GDPR information clause for Mleczarnia Turek Sp z o.o.’s prospects/customers and interested parties 

1) Pursuant to Art. 13(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as GDPR, we would like to inform you that the controller of your personal data is Mleczarnia TurekSp. z o.o. ul. Milewskiego 11, 62-700 Turek, National Court Register Number (KRS) 0000077631, Tax Identification Number (NIP) 6681719786, registered at the District Court in Poznań, 9th Commercial Division of the National Court Register, hereinafter referred to as "Controller".
We have appointed a Data Protection Officer. The function of the DPO is performed by Mr. Robert Gruz, who can be contacted by e-mail to iodatturek [dot] com [dot] pl.

2) Personal data obtained in connection with the conclusion of a contract with you will be processed for the following purposes:
• purposes related to the performance of the contract signed with you or taking steps at your request prior to entering into a contract,
• purposes related to the Controller’s legitimate interests (making possible claims),
• purposes related to the fulfilment of a legal obligation to which the Controller is subject (resulting from tax regulations).

3) Personal data obtained in connection with responding to your inquiry will be processed for the following purposes:
• taking steps at your request prior to entering into a contract,
• purposes related to the Controller’s legitimate interests (presentation of a commercial offer, making possible claims).

4) The following constitute the legal bases for the processing of your data:
• the necessity to perform a contract or to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR),
• the necessity to comply with a legal obligation of the Controller (Article 6(1)(c) of the GDPR),
• the necessity resulting from the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR).

5) Providing personal data is voluntary in each case, but it may be necessary to enter into and perform a contract (prospects/customers) or send an inquiry using a contact form (prospects/interested parties).

6) The personal data obtained from you may be transferred to: entities processing them on our behalf, i.e., entities providing IT services (including hosting services and e-mail providers), accounting and marketing service providers, customer service providers, other companies from our capital group, law firms
and public authorities or entities authorized to obtain data on the basis of applicable provisions of law, e.g., courts, law enforcement authorities or state institutions provided that they make a request based on an appropriate legal basis.

7) Your data will not be transferred to third countries, i.e., countries outside the European Economic Area.

8) The period of processing your personal data depends on the purpose for which the data are processed. The period for which your personal data will be stored is calculated based on the following criteria:
• duration of the contract,
• legal provisions that may oblige us to process data for a certain period of time (especially tax regulations),
• the period that is necessary to pursue our interests.

9) In addition, we would like to inform you that you have the right:
• to access to your personal data,
• to have your incorrect personal data corrected and incomplete personal data supplemented,
• to have your personal data deleted when the Controller has no other legal basis for processing,
• to have the processing of your personal data restricted,
• to object to the processing of your data due to your particular situation in cases where we process your data on the basis of our legitimate interest,
• to have your personal data transferred,
• to lodge a complaint with the supervisory body in charge of the protection of personal data, i.e., the President of the Office for Personal Data Protection.

10) Please be advised that we do not use systems for automated decision making.
Please be advised that in connection with the use of the naturek.pl website and the NaTurek fanpage on Facebook available at https://ww.facebook.com/naturek.ser, we may process your personal data.
 

Information on the processing of personal data of Mleczarnia Turek Sp z o.o.’s contractors, potential contractors and persons acting on behalf of contractors.

Who is the information addressed to?
This clause includes information on the principles of the processing of personal data of:
• potential and current Contractors;
• persons acting on behalf of Contractors
and is provided in accordance with the obligation arising from Art. 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU L of 2016, 119, p. 1 as amended), hereinafter referred to as the GDPR.

Definitions

Contractor - a natural person operating a business or a legal person or other organizational unit with which the Controller has started to collaborate with;
Contract - a business agreement between the Controller and the Contractor;
Persons acting on behalf of Contractors - any natural person who contacts the Controller’s employees and representatives or proxies in order to collaborate with them in business matters; in particular they may be employees of the Contractor or other persons designated by the Contractor or acting on their behalf;
You - natural persons whose personal data are processed by the Controller;

Personal data controller
The controller of your personal data, i.e., the entity determining the purposes and methods of processing your personal data, is Mleczarnia Turek Sp. z o.o., ul. Milewskiego 11, 62-700 Turek; National Court Register Number (KRS) 0000077631, Tax Identification Number (NIP) 6681719786, registered at the District Court in Poznań, 9th Commercial Division of the National Court Register 

Data Protection Officer
The controller has appointed a Data Protection Officer who can be contacted in all matters related to the protection of personal data:
electronically to iodatturek [dot] com [dot] pl or in writing to the above-mentioned address of the Controller’s registered office with the following note "Data Protection Inspector".
Data source and scope of data provided

The controller obtains data directly from data subjects.
However, data of persons acting on behalf of Contractor may be provided to the Controller in the content of contracts entered into or in connection with performing them. The scope of such data includes the name, surname, position, place of work and business contact details.*
The controller may also obtain data from publicly available sources, such as the National Court Register, CEIDG (Central Registration and Information on Business) or the white list of taxpayers in order to collaborate with the Contractor or verify the Contractor’s registration data. The scope of the data obtained corresponds to the scope of publicly available information provided in these registers.*
* This information only applies to persons whose data is not collected directly from them.

 

Purposes of data processing and legal bases therefor

Categories of data subjects Purposes of processing Legal bases
and processing time
 
Rights under the GDPR

Contractors and Potential Contractors (natural persons operating a business)

  • Starting business collaboration;
  • Concluding and performing contracts;
  • Making and defending against possible claims;
  • Presenting the offer of goods and services;
  • Direct marketing;
  • Responding to inquiries;
  • Fulfilling legal obligations (contract settlement)
  • Communication in connection with taking steps prior to entering into a contract, including presenting offers at the request of a potential Contractor and performing a concluded business contract (Article 6(1)(b) of the GDPR);
  • The legitimate interest of the Controller, i.e., being able to make and defend against claims (Article 6(1)(f) of the GDPR);
  • The legitimate interest of the Controller, i.e., the possibility of establishing business relations and answering questions from potential contractors if they do not concern potential or ongoing cooperation (Article 6(1)(f) of the GDPR);
  • Legal obligation resulting from tax regulations, accounting law (Article 6(1)(f) of the GDPR)

Data processing time:

  • Potential Contractors:
    until collaboration is started and a contract concluded (from that moment on the data are processed as the Contractor's data). If no collaboration is started, personal data are immediately deleted, unless their processing is justified by defence against claims; if that is the case, the data are processed until the statute of limitations expires.
     
  • Contractors:
    5 years from the occurrence of the tax obligation, and in the case of making claims – until they are satisfied or the statute of limitations expires.    
  • the right to access your personal data  danych osobowych
  • the right to have your personal data rectified
  • the right to have your personal data deleted
  • the right to have the processing of your personal data restricted
  • the right to have your personal data transferred and
  • the right to object to the processing of personal data for reasons related to your particular situation if personal data is processed on the basis of the legitimate interest of the Controller and
  • the right to lodge a complaint with the supervisory body (President of the Office for Personal Data Protection)
Persons acting on behalf of Contractors (employees and representatives - members of the management board)
  • Starting a business collaboration with the Contractor on behalf of which this person acts;
  • Presenting a business cooperation offer;
  • Enabling the conclusion and performance of a Contract with the entity on behalf of which this person acts;
  • Making and defending against possible claims;
  • Presenting the offer of goods and services;
  • Direct marketing;
  • Responding to inquiries.
  • The legitimate interest of the Controller, i.e., the proper compliance with business obligations and contact with persons acting on behalf of the Contractors in related matters (Article 6(1)(f) of the GDPR);
  • The legitimate interest of the Controller, i.e., the possibility of establishing business relations and answering questions from potential or current Contractors (Article 6(1)(f) of the GDPR);
  • The legitimate interest of the Controller, i.e., the possibility to make and defend against claims (Article 6(1)(f) of the GDPR);

       Data processing time: 

  • Data indicated in the Contracts 5 years from the occurrence of the tax obligation, the basis of which is the Contract concluded between the Contractor and the Controller, and in the case of making claims – until they are satisfied or the statute of limitations expires;
  • Data processed in connection with correspondence  - for a period of 3 years after receiving the message. In the case of claims related to acting on behalf of a customer or contractor – until they are satisfied or until the statute of limitations expires.
  • the right to access your personal data  danych osobowych
  • the right to have your personal data rectified
  • the right to have your personal data deleted
  • the right to have the processing of your personal data restricted and
  • the right to object to the processing of personal data for reasons related to your particular situation when personal data is processed on the basis of the legitimate interest of the Controller and
  • the right to lodge a complaint with the supervisory body (President of the Office for Personal Data Protection)

Data recipients
Your personal data may be made available to entities providing support in the following fields:  IT services, including hosting and e-mail providers, debt collection services, customer service.
Recipients may also be entities providing the Controller with specific services being separate data controllers (telecommunications and mailing companies, banks, law firms) legally or contractually obliged to maintain confidentiality.
The Data Protection Officer can provide you with detailed information on the recipients of your personal data.

Voluntary provision of data
Providing data is necessary to enter into contracts and comply with legal obligations. Failure to provide them will prevent the conclusion or performance of the Contract, including the issuance of an invoice. In other cases, providing data is voluntary.

*This information applies only to persons whose data is collected directly from them.

Information about automated decision making
No decisions that might have legal effects on you or otherwise significantly affect you are made by the Controller solely on the basis of automated processing, including profiling.

Information on data transfer outside the European Economic Area
Your personal data will not be transferred to third countries, i.e., to countries outside the European Economic Area.