INFORMATION DUTY OF THE DATA ADMINISTRATOR
WITH RESPECT TO THE DATA SUBJECT
Fulfilling the legal obligation regulated by the provisions of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation personal data, hereinafter referred to as GDPR, Journal of Laws of the European Union of 04.05.2016 L. 119/1), OXIMO informs that:
1. The administrator of your personal data (the so-called ADO) is OXIMO Ltd
with headquarters in Łężyce, 84-207 at ul. Topolowa 1a; e-mail: firstname.lastname@example.org, tax number PL5882481575
tel .: +48 518-469-199
2. If you have any questions or comments regarding your personal data, please contact us: e-mail: email@example.com, phone: +48 518-469-199
3. In order to conduct its business, OXIMO collects and uses information identifying natural persons (hereinafter referred to as “personal data”), including information about our clients, contractors and associates.
As part of our commitment to the protection of personal data, we want you clearly inform:
– why and how OXIMO collects, uses and stores your personal data;
– on what legal basis this personal data is processed and
– what are your rights and our obligations in relation to this processing.
4. In this clause, OXIMO informs about all forms of use of personal data (“processing”) in relation to natural persons who are:
– clients, including potential, of OXIMO
– partners, employees, statutory representatives, proxies or representatives of such clients and
– other persons whose data we process for the purposes of issuing or processing invoices as part of the cooperation with clients (jointly “you” or “customers”). 5. In connection with the cooperation between you and OXIMO, which may consist in particular in: concluding purchase and sale contracts, providing customers or entities cooperating with customers with OXIMO products, cooperation in the sale and advertising of these products, as well as cooperation by intermediaries, we can process the personal data provided by you, such as:
a. name and surname, company, business address and correspondence addresses,
b. numbers in relevant registers (e.g. tax number etc.),
c. PESEL number,
d. contact details such as e-mail address or telephone or fax number
e. position held by you within your organization,
f. bank account number.
When concluding a contract directly between you and OXIMO, providing the data specified above is voluntary, but necessary for the purposes of concluding the contract and handling cooperation between the Customer and OXIMO. If you do not conclude a contract directly with OXIMO, providing personal data may be your official duty. The consequence of not providing data is the inability to perform the above actions by OXIMO (for example, failure to provide data may result in the inability to process an invoice)
6. The transfer of personal data outside of OXIMO may only take place in specific situations. The data may be transferred to recipients and other third parties to achieve the purposes listed in point 5 to the extent that they are necessary for them to perform the tasks ordered by OXIMO, if required by law or if OXIMO has a different legal basis. The following may be considered recipients or other third parties:
a. entities processing personal data on behalf of OXIMO, such as IT system suppliers, an entity providing services in the field of Human Resources and Payroll or entities providing document archiving services. These types of entities do not independently decide how to process your personal data. They process personal data only to the extent that it is necessary for OXIMO to conduct its business. OXIMO as the ADO of your personal data has control over the operation of such entities by means of appropriate contractual provisions protecting your privacy.
b. any national public administration authorities (e.g. the Police), authorities of other EU Member States (e.g. authorities established to protect personal data in other Member States) or courts, if required by applicable national or EU law or at their request; c. courier or postal service providers;
d. transport and forwarding companies;
e. other persons within the organization of a given Client.
7. We cannot process personal data if we do not have a valid legal basis. Therefore, we only process personal data if:
a.processing is necessary to fulfil contractual obligations towards you, if you are a party to a contract concluded with OXIMO or you place orders for products offered by OXIMO;
b. processing is necessary to comply with our legal obligations
e.g. the obligation to issue an invoice or other document required by law, or we are explicitly required to do so by law (this applies to cases of providing customer data at the request of competent authorities or courts);
c. processing is necessary for the legitimate interests of OXIMO or a third party and does not unduly affect your interests or fundamental rights and freedoms.
8. Please note that when processing personal data on this basis, we always strive to maintain a balance between our legitimate interest and your privacy. These “legitimate interests” are:
– concluding and performing contracts with Customers who are organizational units without legal personality or legal persons (procedure pursuant to Article 6 (1) (b) of the GDPR);
– establishing or pursuing civil law claims by OXIMO as part of its business, as well as defence against such claims;
– verification of customers in public registers;
– contact with customers, including keeping internal customer registers to enable OXIMO to contact customers;
– basic exchange of customer data using IT systems used by OXIMO.
9. In connection with the above, your personal data will be processed on the basis of Art. 6 sec. 1 lit. b, c, f of the general regulation on the protection of personal data of April 27, 2016;
In other cases, your personal data will be processed only on the basis of prior consent to the extent and for the purpose specified in the consent, pursuant to art. 6 sec.
1 lit. a, which may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
10. Data collected from other sources – we can obtain your personal data from publicly available sources, such as the CEIDG or KRS business registers, to verify the information provided by customers. The scope of data processed will in this case be limited to data available to the public in relevant registers.
We may also obtain your personal data from entities in which you are employed or which you represent. The scope of data processed will in this case include information necessary for the performance of the contract between OXIMO and such entity, e.g. information about the termination of your employment with a given entity, change of contact details or change of official position.
11. Your personal data will be processed only by our authorized employees who must have access to the data to perform their duties; Your personal data may be entrusted for processing to other entities for purposes consistent with the contracts for entrusting the processing of personal data signed by OXIMO or on the basis of generally applicable law.
12. In some situations, we are entitled to pass on your data, if necessary in order to perform the contract: entities participating in the provision of the service and other data recipients, including law firms, statutory auditors, debt collection entities in the case of pursuing claims for arrears with fees, entities providing services in the field of delivering correspondence related to the performance of the contract, and other institutions authorized by generally applicable law.
13. Your personal data will be stored for the duration of the contract and obligations arising from it, and in accordance with other provisions of common law, in particular the Accounting Act of 29 September 1994 (Journal of Laws 2018.0.395 as amended) – Tax Code.
Regardless of the above periods, your data may be processed by OXIMO for the purposes of establishing or pursuing civil law claims by OXIMO as part of its business, as well as defence against such claims – for the relevant limitation periods for such claims, i.e. in principle not longer than 6 years after the event giving rise to the claim.
14. Each person is entitled to access their personal data processed by OXIMO. If you believe that any information relating to you is incorrect or incomplete, please inform us immediately. Our company will correct such information without undue delay. In addition, you are entitled to:
– withdraw your consent in the event that OXIMO has obtained such consent for processing 16. In response to your request, OXIMO may ask you to verify your identity or to provide information to help us better understand the situation. We will do our best to explain our decision to you if your requests are not met.
17. Your personal data may be used to make decisions in an automated manner on the basis of personal data processed as part of the performance of the contract by OXIMO, and the consequence of such processing will be the ability to determine your personal preferences and behaviours based on your personal data and the history of your business cooperation with OXIMO company. Profiling will be used for the purposes of preparing and presenting you with an individual, tailored marketing offer.
18. Your personal data is not transferred to a third country (outside the EEA) or an international organization. However, this may happen. If we have to transfer your personal data outside the EU / EEA, we will ensure that there are special safeguards in the form of model clauses, and we will ensure that an adequate level of data protection is applied to protect your data.
19. If you are not satisfied with the way OXIMO processes your personal data, please notify us of the problem, and we will investigate any irregularities. Please report your concerns using the contact details provided above.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Rates 2.00-193 Warsaw, phone: 22 531 03 00, fax. 22 531 03 01, e-mail: firstname.lastname@example.org; when you believe that the processing of your personal data violates the provisions of the general regulation on the protection of personal data of 27 April 2016.
20. To keep your personal information up-to-date and accurate, we may ask you from time to time to check and confirm the personal information we hold about you, or to inform us of any changes to that personal information (such as a change of e-mail address). We encourage you to regularly check that the processed personal data is correct, up-to-date and complete.
21. Providing your personal data is conscious and voluntary, but necessary for the conclusion and implementation of contracts or other civil law activities. Refusal or against their processing will result in the inability to conclude a contract or cooperate with OXIMO.
22. Social tools.
Our websites use plugins and other social tools provided by social networks such as Facebook, Instagram, Google, LinkedIn.
By displaying our website containing such a plugin, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our website to your profile on a given social networking site.
If you use a given plug-in, e.g. by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
Google – https://policies.google.com/privacy?hl=pl,
LinkedIn – https://www.linkedin.com/legal/privacy-policy.
If you do not want social networks to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. script blocking.
23. This clause may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause that may apply to you, will be provided to you through the appropriate form of communication usually used by OXIMO in contacts with customers and contractors.
Personal Data Administrator