Information Obligation of the Data Controller
In compliance with the legal obligation regulated by Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR, Official Journal of the European Union of 04.05.2016, L. 119/1), [COMPANY NAME] hereby informs that:
- The Data Controller (referred to as “DC”) of your personal data is OXIMO Sp z o.o. with headquarters in Łężyce, 84-207 at Topolowa Street 1a; email: biuro@oximo.pl, Tax ID: PL5882481575, phone: +48 518-469-199
- If you have any questions or concerns regarding your personal data, please contact us at: email: biuro@oximo.pl, phone: +48 518-469-199
- To conduct its business activities, OXIMO collects and uses information identifying natural persons (hereinafter referred to as “personal data”), including information about Our Clients, Business Partners, and Associates. As part of our commitment to protecting personal data, we want to transparently inform you about:
- why and how OXIMO collects, uses, and stores your personal data;
- the legal basis for processing this personal data; and
- your rights and our obligations regarding this processing.
- In this clause, OXIMO informs about all forms of using personal data (“processing”) in relation to natural persons who are:
- clients, including potential clients, of OXIMO
- partners, employees, legal representatives, proxies, or representatives of such clients, and
- other persons whose data we process for the purpose of issuing or executing invoices as part of our cooperation with clients (collectively “You” or “Clients”).
- In connection with the cooperation between You and OXIMO, which may include in particular: concluding purchase-sale agreements, delivering OXIMO products to Clients or entities cooperating with Clients, cooperation in the sale and advertising of these products, as well as cooperation through intermediary entities, we may process the personal data you provide, such as: a. name and surname, company name, business address, and correspondence addresses, b. registration numbers (e.g., Tax ID or Business Registry Number), c. personal identification number (PESEL), d. contact details, such as email address or telephone or fax number, e. your position within your organization, f. bank account number. When entering into a contract directly between You and OXIMO, providing the data specified above is voluntary but necessary for concluding the contract and managing the cooperation between the Client and OXIMO. In cases where you do not enter into a contract directly with OXIMO, providing personal data may be your professional duty. The consequence of not providing the data is the inability of OXIMO to perform the above activities (for example, not providing data may result in the inability to issue an invoice).
- Transfer of personal data outside OXIMO may occur only in specific situations. Data may be transferred to recipients and other third parties to achieve the purposes mentioned in point 5 to the extent necessary for them to perform tasks assigned by OXIMO, if required by law, or if OXIMO has another legal basis. Recipients or other third parties may include: a. entities processing personal data on behalf of OXIMO, such as IT system providers, entities providing HR and Payroll services, or entities providing document archiving services. These entities do not independently decide how to process your personal data. Their processing of personal data only occurs to the extent necessary for OXIMO to conduct its business. OXIMO, as the DC of your personal data, controls the actions of such entities through appropriate contractual provisions protecting your privacy. b. any national public administration bodies (e.g., Police), authorities of other EU member states (e.g., bodies established to protect personal data in other member states), or courts, if required by applicable national or EU law or at their request; c. courier or postal service providers; d. transport and forwarding companies; e. other individuals within the Client’s organization.
- We cannot process personal data without a valid legal basis. Therefore, we process personal data only when: a. processing is necessary to fulfill contractual obligations towards You, if You are a party to a contract with OXIMO or place orders for products offered by OXIMO; b. processing is necessary to comply with our legal obligations, e.g., the obligation to issue an invoice or other document required by regulations, or as directly mandated by law (this applies to cases of providing Client data at the request of relevant authorities or courts); c. processing is necessary to realize the legitimate interests of OXIMO or a third party and does not excessively affect your interests or fundamental rights and freedoms.
- Please note that when processing personal data on this basis, we always strive to maintain a balance between our legitimate interest and your privacy. Such “legitimate interests” include:
- concluding and performing contracts with Clients who are organizational units without legal personality or legal entities (proceeding under Article 6(1)(b) GDPR);
- establishing or pursuing civil law claims by OXIMO as part of its business activities, as well as defense against such claims;
- verifying Clients in public registers;
- contact with Clients, including maintaining internal Client registers to enable OXIMO to contact Clients;
- basic exchange of Client data through IT systems used by OXIMO.
- In connection with the above, your personal data will be processed on the basis of Article 6(1)(b), (c), (f) of the General Data Protection Regulation of 27 April 2016; In other cases, your personal data will be processed solely on the basis of previously granted consent within the scope and purpose specified in the consent, pursuant to Article 6(1)(a), which may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Data collected from other sources – we may obtain your personal data from publicly available sources, such as CEIDG or KRS business registers, to verify information provided by Clients. The scope of processed data will in such cases be limited to data publicly available in the relevant registers. We may also obtain your personal data from entities where you are employed or which you represent. The scope of processed data will in such cases include information necessary to implement the agreement between OXIMO and such an entity, e.g., information about the termination of your employment with a given entity, change of contact details, or change of position.
- Your personal data will be processed only by our authorized employees who need access to the data to perform their duties; your personal data may be entrusted for processing to other entities for purposes consistent with data processing agreements signed by OXIMO or based on generally applicable law.
- In some situations, we have the right to transfer your data if it is necessary for contract performance: to entities participating in service delivery and other data recipients, including: law firms, auditors, debt collection entities in the case of pursuing claims for outstanding payments, entities providing services in the delivery of correspondence related to contract implementation, and other institutions authorized under generally applicable law.
- Your personal data will be stored for the duration of the contract and the obligations arising from it, and in accordance with other generally applicable legal provisions, particularly the Accounting Act of September 29, 1994 (Journal of Laws 2018.0.395, as amended) – Tax Ordinance. Regardless of the above periods, your data may be processed by OXIMO for the purposes of establishing or pursuing civil law claims as part of its business activities, as well as defense against such claims – for the appropriate limitation periods for such claims, i.e., generally no longer than 6 years from the occurrence of the event giving rise to the claim.
- Every person has the right to access their personal data processed by OXIMO. If you believe that any information regarding your person is incorrect or incomplete, please inform us promptly. Our company will correct such information without undue delay. In addition, you have the right to:
- withdraw your consent in cases where OXIMO has obtained such consent for processing personal data (with the reservation that this withdrawal will not violate the lawfulness of data processing done before the withdrawal);
- request the deletion of your personal data in cases specified by GDPR provisions;
- request the restriction of processing your personal data in cases specified by GDPR provisions;
- object – for reasons related to your particular situation – to the processing of your personal data (including profiling), if such processing is carried out for the purpose of pursuing public interest or legitimate interests of OXIMO or a third party;
- data portability, i.e., receiving personal data provided to OXIMO in a structured, commonly used, and machine-readable format, and to request the transfer of such personal data to another data controller, without hindrance from OXIMO and subject to our own confidentiality obligations.
- We will verify your requests, demands, or objections in accordance with applicable data protection laws (in the manner and on the principles set out in Chapter III of the GDPR). However, please note that these rights are not absolute; the regulations provide for exceptions to their application.
- In response to your request, OXIMO may ask you to verify your identity or provide information that will help us better understand the situation. We will make every effort to explain our decision to you if your requests are not fulfilled.
- Your personal data may be used for automated decision-making based on personal data processed as part of the performance of the contract by OXIMO, and the consequence of such processing will be the ability to determine your personal preferences and behaviors based on your personal data and the history of your business cooperation with OXIMO. Profiling will be used to prepare and present you with an individually tailored marketing offer.
- Your personal data is not transferred to a third country (outside the EEA) or to an international organization. However, such a situation may occur. If we need to transfer your personal data outside the EU/EEA, we will ensure that special safeguards exist in the form of model clauses and will ensure that an appropriate level of data protection is applied to protect the data.
- If you are not satisfied with the way OXIMO processes your personal data, please notify us of the problem, and we will investigate any irregularities. Please report your concerns using the contact details provided above. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, tel.: 22 531 03 00, fax: 22 531 03 01, email: kancelaria@uodo.gov.pl; when you believe that the processing of your personal data violates the provisions of the General Data Protection Regulation of April 27, 2016.
- To ensure the currency and accuracy of personal data, we may periodically ask you to check and confirm the personal data we hold about you or to inform us of any changes to this personal data (such as a change of email address). We encourage you to regularly check the correctness, currentness, and completeness of the processed personal data.
- Your provision of personal data is conscious and voluntary but necessary for the conclusion and implementation of contracts or other civil law activities. Refusal or objection to their processing will result in the inability to conclude a contract or cooperate with OXIMO.
- Social tools. Our websites use plugins and other social tools provided by social networking sites such as Facebook, Instagram, Google, LinkedIn.
When viewing our website containing such a plugin, your browser will establish a direct connection with the servers of the social networking site administrators (service providers). The content of the plugin is transmitted by the service provider directly to your browser and integrated with the website. Through this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with the service provider or are not currently logged in. This information (along with your IP address) is sent by your browser directly to the server of the service provider (some servers are located in the USA) and stored there. If you are logged into one of the social networking sites, the service provider will be able to directly associate your visit to our website with your profile on that social networking site. If you use a given plugin, e.g., by clicking the “Like” or “Share” button, the relevant information will also be sent directly to the server of the service provider and stored there. Moreover, this information will be published on the given social networking site and will appear to people added as your contacts. The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of the respective service providers. Facebook – https://www.facebook.com/legal/FB_Work_Privacy, Instagram – https://help.instagram.com/519522125107875?helpref=page_content, Google – https://policies.google.com/privacy?hl=pl, LinkedIn – https://www.linkedin.com/legal/privacy-policy. If you do not want social networking sites to associate data collected during visits to our website directly with your profile on a given site, you must log out of that site before visiting our website. You can also completely prevent plugins from loading on the site by using appropriate extensions for your browser, e.g., script blocking.
- This clause may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause that may affect you will be communicated to you through the appropriate form of communication usually used by OXIMO in contacts with Clients and Business Partners.
OXIMO Data Controller