In connection with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), we are obliged to provide the following information concerning the protection of personal data:

INFORMATION ON PROCESSED PERSONAL DATA

Controller of personal data

The Controller of personal data (hereinafter referred to as the “Controller”) is “RETECH”, a limited liability company with its registered office in Mielec, ul. Wojska Polskiego 6a, 39-300 Mielec, the company entered in the register of entrepreneurs of the National Court Register by the District Court in Rzeszów, Commercial Division of the National Court Register, under the KRS (National Court Register) number 0000086098, NIP (Tax Identification Number): 817-18-44-335.

Contact information

As the Controller, we have not appointed a Data Protection Officer. In all matters concerning the processing of personal data by us and the exercise of rights related to the processing of data you can contact us by email at retech@retech.pl or in writing to the Controller’s address with a note “Personal Data”.

Purposes and legal basis of processing

We process data in various business situations described in our policy. Below you will find information on the purposes of processing and the legal basis.

Purpose of processing

Taking up necessary actions before concluding the contract, concluding and performing the contract as well as providing services in accordance with the contract.

For marketing purposes of the Controller, including the profiling for marketing and analytical purposes.

For marketing purposes, including analytical purposes and profiling of third parties, including partners of the Controller.

The fulfilment of the Controller’s legal obligations arising under relevant laws.

Optionally in order to assert claims related to the contract concluded with you with regard to the services provided.

Basis for processing

Art. 6 sec. 1 point b and f of the GDPR, as the so-called legitimate interest of the controller, namely asserting claims and defending its rights.

Art. 6 sec. 1 point b and f of the GDPR, as the so-called legitimate interest of the controller, or Art. 6 sec. 1 point a – consent granted.

Art. 6 sec. 1 point a of the GDPR – a consent, if the consent is not granted, the personal data are not processed for this purpose.

Art. 6 sec. 1 point c of the GDPR – processing is necessary for the fulfilment of the Controller’s legal requirements.

The specific purpose and basis of the processing are given in a separate information addressed to data subjects.

The period for which the data will be stored

Your personal data will be stored until the claims arising from the contract/services provided fall under the statute of limitations or until the obligation to store data resulting from provisions of law expires, in particular, the obligation to store the accounting documents relating to the contract. All data processed for accounting and tax purposes are processed for 5 years from the end of the calendar year in which the tax liability arose. After the expiration of the above-mentioned periods, your data is deleted or anonymised.

Personal data will not be processed for particular purposes if you lodge an objection to such processing in the case of personal data processed on the basis of the justified interest of the Controller.

If we process data on the basis of your consent, personal data will be processed until the consent is withdrawn.

Data recipients

Your personal data may be made available to third parties for the above-mentioned purposes/for marketing purposes if you consent to specific marketing purposes for which the provision of data is necessary.

In addition, data may be transferred to entities processing personal data on behalf of the Controller, i.a. providers of IT services, transport services, entities processing data in order to recover debts – although such entities process data on the basis of a contract with the Controller and only in accordance with our instructions.

Data transfer outside the European Economic Area

The collected personal data will not be transferred to recipients from countries outside the European Economic Area (countries of the European Union as well as Iceland, Liechtenstein and Norway).

Rights of the data subject

You have the right to access your data and request its rectification or erasure as well as restrict its processing. If the basis for the processing of your personal data is the legitimate interest of the Controller, you can object to the processing of your personal data. In particular, you have the right to object to the processing for direct marketing purposes, including profiling and analytical purposes.

In so far as the basis for the processing of your personal data is a consent, you have the right to withdraw the consent. The withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

The extent that your data is processed in order to conclude and perform the contract/provide services or if it is processed on the basis of consent – you also have the right to data portability. In this case you will receive your personal data in a structured, machine-readable and commonly used format. You can transfer these data to another data controller.

You also have the right to lodge a complaint to the data protection supervisory authority.

Providing personal data in connection with the concluded contract/services provided under its conditions is voluntary, but necessary for the conclusion and performance of the contract – without providing personal data it is not possible to conclude the contract/provide services. Providing personal data for marketing purposes is voluntary.