GDPR information clause
Information obligation with regard to personal data protection – GDPR
Who is the controller of your personal data?
The controller of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) is HAX Warias Dariusz, 44-264 Jankowice, ul. Świerklańska 109, using NIP (Tax ID) 642-192-34-49 (hereinafter also referred to as “HAX”).
How can you contact us?
You can contact HAX by phone: +48 32 430 97 85, by email: biuro@hax-serwis.pl or in writing by sending correspondence to our business address.
What type of personal data do we process?
Your personal data will be processed for the purpose of performance of the purchase and sale contract, provision of the services offered and direct marketing of our products and services. HAX processes your personal data to the extent that they are made available by public sources – websites and official registers – or shared by you during and for the purpose of performance of the contract. HAX processes the data necessary to perform the contract, such as: company name, business address, NIP (Tax Number) and contact details, such as: first name and surname of your representative, phone number and email address.
What is the purpose and legal basis for the processing of your personal data by us?
HAX processes your personal data for the purpose of:
- conclusion and implementation of services resulting from the sale and purchase contract and the provision of services (Article 6(1)(b) of the GDPR – processing for the purpose of performance of a contract);
- debt collection (legal basis – Article 6(1)(f) of the GDPR – legitimate interest);
- defence against customer claims (legal basis – Article 6(1)(f) of the GDPR – legitimate interest);
- marketing of own services (legal basis – Article 6(1)(f) of the GDPR – legitimate interest);
- handling complaints (legal basis – Article 6(1)(b) of the GDPR – performance of a contract);
- issuing invoices and accepting payments (legal basis – Article 6(1)(b) and (c) of the GDPR – performance of a contract and compliance with a legal obligation);
- fulfilment of customer requests (legal basis – Article 6(1)(b) of the GDPR – performance of a contract).
Who can view your personal data?
The recipients of personal data are the employees of HAX. In addition, on the basis of relevant contracts, these data may be transferred to entities cooperating with HAX in the performance of services under the contract. The transfer of personal data to the aforementioned entities is made only for the purposes set out in item 1 above.
How long do we process your personal data?
The period of data storage depends on the medium on which the data are stored and on the purpose of their processing. Therefore:
- the data contained in the contract and other media are stored for the duration of the contract, the period enabling the pursuit of claims (three years) and the period necessary to defend against claims made against us (10 years; however, in the case of amendment, this period will be shortened to six years);
- the data contained in invoices are stored for a period of five years, as required by the law.
How do we protect your personal data?
HAX ensures that it applies appropriate technical and organisational measures to guarantee the security of the processed personal data prior to their disclosure. For this purpose, appropriate procedures and documentation as well as safeguards of ICT systems have been introduced.
What are your rights with regard to the processing of your personal data by us?
Persons whose personal data are processed by HAX have the right to request access to their personal data from HAX, as well as their rectification, erasure or limitation of their processing, objecting to their processing, and the right to data portability. Moreover, these persons have the right to withdraw their consent and lodge a complaint with the supervisory body. The supervisory body is the Inspector General for Personal Data Protection / President of the Personal Data Protection Office.
Do you have to provide your personal data?
Providing personal data is completely voluntary, however, failure to provide personal data or their erasure will prevent the performance of the contract.
Additional information
- HAX does not perform profiling in connection with the processing of your personal data, nor does it process personal data automatically, in a manner affecting your rights.
- HAX does not transfer personal data to countries outside the European Economic Area.