We care for the security of your data
Our personal data that we provide to various entities is one of our most valuable things we have. Everyone has the right to privacy, a sphere protected by law. The recently observed development of information technologies: computer networks, the Internet, mobile telephony and cloud computing, etc., has increased the importance of personal data protection, leading to changes in legal regulations.
Below we present the basic information on the new personal data protection provisions introduced in the General Data Protection Regulation, the so-called ‘GDPR’.
- What is GDPR?
GDPR is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
- What is the purpose of GDPR?
GDPR directly and comprehensively regulates the protection of personal data in the European Union. The purpose of the regulation was to limit the diversity of regulations between individual Member States. GDPR introduces new solutions and strengthens the existing requirements. It also introduces many new rights for individuals and responsibilities for data controllers.
Note! In connection with GDPR, you do not need to contact us additionally, just read the information available on this site.
- Since when will GDPR apply?
The new regulations will apply in all EU Member States as of 25 May 2018.
- What is personal data?
Personal data is all information about an identified or identifiable natural person. Personal data is, for example, a person’s name, email address, address, telephone number.
- Who are data subjects?
Data subjects are natural persons to whom personal data relates. For example, a customer of an online store, an employee, a sole trader, or a holder of a bank account.
- What is personal data processing?
Personal data processing means the operation or a series of operations performed on personal data or personal data sets in an automated or non-automated way. For example, collecting, recording, organising, storing, transferring, displaying, using, deleting or destroying data.
- Who is data Controller?
A Controller (Personal Data Controller) is an entity that defines the purposes and methods of personal data processing, i.e. decides how and why personal data is processed.
- Who is data Processor?
A Processor is a natural or legal person who processes personal data on behalf of the Controller. The Processor may process personal data only on the basis of a written agreement that imposes some mandatory conditions stipulated in the GDPR on the Processor.
Information on personal data processing performed
by Credin Polska Sp. z o.o.
We are the Controller of your personal data. This means that we are responsible for its safe use compliant with applicable law.
Contact details of the Controller:
Credin Polska Sp. z o.o., ul. Czysta 6, 55-050 Sobótka
What data should be provided to us?
We collect and process data only to the extent necessary to achieve the purposes for which it was collected, provided for in applicable law. The scope of the data will vary depending on the purpose for which the data is being processed.
For what purpose and on what basis do we use your personal data?
We obtain your personal data on the following basis and process it for the following purposes:
- to conclude and perform the agreement between us (under Article 6(1)(b) of the GDPR), including the fulfilment of orders placed within the term of the agreement and settlements after its termination;
- to fulfil our legal obligations (under Article 6(1)(c) of the GDPR), e.g.:
- to issue and store invoices and accounting documents,
- to enable provision of services and responding to complaints on time and in the form stipulated by law,
- to hire employees, provide social benefits, organise work.
We will use the data needed to fulfil legal obligations:
- during the fulfilment of duties, e.g. issuing an invoice,
- for the period in which the regulations require us to store data, e.g. financial or tax data;
- in our legitimate interest (under Article 6(1)(f) of the GDPR),g.:
- to determine, defend and pursue claims, which includes the sale of our debts to another entity – for the period after which the claims expire,
- to promote the Controller’s brand and products – until you object to it,
- to generate breakdowns, reports and statistics – within the term of the agreement, and then no longer than for the period after which the claims expire.
If it is not necessary for us to use your data for the conclusion or performance of an agreement, fulfilment of a legal obligation or it is not our legitimate interest, we may ask for permission to use the data for a specific purpose. You can withdraw your consent at any time, and the withdrawal of consent will not affect the lawfulness of the processing of your data prior to the withdrawal of consent.
What categories of personal data do we process?
In particular, we process the personal data of:
- our customers and business partners as well as the employees of our customers and business partners,
- our employees and contractors performing activities for the Data Controller,
- the persons who signed lease, purchase, service or sale agreements with us,
- the persons who use social media with regard to the promotion of our products,
- the persons staying on the premises of the Data Controller.
We also process the personal data of other data controllers that has been entrusted to us to enable the provision of our services.
The data is processed in accordance with the requirements of applicable law and contractually agreed terms.
Who do we transfer your data to?
We transfer your data to:
- the entities of the group of companies to which the Controller belongs (ORKLA),
- the entities processing data on our behalf, participating in the performance of our activities:
- entities that provide consulting, auditing, IT, training, external security, legal, and advertising services, including entities promoting or mediating the sale of products offered by the Controller,
- entities providing services to our employees, including handling social packages, medical services, etc.
- entities authorised to request personal data under applicable law: Social Insurance Company ZUS, Tax Office, supervision authorities, National Labour Inspectorate PiP, etc.,
- other data controllers that process data on their behalf:
- transport providers (travel agencies and airlines – for business travel),
- providers of postal or courier services,
- providers of payment services (banks, payment institutions)
- entities purchasing receivables – in the event of payment arrears.
Objection and your other rights with regard to your personal data
Under applicable law, you can at any time object to:
- the processing of your data (including profiling) for the needs of direct marketing,
- the processing of your personal data (including profiling) if the basis for the use of data is our legitimate interest.
You can submit a request to us (regarding your personal data) asking for:
- correction of your data,
- removal of the data processed groundlessly or placed on our websites,
- restriction of processing (discontinuation of data operations or non-removal of data – as requested),
- access to data (information about the data processed by us and a copy of data),
- transfer of your data to another data controller.
You also have the right to lodge a complaint to the President of the Office of Personal Data Protection if you believe that the processing of your personal data violates the law.
You will find more information about the above rights in the Rights tab.
Right to correct data – exercising this right you can ask us to correct incorrect data or supplement data due to an error in the collection or processing of data.
Right to remove data (right to be forgotten) – exercising this right you can submit a request to delete data. If the request is justified, we will delete the data without delay.
Right to restrict processing – exercising this right you can submit a request to limit the processing of data, e.g. in case of questioning the correctness of the data being processed. If the request is justified, we can only store the data. The processing of data will only be resumed after the reasons justifying the restriction of processing have ceased to exist.
Right to access data – exercising this right you can obtain information on what data we process, how and for what purpose we do it.
Right to transfer data – exercising this right you can ask us to transfer your data directly to another controller and to obtain a copy of the data in a structured, machine-readable format, so that you can transfer the data yourself to another controller.
The scope of each of these rights and the situations in which they can be exercised result from applicable law. Your entitlement to exercise these rights depends, for example, on the legal basis for our use of your personal data and the purpose of its processing.
Will your data be transferred beyond the European Economic Area (EEA)?
All transfers of personal data within the European Economic Area (EEA) (including the European Union, Norway, Lichtenstein and Iceland) are carried out in accordance with applicable law. We are not currently planning to transfer your data outside of the EEA.
We do not apply automated decision-making with regard to your personal data.