GDPR

 

INFORMATION OBLIGATION
Processing of personal data at “Kan-Bud" Sp. z o.o.
 

Dear Customers,

In accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) of April 27, 2016 No. 2016/679 (GDPR), we provide you with information regarding the use of your personal data.

Who is the administrator of your personal data?

The administrator of your personal data is the company “Kan-Bud” Sp. z o.o. registered at 9 Gostyńska Street, 64-113 Kąkolewo NIP: 6970012739 REGON: 410008346 KRS: 0000171783 (hereinafter referred to as the Company or the Administrator).

How to contact us for information about your personal data?

The Administrator can be contacted in writing via snail mail at the address above or via email at: info@kan-bud.pl

How do we keep your personal information secure?

We provide all physical, technical and organizational measures to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable laws. We have appointed a Data Protection Officer, Mr. Dominik Giętkowski, who can be contacted at iod@kan-bud.pl.

What is the purpose and legal basis for processing your personal data?

Area Purpose of processing and legal basis
Activities to conclude and perform the contract
And to conduct business:
  • To conclude and execute the contract (including for contact purposes, billing and payment purposes necessary for its execution) or to take action at your request in order to conclude the contract (Article 6(1)(b) GDPR) or to contact the contractor's employees in order to execute the contract (Article 6(1)(f) GDPR - the legitimate interest is the execution of the contract),
  • archiving data after the execution of the contract (pursuant to Article 6(1)(c) of the GDPR in connection with the law, and pursuant to Article 6(1)(f) of the GDPR for data stored in archives and security copies - the legitimate interest is to assert claims or protect against such claims and ensure data integrity),
  • after-sales service, especially the processing and fulfillment of complaints or other claims, conducting the debt collection process (Article 6(1)(f) GDPR - the legally legitimate interest is the investigation and defense against claims),
  • fulfillment of legal obligations arising from the conduct of business, including tax or civil law, such as accounting and taxation (Article 6(1)(c)).

Provision of data is a contractual requirement and/or a condition for entering into a contract, it is voluntary but necessary for entering into and performing the contract. Some processing activities in the execution of the contract are regulated by law, their provision is necessary for the execution of the contract.
Contact and correspondence, including by e-mail
(by email and using the contact form on the website)
  • to answer a question asked or a message sent, on the basis of consent, i.e. Article 6(1)(a) of the GDPR,
  • to respond to an inquiry regarding an offer or to respond to an offer sent to us, and to carry out the actions you have requested, pursuant to Article 6(1)(b) of the DPA,
  • for the purpose of correspondence in connection with the implementation of the law, e.g., when dealing with complaints or exercising rights under the GDPR, such as the right to access data (Article 6(1)(c)).

Provision of data is voluntary, but necessary to respond, provide requested content or fulfill your requests. In some cases, providing data may be a legal requirement, such as when we are required to verify the requester before providing data. You can withdraw your consent at any time by making a request through the same communication channel. The withdrawal of consent does not affect the lawfulness of the processing that was carried out before its withdrawal.
Other processing based on consent for the purposes each time specified in the content of the consent (Article 6(1)(a) or Article 9(2)(a) GDPR). Provision of data is voluntary, but necessary for the purposes specified in the content of the consent. Consent can be withdrawn at any time in the manner specified by the Administrator when obtaining consent. Withdrawal of consent does not affect the legality of the processing that was performed before its withdrawal.
Website delivery
  • Researching user preferences and behavior on the Site using cookie technology, compiling statistics on users of the Site and using them to customize/improve the service (Article 6(1)(a) of the GDPR),
  • technical delivery of content, maintenance and support of the service, ensuring the security of the service, preventing fraud and fixing errors, tailoring the service to users' needs (Article 6(1)(f) GDPR).

Provision of data is voluntary, but necessary for the above-mentioned purposes. For details on the data processing rules of our website, including the cookie policy, please refer to the Privacy Policy.
Other processing based on the legitimate interests of the Administrator

Your personal data is or may also be processed on the basis of Article 6(1)(f) GDPR if the processing is necessary for the following purposes arising from the legitimate interests pursued by the Administrator:

  • internal administration and organization of work, including the conduct of internal supervision and reporting (the legitimate interest is to ensure the optimal functioning of the company),
  • To ensure the security of networks and IT processes (the legitimate interest is the protection of persons and property).

What rights do you have with respect to the data we process about you?

You have the right to request from the Administrator: access to your personal data and to receive a copy of your personal data; rectification (amendment) of your personal data; deletion of your personal data when the processing does not take place in order to comply with an obligation under the law; restriction of the processing of your personal data; portability of your personal data; lodging a complaint to the President of the Office for Personal Data Protection (contact details on the Office's website at www.uodo.gov.pl) in case you consider that the processing of your personal data violates the provisions of the GDPR.
You also have the right to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR. If you raise an objection to the processing of your personal data for purposes arising from legitimate interests pursued by the Administrator, your personal data will not be processed by us for such purposes. The reason for this objection must be your particular situation, hence we ask you to indicate this particular situation when submitting your request. Upon receipt of an objection, we will stop processing your data for the purpose or purposes to which you have objected, unless we demonstrate the existence of valid legitimate grounds for processing that override your interests, rights and freedoms, or if we demonstrate grounds for establishing, investigating or defending against claims. To exercise the above-mentioned rights, please contact the Administrator or the designated Data Protection Officer. 

Who may be the recipient of your personal data?

We share your personal data only with entities through which we can guarantee a high quality service. These are primarily: accounting and office software providers (including Microsoft), maintenance or IT service providers, hosting company, website plug-in providers, courier and/or postal companies, accounting office, bank, marketing service providers. The data is processed on the basis of a contract with us and only on our instruction. We do not share your data with any third parties for their own use - only for the tasks specified above. All partners who process your personal data ensure the security of your data and comply with all data protection obligations. We also share your personal data with authorized employees of the Company who perform tasks related to the processing of your data on behalf of the Administrator.

What are the rules for transferring your personal data outside the EOG?

Your personal data may be transferred to recipients in third countries, i.e. outside the EOG or to international organizations.
We may transfer personal data to a third country (outside the EOG) only if it guarantees at least as much data protection as in Poland. 

How long do we keep your personal information?

We keep your personal data only for the time necessary to achieve the purposes for which the data was collected (e.g., the duration/performance of the contract) or for the period specified by law. In relation to data processed on the basis of consent - until it is withdrawn. For processing for the purpose of answering a question - for 1 year from the end of the correspondence. In other cases, it will be the period of the statute of limitations for claims or other periods prescribed by law.

How can we make decisions based on your personal information?

We may make automated decisions based on your personal data, as referred to in Article 22 (1) and (4) of the GDPR. You have the right to appeal against such a decision by communicating your position to us through the communication channels provided above.

 

Yours faithfully,

Kan-Bud Sp. z o.o.