Dear Sir or Madam,
This is to inform of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), which came into effect on 25 May 2018. The GDPR will be applicable in all the member states of the European Union and its purpose is to unify personal data processing principles across this area.
With this in mind, we want to give you an overview of how our company, Preston sp. z o.o. of Dąbrowa/k. Poznania (hereinafter, the “Controller”) will process your personal data and of the rights you will have in connection with it. This way we want to make sure that you have the relevant knowledge and can continue to use our services conformably.
Your personal data will be processed so that the Controller can submit its offers to you, conduct negotiations and conclude and perform a contract pursuant to Article 6(1)(b) GDPR and Article 6(1)(c) GDPR where this is necessary for compliance with a legal obligation to which the Controller is subject, and pursuant to Article 6(1)(f) where the processing is necessary for the purposes of the legitimate interests pursued by the Controller, including to secure any documentation necessary for the defence or exercise of legal claims or other actions carried out in the course of our business. Your data will also be processed based on your consent where you agree to those data being processed for marketing purposes. Recipients of your data will include entities that process data on behalf of the Controller. Furthermore, you have the right to request access to your personal data, to have those data rectified or erased or their processing restricted, as well as the right to data portability.
Details of data processing arrangements for our customers and potential customers
1. Data controller
The Controller of your personal is Preston spółka z ograniczoną odpowiedzialnością of Dąbrowa/k. Poznania. The Controller’s tax identification number (NIP) is 7773257868, its statistical identification number (REGON) is 363382552, and it is registered in the National Court Register (KRS) at the Poznań District Court for Stare Miasto and Wilda in Poznań, 8th Division – Commercial, under KRS number 0000593903.
You can contact us:
– by sending us a letter addressed to ul. Innowatorów 7 62-070 Dąbrowa/k. Poznania;
– by sending us an e-mail to RODO@preston.pl; and
– by calling us at +48 61 842 09 92
2.We will process your data for the following purposes:
To prepare our offers for you; to make arrangements when contracting for sale of our products; to verify your identity when concluding a contract; to conduct negotiations leading to a contract and to perform a contract, which includes compliance with a number of our legal obligations, such as a duty to retain accounting documents that contain your data; and to exercise our legitimate claims should you be remiss in your contractual duties. If you consent to it, we will also process your data for marketing purposes in order to promote our products.
3. Your personal data will be processed on the following legal basis:
1. Article 6(1)(b) GDPR – Processing of personal data for the performance of a contract or in order to take steps prior to entering into a contract, including our preparation of an offer for you and conclusion and performance of a contract;
2. Article 6(1)(a) GDPR – Your voluntary consent to our marketing activities. For this reason, please sign a consent form attached to this information. Your consent is voluntary and you may withdraw it at any time.
3. Article 6(1)(c) GDPR – Your data need to be collected so that we can issue accounting documents in respect of a contract made with an individual and to store those data in accordance with law.
4. Article 6(1)(f) GDPR – This is to allow us to pursue our legitimate interests if we need to exercise our claims.
4. Period for which personal data will be stored
We will store your personal data until:
1. our negotiations are completed, if we fail to come to an agreement on our contract;
2. until non-performance claims are prescribed and throughout the claim limitation period, if we sign a contract. Any accounting documents that contain your personal data will be stored for five years after the end of an accounting year in which our VAT invoice for service rendered was issued.
5. Data recipients
The recipients of your data may be any of the following:
1. suppliers that we contract for data processing services, i.e.:
1. IT service providers;
2. our accounting service providers;
3. postal and courier service providers;
4. transportation providers;
5. our providers of debt collection and legal services;
6. legal counsel and advocates that we work with.
These entities and individuals process data under a contract with us and only pursuant to our instructions, and they are bound by obligation of confidentiality.
6. Your rights in connection with data processing and automated decision-making
You have the following rights relating to the processing of personal data:
1. the right to withdraw your consent to data processing;
2. the right of access to personal data;
3. the right to request rectification and to have your personal data completed. You may request that we rectify your data (if they are incorrect) and complete them (if they are incomplete) (Article 16 GDPR);
4. the right to request restriction of data processing where any of the following applies:
1. You contest the accuracy of your personal data. In such a case, we will restrict our use of your personal data for the time needed for us to verify their accuracy, but no longer than for seven days;
2. The processing of your data is unlawful and instead of their erasure you request the restriction of their use;
3. Your personal data are no longer needed in view of the purposes for which we collected or used them, but you require those data for the establishment, exercise or defence of legal claims;
4. You have objected to the use of your data. In such a case, we will restrict their processing pending the verification whether, in view of your particular situation, the protection of your interests, rights and freedoms overrides the interests that we pursue in processing your personal data (Article 18 GDPR).
5. the right to request erasure of your personal data (‘right to be forgotten’, Article 17 GDPR). You have the right to request erasure of all or some of your personal data if:
1. you have withdrawn your consent, to the extent your data were processed based on it and there is no other legal ground for the processing;
2. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
3. your personal data have been processed unlawfully.
6. the right to object to processing of your personal data.
7. the right to data portability – that is to say, the right to receive your personal data from us in a structured, commonly used and machine-readable format. You may transmit those data to another controller or request us to have them transmitted to another controller. However, we will do the latter only where technically feasible. Your right to data portability only applies to those data that we process under a contract with you or based on your consent.
In order to exercise any of these rights, please contact us by using our contact data in point 1 above.
The right to withdraw consent
To the extent your data are processed based on your consent, you have the right to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. You may easily withdraw your consent by sending us a withdrawal of consent notice to our correspondence address above or to our e-mail address at RODO@preston.pl.
The right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a supervisory authority in charge of personal data protection, which is the President of the Polish Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).