Privacy policy

RODO

PRIVACY POLICY 

In order to ensure transparency and reliability of the processing of personal data carried out by our Company, below please find personal data protection rules which are in force at the DEFRO Spółka z ograniczoną odpowiedzialnością Spółka komandytowa established in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing directive 95/46/EC, hereinafter referred to as GDPR (Journal  of Laws EU L No. 119, page 1). We pay great attention to issues related to the processing of personal data and protection of information, not only because such an obligation is imposed on us by law, but above all because we respect the right to privacy of others and we believe that it is one of the most important elements of good cooperation and building trust, as well as good image of our company.

 

 

Contents

  1. DATA CONTROLLER 
  2. PURPOSE OF DATA PROCESSING 
  3. DATA RECIPIENTS 
  4. TRANSMISSION OF DATA TO THIRD COUNTRIES 
  5. PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER 
  6. RIGHTS OF DATA SUBJECTS

 

 

1. DATA CONTROLLER

Controller of personal data is DEFRO Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its registered office in Warsaw at Solec 24/253 Street, 00-403 Warsaw – hereinafter DEFRO.  Controller is an entity that decides about purposes and means of processing personal data.

In all matters related to the processing of your personal data, you can contact us by mail at the address indicated above, and by sending e-mail correspondence to the Data Protection Officer (DPO) appointed by our company - iod@defro.pl

 

2. PURPOSE OF DATA PROCESSING

DEFRO company is one of the largest solid fuel central heating boilers in Europe. Due to implementation of our business goal, we process personal data for the following purposes:

PURPOSE OF DATA PROCESSING

LEGAL BASIS AND PERSONAL DATA STORAGE PERIOD

STORAGE TIME

Conclusion and performance of a contract with a customer or contractor

Art. 6 para. 1 let. b and let. f of GDPR (legitimate interest of the Controller shall be contacting employees or co-workers of the customer/contractor as part of actions taken in order to conclude a contract, as well as its implementation.

For duration of the contract. After this date, upon expiration of time limits for claims resulting from the contract in accordance with provisions of the Civil Code and others.

Determining, pursuing claims and defending against such claims

Art. 6 para. 1 let. f of GDPR (legitimate interest pursued by the Controller shall be undertaking actions in order to claim and defend against claims - in this scope, the data of a customer/contractor, their employees and associates are collected to the extent necessary for the claims being claimed or defended against.

Until final termination of proceedings conducted in connection with the pursuit of claims or defence against a claim, and in case of enforcement proceedings until claims will finally be settled. If the deadline for pursuing claims is shorter than the period for storing underlying documents for tax purposes - such documents will be kept by DEFRO for the time necessary to fulfil the tax and accounting obligation (5 years starting from the end of the year in which the event giving rise to tax effects took place).

Handling complaints and complaint proceedings

Art. 6 para. 1 let. b and f of GDPR - legitimate interest pursued by DEFRO shall be undertaking actions in relation to consideration of complaints, including contacting the customer/contractor or their employees/co-workers, as well as recording telephone conversations for the needs of telephone service for telephone calls.

1 year after the end of warranty period or investigation/settlement of a complaint.

Archiving documents regarding concluded contracts, including settlement documents

Art. 6 para. 1 let. c and f of GDPR

Until the moment when DEFRO fulfils all legal obligations related to the storage of documents and specified in individual legal provisions. With regard to documents, storage of which has not been specified explicitly in legal provisions, for the time possible to pursue claims in accordance with implementation of legally justified interest of the Controller.

Conducting marketing activities without the use of electronic communication means, as referred to in the Act on the provision of electronic services and the Telecommunications Act.

Art. 6 para. 1 let. f of GDPR - legitimate interest pursued by DEFRO shall be taking actions promoting its activity.

Until the moment of objection referred to in art. 21 of GDPR and indication in any way that you do not want to receive such information anymore.

Conducting marketing activities with the use of electronic communication means, as referred to in the Act on the provision of electronic services and the Telecommunications Act, including in particular via e-mail, SMS, direct telephone contact.

Art. 6 para. 1 let. a of GDPR

Until the moment of withdrawal of consent to conduct such activities that you have previously given you consent to. After withdrawal of consent, such data will be processed for evidential purposes of demonstration for the needs of any inspections or claims claimed in this respect - i.e. max. 6 years counting from the moment of withdrawal of consent.

Quality assessment study with regards to the provided services.

Art. 6 para. 1 let. a of GDPR - legitimate interest of the controller shall be quality assessment study with regards to the provided services, market research and needs research.

Until the moment consent is withdrawn, no more than one year from the date of receipt of an opinion.

Video monitoring at DEFRO site in order to ensure safety of individuals and property and to maintain information security.

Art. 6 para. 1 let. c and f of GDPR

Fixed image recordings are stored for a periof of up to 3 months. Exceptions are cases where the recording is evidence in proceedings conducted by law enforcement/judicial authorities (in this case, until final termination of such proceedings, or raising objections).

Running recruitment processes

Art. 6 para. 1 let. a and c of GDPR -

Until the recruitment process for a specific position is completed, and if the candidate agrees to the processing of his/her data for the needs of other recruitment processes - not longer than 12 months.

Human resources management - keeping employee files, settlements with employees and co-workers as well as fulfilling other duties imposed on the Controller in connection with entering into a work relationship and cooperation with natural persons

Art. 6 para. 1 let. a, b, c and f of GSPR and art. 9 para. 2 let. b of GDPR

Until the moment of fulfillment of an obligation related to storage of personal files - for 50 years, and in relation to personal files of employees employed after January 1, 2019 - for 10 years from the moment of termination of employment. This does not apply to examples of concluding an employment contract before January 1, 2019 when DEFRO will submit a declaration on the intention to provide information reports on behalf of all employees, contractors employed during this period, including submitting those reports.

As far as civil law contracts are concerned - they will be kept for periods indicated in legal provisions concerning pursuing claims in this respect. In case of other documents, for which storage period is not subject to storage, such as personal files - they will be stored for a shorter time, i.e. until the consent is withdrawn.

When it comes to data processing on the basis of a consent - until such a consent is withdrawn by a co-worker or employee, for example, for the processing of photographs.

 

Providing personal data, depending on the purpose of processing, may be a statutory or contractual requirement or a condition to conclude a contract. To the extent that you would like to take advantage of DEFRO services, providing data will be necessary to conclude a contract, as well as in order to comply with our legal obligations. Consequence of not providing data is the inability to conclude a contract. For all other purposes, when their processing is based on a consent - their submission is voluntary. As a consequence of failure to provide data, DEFRO will not be able to take appropriate actions to the extent that you have not provided the data. The consent may be withdrawn at any time without affecting lawfulness of processing which was made on the basis of a consent prior to its withdrawal.

 

3. DATA RECIPIENTS

DEFRO company may disclose your data to:

  • business entities and natural persons conducting business activity and co-operating and supporting DEFRO within the scope of services provided to customers - in particular within the scope of maintenance and assembly services;
  • business entities cooperating with DEFRO in the field of consulting services, including law firms, auditing companies, training and advisory companies;
  • business entities supporting DEFRO in the scope of business activity, in particular suppliers of external IT systems, entities cooperating in marketing campaigns;
  • banks within the scope of settlements;

Personal data may also be transferred to state authorities and other persons authorized on the basis of relevant legal provisions and to the extent specified in the indicated legal provisions.

 

4. TRANSMISSION OF DATA TO THIRD COUNTRIES

DEFRO processes data only in the countries of the European Union and the European Economic Area. It does not transfer them to third countries.

 

5. PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER 

Personal data will not be processed in an automated manner, and they will not be subject to profiling as referred to in the GDPR.

 

6. RIGHTS OF DATA SUBJECTS

Every data subject has the right to access their data, to rectify it, delete it, limit its processing, and object to its’ processing or transfer of their data - in accordance with and in cases indicated in art. 12-23 of GDPR.

In addition, a person whose data is processed by DEFRO has the right to file a complaint to the supervisory body - in Poland it is the President of the Office for Personal Data Protection. More information on the Office for Personal Data Protection and how to file a complaint can be found at: www.uodo.gov.pl

 

We hope that by providing the above information, we have brought you closer to our principles and needs related to the processing of personal data. Once again, we would like to emphasize that if you have any questions, you may contact us, preferably through the inspector for protection of personal data at the address iod@defro.pl

Kind regards,

DEFRO

Visitors counter: 6271596 , today: 1 , yesterday: 37 , online: 0