The Data Controller for your personal data is MCS sp. z o.o. with its registered office in Żory, at ul. Strażacka 43, 44-240 Żory. (“Data Controller”).
You may contact the Data Controller by mail to the address of the Data Controller’s registered office indicated above or via e-mail firstname.lastname@example.org.
The Data Controller collects and processes personal data in connection with the scope of its business activity, while ensuring that the processed personal data is adequately protected. The data is obtained directly from the data subjects (e.g. through direct contact), as well as from third parties (e.g. from an entity cooperating with the Data Controller, as well as from publicly available records and registers). The data is processed on the basis of applicable laws, in particular pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
The Data Controller processes personal data for purposes directly related to the scope of its business activity, in particular for the following purposes:
a) taking actions prior to entering into the agreement (e.g. responding to a request for a proposal), concluding and performing agreements (basis of Article 6(1)(b) of the GDPR),
b) fulfilling the legal obligations which are mandatory for the Data Controller (on the basis of Article 6(1)(c) of the GDPR),
c) pursuant to Article 6(1)(f) of the GDPR – for marketing purposes, maintaining business relations, security and investigation, defence against claims or security.
Processing of data pursuant to Article 6(1)(f) of the GDPR ensures the protection of the legitimate interests of the Data Controller, such as: ensuring safety, marketing of own products, protection against claims and recovering claims. In other cases, the Data Controller processes personal data on the basis of relevant consents.
To the extent that the data is processed in order to enter in an agreement, providing your data is a prerequisite for concluding and performing the agreement. The data is provided voluntarily, but it is necessary for concluding and performing the agreement. The agreement shall not be concluded in the event that the data subject refuses to provide the data. The provision of certain information is also a legal obligation, e.g. required to issue an invoice.
The personal data will be processed for the period necessary for the performance of the agreement, including the after-sales customer service. In the case of data provided optionally, we process the data unless the consent is withdrawn or until the purpose of the processing is no longer valid. Data processed for the purposes of accounting and tax settlements are processed for a period of 5 years from the end of the calendar year in which the tax obligation arose. For the purpose of pursuing claims, we process your data within the statute of limitations under the provisions of the Civil Code.
Due to the fact that the Data Controller processes data provided by the data subject, the data subject shall have the right to:
a) rectify the data,
b) request the deletion of data which is processed without relevant basis;
c) limit the scope of data processing (stopping activities involving the data or not deleting the data – in accordance with the submitted application);
d) raise an objection to the processing of personal data based on Article 6(1)(e) or (f) of the GDPR;
e) access the data, i.e. information about the data processed by us to receive the copy of the data;
f) transfer the data to another Data Controller to the extent specified in Article 20 of the GDPR.
The right to transfer the data or to obtain a copy of the data will be exercised within a technically possible scope. The exercise of these rights must not affect the rights and freedoms of others (including intellectual property rights or business secrets).
Applications may be submitted to our address or via e-mail to the following address email@example.com.
In order to ensure that you are eligible to apply, we may ask you to provide additional information to confirm your identity. The scope of each of these rights and the situations in which they may be exercised are determined by law. The right to exercise each individual right shall depend, for example, on the legal basis on which the data is used and the purpose of the processing.
In addition, the data subject shall have the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another Member State of the European Union, competent for the place of habitual residence or employment of the data subject or for the place of alleged violation of the GDPR.
The Data Controller shall not make automated decisions based the personal data, including profiling.
The recipients of your data shall include:
a) entities from our capital group – in a justified scope;
b) entities processing data on our behalf, participating in the activities of the data controller (e.g. our employees);
c) other entities, in the event that they need to obtain the data to perform a specific activity in the course of performance of the agreement, e.g. (I) business partners, (II) customer survey entities, (III) entities acting on our behalf, (IV) payment and credit institutions for the execution of payments, (V) providers of IT systems and services, (VI) entities performing transport services on our behalf (VII) postal operators and couriers, (VIII) providers of legal and advisory services (in particular law firms).