Personal Data Controller
Personal Data Controller is M-Tech Poland Sp. z o.o. company with its registered seat in Gliwice at: ul. Portowa 8b, 44-100 Gliwice, email: firstname.lastname@example.org, telephone: 32 284 10 10
Personal Data Controller is represented by Mr. Michał Jachowicz, correspondence address: ul. Portowa 8b, 44-100 Gliwice, email: email@example.com, telephone: +48 32 428 42 91
Purposes of the processing:
Basis of the processing
Depending on the purpose of processing, the basis of the processing is:
Data subject is entitled to withdraw the consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Data subject may withdraw his or her consent in writing, electronically as well as by phone or orally, while contact information provided in the information form are binding the data subject. Withdrawal of consent requires the Personal Data Controller to confirm the identity of the person making a statement on withdrawing the consent to process the personal data.
Information on data recipients or categories of data recipients
Entities that service the b2b platform within the scope of its operation, making payments and performance of agreement may be data recipients.
Information on intention to transfer personal data to a third state or international organization and the existence or absence of an adequacy decision by the Commission, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available
Personal Data Controller does not intend to share your personal data to a third party or to an international organization unless the sale is made on behalf of person residing or having a business operation on the territory of such country. In such case an entity transporting the item sold may be a recipient. Person making purchases through the platform is able to pick the means of transport of the item, and thus knows the identity of the recipient.
Art. 49(1)(b), that is the situation when the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request, is a protective basis of any data transfers (as it does not mean that the European Commission has not issued a decision regarding all or some countries regarding an adequate level of personal data protection).
Period for which the personal data will be stored (criteria used to determine that period)
Personal Data Controller indicates that the personal data will be stored for different periods of time, depending on purpose of the processing.
Legal regulations are the criteria used to determine that period.
Those periods are determined in particular by:
1) regulations regarding the statutory warranty and - if it was granted - guarantee for the items sold by the Personal Data Controller;
2) regulations regarding the period of storing of tax and accounting documents;
3) regulations regarding the obligation of storage of documents in employee records.
Within the extent of sending commercial information, data is processed until the consent to processing is withdrawn or until objections is made regarding the processing.
Instruction on rights
Data subject is entitled to:
1) Withdraw the consent to process the personal data at any time, while withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
2) Access his or her personal data, including:
- the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed,
- if the data controller processes the data of the data subject, data subject is entitled to access his or her personal data and to receive information on the purposes of processing, on the categories of personal data concerned, on the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, on the envisaged period for which the personal data will be stored (or, if not possible, the criteria used to determine that period), on the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, on the right to lodge a complaint with a supervisory authority, on the source of personal data (where the personal data are not collected from the data subject), on the existence of automated decision-making and on the significance and the envisaged consequences of such processing for the data subject, on appropriate safeguards, if the personal data are transferred to a third country or to an international organisation;
3) Demand a copy of personal data that are being processed;
4) Rectify and complete personal data, inaccurate or incomplete data;
5) Obtain from the controller the erasure of personal data concerning him or her;
6) Limit the processing of personal data;
7) Move the personal data;
8) Object to processing the personal data;
9) Not be subject to decisions based solely on automated processing, including profiling;
10) Lodge a complaint to the President of the Office of Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych) (formerly Chief Inspector of Personal Data Protection) if the processing of personal data infringes the provisions of the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).
The above mentioned rights are regulated by the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Provisions of Section III of the Regulation, article 7 of the Regulation and article 77 of the Regulations should me mentioned in particular.
Information whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data
Provision of personal data is:
- a requirement necessary to enter into a contract, with the exception of information of type of business activity.
Provision of personal data is voluntary.
Consequences of failure to provide such data are as follows:
- inability to register an account on b2b platform,
- inability to use the b2b platform, including inability to make purchases on the platform,
- inability to receive commercial information from Data Controller (in case of not giving consent to process data for that purpose).
Information on the existence of automated decision-making and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject in case referred to in Article 22 of GDPR
Data Controller does not expect to make decisions solely on the basis of automated data processing, including profiling.