Privacy Policy for Customers and Contractors
FLUENCE TECHNOLOGY sp. z o.o. with headquarters at: Kolejowa 5/7, 01-217 Warszawa, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the KRS number: 0000629831, REGON: 36502915600000, TIN: 5272776154, is the Personal Data Administrator (hereinafter referred to as the Administrator) of its clients with whom it has concluded sales contracts and contractors with whom it has concluded cooperation agreements, hereinafter jointly referred to as Customers and Contractors.
2. Respecting the rights of customers and contractors as subjects of personal data (data subjects) and respecting applicable law, including, in particular, the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of 10 May 2018 on the protection of personal data, hereinafter referred to as the Act, and other relevant provisions on the protection of personal data, the Administrator undertakes to maintain the security and confidentiality of personal data obtained from customers and contractors. All employees who process personal data in the scope of their duties have been properly trained in the processing of personal data, and the Administrator has implemented appropriate safeguards as well as technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and a Personal Data Protection Policy in accordance with the provisions of the GDPR and the Act, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all rights of Clients and Contractors as data subjects. In addition, if necessary, we cooperate with the supervisory body in the territory of the Republic of Poland, i.e. the President of Personal Data Protection Office (hereinafter referred to as PPDPO).
3. All questions, requests, and complaints regarding the processing of personal data by the Personal Data Administrator, hereinafter referred to as inquiries, should be sent to the following e-mail address: rodo@fluence.pl or in writing to the address: Kolejowa 5/7, 01-217 Warsaw. The content of the inquiry should clearly indicate:
a. the data of the person or persons to whom the inquiry relates,
b. the event that is the reason for the inquiry,
c. present your requests and the legal basis for these requests,
d. indicate the expected way of settling the matter.
4. The legal basis for the processing of personal data of Clients and Contractors is:
a. art. 6 sec. 1 pt. b GDPR, i.e. the necessity to perform a contract concluded between the Administrator and the Customer and Contractor, or to take action at the Customer’s request prior to the conclusion of the contract, if the Customer or Contractor is a natural person; in this regard, personal data are processed for the time necessary for the performance of the contract. or
b. art. 6 sec. 1 pt. c GDPR, i.e. necessity to fulfill the legal obligations incumbent on the Administrator; in this regard, personal data are processed for the time that results from universally applicable laws, or
c. art. 6 sec. 1 pt. f GDPR, i.e. Administrator's legitimate interest in establishing, asserting or defending claims until their statute of limitations or until the completion of the relevant proceedings, if they were initiated within this period, in this regard, personal data are processed for the relevant period of the statute of limitations for claims, but as a general rule for the 3-year period of the statute of limitations for claims, or
d. art. 6 sec. 1 pt. f GDPR, i.e. the legitimate interest in the form of the need to identify persons authorized to represent the Client or Contractor and to process the business contact data of the Client's or Contractor's employees and associates, in order to execute agreements concluded with Clients or Contractors, or
e. art. 6 sec. 1 pt. a GDPR, i.e. the Customer's consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply, in this regard personal data are processed until the Customers or Contractors withdraw their consent.
5. The source of the Personal Data processed by the Administrator is the Customers and Contractors, i.e. data subjects. In the case of processing Personal Data of persons representing the Customer/Contractor or persons authorized to execute the contract, the Data may be provided by the Customer/Contractor.
6. The personal data of Customers and Contractors is not transferred to a third party or an international organization within the meaning of the provisions of the GDPR. In the event that personal data is transferred to a third party or an international organization, Customers and Contractors will be informed in advance, and the Administrator will apply the safeguards referred to in Chapter V of the GDPR.
7. The administrator does not provide personal data to third parties without the express consent of the data subject. Without the consent of the data subject, personal data may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities, and other entities authorized in generally applicable law, e.g. the Polish Social Insurance Institution, ZUS or the appropriate Tax office).
8. Personal data may be entrusted for processing to entities processing such data on our behalf as the Personal Data Administrator. In this case, as the Personal Data Administrator, we take up a contract for entrusting the processing of personal data with the processor. The processing entity processes the entrusted personal data, but only for the purposes and to the extent indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting personal data for processing, the Administrator would not be able to conduct its business and implement concluded contracts. Personal data is entrusted primarily to accounting companies used by the Administrator.
9. Personal data is not subject to profiling by the Administrator within the meaning of the provisions of the GDPR.
10. In accordance with the provisions of the GDPR, each person whose personal data is processed by the Administrator has the right to:
a. be informed about the processing of personal data, as referred to in art. 12 GDPR - The administrator is obliged to provide the persons whose data will be processed information specified in the provisions of the GDPR (including about their data, Data Protection Officer (DPO) contact details, purposes, and legal grounds for the processing of personal data, recipients or categories of recipients of personal data, if any exist, or the period during which the data will be processed or the criteria for determining this period); this obligation should be fulfilled as early as the moment the data is obtained, and if the data is not obtained from the data subject but from another source, within a reasonable time, depending on the circumstances; the administrator may refrain from providing this information if the data subject already has it,
b. access to your personal data, as referred to in art. 15 GDPR - by providing us with personal data, Customers and Contractors have the right to view and access them; however, this does not mean that they have a right to access all documents which contain their data, as they may contain confidential information; Customers and Contractors, however, have the right to know what data and for what purpose the Administrator processes and the right to obtain a copy of such personal data; the Administrator issues the first copy free of charge, and for each subsequent copy, in accordance with the provisions of the GDPR, the Administrator may charge an appropriate administrative fee corresponding to the cost of making a copy. ,
c. correct, supplement, update and rectify personal data, as referred to in art. 16 GDPR - if the personal data of Customers and Contractors have changed, the Administrator should be informed of this fact so that the data held by the Administrator is consistent with the actual state and up to date; also in a situation where there has been no change of personal data, but for any reason the data is incorrect or has been recorded incorrectly (e.g. due to a typing error), the Administrator should be informed about it in order to correct or rectify such data,
d. deletion of data (the right to be forgotten),as referred to in art. 17 GDPR - the right to request the "erasure" of personal data held by the Administrator and the right to request the Administrator to inform other administrators to whom he provided the data of Customers and Contractors about the need to delete them; Customers and Contractors may request the deletion of their personal data primarily when:
● the purposes for which the personal data have been collected have been achieved,
● the basis for the processing of personal data was only consent, which was then withdrawn and there are no other legal grounds for further processing of personal data,
● an objection was raised on the basis of Art. 21 of the GDPR, and Customers and Contractors believe that the Administrator has no overriding legal grounds allowing for further processing of personal data,
● personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for the processing of personal data - in this case, Customers and Contractors should indicate the basis for their request,
● the need to delete personal data results from legal provisions,
● personal data relates to a minor and was collected in connection with the provision of information society services, subject to the exceptions provided for in point 11 below,
e. restriction of processing, as referred to in art. 18 GDPR - Customers and Contractors may apply to the Administrator with a request to limit the processing of personal data (which would mean that until the dispute is resolved, the Administrator would process personal data only to the extent necessary, limiting itself, if possible, only to their storage), if:
● the accuracy of the personal data is contested, or
● Customers and Contractors believe that the Administrator processes data without a legal basis, but at the same time they do not want the Administrator to delete this personal data (i.e. they do not use the right referred to in thepreceding letter), or
● the objection referred to in point g. has been submitted, or
● personal data is needed to establish, investigate or defend claims, e.g. in court,
f. transfer the data, as referred to in art. 20 GDPR - Clients and Contractors have the right to obtain their data in a format that allows them to be read on a computer and the right to send this data in such a format to another administrator; this right is only available if the basis for data processing was consent or the data was processed automatically,
g. revoke consent at any moment, without affecting the legality of the processing carried out on the basis of consent before its revocation,
h. object to the processing of personal data, as referred to in art. 21 GDPR - Customers and Contractors have the right to object if they do not agree to the processing of personal data by the Administrator, which so far have been processed for legitimate purposes in accordance with the law, unless the Administrator proves that there are valid legitimate grounds for processing, which override the interests, rights and freedoms of the data subject, or the grounds for establishing, investigating or defending claims,
i. not be subject to profiling, as referred to in Art. 22 in connection with art. 4 pt. 4 of the GDPR - Customers and Contractors are not subject to automated decision making or profiling within the meaning of the provisions of the GDPR, unless they consent to it; additionally, they will always be informed about profiling, should it take place,
j. lodging a complaint to the supervisory body (i.e. to PPDPO), as referred to in art. 77 GDPR - if it is found that the Administrator is processing personal data unlawfully or in any way violates the rights resulting from generally applicable provisions of law in the field of personal data protection, Customers and Contractors may lodge a complaint with the supervisory authority.
11. With regard to the right to delete data (the right to be forgotten), the Administrator points out that in accordance with the provisions of the GDPR, Customers and Contractors do not have the right to exercise this right if:
a. the processing of personal data is necessary to exercise the right to freedom of expression and information,
b. the processing of personal data is necessary for the Administrator to comply with the legal obligations resulting from the provisions - the Administrator cannot then delete personal data for the period necessary to fulfill the obligations (e.g. tax obligations) imposed by generally applicable law,
c. the processing of personal data is carried out for the purposes of investigating, establishing or defending claims.
12. If the Clients and Contractors want to exercise their rights referred to in point 11 above, please send a message by e-mail or in writing to the e-mail address or correspondence address, respectively, indicated in point 3 above.
13. Each identified security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and PPDPO are informed about such a breach of the provisions on the protection of personal data.