Personal data processing policy

Based on Article 13 sec. 1 and sec. 2 and art. 14 sec. 1 and sec. 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/56 / EC (hereinafter: "GDPR") applicable from May 25, 2018 we inform you about the method and purpose, in which we process your personal data (hereinafter referred to as "data"), as well as your rights related to data protection.

  1. Who is responsible for data processing and with whom can you contact?

The data administrator is: CONTROL PROCESS S.A. with headquarter in Krakow, at ul. Obrońców Modlina 16, 30-733 Kraków, entered into Register of Entrepreneurs of the National Court Register (KRS) under KRS number: 0000285783, Tax Identification Number: 8732898418, company ID number: 850359556, hereinafter referred to as CONTROL PROCESS S.A., which can be contacted:

  • in writing, by sending correspondence to the address: CONTROL PROCESS S.A. ul. Obrońców Modlina 16, 30-733 Kraków,
  • by phone, at the number: +48 500 006 114,
  • by e-mail at the address: iod@controlprocess.pl and otherwise indicated on the website controlprocess.pl.

The Company has appointed a Data Protection Officer who can be contacted in writing by sending correspondence to the address: CONTROL PROCESS S.A. ul. Obrońców Modlina 16, 30-733 Kraków, with the note: "Do Inspektora Danych Osobowych / To Data Protection Officer" and by e-mail address: iod@controlprocess.pl.

  1. Why, what for and on what legal basis do we process your data?

We process your data in accordance with the provisions of the GDPR and Polish data protection regulations by completing:

  • contractual obligations and we take steps at the request of the data subject before concluding the contract (Article 6 sec. 1 letter b) of the GDPR),
  • legal obligations (Article 6 sec. 1 letter c) of the GDPR),
  • tasks serving the public interest (Article 6 sec. 1 letter e) of the GDPR).

The data is processed in order to perform the activities, conclude or perform the contract in connection with which they were transferred to the Company, for example, to carry out a recruitment process, establish a relationship under a cooperation agreement or other commercial agreement, depending on the circumstances.

The data is processed for the purpose of the Company's operating activities and the provision of other services as part of the implementation of contracts concluded with customers or in order to carry out activities performed at the customer's request before or in connection with the conclusion of the contract.

As a Company, we are a subject to a number of legal obligations resulting from, for example, anti-money laundering and terrorist financing regulations, tax legislation, labor law and social security regulations, and other regulatory requirements.

We may also be obliged to perform tasks of public interest, in particular for the purposes of preventing crime. If necessary, we will process your data to meet the requirements imposed, among others by the above-mentioned regulations.

Your data may also be processed for purposes such as: identity verification, fulfilling monitoring obligations, and performing obligations in accordance with tax legislation.

We process data, if necessary, for the purposes of the legitimate interests pursued by the Company or a third party (Article 6 sec. 1 letter f) of the GDPR). We do this, for example, when we process the data of persons acting for clients and contractors, when we act to prevent crimes committed to the detriment of the Company, to ensure the IT security of the Company; to test customer satisfaction, pursuing claims and defending against claims, for the Company's internal administrative purposes, such as: employee or cooperation issues, statistics preparation and internal reporting of the Company and within the group of enterprises, which includes: 1. Control Process IT Sp. z o.o. Mikołajowice 221, 33-121 Bogumiłowice; 2. Control Process Wrocław Sp. z o.o. ul. Międzyleska 4, 50-514 Wrocław; 3. INTESTER Sp. z o.o. ul. Dobrów 8A, 28-142 Tuczępy; 4. Remdźwig Sp. z o.o. ul. Kwiatkowskiego 13, 33-101 Tarnów; 5. CP OK2 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 6. Control Process EPC1 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 7. Biuro Projektów Nafta-Gaz Sp. z o.o. ul. Ducala 11, 38-200 Jasło; 8. Control Process EPC Environmental Protection Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 9. Control Process EPC Environmental Protection 2 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 10. Control Process EPC Environmental Protection 3 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 11. Control Process EPC Environmental Protection 4 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 12. Control Process EPC2 Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 13. EPC Consulting Engineers Sp. o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 14. Control Process SILESIA Sp. z o.o. Al. Walentego Roździeńskiego 188/302, 40-203 Katowice; 15. Control Process Services Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 16. SMCE EUROPE Sp. z o.o. ul. Trzy Lipy 3, 80-172 Gdańsk; 17. CP Real Estate Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 18. Control Process EPC Power Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 18. Control Process EPC Environmental Solutions Sp. z o.o. ul. Obrońców Modlina 16, 30-733 Kraków; 20. CONTROL PROCESS d.o.o. Vijenac 15, Zagreb (Croatia); 21. Aalborg Engineering Slovakia s.r.o. Hvlezdoslavova 35, Levice 934 01 (Slovakia); 22. Aalborg Engineering Danmark ApS Svendborgvej 5, 9220 Aalborg Øst. (i.e. entities from the Capital group [1]).

We process the data on the basis of your consent (Article 6 sec. 1 (a) of the GDPR), given for specific purposes.

The consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of data processing by the Company:

  • until consent is withdrawn or
  • in circumstances in which the Company processes data based on a basis other than your consent.

 

  1. Who can we transfer data to?

The data may be shared with other recipients in order to perform the contract with you, in order to fulfill the legal obligation imposed on the Company, based on your consent or for purposes arising from the legitimate interests of the administrator or a third party.

The recipients may be in particular: authorized employees of the Company and other persons acting under the authority of the Company, tax offices, labor law and social security institutions, insurance companies and other institutions authorized to collect your data on the basis of relevant legal provisions, entities from the capital group to which the Company belongs.

The data is also transferred to entities processing data at the request of the Company and persons acting under their authority, such entities process data on the basis of an agreement with the Company and only in accordance with the Company's instructions and subject to professional and insurance secrecy (i.e. specific information protection obligations resulting from the relevant legal provisions). The group of entities performing tasks on behalf of and for the benefit of the Company includes entities providing services in particular in the field of IT, legal and insurance activities (including insurance brokerage).

  1. Will your data be transferred to a third country (outside the European Union)?

Data may be transferred to recipients in countries outside the European Union ("third countries"):

  • if it is necessary for the performance of a contract concluded between you and the Company or for taking steps prior to entering into such a contract in order to conclude it,
  • as part of the Company's use of IT infrastructure (cloud computing, e-mail).

If the processing involves the transfer of data outside the European Union, such transfer will take place in accordance with Standard Contractual Clauses to ensure an adequate level of personal data protection required by law.

In other situations, your data may be transferred to third countries in the cases specified in the GDPR. You can obtain a copy of the data transferred to a third country after submitting such a request to the Data Protection Officer. The transfer of data to a third country may also take place after obtaining your consent. In accordance with the above, your data will be transferred to a third country pursuant to art. 49 sec. 1 letter a and art. 49 sec. 1 letter b of the GDPR.

  1. How long will your data be processed (stored)?

Your data will be processed for the time period necessary to achieve the purposes of processing indicated in point. 2, i.e.:

  • with regards to the implementation of the contract concluded with the Company - until its implementation is completed, and after that time for the period required by law or for the implementation of any claims,
  • with regard to the fulfillment of legal obligations incumbent on the Company in connection with the conduct of business and implementation of concluded contracts - until these obligations are met by the Company,
  • in the scope of processing carried out solely on the basis of consent - until the immediate deletion of data, carried out on the basis of your request,
  • until fulfillment of the legitimate interests of the Company constituting the basis for such processing or until you object to such processing, unless there are legitimate grounds for further data processing.

 

  1. What rights do you have for the data to be adequately protected?

You have the right to:

  • request access to your data, as well as demand their rectification, limitation of their processing or their removal,
  • withdraw prior consent to the processing of data at any time to the extent to which this consent relates, with the proviso that the withdrawal of consent will not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal,
  • request the transfer of data provided to the Company by you, processed in order to conclude and perform the contract or processed on the basis of consent. The transfer consists in receiving your data from the Company in a structured, a commonly used machine-readable format and the right to send them to another data controller, if technically possible.

The right does not apply to data, which constitute the Company's business secret,

  • submit a complaint to the supervisory authority, which in the Republic of Poland is the resident of the Personal Data Protection Office, if you consider that the processing of your data violates the provisions, including the GDPR.

In addition, you have the right to object to the processing of data by the Company at any time for reasons related to your particular situation, when the Company processes data for purposes resulting from legitimate interests (Article 21 sec. 1 of the GDPR).

In order to exercise your right, the Company may request additional information necessary to confirm your identity.

  1. Do you have an obligation to provide data?

In terms of processing of your data to perform the requested activities or concluding and implementing a contract with the Company, providing your data is a condition of performing the requested activities or conclude this contract. Providing data is voluntary, but it is necessary to perform the requested activities or the conclusion and performance of a contract with the Company. If you do not provide the Company with the necessary information or documents, the Company will not be able to carry out the requested activities or conclude and implement contracts.

  1. Where do we obtain your data from and what are their categories?

Most of the data processed by the Company comes directly from the interested party, in particular the customer.

Some of the data may come from, among others: entities to whom you have given consent to their transfer, people representing you (including on the basis of a granted power of attorney), public records and registers. These sources relate to data such as: identification data, contact details, employment, education and marital status data.

Some data (this applies to entrepreneurs' data) we also obtain from other public sources, i.e. :the National Court Register, Central Registration and Information on Business or similar sources located in other countries and from private entities specializing in collecting and sharing information about entrepreneurs.

In the case of data of persons representing entrepreneurs or otherwise acting on their behalf,

we obtain data both from the above-mentioned sources, and from the entrepreneurs themselves.

 

  1. Information on the level of automated decision-making, including profiling.

The processing of your data may be automated, which may involve automated decision-making.

 

Additional note: Please be aware, that above content is the translation of an original content, being written in polish language. In case of difference, the polish version prevail.



[1] Capital group means CONTROL PROCESS S.A. and entities related by capital or organization, including entities established in the future. The list of entities is available on the website controlprocess.pl

 

Upwardmore