- Personal data collected by Automationstechnik Sp. z o.o. via the website are processed pursuant to Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Processing Regulation, hereinafter also referred to as the GDPR).
- Automationstechnik Sp. z o. o. exercises particular diligence to respect the privacy of Users visiting the website.
Who is the data controller?
The owner of the website and, at the same time, the data controller is Automationstechnik Sp. z o.o. with its registered office at ul. Rzemieślnicza 1, 30-363 Kraków, entered in the register of entrepreneurs maintained by the District Court for Kraków-Śródmieście in Kraków, 11th Economic Division under entry No. KRS 0000191568; State Statistical No. (REGON) 003915177; VAT Reg. No. (NIP) 6791168790 (hereinafter referred to as the Company).
What data are processed, for what purpose and what is the legal basis for the processing?
Personal data of Users are collected in case of:
a) contact with the Company via telephone, e-mail or post;
b) sending an inquiry with the use of a contact form on the website for the purpose of receiving answer to questions in line with the legitimate interest of the data controller (Art. 6.1.f of the GDPR);
c) dispatch of trade and marketing information via means of electronic communication.
In the contact form, the User provides personal data, i.e. first name and surname, company name, city, company’s address, e-mail address and contact number.
Provision of data is always voluntary, yet necessary for receiving an answer to the submitted inquiry.
Dispatch of trade and marketing information via means of electronic communication takes place after procuring your consent in advance. Such consent may be revoked at any moment. It is enough to send information about revoking consent to the following address: firstname.lastname@example.org.
d) sending personal data contained in the contact form and application documents contained in the Career tab for the following purposes:
- to carry out a recruitment process for a position for which a Candidate applies. The processing of the Candidate’s personal data is carried out on the basis of the provisions of the Labour Law (Art. 6.1.c of the GDPR); furthermore, processing of data is necessary for performance of activities prior to entering into an agreement (Art. 6.1.b of the GDPR), and within the scope of personal data not required under legal provisions – the legal basis for the processing is the Candidate’s consent (Art. 6.1.a of the GDPR);
- to carry out future recruitment processes, provided the Candidate granted approval for the processing of personal data for such purpose – the legal basis in such case is the Candidate’s consent (Art. 6.1.a of the GDPR);
- potential determination, investigation or defence against claims – the legal basis for the processing of personal data shall be the legally justified interest of the Data Controller consisting in the possibility of determining and seeking claims (receivables) or defence against such claims (Art. 6.1.f of the GDPR).
In the contact form in the Career tab, the User provides his/ her personal data, i.e. first name and surname, e-mail address and contact number. Additionally, the Candidate sends recruitment documents containing personal data.
Provision of personal data is necessary to take part in the recruitment process. Additional personal data not listed in legal provisions (e.g. image, hobbies) are processed by the Data Controller on the basis of the Candidate’s voluntary consent, which was given when sending his/ her recruitment application to Automationstechnik Sp. z o. o. and provision of such data does not influence the possibility of participating in the recruitment process.
The Candidate may withdraw the consent for the processing of personal data for recruitment purposes at any moment, it is sufficient to send information about the withdrawal of consent to the following e-mail address: email@example.com.
e) when using the website, additional information may be collected, in particular: IP address assigned to the User’s computer or external IP address of the Internet supplier, domain name, type of browser, time of access and type of operating system. The legal basis is the legitimate interest of the Data Controller (Art. 6.1.f of the GDPR) consisting in facilitation of use of services provided electronically and improvement in functionality of such services.
Who are data made available to or entrusted to?
Personal data may be disclosed to persons authorised by Automationstechnik Sp. z o.o., i.e. employees and contractors, entities providing services for the Company, including technical and organisational services, services in the area of maintaining electronic mail, as well as other entities/ persons/ bodies within a scope and upon principles specified in legal provisions.
In case it is necessary to make personal data available to third parties, Automationstechnik Sp. z o.o. requires them to observe confidentiality and safety of information and use such data exclusively for ensuring correct functioning of a given service. The Company always concludes relevant entrustment agreements with entities to which it makes personal data available.
How long are personal data stored?
- Personal data of Candidates for work submitted to Automationstechnik Sp. z o.o. for recruitment purposes are processed until the end of the recruitment process for a given position, and in case the Candidate has given his/ her consent, also for purposes of future recruitment, for a period specified in the consent clause, i.e. for two years.
- The User’s personal data processed for the purpose of servicing inquiries are processed by the Data Controller during the term of the correspondence and subsequently, depending on the results, will either be stored in the database of the Company’s clients/ contractors or will be processed further for the purpose of implementing an agreement or will be removed if there is no possibility of establishing cooperation.
- Personal data used for the dispatch of trade and marketing information via means of electronic communication are stored until the person withdraws consent for the processing.
- The website administrator will also store personal data of the User and use them if necessary to determine or to seek claims or to defend against claims, until the moment of expiry of such claims.
Are data transferred outside of the European Economic Area?
Personal data are not transferred to a third country/ an international organisation.
Is any automated data processing performed?
Personal data are not processed in an automated mode (including in the form of profiling).
What are cookies?
Cookies are IT data, in particular text files which are stored on the end device of a User of a website and are intended to make use of such website. Cookies usually contain the name of the website from which they derive, the time of storage on the end device and a unique number.
Which cookies does the website use?
Two types of cookies are used as part of the website.
- “Session” cookies, i.e. transient cookies, which are stored on the User’s end device until logging out, leaving the website or turning off the Internet browser. Session cookies are necessary for correct operation of the website. They allow for safe logging on the website.
- “Persistent” cookies are stored on the User’s end device for a time specified in the cookies parameters or until their removal by the User.
The website uses the following cookies:
- “functional” which are used to store such information as login or password which accelerates and facilitates the use of website;
- “statistical” thanks to which the website may be optimised in line with the Users’ preferences;
- “advertising” which allow the Users to receive advertisements adjusted to their individual preferences and interests;
- “social media” which allow for integration of social networking sites which the User uses with the website.
In a number of cases, the software used to browse websites (Internet browser) allows for the storage of cookies on the User’s end device by default. Users may change settings pertaining to cookies at any moment. Such settings may be changed in particular in a manner to block the automatic servicing of cookies in the browser settings or to inform the User every time cookies are saved on the User’s end device. Detailed information about the possibility and the modes of servicing cookies are available in the software settings (Internet browser). No blocking means that the User agrees for the storage of cookies.
What are the Users’ rights?
- The right to withdraw consent – legal basis: Art. 7.3 of the GDPR.
a) The User has a right to withdraw every consent given to Automationstechnik Sp. z o.o.
b) Withdrawal of consent is effective as of the moment of withdrawal.
c) Withdrawal of consent does not affect processing done by the Company in line with the law prior to withdrawal.
d) Withdrawal of consent does not have any negative consequence for the User, yet it may render further use of services or functionalities impossible which, in compliance with the law, the Company may only provide on the basis of a consent.
- The right to object against the processing of data: legal basis: Art. 21 of the GDPR.
a) The User has a right to file an objection at any moment – due to causes related to the User’s special situation – against the processing of his/ her personal data, including profiling, if the Company processes his/ her data on the basis of legitimate interest.
b) If the User’s objection is valid and the Company has no other legal basis to process the personal data, data with respect to which the User filed an objection shall be removed.
- The right to remove data (“right to be forgotten”) – legal basis: Art. 17 of the GDPR.
a) The User has a right to demand removal of all or some of personal data.
b) The User has a right to demand removal of personal data if:
- personal data is no longer necessary for purposes for which it was collected or for which it was processed;
- the User withdrew the specific consent in the scope in which the personal data were processed on the basis of the User’s consent;
- data were processed in breach of the law.
c) In spite of the request for removal of personal data, in relation to filing an objection or revocation of a consent, the data controller may retain certain personal data in a scope in which processing is necessary to determine, seek or defend against claims. In particular, this refers to personal data encompassing: first name, surname, e-mail address, which are retained for complaint processing purposes and claims related to the use of the Company’s services.
- The right to limit the processing of data: legal basis: Art. 18 of the GDPR.
a) The User has a right to demand limitation of processing of his/ her personal data exclusively to the storage of such data or performance of activities agreed with the User, if, in the User’s opinion, the Company possesses incorrect data about the User or the Company processes such data without a legal basis, or the User does not want the Company to remove them as they are indispensable for determining, seeking or defending against claims or for the time of lodging an objection against data processing.
b) The User shall have a right to demand limitation of the use of personal data in the following cases:
- when correctness of personal data is contested: then, the Data Controller limits the use of such data for the time necessary to verify the correctness of data, however not longer than for 7 days;
- when the processing of data is inconsistent with the law and instead of data removal, the User demands limitation of the use of data;
- when personal data ceased to be necessary for the purposes for which they were collected or used, but they are necessary for the User for the purpose of determining, seeking or defending against claims;
- when the User objected against the use of his/ her data – in such case, the limitation takes place for the time necessary to decide whether – on account of the special situation – the protection of interests, rights and freedoms of the User is prevailing over the interests of the Data Controller implemented when processing the User’s data.
- Right to access data: legal basis: Art. 15 of the GDPR.
a) The User has a right to receive a confirmation from the Data Controller whether the Data Controller processes his/ her personal data and if such processing takes place, the User has a right to:
- obtain access his/ her personal data;
- obtain information about purposes of processing, categories of processed personal data, about recipients or categories of recipients of such data, planned period of storing the User’s data or about the criteria for determining such period (when determination of the planned period of data processing is impossible), about rights with which the User is vested pursuant to the GDPR and the right to file a complaint to a supervisory body, about the source of such data, about automated decision making, including profiling, and about security measures applied in relation to the transfer of such data outside of the European Union;
- receive a copy of his/ her personal data;
- Right to rectify data: legal basis: Art. 16 of the GDPR.
- Right to transfer data: legal basis: Art. 20 of the GDPR.
a) The User has a right to receive his/ her personal data that was provided to the Data Controller and subsequently send such data to another selected personal data controller. The User also has a right to demand that personal data are sent by the Data Controller directly to such other data controller, if this is technically possible. In such case, the Data Controller shall send the personal data of the User in the form of a file in a commonly used, machine readable format, allowing for the dispatch of received data to other personal data controller.
- In case the User wishes the exercise the above rights, the Data Controller complies with the request or refuses to comply with it immediately, however not later than within a month from receiving such request. However, if – on account the complex nature of the request or the number of requests – the Data Controller cannot fulfil the request within a month, it shall be fulfilled in the course of subsequent two months, and the User shall be informed in advance within a month from sending the request about the extended deadline and its causes.
- The User may file complaints, inquiries and applications to the Data Controller pertaining to the processing of his/ her personal data and exercise of the User’s rights.
- The User has a right to file a complaint to the President of the Personal Data Protection Office, within the scope of violation of his/ her rights to protection of his/ her personal data or other rights granted pursuant to the GDPR.
How are personal data protected?
Automationstechnik Sp. z o.o. possesses proper security measures, including physical, electronic and procedural, used for the protection of personal data from loss, destruction, improper use and unauthorised access or disclosure. For example, Automationstechnik Sp. z o.o. restricts access to such information to authorised employees and contractors who have to know such information as part of their work, as well as suppliers of services of third parties, who may process such data exclusively in compliance with the instructions provided by Automationstechnik Sp. z o.o.