GDPR

INFORMATION CONCERNING THE PROTECTION OF CUSTOMERS 'PERSONAL DATA
(pursuant to Article 13 of the GDPR *)

The administrator of the Customer's personal data is:
C.B. Projekt
(hereinafter the "Administrator")
correspondence address in matters related to the protection of personal data:
32-329 Laski, ul. Główna 21,

The administrator has no obligation or need to appoint a personal data protection officer.

The Customer's personal data will be processed by the Administrator:

  1. based on Article. 6 sec. 1 lit. b) and c) GDPR, in order to:
    • take actions necessary to perform the contract with the customer or, at the request of the customer, take action before concluding the contract (this applies to data processing to the extent necessary to conclude or perform the contract)
    • fulfillment of the legal obligation incumbent on the Administrator.
  2. on the basis of the legitimate interests pursued by the Administrator [art. 6 sec. 1 lit. f) GDPR], in particular in order to::
    • pursuing or securing the Administrator's claims due from the Customer
    • quality control of the goods or services delivered to the Customer
  3. on the basis of the Client's consent, for the purposes specified in this consent [art. 6 sec. 1 lit. a) GDPR],
    in particular:
    • verification of the customer's payment credibility,
    • providing the Customer with information about proposed changes to the contract, confirmation of receipt of the complaint and reply to the complaint

The administrator will not process special categories of data referred to in art. 9 and 10 of the GDPR.

The administrator will not transfer clients' personal data to a third country or an international organization.

Customers' personal data is not processed in an automated manner or in the form of profiling.

The provision of personal data by the Customer is a necessary condition for concluding a contract with the Administrator.

The period for which the Customer's personal data will be stored is defined by the purpose for which the data was provided and the content of the legal regulations, in particular:

  1. personal data processed in order to conclude or perform the contract and fulfill the Administrator's legal obligation will be kept for the duration of the contract, and after its expiry for the period necessary to:
    • securing or pursuing any claims due to the Administrator
    • fulfillment of the Administrator's legal obligation (e.g. resulting from tax or accounting regulations)
  2. personal data processed on the basis of the Customer's consent will be stored until its revocation.

The rights of the person whose personal data is processed by the Administrator:

  1. the right to access the content of your personal data, i.e. the right to obtain confirmation whether the Administrator processes data and information regarding such processing
  2. the right to rectify data if the data processed by the Administrator is incorrect or incomplete
  3. the right to request the Administrator to delete data, if this does not violate the legal obligation incumbent on the Administrator
  4. the right to request the Administrator to limit data processing, if it does not violate the legal obligation incumbent on the Administrator
  5. the right to transfer data, i.e. the right to receive personal data provided to the Administrator and to send them to another administrator
  6. the right to object to data processing based on the legitimate interest of the Administrator
  7. the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another European Union Member State competent for the place of habitual residence or work of the data subject or the place of the alleged violation of the GDPR
  8. the right to withdraw consent at any time (without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal)
  9. if the data will be processed in an automated manner, the right to obtain human intervention on the part of the Administrator, to express one's own position and to challenge the decision based on automated data processing.

Categories of recipients of Customers' personal data (entities processing personal data on behalf of the Administrator):

  1. entities providing the Administrator with services related to the management of his business (e.g. accounting offices, tax advisors, banks, postal operators, carriers, document archiving companies, debt collection companies, law offices),
  2. courts, state and public bodies and institutions,
  3. entities providing technical services to the Administrator (e.g. maintenance of IT systems and websites).

*Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE.

Home    Back