This document concerns the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
1. Data Controller
The Controller of your personal data is Queris Sp. z o.o. with its registered office in Piekary Śląskie, ul. Ceramiki 37, REGON (Business Registry Number): 278252743, NIP (Tax Identification Number): 4980183660, entered into in the Register of Entrepreneurs of the National Court Register under number 0000207108.
Contact with the Data Controller
With regard to data protection, you can contact us by:
email at the adress: email@example.com or firstname.lastname@example.org or postal address: ul. Ceramiki 37, 41-945 Piekary Śląskie with the note “personal data protection”.
The scope of information
In this policy, we provide information on the processing of personal data in relation to natural persons, including:
- customers and suppliers, including prospective customers and suppliers of the Controller (hereinafter referred as Contractors),
- employees, statutory representatives, plenipotentiaries or representatives of Contractors,
- other people contacting the Controller (not applicable to the Controller’s employees), also via the contact form on our website,
- users who are subscribing to the Newsletter service,
Personal data is mainly collected from data subjects as well as from CEIDG (Central Registration and Information on Business) register or KRS (National Court Register), in order to verify information provided by the Contractor. The scope of the processed data is subsequently limited to the data publicly available in those registers.
Personal data concerning employees or plenipotentiaries of our clients or Contractors is also obtained from these entities. The scope of such data is then limited to data necessary for the conclusion and implementation of contracts with the Contractor and includes: name, business position, company, contact details, such as e-mail address, telephone and fax number.
If the personal data is obtained not from the data subject, we will inform the data subject immediately of that fact, indicating the purpose and basis of processing, categories of personal data concerned and recipients or recipient categories of personal data.
The purposes and legal basis of data processing
Personal data is processed by us only if:
a) Processing is necessary for the conclusion and/or performance of the contract (it also applies to submission and execution of orders) in accordance with Art. 6 section 1 item b of GDPR (General Data Protection Regulation), including:
• enabling the execution of contracts and transactions as well as the submission and execution of orders,
• providing services for contracts and transactions,
• contact in relation to contract implementation,
• handling service requests regarding the products supported by our company,
• providing a demo version test service for our products,
b) Processing is necessary in order to fulfil the legal obligations to which we, as the Controller, are subject (this also applies to the provision of data at the request of competent authorities or courts) in accordance with Art. 6 section 1 item c of GDPR (General Data Protection Regulation), including:
• fulfilling tax and accounting obligations,
• archiving documents, i.e. contracts and settlement documents,
• considering and handling customer complaints,
c) Processing is necessary for the purposes arising from the legitimate interests of the Controller or a third party and will not unduly affect your interests or rights and freedoms in accordance with Art. 6 section 1 item f of GDPR (General Data Protection Regulation), including:
• using personal data of employees, statutory representatives, plenipotentiaries or representatives of the Contractors, in connection with the conclusion and/or execution of the contract with the Contractor,
• pursuing claims related to the concluded contract, including debt collection and conducting court, arbitration, mediation and subsequent enforcement proceedings as well as defending against such claims,
• verifying Contractors in public registers,
• contacting Contractors and other persons in matters related to business operations, including correspondence, collecting data during business meetings or exchanging business cards,
• conducting direct marketing of own products and services without the use of electronic communication means, for the benefit of existing clients and Contractors,
• for statistical and analytical purposes of the Controller, where the justified interest of the Controller is the possibility to making analyses and statistics of their operations.
d) The processing is carried out on the basis of the data subject’s consent in accordance with Art. 6 section 1 item a of GDPR (General Data Protection Regulation), including:
• conducting direct marketing of own products and services with the use of electronic communication means, whereas such activities, due to other applicable regulations, in particular the Act on the provision of electronic services, are conducted only on the basis of appropriate consents obtained,
• replying to inquiries sent via the “Contact” tab through our website,
• providing the newsletter service to individuals who have previously subscribed to it through our website,
We provide personal data to other entities, including:
- entities conducting postal or courier activity,
- banks, when it is necessary to settle transactions,
- state authorities or other entities authorised by law, in order to comply with the obligations wo which we are subject,
- entities supporting us in our business on our behalf, including service providers, IT system providers, insurance and debt collection companies, law firms;
- entities belonging to the group of companies to which the Controller belongs, for internal administrative purposes,
Transfer of personal data outside of the EEA
We transfer some of your data to countries outside the European Economic Area, applying appropriate clauses on personal data protection, adopted by the European Commission and the entrustment agreement of personal data processing. The entities outside the EEA, to which the data is transferred, include:
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States,
- The Rocket Science Group LLC, 1526 DeKalb Ave NE, Atlanta, GA 30307, United States,
Data retention period
Data is stored by us for the following periods:
- data contained in contracts and data related to the performance of contracts, including the submission and execution of orders – until the legal claims under the contract are time-barred,
- accounting documents – until the limitation period for tax liabilities expiries, unless the tax laws provide otherwise,
- data for marketing purposes – in the case of data processing on the basis of consent until it is withdrawn,
- data collected on the basis of the justified interest of the Controller, for a period that enables such interest to be fulfilled, or until effective objections are lodged,
- data collected via the contact form on our website, until the matter is resolved or until the consent is withdrawn,
Data processing rights
Every data subject has the right of access to and rectification or erasure of their personal data and the right to limit the processing, transfer and object to data as well as the right to withdraw consent at any time without affecting the lawfulness of the processing on the basis of consent prior to its withdrawal (if the processing of data is based on consent).
To exercise the foregoing rights, you can send an e-mail to email@example.com or firstname.lastname@example.org or contact us by mail to the postal address: ul. Ceramiki 37, 41-945 Piekary Śląskie with the note “personal data protection”.
Additionally, you have the right to lodge a complaint with the supervisory authority, which is the President of the Office of Personal Data Protection, with regard to the processing of personal data by the Controller.
Freedom to provide data
Provision of personal data is necessary for the conclusion and implementation of contracts (including the submission and execution of orders) and for accounting of operations. Failure to provide personal data will prevent the conclusion and performance of a contract or service. In the remaining scope, the provision of data is voluntary.
Security of the stored data
We make every effort to ensure that the collected data is stored safely. Data is stored in accordance with security procedures and the use of SSL encryption technologies as well as other system security.
Automated data processing
Your data can be processed in an automated way, including the use of data profiling. Data profiling involves analysing your preferences, activities and interests in order to better match the content and offers addressed to you as part of marketing activities.
The cookies are used for the following purposes:
- optimising the use of our website (e.g. adjusting the display settings of the page according to the screen resolution of the end device),
- creating statistics of visits, including general activity of users, time spent on individual subpages, visits flows, number of page views, etc.,
- integrating the website with analytical and advertising systems (Google Analytics, Google AdWords),
- acquiring information about activity in the Newsletter service
Various types of cookies are used within our website:
- session cookies – temporary files, providing information about the current session, deleted when the page is exited,
- permanent cookies – files stored on the end device for a long time, specified in a given file, or until they are removed by the user,
You have the possibility to manage cookies from your browser. You can also turn them off completely, however, some website features (not only if our website) may work incorrectly or be unavailable.