RULES ON THE PROCESSING OF PERSONAL DATA BY LABO PRINT SA
Article 1. Personal Data Controller
The controller of personal data is Labo Print spółka akcyjna with its registered office in Poznań, Poland (correspondence address: Labo Print S.A., ul. Szczawnicka 1, 60 471 Poznań, Poland), entered into the Register of Entrepreneurs kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under the number 0000472089 (hereinafter referred to as the “Controller”).
The Controller attaches great importance to the protection of privacy and confidentiality of the personal data processed, and in particular the Controller selects and applies with due diligence appropriate technical and organisational measures to ensure the protection of the personal data processed. Full access to the databases is available only to persons duly authorised by the Controller.
The Controller may be contacted by traditional mail at the address specified in Section 1 above or by e-mail at [email protected]
Article 2. Basis for Processing Personal Data
Providing personal data to the Controller is voluntary; however, failure to provide such data or lack of consent to its use may hinder or make it impossible to take action in order to communicate, provide an offer or conclude an agreement.
Personal data shall be processed by the Controller in accordance with the law, including in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR) for the purpose of:
performance of activities related to the performance of a concluded contract or taking pre-contractual activities, in particular the provision of an offer at the request of the data subject (pursuant to Article 6(1)(b) GDPR);
fulfilment of the legal obligation incumbent upon the Controller (pursuant to Article 6 (1)(c) GDPR);
marketing of own products or services, including personalised ones (pursuant to Article 6(1)(f) GDPR);
pursuing or securing claims (under Article 6(1)(f) GDPR).
The legal basis for the processing of personal data may be: (a) consent granted, (b) agreement, or (c) legitimate interest of the Controller (pursuant to Article 6(1) GDPR).
Personal data is collected by the Controller from persons who (a) expressed their written or oral interest in establishing a business relationship with the Controller, (b) granted their direct or indirect (e.g. by providing their business card) consent to the processing of their personal data for the purposes of presenting a commercial offer by the Controller, (c) participate in the performance of the agreement concluded with the Controller, (d) represent the Controller’s business partners.
The Controller may process the data of persons provided by the persons specified in Section 4 in order to contact the Controller or purchase products or services offered by the Controller. The person providing the Controller with the data of third parties should have the appropriate consent of third parties to provide their data to the Controller. In such a case, the Controller shall make every effort to duly fulfil the information obligation (in accordance with Article 14 GDPR); however, the Controller shall not be liable for unauthorized transfer of data of third parties. i.e. without their due consent.
Article 3. Scope of Personal Data Processing
Personal data is processed only to the extent necessary to perform proper communication (name and surname, position, e-mail address, telephone number, company and company address), including sending information about the Controller and its services, sale of products or services provided by the Controller, and for the purpose of performing the agreement.
Personal data may be made available to entities entitled to receive it under the applicable laws, including the competent judicial authorities.
Personal data may be made available to authorized employees of the Controller, entities processing data at the Controller’s request, i.e. carriers, postal operators, entities providing accounting services, partners providing technical services (development and maintenance of IT systems, mailing), debt collection companies, entities providing legal services, trusted cooperating entities – subcontractors, in order to provide a specific service.
In justified cases, data may be made available or entrusted to entities from the Labo Print S.A. Group if there is an important legal basis for it – consent e.g. in the case of marketing activities, agreement or justified interest, in particular to subsidiaries, affiliated entities, on the basis of a personal data co-processing agreement or personal data processing agreement.
Personal data may be subject to profiling operations, including the use for automatic decision making which may produce legal effects, only with the data subject’s consent.
Personal data shall not be transferred to a third country.
If, in the context of the processing, personal data is transferred to recipients in third countries (outside the EEA), e.g. in the United States, such a transfer of data may take place on the basis of an adequacy decision by the European Commission, i.e. for organisations participating in the Privacy Shield programme, or on the basis of standard contractual clauses in accordance with the European Commission decision or on the basis of the explicit consent of the data subject.
Article 4. Retention of Personal Data
Personal data processed in order to perform the agreement and fulfil the Controller’s legal obligation shall be stored for the duration of the agreement, and after its expiry for the period necessary to:
perform after-sales service (e.g. complaint handling);
secure or enforce claims;
fulfil the Controller’s legal obligation (e.g. resulting from tax and accounting regulations).
Personal data processed for the purposes of marketing of own products or services offered by the Controller on the basis of a legitimate legal interest shall be processed until an objection is raised or the scope is changed by the data subject.
Personal data processed on the basis of a separate consent shall be stored until the consent is revoked.
Article 5. Control of the Processing of Personal Data
Anyone whose personal data is processed by the Controller has the right of access to the content of the processed data and the right to correct or delete data, limit its processing, the right to transfer data, the right to object to data processing on the basis of the Controller’s legitimate interest or to the processing for the purpose of direct marketing, the right to withdraw consent at any time without affecting the lawfulness of the processing. The Controller shall stop processing personal data and delete it unless it is required by the law to process it further.
The exercise of the rights referred to in Section 1 above shall be performed by enabling contact with the Controller in the manner specified in Article 1.3 of these Rules.
Persons whose data is processed by the Controller have the right to lodge a complaint to the supervisory authority – the Office for Personal Data Protection when they consider that the processing of their personal data violates the provisions of law.