrator, including in particular the period until the expiry of the limitation period or the expiry of any claims;
other purposes pursued within the scope of the so-called legitimate interest of the Data Controller, including data storage for archiving and statistical purposes, as well as for promotion and marketing purposes for a period of 10 years.
7. Your rights:
In connection with the processing of personal data by the Data Controller, you have the following rights:
the right to access your data, i.e. you can obtain information about whether the Data Controller processes your personal data. If so, you can access it, e.g. request a copy. You can also obtain detailed information, including what data is processed and for what purpose, and to whom it is transferred;
the right to rectify data, i.e. if it is incorrect, you can request that it be corrected;
the right to erasure (the right to be forgotten) or restriction of processing in cases provided for by law;
the right to object to the processing of personal data in the case of processing for the purposes of the legitimate interests pursued by the Controller;
the right to transfer data;
the right to lodge a complaint with the supervisory authority responsible for personal data protection – the President of the Personal Data Protection Office – if you believe that your data is being processed in violation of the law;
in addition, if the processing of personal data is based on consent, you have the right to withdraw your consent to the processing of personal data at any time, but the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
To exercise your rights, please contact the Controller.
Personal data may be profiled by the Controller.
9. Information on the requirement to provide data
To the extent that personal data is processed for the purpose of providing services by the Controller, the provision of data is necessary for the performance of the services. The provision of personal data is voluntary, but without it, it is not possible to conclude and perform a contract/provide a service.
