Privacy policy and GDPR
GDPR (General Data Protection Regulation) refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 which regulates the protection of personal data of natural persons within the European Union.
The purpose of GDPR is to strengthen and harmonise personal data protection rules in the European Union.
We have worked out this Privacy Policy because we take care of the personal data of the persons who cooperate with us.
This Privacy Policy is intended to provide information about what personal data we collect, for what purposes, how we use the data and who we are. It is also intended to indicate the rights you have in connection with our processing of your personal data.
Who is the personal data controller?
We kindly inform that the Controller of your personal data is:
- Drukarnia Interak Sp. z o.o. with its registered office in Grzępy 50, 64-700 Czarnków
District Court Poznań – Nowe Miasto i Wilda in Poznań, 9th Commercial Division of the National Court Register KRS (National Court Register number): 0000208226, NIP (tax identification number): 7631967293, REGON (National Official Business Register number): 572130389
hereinafter referred to as “Personal Data Controller”.
Contact regarding data protection is possible in the following manner:
- by e-mail to: iod@interak.pl
- by post to: Drukarnia Interak Sp. z o.o., Grzępy 50, 64-700 Czarnków, with an annotation “GDPR”.
Data Protection Officer
We kindly inform that we have appointed a Data Protection Officer. If you have any questions about personal data protection, please contact:
- Łukasz Pakuła
- iod@interak.pl
- +48 882 014 160
Personal data security
By taking care of the security of all data in our company, and in particular to ensure confidentiality and integrity, we have implemented appropriate technical and organisational measures, such as:
- we carry out a risk analysis on an ongoing basis in order to properly adjust the solutions to the potential risks related to violations
- only authorised persons have access to the data and only to the extent necessary for the performance of their tasks
- we sign entrustment agreements with the entities to which we commission the processing of personal data on an ongoing basis and we also ensure that these entities guarantee the highest level of security
- access to the systems is strictly controlled, according to security procedures
Whose personal data will we be processing?
As Personal Data Controller we process the following personal data:
- of our customers – recipients
- of our contractors – suppliers
- of the entities whose data we receive as part of cooperation
- of the persons representing the entities we work with
- of the entities with which we will want to cooperate or have business relations
- and of other entities that we are currently unable to identify
What are the purposes and grounds for processing personal data?
In order to provide services in accordance with the scope of our activities, the Personal Data Controller processes your personal data for various purposes but always in accordance with the law.
We process the personal data that we receive from you in connection with the use of the services provided by us but also during your contacts with us.
Below you will find the purposes of personal data processing together with the appropriate legal basis:
What is the purpose of data processing? | What data do we process? | What is our legal basis for data processing? |
---|---|---|
Taking action before concluding a contract for the provision of our services on the initiative of the Controller and the data subject | First and last name, company name, contact details, address details, tax identification number, information contained in public registers and other information you provide us with |
|
Conclusion and implementation of a contract | First and last name, company name, contact details, address details, tax identification number, bank account number, information contained in public registers and other information you provide us with |
|
The performance of our legal obligations, e.g.: issuing a VAT invoice, accounting documents and making tax settlements | First and last name, company name, contact details, address details, tax identification number, bank account number, information contained in public registers |
|
Ongoing contact in connection with the implementation of a contract binding upon us but also handling complaints, claims and requests | First and last name, company name, contact details, address details and other information we have received from you under our contract |
|
Investigation, defence and assertion of a claim | First and last name, company name, contact details, address details, tax identification number, bank account number, information contained in public registers and other information you provide us with |
|
Storage of offers/questions submitted | First and last name, company name, contact details and other information you provide us with |
|
Archival and evidential purposes | First and last name, company name, contact details, address details, tax identification number, bank account number, information contained in public registers and other information you provide us with |
|
Implementation of direct marketing in relation to the entities that we cooperate or have cooperated with | First and last name, company name, contact details, address details, tax identification number, information contained in public registers |
|
Performing direct marketing in our own name to potential customers | First and last name, company name, contact details, address details, tax identification number, information contained in public registers |
|
Sending newsletter | First and last name, company name, contact details, address details, tax identification number, information contained in public registers |
|
Verification of business partners | First and last name, company name, contact details, address details, tax identification number, information contained in public registers, financial data, information contained in business information bureaus |
|
Creation and administration of accounts in our information systems, e.g. in the online shop | First and last name, company name, contact details, address details, tax identification number, information related to your activity in the system and with order handling and processing, and other information you provide us with |
|
How do we process your data in social media?
- The Personal Data Controller has company profiles on social media such as LinkedIn, Google My Business, YouTube, Facebook, Instagram. In connection with our profiles, we process the personal data of the people who enter our profile, regardless of whether they are active (e.g. write a comment, click ‘I like’ or start observing our social media activities) or not.
- What do we run our social media profiles for?
- to promote our services and products, to inform about our promotions, competitions
- to provide information about the events in which we take part or in which we would like you to take part, e.g. fairs, training sessions, events
- for statistical and analytical purposes
- to establish, defend and assert claims
- Our legal basis for the processing of personal data in connection with the social medial profiles is Article 6(1)(f) of GDPR – legitimate interest of the Controller. Technically speaking, it is in our interest to build and promote our brand, to improve our services and products and – in some situations – to establish, defend and assert claims.
How to exercise the right to withdraw consent?
- If the processing of your personal data is based on your consent, you may withdraw the consent at any time, at your own discretion.
- you wish to withdraw your consent to the processing of your personal data, it will be sufficient to:
- send an e-mail to: iod@interak.pl
- send a letter directly to the Personal Data Controller to the following address: Drukarnia Interak Sp. z o.o., Grzępy 50, 64-700 Czarnków, with an annotation “GDPR”.
- If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data illegal up to that point. In other words, until your consent is withdrawn we have the right to process your personal data and the withdrawal of your consent does not affect the lawfulness of the processing so far.
Requirement to provide personal data
- The provision of any personal data is voluntary and depends on your decision. However, in some cases it is necessary to provide certain personal data in order to allows us to meet your expectations towards using our service.
- In order to receive a trade offer it is necessary to provide your e-mail address – without this we are not able to meet your expectations and maintain the highest quality of service, which we care about.
Do we have automated decision making and profiling?
We kindly inform that we do not make automated decisions, including those based on profiling.
Who can we give your personal information to?
- We can transfer your data to:
- our employees and associates who must have access to the data in order to perform our obligations or actions for you
- the entities related to Interak printing house: Print Up Sp. z o.o. with its registered office in Grzępy 50, 64-700 Czarnków, Eulotki Sp. z o.o. with its registered office in Grzępy 50, 64-700 Czarnków
- Like most enterprisers, we also use the help of other entities in our activity, which often involves the necessity to provide and share personal data. Therefore, if necessary, we pass on your personal data to the following recipients:
- the entities that provide marketing services for us
- the entities that operate our IT and ICT systems
- the entities that provide us with IT and ICT systems
- the entities that provide us with the hosting service
- the entities that carry out payment activities (banks, payment institutions)
- the entities that carry out credit (banks), leasing and factoring activities
- the entities that carry out insurance activities
- the entities that operate in the postal, courier and transport sector
- the entities that provide services to us concerning the safety of persons and property
- the entities that provide advisory, audit, legal, tax and debt collection services for us
- In addition, it may happen that, for example, on the basis of a relevant legal provision or decision of a competent authority, we will also have to pass on your personal data to other entities, whether public or private, such as the Social Insurance Institution (ZUS), the Tax Office, the National Revenue Administration, etc.
It is extremely difficult for us to predict who may request personal data. However, for our part, we ensure that every time a request for the provision of personal data is filed, we analyse it very carefully and thoroughly so that we do not inadvertently pass on information to an unauthorised person.
Do we transfer your personal data to third countries?
We kindly inform that in connection with the use of suppliers’ services in the field of project management. your personal data may also be transferred outside the European Economic Area – to the United States. When we cooperate with external companies that provide the above services to us, we take every effort to ensure that the processing of your data is secure and complies with the applicable laws.
How long can we keep your personal data?
- In accordance with the applicable laws, we process your personal data for the time necessary to achieve the stated purpose. After this period, your personal data will be irreversibly deleted or destroyed.
- With regard to individual periods of personal data processing, we kindly inform that we process personal data for:
- the duration of the contract and also after its termination or expiry, but for no longer than 7 years – with regard to the personal data processed for the purpose of conclusion and performance of the contract
- up to 10 years – with regard to the personal data processed for the purpose of establishing, asserting or defending claims, but no longer than it is required by applicable law
- up to 3 years – with regard to the personal data which were collected in connection with the offer and at the same time no immediate contract was concluded
- up to 7 years – with regard to the personal data related to the fulfilment of tax law obligations, e.g. storage of invoices, bills
- until consent is withdrawn or the purpose of the processing is achieved, but for no longer than 3 years – with regard to the personal data processed on the basis of consent
- until the effective objection is raised or the purpose of the processing is achieved, but for no longer than 3 years – with regard to the personal data processed on the basis of the Controller’s legitimate interest or for marketing purposes
- until they become obsolete or no longer useful, but for no longer than 5 years – with regard to the personal data processed mainly for the purpose of using cookies and administering the website
- Periods in years are counted from the end of the year in which we started processing personal data in order to improve the process of removing or destroying personal data. Separate counting of the date for each event would entail material organisational and technical difficulties as well as significant financial outlays, hence setting a single date for deleting or destroying personal data allows us to manage this process more efficiently.
- “Right to be forgotten”: If you exercise your right to be forgotten, such situations are dealt with individually.
What rights do you have?
- We kindly inform you that you have the following rights:
- the right to access the content of your personal data – i.e. to obtain information on the purpose and method of processing your personal data and a copy of your data
- the right to rectify data – i.e. to correct data when it is erroneous, has changed or has become outdated
- the right to partial or complete deletion of data (“Right to be forgotten”) – i.e. to delete the data that are processed without legitimate legal grounds
- the right to limit the processing – i.e. to limit the processing of data to storage only
- the right to transfer data – i.e. to obtain your personal data that you have transferred to us or to indicate another controller to whom we should transfer it, if technically possible
- the right to object with regard to the personal data provided on a voluntary basis – i.e. for direct marketing purposes
- the right of withdrawal – you can withdraw any consent you have given us at any time. Please note that we will no longer process your data for the purpose you have indicated, but until your consent is withdrawn we have the right to process your data
- We respect your rights under data protection legislation and try to facilitate their exercise as much as possible.
- We point out that the rights mentioned above are not absolute and, therefore, in some situations we may legitimately refuse to exercise them. However, we may refuse to take a request into consideration only after a careful examination and only if it is necessary to refuse the request.
- With regard to the right to object, you have the right to object to the processing of your personal data at any time on the basis of the legitimate interest of the Personal Data Controller in your particular situation. However, you must note that under the applicable legislation, we may refuse to take your objection into account if we can prove that:
- there are legitimate grounds for processing which take precedence over your interests, rights and freedoms or
- there are grounds for establishing, investigating or defending claims
- Furthermore, you can object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving your objection, we will cease processing for this purpose.
- You can exercise your rights by:
- sending an e-mail to: iod@interak.pl
- sending a letter directly to the Personal Data Controller to the following address: Drukarnia Interak Sp. z o.o., Grzępy 50, 64-700 Czarnków, with an annotation “GDPR”.
You have the right to file a complaint to the data protection authority
- President of the Personal Data Protection Office
- Urząd Ochrony Danych Osobowych (Personal Data Protection Office), ul. Stawki 2, 00-193 Warszawa, Poland
Final provisions
- To the extent not regulated by this Privacy Policy, the regulations on personal data protection apply, including but not limited to:
- GDPR: the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)
- The Act of 10 May 2018 on personal data protection
- The Act of 21 February 2019 on changes of certain laws in connection with the ensuring of the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Any changes to this Privacy Policy shall be published on our website.
- This Privacy Policy is effective as of 2 March 2020 and fully replaces the previous version of 25 May 2018.