INFORMATION DUTY OF THE DATA ADMINISTRATOR WITH
REGARD TO THE DATA SUBJECT
Fulfilling the legal obligation regulated by the provisions of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation personal data, hereinafter referred to as GDPR, Journal of Laws of the European Union of 04.05.2016 L. 119/1), the OXIMO company informs that:
1. The administrator of your personal data (the so-called ADO) is OXIMO Sp. z o.o. with headquarters in Łężyce, 84-207 at ul. Topolowa 1a; e-mail: email@example.com, TAX number PL5882481575
phone: + 48 518 469 199
2. If you have any questions or comments regarding your personal data, please contact us: e-mail: firstname.lastname@example.org, phone: + 48 518 469 199
3. To conduct business, OXIMO collects and uses information identifying natural persons (hereinafter referred to as “personal data”), including information about our clients, contractors, and associates.
As part of our commitment to the protection of personal data, we would like to inform you transparently:
– why and how OXIMO collects, uses and stores your personal data;
– on what legal basis this personal data is processed and
– what are your rights and our obligations in relation to this processing.
4. In this clause, OXIMO informs about all forms of use of personal data (“processing”) in relation to natural persons who are:
– clients, including potential OXIMO companies
– partners, employees, statutory representatives, proxies or representatives of such clients and
– other persons whose data we process for the purposes of issuing or executing invoices as part of cooperation with clients (jointly “you” or “customers”).
5. In connection with the cooperation between you and OXIMO, which may consist in particular in: concluding purchase and sale contracts, delivering OXIMO products to customers or entities cooperating with customers, cooperation in the sale and advertising of these products, as well as cooperation by intermediaries, we can process the personal data provided by you, such as:
a. name and surname, company, business address and correspondence addresses,
b. numbers in the relevant registers (e.g. TAX, NIP or REGON number),
c. PESEL number,
d. data contact details, such as an e-mail address or telephone or fax number,
e. position held by you within your organization,
f. bank account number.
When concluding a contract directly between you and OXIMO, providing the data specified above is voluntary but necessary for the purposes of concluding the contract and handling cooperation between the Customer and OXIMO. If you do not conclude a contract directly with OXIMO, providing your personal data may be your official duty. The consequence of not providing data is the inability to perform the above actions by OXIMO (for example, failure to provide data may result in the inability to process an invoice)
6. The transfer of personal data outside OXIMO may only take place in specific situations. The data may be transferred to recipients and other third parties to achieve the purposes listed in point 5 to the extent that they are necessary for them to perform the tasks ordered by OXIMO, if required by law or if OXIMO has a different legal basis. The recipients or other third parties may be:
a. entities processing personal data on behalf of OXIMO, such as IT system suppliers, an entity providing services in the field of Human Resources and Payroll, or entities providing document archiving services. These types of entities do not independently decide how to process your personal data. They process personal data only to the extent that it is necessary for OXIMO to conduct its business. OXIMO, as the ADO of your personal data, has control over the operation of such entities through appropriate contractual provisions protecting your privacy.
b. any national public administration authorities (e.g. the Police), authorities of other EU Member States (e.g. authorities established to protect personal data in the other Member States) or courts, if required by applicable national or EU law or at their request; c. courier or postal service providers;
d. transport and forwarding companies;
e. other persons within the organization of a given Client.
7. We cannot process personal data if we do not have a valid legal basis. Therefore, we process personal data only if:
a. Processing is necessary to fulfil contractual obligations towards you if you are a party to a contract concluded with OXIMO or if you place orders for products offered by OXIMO;
b.processing is necessary to fulfil our legal obligations,
e.g. the obligation to issue an invoice or other document required by law or we are expressly required to do so by law (this applies to providing customer data at the request of competent authorities or courts);
c. processing is necessary to pursue the legitimate interests of OXIMO or a third party and does not unduly affect your interests or fundamental rights and freedoms.
8. Please note that when processing personal data on this basis, we always strike a balance between our legitimate interest and your privacy. Such “legitimate interests” are:
– concluding and performing contracts with customers who are organizational units without legal personality or legal persons (procedure pursuant to Article 6 (1) (b) of the GDPR);
– establishing or pursuing civil law claims by OXIMO as part of its business, as well as defence against such claims;
– verification of customers in public registers;
– contact with customers, including keeping internal customer registers to enable OXIMO to contact customers;
– basic exchange of customer data using IT systems used by OXIMO.
9. In connection with the above, your personal data will be processed because of Art. 6 sec. 1 lit. b, c, f of the general regulation on the protection of personal data of April 27, 2016;
In other cases, your personal data will be processed only because of the prior consent to the extent and for the purpose specified in the consent, pursuant to art. 6 sec.
1 lit. a, which may be withdrawn at any time without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal.
10. Data collected from other sources – we can obtain your personal data from publicly available sources, such as CEIDG or KRS business registers, to verify the information provided by customers. In such a case, the scope of processed data will be limited to data available to the public in the relevant registers.
We may also obtain your personal data from entities in which you are employed or which you represent. The scope of processed data will, in this case, include information necessary for the performance of the contract between OXIMO and such entity, e.g. information about the termination of your employment with a given entity, change of contact details or change of official position.
11. Your personal data will be processed only by our authorized employees, who must have access to the data to perform their duties; Your personal data may be entrusted for processing to other entities for purposes consistent with the contracts for entrusting the processing of personal data signed by OXIMO or because of generally applicable law.
12. In some situations, we are entitled to transfer your data if it is necessary for the performance of the contract: entities participating in the provision of the service and other data recipients, including law firms, statutory auditors, debt collection entities if pursuing claims for arrears with fees, entities providing services in the field of delivering correspondence related to the implementation of the contract, and other institutions authorized under generally applicable law.
13. Your personal data will be stored for the duration of the contract and obligations arising from it, and in accordance with other provisions of common law, in particular the Accounting Act of September 29, 1994 (Journal of Laws 2018.0.395 as amended.) – Tax Code.
Regardless of the above periods, your data may be processed by OXIMO for the purposes of establishing or pursuing civil law claims by OXIMO as part of its business, as well as defence against such claims – for the relevant limitation periods for such claims, i.e. in principle not longer than 6 years from the event giving rise to the claim.
14. Each person has the right to access their personal data processed by OXIMO. If you believe that any information relating to you is incorrect or incomplete, please inform us immediately. Our company will correct such information without undue delay. In addition, you have the right to:
– withdrawal of your consent in the event that OXIMO has obtained such consent to the processing of personal data (provided that such withdrawal does not violate the lawfulness of data processing carried out before the withdrawal);
– request the deletion of your personal data in cases specified in the provisions of the GDPR;
– requests to limit the processing of your personal data in cases specified in the provisions of the GDPR;
– objecting – for reasons related to your particular situation – to the processing of your personal data (including profiling), if such processing is carried out in order to implement the public interest or legitimate interests of OXIMO or a third party;
– data portability, i.e. receipt of personal data provided to OXIMO in a structured, commonly used and machine-readable format and to request such personal data to be transferred to another personal data controller, without obstruction by OXIMO and subject to its own confidentiality obligations.
15. We will verify your requests, demands or objections in accordance with the applicable provisions on the protection of personal data (in the modes and on the terms set out in Chapter III of the GDPR). However, it should be remembered that these rights are not absolute; the regulations provide for exceptions to their application.
16. In response to your request, OXIMO may ask you to verify your identity or provide information to help us better understand the situation. We will do our best to explain our decision to you if your requests are not met.
17. Your personal data may be used to make decisions in an automated manner on the basis of personal data processed as part of the performance of the contract by OXIMO, and the consequence of such processing will be the ability to determine your personal preferences and behaviours based on your personal data and the history of your business cooperation with OXIMO company. Profiling will be used for the purposes of preparing and presenting you with an individual, tailored marketing offer.
18. Your personal data is not transferred to a third country (outside the EEA) or an international organization. However, this may happen. If we have to transfer your personal data outside the EU / EEA, we will ensure that there are special safeguards in the form of model clauses, and we will ensure that an adequate level of data protection is applied to protect the data.
19. If you are not satisfied with the way OXIMO processes your personal data, please notify us of the problem, and we will investigate any irregularities. Please report your concerns using the contact details provided above.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Rates 2.00-193 Warsaw, phone: 22 531 03 00, fax. 22 531 03 01, e-mail: email@example.com; when you believe that the processing of your personal data violates the provisions of the general regulation on the protection of personal data of 27 April 2016.
20. To ensure that your personal data is up-to-date and accurate, we may periodically ask you to check and confirm the personal data that we have about you or notify us of any changes to this personal data (e.g. change of e-mail address). We encourage you to regularly check that the processed personal data is correct, up-to-date and complete.
21. Providing your personal data is conscious and voluntary but necessary for the conclusion and implementation of contracts or other civil law activities. Refusal or against their processing will result in the inability to conclude a contract or cooperate with OXIMO.
22. Social tools.
Our websites use plugins and other social tools provided by social networking sites, such as Facebook, Instagram, Google, and LinkedIn.
By displaying our website containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed on our website, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our website to your profile on a given social networking site.
If you use a given plug-in, for example, by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
Google – https://policies.google.com/privacy?hl= pl,
LinkedIn – https://www.linkedin.com/legal/privacy-policy.
If you do not want social networks to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.
23. This clause may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause that may apply to you will be provided to you through the appropriate form of communication usually used by OXIMO in contact with customers and contractors.
Personal Data Administrator