Personal data protection
Users provide their personal data on the website voluntarily.
Personal data is all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact details, location data, information information contained in correspondence, information collected via recording equipment or other similar technology.
Personal Data Administrator
The Administrator of Personal Data (ADO) is Walcownia Metali Nieżelaznych “ŁABĘDY” S.A.
Data processing by the administrator
In connection with the conducted business activity, the Administrator collects and processes personal data in accordance with the relevant regulations, including in particular the GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC), and the data processing rules provided for therein.
The administrator ensures transparency of data processing, in particular, always informs about data processing at the time of their collection, including the purpose and legal basis for processing – e.g. when concluding a contract for the sale of goods or services. The administrator makes sure that the data is collected only to the extent necessary for the indicated purpose and processed only for the period in which it is necessary.
When processing data, the Administrator ensures their security and confidentiality as well as access to information on processing to data subjects. If, despite the security measures applied, there is a breach of personal data protection (eg “leakage” or loss of data), the Administrator will inform the data subjects of such an event in a manner consistent with the provisions.
Contact with the administrator
Contact with the Administrator is possible via e-mail or in writing to the company’s registered office address (44-109 Gliwice, ul. Metalowców 6). The administrator has appointed a Data Protection Officer, who can be contacted via the e-mail address email@example.com in any matter regarding the processing of personal data.
In connection with running a business that requires processing, personal data is disclosed to external entities, including in particular suppliers responsible for the operation of IT systems and equipment (e.g. CCTV equipment), entities providing legal or accounting services, couriers, marketing and recruitment agencies. The data is also disclosed to entities related to the Administrator, including companies from its capital group.
The Administrator reserves the right to disclose selected information about the data subject to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
The period of personal data processing
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from regulations, when they constitute the basis for processing. In the case of data processing on the basis of the Administrator’s legitimate interest – e.g. for security reasons – the data is processed for a period enabling the implementation of this interest or until an effective objection to data processing is raised. If the processing is based on consent, the data is processed until its withdrawal. When the basis for processing is necessary to conclude and perform the contract, the data is processed until its termination.
The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period – only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
Rights of data subjects
The data subject is any natural person whose personal data is processed by the Administrator, e.g. a person visiting the Administrator’s premises or sending an inquiry to him in the form of an e-mail.
Walcownia Metali Nieżelaznych “ŁABĘDY” S.A. ensures that data subjects exercise their rights under the GDPR.
Data subjects have the following rights:
the right to information about the processing of personal data – on this basis, the person submitting the request, the Administrator provides information on the processing of data, including, in particular, the purposes and legal grounds for processing, the scope of the data held, entities to which they are disclosed, and the planned date of data deletion;
the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data concerning the reported person
the right to rectify – the Administrator is obliged to remove any inconsistencies or errors in the processed personal data and to supplement them if they are incomplete;
the right to delete data – on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which it was collected;
the right to limit processing – in the event of such a request, the Administrator ceases to perform operations on personal data – with the exception of operations for which the data subject has consented – and their storage, in accordance with the adopted retention rules or until the reasons for limiting data processing cease ( e.g. a decision of the supervisory authority will be issued authorizing further processing of the data);
the right to transfer data – on this basis – to the extent that the data is processed in connection with the concluded contract or consent – the Administrator issues data provided by the data subject in a format that can be read by a computer. It is also possible to request that this data be sent to another entity – provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity;
the right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
the right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data, which takes place on the basis of the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property); objection in this respect should contain a justification;
the right to withdraw consent – if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn;
the right to lodge a complaint – if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection. In order to exercise the above-mentioned rights, please contact the data controller or the Data Protection Officer, using the contact details indicated above.
Reporting requests related to the implementation of rights
An application regarding the exercise of the rights of data subjects may be submitted:
in writing to the following address: ul. Metalowców 6, 44-109 Gliwice,
by e-mail to the following address: firstname.lastname@example.org.
If the Administrator is unable to identify the person submitting the application on the basis of the submitted application, he will ask the applicant for additional information. The application may be submitted in person or through a proxy (e.g. a family member). Due to data security, the Administrator encourages to use a power of attorney certified by a notary public or an authorized legal advisor or attorney, which will significantly speed up the verification of the authenticity of the application. The reply to the application should be given within one month of its receipt. If it is necessary to extend this period, the Administrator informs the applicant about the reasons for the delay.
The answer is provided via traditional mail, unless the application has been submitted by e-mail or an electronic response has been requested.
Purposes and legal grounds for processing
E-mail and traditional correspondence
In the case of sending to the Administrator via e-mail or traditional correspondence not related to the services provided to the sender or other contract concluded with him, the personal data contained in this correspondence are processed only for the purpose of communication and resolving the matter to which the correspondence relates.
The legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in conducting correspondence addressed to him in connection with his business activity.
The administrator processes only personal data relevant to the matter related to the correspondence. All correspondence is stored in a manner ensuring the security of personal data (and other information) contained therein and disclosed only to authorized persons.
In the event of contacting the Administrator by phone, in matters not related to the concluded contract or services provided, the Administrator may request personal data only if it is necessary to handle the case to which the contact relates. In this case, the legal basis is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the need to resolve a reported case related to the conducted by
from it economic activity.
Video surveillance and access control
In order to ensure the safety of persons and property, the Administrator uses video monitoring and controls access to the premises and the area under its management. The data collected in this way is not used for any other purposes.
Personal data in the form of monitoring recordings and data collected in the register of entries and exits are processed in order to ensure security and order on the premises and, possibly, to defend against claims or pursue them. The basis for the processing of personal data is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in ensuring the safety of the Administrator’s property and the protection of its rights.
As part of the recruitment processes, the Administrator expects the transfer of personal data (e.g. in a CV or curriculum vitae) only to the extent specified in the provisions of the labor law. Therefore, the broader scope of the information should not be provided. If the submitted applications contain additional data, they will not be used or taken into account in the recruitment process.
Personal data is processed:
in order to perform the obligations arising from legal provisions related to the employment process, including in particular the Labor Code – the legal basis for processing is the legal obligation incumbent on the Administrator (Article 6 (1) (c) of the GDPR in connection with the provisions of the Labor Code);
in order to carry out the recruitment process in the field of data not required by law, as well as for the purposes of future recruitment processes – the legal basis for processing is consent (Article 6 (1) (a) of the GDPR);
in order to establish or pursue any claims or defend against such claims – the legal basis for data processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
Collection of data in connection with the provision of services or the performance of other contracts
If data is collected for purposes related to the performance of a specific contract, the Administrator provides the data subject with detailed information on the processing of his personal data at the time of concluding the contract.
Collection of data in other cases
In connection with the conducted activity, the Administrator collects personal data also in other cases – e.g. during business meetings, industry events or by exchanging business cards – for purposes related to initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in creating a network of contacts in connection with the conducted activity.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator ensures their appropriate protection.
In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures that allow access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them. The administrator uses organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
The administrator also takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data on behalf of the Administrator.
The administrator conducts an ongoing risk analysis and monitors the adequacy of the data security used to the identified threats. If necessary, the Administrator implements additional measures to increase data security.