Privacy Policy
WHO IS A CONTROLLER OF YOUR PERSONAL DATA AND HOW CAN YOU CONTACT US?
We are the controller of your personal data. This means that we decide how and for what purposes the personal data that you provided to us is processed. We want you to know that we make every effort to ensure that your personal information is safe. We do not provide personal data entrusted to us for payment.
If you have any questions regarding the processing of your personal data by us, please contact us using the contact details below:
Indeon Sp. z o. o. Knurów (44-190), ul. 26 Stycznia 2A/12, Poland
e-mail: [email protected], phone: +48 537 123 290
HOW DO WE PROCESS YOUR PERSONAL DATA?
In connection with our business, we process the personal data of different people for different purposes, to a different extent and on a different legal basis set out in the GDPR. In order to provide you with the most transparent information, we have grouped this information by referring to the purpose of processing your personal data.
WHAT TERMS WE USE IN THE PRIVACY POLICY?
Personal data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
We – Indeon Sp. z o.o., ul. 26 Stycznia 2A/12, 44-196 Knurów, registered in the District Court in Gliwice, X Commercial Division of the National Court Register, under KRS number 0000511779, the share capital is PLN 10,000.00, VAT No. PL9691612614.
You, your – every natural person with whom we have a legal relationship.
GDPR– Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC 95/46/EC (General Data Protection Regulation)
Website – websites we run, including www.indeon.net, www.indeon.pl.
Recipients of your personal data – entities to which we may transfer part of your personal data in connection with the performance of certain activities or services on our order. These entities can not do anything with your personal data unless we instruct them and only in the scope indicated by us. They will store your personal data securely and only for the period that we indicate to them or as required by applicable law.
COOPERATING ENTITIES
I. The Purpose of processing
We process your personal data in order to execution of a binding contract or implementation of a collaborative relationship
Processing period
We process your personal data for this purpose until the contract between us or the settlement of mutual obligations ends and for the limitation period applicable to the type of contract concluded.
Legal basis
Indispensable for the performance of the contract or the implementation of our cooperation (Article 6 (1) (b) of the GDPR).
II. The purpose of processing
We process your personal data in order to fulfill our legal obligation to keep accounting records, in the form of VAT invoices or other regulations required by law. This obligation is imposed on us by the applicable legal act.
Processing period
We process your personal data for this purpose for 5 years period which starts from the beginning of the year following the financial year in which the documentation was created.
Legal basis
Compliance with the legal obligation (Article 74 paragraph 2 point 8 of the Accounting Act in connection with Article 6 (1) (c) of the GDPR).
III. The purpose of processing
We process your personal data in order to assess your payment credibility in connection with the conclusion and performance of a contract or the cooperation that binds us, and also to establish, investigate, or defend against claims.
Processing period
Your personal data is processed for the purpose of assessing payment credibility in connection with the conclusion and performance of a contract or binding cooperation between us for the duration of the contract between us and the execution of the agreement. Personal data to establish, investigate, or defend against claims are processed for a period of 3 years or 10 years (the length of the period depends on whether both parties are entrepreneurs or not).
Legal basis
Our legitimate interest in verifying and assessing the reliability of our contractors and having personal data that will allow us to determine, assert, or defend against claims, including clients and third parties (Article 6 (1) letter f GDPR).
Categories of recipients of your personal data
a) Entities providing accounting services
We use the services of entities providing professional accounting and billing services.
b) IT service providers
We use the services of entities that professionally provide IT services. We want your personal data to be secure, up-to-date, and confidential.
c) Professional legal advisors and entities dealing in debt collection
We use the services of entities that provide professional auditing services to us, related to legal assistance and the recovery of receivables resulting from legal relationships that connect us with our contractors
d) Entities operating postal or courier
We use the services of entities that professionally provide postal or courier services.
REPRESENTATIVES OF CONTRACTORS
Categories of personal data
We process only your personal data such as name, surname, employer, position, address of the place of employment, business phone, and business e-mail.
Source of personal data
Your personal data has been made available to us by the entity with whom we cooperate based on a contract or other binding arrangement and to which you are an employee or representative.
The purpose of processing
We process your personal data in order to comply with our obligations under the legal relationship with the entity you are an employee or representative.
Processing period
We process your personal data for this purpose until it ends, settlement, and expiration of the limitation period for claims regarding our cooperation with the entity in which you are an employee or representative, or until you raise objections only if we acknowledge Your legitimacy to this.
Legal basis
Our legitimate interest, is based on the implementation of our agreements and legal relationships with the entity in which you are an employee or representative (Article 6 (1) letter f).
Categories of recipients of your personal data
a) IT service providers
We use the services of entities that professionally provide IT services. We want your personal data to be secure, up-to-date, and confidential.
b) Professional legal advisors
We use the services of entities that provide us with professional services related to legal assistance.
c) Entities operating postal or courier
We use the services of entities that professionally provide postal or courier services.
CANDIDATES FOR WORK
I. The Purpose of processing
We process your personal data in the form of first name (surname), surname, first name of your parents, date of birth, place of residence (address for correspondence), your education, and the course of previous employment in order to carry out the recruitment process.
Processing period
We process your personal data for this purpose until the recruitment process is completed, resulting in admission or refusal to work.
Legal basis
Compliance with the legal obligation (Article 22 ‘ § 1 of the Labor Code in connection with Article 6 (1) (c) of the GDPR).
II. The purpose of processing
We process your personal data, other than those mentioned above, indicated by you in the submitted recruitment application in order to carry out the recruitment process.
Processing period
We process your personal data for this purpose until the end of the recruitment process resulting in the acceptance or refusal to accept or resign your consent to the processing of your personal data for this purpose.
Legal basis
Voluntary consent (Article 6 (1) (a) of the GDPR).
III. The purpose of processing
If you have agreed to this, we process your personal data for the purposes of future recruitment processes.
Processing period
We process your personal data for this purpose until the completion of our recruitment processes for positions corresponding to your interests, experience, and the education or withdrawal of your consent to the processing of your personal data for this purpose.
Legal basis
Voluntary consent (Article 6 (1) and GDPR).
Categories of recipients of your personal data
a) Entities providing recruitment
We use the services of entities that provide a safe and convenient opportunity to conduct the recruitment process, in accordance with the regulations of these entities’ services.
b) Entities providing service and security to the Website
We use the services of entities that ensure the professional operation of the Website and the security of your personal data. In order to guarantee the quality of these services, these entities process the IP addresses of people who visit the Website in order to search for job offers.
c) IT service providers
We use the services of entities that professionally provide IT services. We want your personal data to be secure, up-to-date, and confidential.
PERSONS VISITING OUR OFFICE
The purpose of processing
We process your personal data in order to ensure the security of information and documents, our employees and guests, as well as limit visits to so-called unwanted people, due to your visits to our office.
Processing period
We process your personal data for this purpose only for the period necessary to ensure the above-mentioned security, but no longer than one year from the visit of our office or until you object to the processing of your personal data and acknowledge its legitimacy.
Legal basis
Our legitimate interest is in the protection of information, documentation, and security of our employees and guests in our office (Article 6 (1) letter f).
CONTACT FORM ON THE WEBSITE
The purpose of processing
We process your personal data in order to service your inquiry and provide an answer. eg. preparation of the valuation of our services.
Processing period
Your personal data will be deleted by us in case of effective opposition by you or for the purpose of processing.
Legal basis
Our legitimate interest is in the form of allowing the conclusion of a contract for a limited period of time without the need to repeat the valuation because you can make a decision about using our service after receiving the valuation (Article 6 (1) letter f GDPR).
Categories of recipients of your personal data
a) Entities providing service and security to the Website
We use the services of entities that ensure the professional operation of the Website and the security of your personal data. In order to guarantee the quality of these services, these entities process the IP addresses of people who visit our Website.
b) IT service providers
We use the services of entities that professionally provide IT services. We want your personal data to be secure, up-to-date, and confidential.
DIRECT MARKETING OF OUR PRODUCTS AND SERVICES
The purpose of processing
We may process your personal data such as first name, last name, and e-mail address, in order to send you direct marketing about our business using the e-mail address provided by you.
Processing period
We will process your personal information for this purpose as long as you do not object to their receipt.
Legal basis
Our legitimate interest in providing information about our activities including our products and services (Article 6 (1) letter f GDPR).
Categories of recipients of your personal data
a) Entities providing service and security to the Website
We use the services of entities that ensure the professional operation of the Website and the security of your personal data. In order to guarantee the quality of these services, these entities process the IP addresses of people who visit our Website.
b) IT service providers
We use the services of entities that professionally provide IT services. We want your personal data to be secure, up-to-date, and confidential.
WHAT ARE YOUR RIGHTS FROM RELATION TO THE PROCESSING OF YOUR PERSONAL DATA?
We ensure the implementation of your rights listed below. You can implement your rights by submitting your request using the contact details we have indicated.
The right to withdraw consent
You have the right to withdraw any consent you gave us for the processing of your personal data at any time. The withdrawal of your consent has been effective since its withdrawal. Withdrawal of consent does not affect the processing of your personal data carried out by us in accordance with the law before its withdrawal.
Withdrawal of consent does not entail any negative consequences for you. However, it may prevent you from continuing to do our actions on your behalf or using our functionalities which we can only legally provide with your consent.
Legal basis: Article 7 par. 3 GDPR
The right to object to the use of personal data
You have the right to object to the processing of your personal data at any time, if we process it based on our legitimate interest, for example in connection with sending you information about our new activities and initiatives, including profiling based on this basis.
If your objection turns out to be justified and we have no other legal basis to process your personal data, we will delete the information to which you objected.
If you oppose sending marketing information, we will stop sending you this type of information.
Legal basis: Article. 21 GDPR.
The right to delete personal data (“the right to be forgotten”)
You have the right to request the removal of all or some of your personal data.
Despite the request to delete your personal data, in connection with opposition or withdrawal of consent, we may retain certain personal data to the extent necessary to establish, investigate, or defend any claims related to the processing of your personal data. This applies in particular to personal data including name, surname, and information about your consent or activity history, which we retain for purposes of handling complaints and claims related to the processing of your personal data by us in connection with the legal relationship between us. We will process your personal data for this purpose for a period of 10 years from the end of the legal relationship between us.
The legal basis for us to process your personal data for this purpose is our legitimate interest (Article 6 (1) letter f).
Legal basis: Article. 17 THE DGPR.
The right to limit the processing of personal data
You have the right to request a restriction on the processing of your personal data. If you submit such a request, we will prevent you from using certain functionalities or services that will result in the processing of the requested data until we process your request. We will also not send any messages to you, including marketing ones.
Legal basis: Article. 18 DGPR.
The right to access personal data
You have the right to obtain confirmation from us whether we process your personal data, and if this is the case, you have the right to:
a) get access to your personal data;
b) obtain information about the purposes of processing, categories of personal data being processed, the recipients or categories of recipients of this data, the planned period of storage of your data or criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint to the supervisory authority, the source of these data, on automated decision-making, including profiling and safeguards applied in connection with the transfer of these data outside the European Union;
c) obtain a copy of your personal data, under the conditions indicated in the GDPR.
Legal basis: Article. 15 THE GDPR.
The right to rectify personal data
You have the right to request us to rectify your personal data when they are inconsistent with the actual state and the right to have incomplete personal data completed.
Legal basis: Article. 16 THE GDPR.
The right to data portability
You have the right to receive the personal data that you provided to us and then send it to another personal data administrator of your choice.
You also have the right to request that personal data be sent by us directly to such other administrator if it is technically possible.
Legal basis: Article. 20 GDPR.
The right to lodge a complaint
You can lodge complaints, questions, and requests regarding the processing of your personal data and the implementation of your rights.
If you believe that your right to the protection of personal data or other rights granted to you by GDPR has been violated, you have the right to lodge a complaint with the competent supervisory authority.
Legal basis: Article. 13 para. 2 lit. d) GDPR.
IS THE SUBMISSION OF YOUR PERSONAL DATA COMPULSORY?
Providing your personal data by you is not mandatory. However, it is necessary to implement the legal relationship that binds us.
If you do not agree to receive information about our initiatives and proposals at the e-mail address provided by you, we will not be able to send you such information.
SURFACING OF PERSONAL DATA OF PERSONS VISITING THE WEBSITE
We use technologies such as cookies for statistical purposes, analysis and research of traffic on the Website, individualized content and advertising, and provision of social networking tools. In this regard, you can be profiled. Detailed information on this subject is available below.
The term “cookie” is defined as all technologies that store and use information on the device on which you visit the Website, e.g. on a computer or a mobile device. We also use technologies such as pixel tags and software packages embedded on our Website (more about them in the information below).
There are different types of cookies, e.g. cookies that are directly supported by us and cookies served on our behalf, e.g. by companies analyzing data for us. In addition, there are cookies that operate for a limited time, including those that only work until the browser is closed. They are automatically deleted when you close your browser. Other files of this type are so-called persistent cookies that are not deleted when you close your browser. They are used, for example, to recognize your device when you visit the Website again.
Below you will find information on which cookies we use and what is the purpose of their use.
Server logs and IP address memorization
The use of the Site involves the transmission of queries to the server on which the Site is stored. Each query addressed to the server is saved in the server logs. Logs include the user’s IP address, server date and time, information about the web browser, and the operating system used by the user. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific people using the Site and are not used by us to identify the visitors to the Site. Server logs are the only auxiliary material used to administer the Site, and their content is not disclosed to anyone except those authorized to administer the server. This data will also be used to create statistics that we use to assess the usefulness of the Website and its optimization.
What third-party cookies are used?
The following third-party cookies are used on our website:
- Google Analytics.
Details on individual third-party cookies are described below.
Google Analytics – details
We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting of the creation of statistics and their analysis in order to optimize our websites.
In order to use Google Analytics, we have implemented a special Google Analytics tracking code in the code of our website. The tracking code uses Google LLC cookies for the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout .
Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to Google servers, which can be located all over the world and stored there.
Due to the IP anonymization activated by us, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address sent to Google servers and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.
We emphasize that as part of Google Analytics, we do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics is not personal data for us. The information we have access to as part of Google Analytics is, in particular:
- information about the operating system and web browser you use,
- subpages you browse on our website,
- time spent on our website and its subpages,
- transitions between individual subpages,
- the source from which you go to our site.
In addition, as part of Google Analytics, we use the following Advertising Functions:
- demographic and interest reports,
- remarketing,
- advertising reporting functions, user-ID.
As part of the Advertising Functions, we also do not collect personal data. The information we have access to is, in particular:
- the age range you are in,
- Your gender
- Your approximate location is limited to the town,
- Your interests are based on your online activity.
Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and certifies compliance with the relevant requirements by systems that support Google Analytics and Google Analytics 360.
If you are interested in details related to Google’s use of data from websites and applications that use Google services, we encourage you to read this information: https://policies.google.com/technologies/partner-sites .
WILL YOUR PERSONAL DATA BE ACCESSIBLE TO COUNTRIES IN THE EUROPEAN ECONOMIC AREA?
In our activity, we use various popular services and technologies offered by such entities as Facebook, Microsoft, Google. These companies are based in the European Union and are therefore treated as third countries in the light of the provisions of the GDPR.
We assure you that when using services and technologies, we only transfer personal data to entities from the United States and only those who joined Privacy Shield, based on the decision of the European Commission of July 12, 2016 – more information can be found on the page European Commission available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl Entities that have joined the Privacy Shield guarantee that they will comply with the high standards of personal data protection that are in force in the European Union, that is why using their services and technologies offered in the processing of personal data is legal. More information on the Privacy Shield program can be found at www.privacyshield.gov.
We will provide you with additional explanations regarding the transfer of personal data. You have the right to obtain a copy of your personal data transferred to a third country at any time.
CHANGES IN THE PRIVACY POLICY
Depending on our needs, we can change and supplement the Privacy Policy. We will inform you of any changes or additions by posting relevant information on the Website, and in the case of significant changes, we can also send you separate notifications to the email address provided by you.
CONTACT WITH THE SERVICE ADMINISTRATOR
We make every effort to enable users to submit any comments, suggestions, tips, and objections to the data processing policy adopted by us. All issues related to the content of this Policy should be sent to the e-mail address: [email protected].
Fulfilling the regulation of art. 13 sec. 1 lit. b GDPR, we indicate that we have appointed the Personal Data Protection Inspector, with whom interested Users can contact by e-mail at the following e-mail address: [email protected].