PRIVACY POLICY – PIRIOS S.A.
In accordance with Articles 13(1) and (2) and Article 14 of the General Data Protection Regulation of April 27, 2016 (GDPR), we inform you that:
INFORMATION ABOUT THE DATA CONTROLLER
The Data Controller is Pirios Public Limited Company with its registered office in Krakow, at Josepha Conrada Street 20, 31-357 Krakow, entered into the Register of Entrepreneurs of the National Court Register under number 0000396177. Email address: info@pirios.com, phone: + 48 12 211 9 200, website: http://pirios.com
BASIS AND PURPOSE OF PROCESSING
We process only the data that has been provided to us on the basis of at least one of the following grounds:
in connection with the performance of the contract or to take steps necessary to enter into the contract (Article 6(1)(b) GDPR); in connection with the voluntary consent of the person whose data we process (Article 6(1)(a) GDPR); in connection with the realization of the legally justified interest of the administrator (Article 6(1)(f) GDPR), in particular informing about new products and services as well as improving the quality and efficiency of the services provided and processing of cookies.
Personal data will be processed for the purpose of:
a) concluding a contract; b) fulfilling obligations arising from the contract; c) performing duties arising from legal regulations; d) marketing of own services (e.g., sending commercial information and newsletters); e) creating statistics, compilations, summaries, and for historical and archival purposes. f) in relation to invoice recipients – to obtain payment from the invoice.
We do not use profiling as understood by the GDPR nor make automated decisions based on such profiling.
PROCESSING OF ENTRUSTED DATA
As we provide services in the field of information technology, including the design, integration, and maintenance of IT systems, we have access or the possibility of access to the data collections processed by our clients and partners.
We inform you that we meet the organizational and technical requirements in terms of data protection to which we have access, and in particular, we implement the requirements described in Article 32 of the GDPR.
Persons designated to work on the data sets act on the basis of our authorization and from our order, have been trained in the field of personal data protection, and are obliged to keep confidential all the information to which they have gained access in connection with the processing of personal data.
Entrusted personal data will be processed exclusively on the order of the entity entrusting us with the data, whereby such an order will also be considered a contract obliging us to undertake actions requiring the processing of entrusted data sets.
Data will be processed only for the purpose specified in the contract constituting the basis for entrusting the data and to the extent and for the period necessary to realize this contract.
If necessary, we will also take all reasonable actions to support the Client entrusting us with the data in fulfilling obligations arising from Articles 32-36 of the GDPR.
In providing services, we use the help of other companies. For the proper execution of the order, we subcontract data obtained from Clients to our subcontractors, only to the extent necessary to perform the service.
DATA RECIPIENTS
The recipients of your data may be state offices and public administration bodies acting under the provisions and within their competencies as well as Polish Post and courier companies – for the purpose of mailing correspondence. Your data may be entrusted to other institutions or companies performing tasks from our authorization that require access to some of your personal data, provided that these tasks are related to the contract concluded with us.
In addition, the recipients of your data may be companies and entities directly indicated by you, to the extent described in the contract or business agreements.
CATEGORIES OF PROCESSED DATA
We mainly process identification and contact data of persons representing our Clients as well as data of persons indicated on invoices received in the course of contract implementation to the extent described therein. In relation to people who have provided us with their data solely to receive commercial information – we process only those data that have been provided by these people (mainly e-mail address).
In relation to data entrusted to us by Clients – the categories of processed data result from the content of the contract or business agreements with the Client.
COOKIES
On our websites, we register “cookies” (so-called “cookies”). These are small files created on the local disk of a computer of a person visiting our websites, to which we may have access. These files provide us with statistical data and information about the activity of users of our websites, allowing us to improve the quality and efficiency of the www service. The content of cookies also stores data from forms or individual user settings.
Personal data may be recorded in cookies – e.g., a static IP number or data filled in by users on forms available on www pages.
Cookie registration can be disabled from the web browser level, which is described in the browser documentation. Disabling cookies may limit some of the functionalities of our website. More information about cookies can be found on the Internet (e.g., on the website: wszystkoociasteczkach.pl).
Pirios S.A. websites contain links to other websites. However, we are not responsible for the practices of these sites in terms of personal data protection as well as information collected by the administrators of these sites in connection with the activity of users. For their own safety, each user should familiarize themselves with the personal data protection policy applicable to other sites.
DATA PROCESSING PERIOD
Personal data will be processed by us for a period corresponding to the period of limitation of claims that may arise from the concluded contracts or undertaken actions, in accordance with the applicable provisions in this regard.
In the case of data received based on voluntary consent, we process them until the withdrawal of consent or the cessation of the purpose for which consent was given.
In the case of data entrusted to us by the Client, the processing period is determined by the Client, and in the absence of such a provision, the data will be deleted or returned after the purpose for which the data was entrusted to us has been realized. In the event of receiving a request from the entity entrusting the data regarding the cessation of processing or returning the entrusted data, we will execute such a disposition immediately.
RIGHTS OF THE PERSON WHOSE DATA WE PROCESS
Each person whose data we process has the right to access the content of their data and the right to rectify, limit processing or delete data as well as to request their transfer to another designated administrator.
The person whose data we process has the right to object to the processing of their personal data for marketing purposes.
Everyone who has given consent to the processing of personal data by us has the right to withdraw this consent at any time without affecting the legality of the processing that was carried out based on consent before its withdrawal. However, such a disposition will not be effective for data that we are obliged to process in accordance with the content of the concluded contract, applicable legal provisions, or in the implementation of our legally justified interest.
Anyone who believes that our processing of personal data violates the law has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).
ADDITIONAL INFORMATION
We do not apply data profiling as understood by the GDPR.
The Data Protection Officer (DPO) for Pirios S.A. is Tomasz Ciupka. Contact with the DPO is possible using the email address: info@pirios.com
Last updated – October 10, 2019.