Information on the GDPR

Data Protection Supervisor: Milena Rygiel-Soćko
E-mail: iod@zstgroup.pl

As part of fulfilment of information obligations regarding the protection of personal data, resulting from the Regulation 2016/679 of the European Parliament and of the (EU) Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (JoL of the EU from 2016, item no. 119, p. 1) ("GDPR") that came into force on 25 May 2018, in connection with obtaining your personal data, we provide the following information:

1. Who is the administrator of personal data?

We kindly inform you that the administrator of your personal data, i.e. the entity that determines the purposes and methods of their processing, is the company Zintegrowane Systemy Techniczne Sp. z o. o. with a registered office at Al. Jerozolimskie 212a, 02-486 Warsaw, registered in the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register, under KRS [National Court Register] no. 0000140395, NIP [Taxpayer Identification No.] 9511936983, REGON [National Register of Business Entities] 016047207, share capital PLN50,000.00.

2. Who is the Data Protection Inspector and how can (s)he be contacted?

We have appointed the Data Protection Inspector, who can be contacted under the administrator's office e-mail address, electronically via the postal address: iod@zstgroup.pl in all matters regarding the processing of personal data and the use of rights related to the processing of personal data.

3.For what purpose are your data processed and on what basis?

The data you provide will be processed for the following purposes:

  • Consent of the person to the processing of personal data by the Administrator - (Art. 6 par. 1 let. a of the GDPR)
  • Conclusion and implementation of contracts  concluded with you - the legal basis for data processing is the necessity of processing to conclude and execute the contract -  (Art.6par.1 let. b of the GDPR)
  • Establishing, pursuing claims or defending against claims related to the contract concluded with you - the legal basis for data processing is the necessity of processing for the legitimate interest of the administrator; the legitimate interest of the administrator is the possibility to pursue claims and defend against claims -  (Art. 6 par. 1let. f of the GDPR)
  • Fulfilling the Administrator's duties of storing accounting documents regarding the implementation of contracts - the legal basis for data processing is the necessity to fulfill the legal obligation incumbent on the Administrator, resulting from the Accounting Act -  (Art. 6 par. 1 let. c of the GDPR)
  • Marketing, i.e. offering products and services provided by the Administrator - the legal basis for data processing is the necessity of processing for the legitimate interest of the administrator; The legitimate interest of the administrator is to provide customers with information about products and services provided by the Administrator -  (Art. 6 par. 1 let. f of the GDPR)
  • In order to test customer satisfaction - the legal basis for data processing is the necessity of processing for the legitimate interest of the administrator; The legitimate interest of the administrator is to maintain high quality of our service and the level of satisfaction of our customers with our products and services - (Art. 6 par. 1 let. f of the GDPR)

4. Will the decisions in your case be made automatically on the basis of profiling?

The administrator does not make decisions based on the automated processing of personal data, including profiling, which has legal effects for the person whose data is processed.

5. Can you refuse to provide personal data we ask for?

Providing data in connection with the concluded contract is necessary to conclude the contract and perform actions under the contract - without them, it will be impossible to conclude the contract. Providing data for marketing purposes is completely voluntary.

6. Will your personal data be made available by the Administrator to other entities?

  • To the entities that process data on our behalf and on the basis of contracts with us, e.g.: IT companies managing our systems; subcontractors providing services for our sake; companies acting as agents in selling our services and products; companies rendering accounting services, processing complaints, invoicing and settling contracts, testing service quality, claiming receivables as well as providing analytical, auditing , advisory, legal and tax services for us.
  • To other entities that process your data as administrators on their own behalf, e.g. postal and courier companies - in connection with the transmission of correspondence; companies conducting payment activity - in connection with payments; companies purchasing debts from us - in connection with the sale of debts; companies that provide us with accounting, legal and tax services - to the extent to which they become data controllers.

7. Will your personal data be transferred to third countries or international organizations (outside the European Economic Area)?

The administrator will not transfer your data to third countries or international organizations (outside the European Economic Area).

8. How long will your personal data be processed:

Personal data will be stored until the prescription of claims resulting from the concluded contracts or until expiration of the obligation to store the data resulting from legal regulations or withdrawal of your consent, if the processing was based on the consent.

9. What rights do you have?

You have the right to:

  • access  the content of your data, rectify them, remove them or restrict their processing,
  • transfer your personal data, i.e. receive information about your personal data being processed from the Administrator , in a structured, commonly used machine-readable format, to the extent that your data is processed in order to conclude and execute the insurance contract or on the basis of consent. You may send the submitted personal data to another data administrator
  • object to the processing of personal data to the extent that the basis for the processing of personal data is the legitimate interest of the Administrator.
  • withdraw your consent anytime to the extent that the processing of personal data is based on your consent. Withdrawal of consent does not affect the legality of the processing that we have made on the basis of this consent prior to its withdrawal.
  • file a complaint  to the President of the Office for the Protection of Personal Data

10. How can you exercise your rights?

The administrator provides data subjects with the implementation of rights related to the protection of personal data resulting from the GDPR (Regulation 2016/679 of the European Parliament and of the (EU) Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95/46 / EC). In order to exercise the above rights, please contact the Data Administrator or the data protection inspector whose contact details have been provided above.

11. How to exercise the right to file a complaint?

If you believe we process your personal data against the law, you have the right to file a complaint with the supervisory body dealing with the protection of personal data, i.e. the President of the Office for Personal Data Protection.