GDPR

Rodo – uk 2019-09-15T13:57:11+00:00

Information obligation

The information obligation results from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

Data Controller

The Controller of your personal data is ZETO S.A. in Poznań with its registered office at ul. Fredry 8a, 60-967 Poznań.

Data Protection Officer

A Data Protection Officer has been appointed in ZETO S.A. in Poznań.

Contact details of the Data Protection Officer:

  • e-mail: iod@zeto.com.pl
  • Postal address: Inspektor Ochrony Danych, ZETO S.A. w Poznaniu, ul. Fredry 8a, 60-967 Poznań

Objectives and legal basis, retention period for personal data processing by ZETO S.A. in Poznań

ZETO S.A. in Poznań identifies the purpose and legal basis for the data processing and defines the data retention period every time before the start of the personal data processing activities.

When we are bound by an agreement, we process your personal data for the purpose of performance of the agreement or its conclusion when you request it, and we will process your data for at least 6 years due to the requirements of tax law. If we do not have this legal basis, we may process your data due to legal requirements imposed on us by Polish or European law. On occasion, we may also process your personal data for our legitimate interests, e.g. save your name, surname and ID card number when you visit our premises to ensure security and we will process it for one year. If we do not identify any of the above legal grounds, we will ask you for your consent to process your data for e.g. marketing purposes and we will process your data until you withdraw your consent or until the purpose of the processing is no longer met (end of marketing activities).

Each time we will make every effort to inform you of the purpose of the processing of your personal data, the legal basis for the processing, the retention period and all other information required by the GDPR as part of the information obligation.

The Company processes personal data for the following purposes: 

  • the necessity to perform the Agreement pursuant to Article 6(1)(b) of the GDPR (in the case of Users who have concluded such an agreement),
  • marketing of the products or services provided by ZETO S.A. pursuant to Article 6(1)(a) of the GDPR, subject to appropriate and voluntary consent,
  • resulting from legally justified interests pursued by ZETO S.A. in Poznań within the meaning of Article 6(1)(f) of the GDPR.

Recipients of personal data

Your personal data may or will be transferred to:

  • suppliers of IT systems with which the Data Controller cooperates,
  • external law firms,
  • authorised entities upon documented request,
  • the security company.

Your rights towards ZETO S.A. in Poznań with respect to the processing of data

You have the right to access, rectify, erase or restrict your data, the right to object to its processing, the right to transfer the data and the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing carried out on the basis of consent prior to its withdrawal.

In case of doubts related to the processing of personal data, each person may request information from the Company. Irrespective of the above, each person has the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection.

Security of your data

ZETO S.A. makes every effort to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. In the event that the Data Controller wishes to obtain additional personal data about you or use such data for other purposes, you will be informed of this fact. If the actions taken by the Data Controller require additional consent, we will contact you with a request for such consent. Please note that consent to the processing of personal data is voluntary and is entirely subject to your own discretion and does not affect your cooperation with ZETO S.A. in Poznań.

Procedure for processing applications to the Data Protection Officer

The request may be submitted directly to the Data Protection Officer. It will be dealt with immediately. If the verification of the ability to meet your request lasts more than one month, you will be informed of the extension of the time limit for a reply in a separate letter. Such an extension may be possible due to the complexity of the request or the number of requests submitted.

If the request does not allow for your unambiguous identification or is unclear, the Data Protection Officer will ask you to supplement it within one month from the receipt of the request.

If the request is made in electronic form, further correspondence will also be made in this form, if possible. In other cases, you will be informed of the manner in which the application has been examined in writing by registered letter with acknowledgement of receipt.

The handling of the request is free of charge. However, if the request is manifestly unfounded or is repeated frequently, the Data Controller may charge a reasonable fee which includes reasonable administrative costs for processing the request, communication or handling the requested operations, or may refuse to process the request.

The Data Protection Officer may be contacted by e-mail at the following address:

  • e-mail: iod@zeto.com.pl
  • Postal address: Inspektor Ochrony Danych, ZETO S.A. w Poznaniu, ul. Fredry 8a, 60-967 Poznań

Information obligation:

Your personal data will be processed for the purpose of handling the request. Its processing is necessary due to the Data Controller’s obligation to exercise the rights of the data subjects indicated in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Your personal data will be processed in order to verify your identity and to process your request correctly. Your personal data will be processed for the period necessary for the handling of the request and for a further period of 5 years in order to defend against any claims to which you are entitled or to pursue any claims to which the Data Controller is entitled. Your personal data may be transferred to external entities providing IT technical support services as well as to external law firms.

You have the right to access the content of your data and the right to rectify, delete or limit its processing, the right to transfer data and the right to object to its processing.

You also have the right to lodge a complaint with the competent supervisory authority in the field of personal data protection. The provision of personal data by you is voluntary and is also a prerequisite for the processing of your a request.

Transfer of data to countries outside the European Economic Area

Your personal data will not be transferred outside the European Economic Area.

Automatic processing of your personal data, including by means of profiling

Your personal data will not be processed automatically (including in the form of profiling).