GDPR information regarding the processing of personal data contained in electronic correspondence.
WHO IS THE PERSONAL DATA ADMINISTRATOR?
The personal data administrator is the following companies:
Sady Sandomieskie S.A. with headquarters in Tarnobrzeg, 39-400 Tarnobrzeg Aleja Warszawska 22A / BA10, KRS: 0000867352, NIP: 867-225-09-77, REGON: 387395843
Sad Sandomierski Sp. z o.o. based in Węgrka Panieńskie 33A, 27-641 Obrazów, KRS number: 0000379864, NIP number: 864-193-99-79, REGON number: 260458358
The lead administrator is Sady Sandomierskie S.A., which can be contacted:
1. At the correspondence address: Sady Sandomierskie S.A., Aleja Warszawska 227A / BA10, 39-400 Tarnobrzeg
2. At the e-mail address: rodo@bioinlife.eu
3. In order to improve the communication process, contact is also possible via the contact form
WHAT ARE THE PURPOSES, LEGAL BASIS AND FOR HOW LONG WILL WE PROCESS YOUR PERSONAL DATA?
1. Contact details about senders and addressees of e-mail correspondence and personal data contained in the content of electronic correspondence will be processed by the Administrator for the following purposes:
1) enabling e-mail contact with one Administrator and making contact with addressees;
2) documenting arrangements made with clients, contractors and other persons;
3) receiving and sending letters, notifications and motions in electronic form, e.g. complaints, complaints, other motions;
4) protection against claims and pursuing possible claims.
5) in the case of pending proceedings until its final conclusion and until the claims are time-barred.
2. The legal basis for the processing of personal data contained in e-mail correspondence is:
a) the legitimate interest of the Data Administrator and senders of electronic messages (Article 6 (1) (f) of the GDPR) - in the case of incidental correspondence, consisting in enabling contact with the Administrator;
b) necessity to perform the contract (Article 6 (1) (b) of the GDPR) - in the scope of electronic correspondence exchange carried out in order to perform the contract;
c) voluntarily expressed consent through a clear confirmation action - if the sender of the message asks the Administrator to provide information regarding the products and services offered by the Administrator; sending such an inquiry will mean the sender's consent to receive the ordered commercial information to the e-mail address provided (Article 10 of the Act on the provision of electronic services);
d) the Controller's legitimate interest in pursuing claims or defending against claims, in accordance with the provisions of law, in particular the Civil Code (Article 6 (1) (f) and - in the case of specific data - Article 9 (2) (f) GDPR).
3.Email correspondence will be stored for a period of 2 years, but in some cases, due to the content, the retention period for certain categories of e-mail will be determined separately due to the provisions of specific legal provisions and situations where the content of the e-mail correspondence may be used to assert or defend claims or constitute evidence in pending proceedings.
WHO CAN WE SHARE YOUR PERSONAL DATA WITH?
1. Personal data in the form of e-mail addresses and metadata related to the exchange of correspondence (technical data describing a single e-mail), except for employees and associates of Sady Sandomierskie S.A. The administrator authorized to process them in connection with the performed official activities, may be disclosed to the extent necessary and on the terms set out in contracts for entrusting data processing to IT hosting service providers.
2. Data in the form of the content of electronic correspondence may be disclosed, apart from Employees dealing with administrative and substantive handling of e-mail correspondence, only for the purpose of pursuing their claims as part of proceedings appropriate to the nature of the case to entities providing the Administrator with services in the field of debt collection and services legal and advisory.
WHAT ARE YOUR RIGHTS RELATED TO THE PROCESSING OF YOUR DATA BY SADY SANDOMIERSKIE S.A., SAD SANDOMIERSKI SP. Z O.O.?
1.Every data subject has the right to:
1) access - obtaining confirmation by the Administrator whether its personal data is being processed. If data about a person is processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, about the period of data storage or the criteria for determining them, the right to request rectification, deletion or limitation of the processing of personal data due to the data subject, and to object to such processing (Article 15 of the GDPR);
2) to receive a copy of the data - to obtain a copy of the data subject to processing,
3) for rectification - requesting rectification of incorrect personal data concerning her or supplementing incomplete data (Article 16 of the GDPR);
4) to delete data - request to delete their personal data, if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
5) to limit processing - requests to limit the processing of personal data when:
a) the data subject questions the accuracy of the personal data - for a period enabling the controller to verify the accuracy of the data,
b) the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,
c) the controller no longer needs these data, but they are needed by the data subject to establish, assert or defend claims,
d) the data subject has objected to the processing - pending verification whether the legitimate grounds of the administrator override the objection of the data subject;
6) to transfer data - to receive in a structured, commonly used machine-readable format personal data concerning him, which he provided to the administrator, and request to send these data to another administrator, if the data is processed on the basis of the consent of the data subject or a contract with it and if the data is processed in an automated manner (Article 20 of the GDPR);
7) to object - to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her particular situation, including profiling (Article 21 of the GDPR).
2. In order to exercise the above-mentioned rights, the data subject should:
a) Contact the lead administrator: Sady Sandomierskie S.A., Aleja Warszawska 227A / BA10, 39-400 tarnobrzeg, rodo@bioinlife.eu
b) After logging in to the Customer Panel, in the GDPR tab, select the available online forms that allow you to conveniently submit your requests.
WHERE CAN YOU LODGE A COMPLAINT, IF YOU THINK THAT YOUR DATA IS PROCESSED IN ACCORDANCE WITH THE PROVISIONS OF PERSONAL DATA PROTECTION LAW?
You have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its seat in Warsaw, ul. Stawki 2, which can be contacted in the following way:
1) by post: ul. Stawki 2, 00-193 Warsaw,
2) via an electronic inbox available at https://www.uodo.gov.pl/pl/p/kontakt
3) by phone: (22) 531 03 00
However, before submitting a complaint, consider contacting the lead administrator in the following way:
1) by post: Sady Sandomierskie S.A., Aleja Warszawska 227A / BA10, 39-400 Tarnobrzeg
2) by e-mail: rodo@bioinlife.eu
3) via the contact form
WHO CAN I CONTACT IN ALL MATTERS RELATED TO PERSONAL DATA PROTECTION?
1. E-mail address: rodo@bioinlife.eu
2. Address for traditional correspondence - Sady Sandomierskie S.A., Aleja Warszawska 227A / BA10, 39-400 Tarnobrzeg
3. Contact form
WHICH LEGAL ACTS ARE REFERRED TO IN THIS INFORMATION CLAUSE?
1) GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal Official Journal of the European Union L 2016 No. 119, p. 1);
2) art. 118 and following of the Act of 23 April 1964 - Civil Code (i.e. Journal of Laws of 2018, item 1025);
3) art. 10 of the Act of July 8, 2002 on the provision of electronic services (i.e. Journal of Laws of 2017, item 1219 as amended).