Privacy policy

INFORMATION OBLIGATION CONCERNING THE PROCESSING OF PERSONAL DATA BY STAL-SERVICE Sp. z o.o.

In accordance with the Regulation of the European Parliament and of the Council (EU) no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”), STAL-SERVICE Spółka z ograniczoną odpowiedzialnością (hereinafter: “STAL SERVICE Sp. z o.o.” or “Company”) is the Controller of the personal data and hereby informs about the processing of your personal data.

I. Personal Data Controller
STAL-SERVICE Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Hołubcowa 123, 02-854 Warsaw, registered in the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register under the KRS no. 0000177163, REGON 012855590, NIP 525-19-72-252.

I.1 Information about the Personal Data Controller

The main business activities of STAL-SERVICE Sp. z o.o. are as follows:

  • commercial,
  • production and laying of iron and steel rods,
  • services concerning reinforcement,
  • promotional and advertising.

I.2 Contact Details

In cases related to the protection of your personal data, please contact the Controller at:

STAL-SERVICE Spółka z ograniczoną odpowiedzialnością 
ul. Hołubcowa 123, 02-854 Warsaw
or
STAL-SERVICE Spółka z ograniczoną odpowiedzialnością
Production Plant
05-126 Nieporęt, Stanisławów Pierwszy, ul. Strużańska 30
or
at e-mail address: dane.osobowe@stalservice.com.pl

II. How do we process your personal data?

In accordance with the requirement imposed on the Controller in Article 5 of the GDPR, STAL-SERVICE Sp. z o.o. uses their best effort to ensure that the personal data processed by the Company are:

  • processed lawfully, fairly, and transparently for the data subject,
  • collected only for specific, explicit, and legitimate purposes and have not been further processed in a way inconsistent with those purposes,
  • adequate, appropriate, and limited to what is necessary for the purposes for which they are processed (“minimisation” of data),
  • correct and, if necessary, updated,
  • kept in a form which permits the identification of the data subject and for no longer than is necessary for the purposes for which the data are processed,
  • processed in a manner as to ensure adequate data security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage with appropriate technical or organisational measures.

III. What personal data do we process, for what purpose, and on what legal basis?

The Company processes personal data in with regard to:

  • concluding and executing the agreement (including contracts or orders),
  • conducting business and operations,
  • establishing and maintaining relationships with business partners,
  • employee recruitment.

III.1 Conclusion and execution of the agreement relating to the Company’s statutory activities

1.a Personal data include:

  • data of persons who are signatories to the agreement or who hold the power of attorney to carry out certain acts on behalf of the party of the agreement.

It should be pointed out that the scope of your personal data should be adequate to achieve the purpose, i.e. it must allow the conclusion and proper execution of the agreement.

1.b Purpose of the collection of personal data:

  • concluding and executing an agreement for the purchase of goods and services or other commercial contract,
  • settlement of agreements and public levies,
  • storage of data for possible proceedings carried out by authorised public authorities,
  • exchange of necessary information with regard to the execution of the agreement (correspondence),
  • determination, defence, and assertion of claims,
  • handling complaints,
  • archiving documentation (i.e. agreements and related documents).

1.c Legal basis for personal data processing and legitimate purpose

  • the legitimate interest pursued by the Controller, which is in particular: 
    -determination, defence, and assertion of claims,
    -creating and conducting internal reports, statistics, and analyses for marketing and sales purposes,
    -verification of the contracting party’s payment reliability,
    -securing transactions,
    -contact with the contracting party, including correspondence,
    -archiving documentation,
  • the fulfilment of a legal obligation on the Controller, which is in particular:
    -documenting transactions and their settlement,
    -settlement of public levies with regard to the executed transactions,
    -documenting complaints.

III.2 Conducting business and operations

2.a Personal data include:

  • the data of the persons who are owners, shareholders, employees, or associates of the entities which cooperate with the Company on a permanent or occasional basis by providing services, in particular with regard to:
    -delivery of utilities,
    -collection of waste,
    -financial, legal, accounting, HR, IT, OSH services,
    -audit, advisory, security, subcontracted services.
  • data from video surveillance recordings,
  • data of guests/visitors to the Company or the persons who contact the Company’s representatives in person, by telephone, post, or electronic means.

2.b Purpose of the collection of personal data:

  • concluding and executing commercial contracts,
  • settlement of agreements,
  • settlement of public levies
  • storage of data for possible proceedings carried out by authorised public authorities,
  • exchange of necessary information with regard to the execution of the agreement (correspondence),
  • determination, defence, and assertion of claims,
  • filing and handling complaints,
  • archiving documentation.

2.c Legal basis for personal data processing and legitimate purpose

  • legitimate interest pursued by the Controller, in particular:
    -determination, defence, and assertion of claims,
    -creating and conducting internal reports, statistics, and analyses on the day-to-day operation of the Company,
    -contacting with a party, including correspondence,
    -prevention and detection of errors, abuses, offences, crimes,
    -ensuring the safety of people and property,
    -implementation of the Company’s internal policies, including but not limited to, to achieve objectives with regard to: commercial purposes, quality, the Company’s image, improvement of quality, comfort, and safety, etc.
  • fulfilment of a legal obligation on the Controller, in particular:
    -ensuring OHS, fire safety, environmental protection,
    -maintaining the proper technical condition of the construction facilities, machinery, and equipment,
    -documenting transactions and their settlement,
    -documenting activities related to the Company's legal obligations and related to the operation of the Company as an enterprise,
    -settlement of public levies,
    -filing and handling complaints.

III.3 Establishing and maintaining relationships with business partners

3.a Personal data include:

  • data of the employees of the Company’s business partners, in particular data with regard to their identification, contact, function, and competences

3.b Purpose of the collection of personal data:

  • establishing and/or maintaining cooperation with business partners,
  • responding to inquiries or requests,
  • correspondence and exchanging information and experiences with business partners,
  • marketing.

3.c Legal basis for personal data processing and legitimate purpose

  • legitimate interest pursued by the Controller, in particular:
    -marketing of the Controller’s or third party’s products and services,
    -contact with a party, including correspondence.

III.4 Recruitment

4.a Personal data include:

  • the data provided by the recruited candidate, in particular: full name, date of birth, contact and address details, data on education and up-to-date employment, professional skills and competences, other relevant information for the recruitment process, which were made available by the recruited candidate.

4.b Purpose of the processing of personal data:

  • carrying out the recruitment process for a given position,

4.c Legal basis for personal data processing and legitimate purpose

  • consent of the data subject,
  • applicable laws.

IV. Where do we acquire personal data from?

The personal data processed by the Company come from the following sources:

  • submitted directly by the data subject,
  • delivery documents, agreements, power of attorney, authorisations, orders, requests for quotation,
  • invoices and bills,
  • traditional and e-mail correspondence,
  • from other controllers who cooperate with the Company,
  • publicly available sources (e.g. websites, registration documents, etc.).

V. Is it obligatory to provide personal data?

As a general rule, the provision of personal data is voluntary, but in certain situations it may constitute a necessary condition to conclude and/or execute an agreement, as well as to perform other activities (e.g. legal, administrative, conducting business relationships, fulfilment of requests, etc.) to which the data subject remains a party.

VI. Personal data recipients

Within the statutory economic activity carried out by STAL-SERVICE Sp. z o.o., your personal data will or may be made available to:

1. Entities processing personal data on behalf of the Company, and in particular providing the following services: accounting, HR, IT, legal, consultation, advisory, auditing, security, subcontracting, etc.

2. Other Controllers involved in the execution of a transaction or a given process, as well as supporting the Company in its business activities, in particular:

  • banks,
  • insurers,
  • freight forwarders and transport companies,
  • postal and courier operators,
  • public administration authorities,
  • other entities authorised by law to fulfil the Company’s obligations (e.g. Tax Office, National Labour Inspectorate, Social Insurance Institution, etc.)
  • courts and enforcement officers,
  • other parties involved in the transaction,
  • other entities cooperating with the Company to the extent that they become a data controller.

It should be noted that your personal data will be processed in accordance with the GDPR and with the applicable national law and may only be made available to persons and entities authorised to do so under the agreement or applicable laws.

3. Persons authorised by the Controller who will process your personal data:

  • on the basis of the authorisation granted by the Company,
  • in accordance with the Company’s procedures for ensuring the security of the personal data processing, for a specific purpose and in a specific scope.

VII. Will your personal data be transferred to a third country or international organisation?

No, your personal data will not be transferred to a third country or to an international organisation.

Personal data are processed only within the European Economic Area.

VIII. How long will personal data be processed?

The Company as the Controller is obliged to store certain documents containing your personal data for periods indicated by the applicable law or when this is necessary for the proper functioning of the Company or securing its legitimate interests.

Therefore, we store personal data for the following periods:

  1. Data contained in agreements, power of attorney, orders, contracts – until the limitation of claims.
  2. Data contained in books and records of transactions – until the expiry of the limitation period of tax liabilities unless the tax laws provide otherwise.
  3. Data contained in warranty or complaint documents – for 1 year after the expiry date of the warranty or the guarantee or handling of the complaint.
  4. Data contained in other documents or on media related to the managing the company (in particular in: delivery/reception, authorisations for the receipt of goods, correspondence, requests for quotation, submitted offers, internal statistics, analyses, schedules, etc.) – for the period necessary to achieve the purpose of the processing.
  5. Data related to establishing and maintaining relationships with business partners – for the period necessary to achieve the purpose of the processing.
  6. Data for marketing purposes – until the withdrawal of consent (in case of data processing based on consent) and until the objection (in case of data processing on the basis of the legitimate purpose of the Controller).

IX. Does automated decision-making or profiling take place in relation to the processing of personal data?

Automated decision-making or profiling will not take place in relation to the processing of your personal data.
This means that, as a result of the personal data processing by the Company, no decisions will be made that would have other legal effects for you or otherwise affect the violation of your rights and freedoms.

X. Does the Controller plan to process personal data further for other purposes than those for which the data have been collected?

No, the Controller does not plan to process your personal data further for other purposes than those for which the data have been collected.

XI. What are the rights of the person whose personal data are processed?

1. If the data are processed by the Company on the basis of the given consent, the data subject may withdraw their consent at any time which will be effective in the future (Article 7 (3) of the GDPR).
The legality of the processing carried out until the withdrawal of the consent remains unaffected.

2. In accordance with CHAPTER III of the GDPR, the data subject also has the following rights:

  • transparent information, communication, and modalities for the exercise of the data subject's rights (Article 12 of the GDPR),
  • information – where the data are collected from the data subject (Article 13 of the GDPR),
  • information – where the data have not been obtained from the data subject (Article 14 of the GDPR),
  • access to personal data (Article 15 of the GDPR),
  • rectification of personal data (Article 16 of the GDPR),
  • erasure of personal data, i.e. “right to be forgotten” (Article 17 of the GDPR),
  • restriction of processing (Article 18 of the GDPR),
  • notification of rectification or erasure of personal data or restriction of processing (Article 19 of the GDPR),
  • data portability (Article 20 of the GDPR),
  • objection to personal data processing (Article 21 GDPR),
  • objection to automated individual decision-making, including profiling (Article 22 of the GDPR),

3. The data subject has the right to lodge a complaint with a supervisory authority, i.e. President of the Polish Personal Data Protection Office if the Company violates the GDPR by processing the data subject’s data.

The opportunity of exercising each of the aforementioned rights by the data subject arises from the applicable law and depends on the legal basis of data processing, as well as the purpose and extent of their processing.

Production Plant
Strużańska 30, 05-126 Nieporęt
(+48) 22 772 50 25
biuro@stalservice.com.pl
Sales Department