Personal data protection of clients has always been and continues to be treated as one of priorities in the activities of ZENEX LCC, Wiosenna 35 street, 63-200 Jarocin, KRS 0000700184, NIP 6172212642, REGON: 368580618, further: “ZENEX”). As the administrator of your personal data, we are responsible for their safety related to the running by us activity. Our purpose is also correct informing you about matters relating to processing personal data, in particular against new contents provisions on personal data protection, including regulation of the European Parliament and of the Council (UE) 2016/679 of 27 April 2016 in case of physical persons in connection with processing personal data and in case of free movement such a data and repeal of Directive 95/46/WE (“GDPR”). Therefore, in this document we inform about legal basic processing personal data, methods of collecting them and using, and also about your rights related thereto.
What are personal data and what means theirs processing ?
Personal data mean information about identified or possible to identify physical person. Processing personal data is basically each activity on personal data, no matter if it is made in automated way or not, e.g. collecting, storage, preserving, ordering, modifying, reviewing, exploitation, sharing, deprivation, removal or destroying. We process personal data in various purposes, depending on purpose, may apply various typed of collecting, legal basics of processing, exploitation, disclosing and period of storage.
Full administrator’s data your personal data: ZENEX LLC, Wiosenna 35 street, 63-200 Jarocin, KRS 0000700184, NIP 6172212642, REGON: 368580618, telephone: +48 691-756-370, +48 691-911-181, +48 603-590-008, +48 62-747-32-77, address e-mail: firstname.lastname@example.org
In what way, on what legal basic and what type of personal data are processed by ZENEX?
We aim to preserve transparency on ways and legal basics personal data processing, and also purposes for which these data are processing. We care about that to point each time necessary information in this field every person, whose personal data we processing as data administrator. Guided by that our clarifying these matters would be like the most readable, we perform following operation combination of personal data processing.
When personal data are processing on the basis of legally legitimate interest data’s administrator, we trying to analyze and balance our interest and potential influence on person, which data concern (positive, as well as negative) and person’s rights under the regulations of personal data privacy. We do not process personal data on the basis of our legitimate interest in case when we conclude that influence on person, whose data concern would outbalance over our interests (then we can process personal data if e.g. we possess a proper consent or require it or allows on it legal provisions).
Processing personal data persons visiting websites running by ZENEX or using from services electronically supplied (e.g. online shops).
Physical persons visiting websites ZENEX or using from services provided by ZENEX electronically, which we call further together “Sites”, have a control over their personal data. Sites limit collecting and using information about their users to the minimum necessary, required to providing on their behalf services on desired level, pursuant to Art.18 the act of 18 July 2002 about providing services electronically.
Rules for the application of cookies files are set out in a separate document, e.g. in Cookies files policy, which is available HERE.
Personal data administrator can collect information concerning using websites by his users and their IP addresses on the basis of access logs analysis. These information are used to diagnosing problems related to server’s work, analysis of potential safety violations and in the management of website WWW. IP address can be used by personal data administrator and by his technical partners in statistic purposes, i.e. to collecting and analysis of demographic data persons visiting a site (e.g. information about region, by which was a connection). On the basic of information obtained in abovementioned way in particular cases are drown up summary, general statistical analysis, disclosed to third parties, which cooperate with personal data administrator. They include mainly information about sites ratings. These statements do not include however no data allowing for identification (determining the identity) given sites user.
ZENEX inform that he can be required to disclosure of information concerning IP number given user of the website on demand of eligible to this – on the basis of existing legal provisions – authorities of the country in regard of leading by them legal proceedings, e.g. court or prosecution.
Automatic processing of personal data
Information, which are collected in regard of using from websites can be process in automatic way (in this in form of profiling), however it will not cause against physical person any legal effects or in similar way significantly influence on its situation. A personal data administrator shall use its best efforts to profiling issue and gives that:
- On purposes of profiling he does not process any sensitive data,
- On purposes of profiling he process usually data, which was before subjected to pseudonymisation or data, which was aggregated,
- If it is not possible to reach the target of collecting data differently than by personal data profiling non-pseudonymized or non-aggregated, are using to this typical data: e-mail address and IP or cookies,
- Profile in order to analysis or analysing your personal preferences and interests persons using websites or products or services and matching contents located on websites or products to this preferences,
- Profile for marketing purposes, i.e. matching marketing offer to abovementioned preferences.
Purposes of personal data processing and legal basis of processing.
Personal data processing will take place:
- In order to conclude a contract of services provision on the basis of interested in our offer (pursuant to Art. 6(1)(b)GDPR),
- In archival purposes (evidential) being a realization of our legal legitimate interest of information safety in case of legal need to demonstrate facts (Art. 6(1)(f)GDPR),
- To potentially determine, seek the satisfaction or defend against claims, which is our legally justified interest (pursuant to Art. 6(1)(f)GDPR).
- In order to research client’s satisfaction being a realization of our legal legitimate interest of personal data administrator determining quality of services and level of satisfaction with products and services (pursuant to Art. 6(1)(f)GDPR).
How long personal data will be processing?
The period of personal data storage depends above all on purpose and legal basis of processing.
Personal data resulting from concluding a contract will be processed by period, in which can reveal yourself claims related to contract, so for 10 years from the end of the year, in which a contract expired, in this 3 years it is the longest possible period of claims, additional year is in case of claims reported in the last moment and problems with delivery, and calculating to the end of the year is to identify one date of data removing for contracts ending in given year.
If it will not come to concluding the contract within 3 years of making by personal data administrator an offer, personal data related to talks about this contract will be immediately removed except data needed for direct marketing, as long as it has been given a consent to process data on this purpose.
Data processing for direct marketing needs of data administrator’s products and services will be process until an objection to their processing will be reported.
When and in what way administrator shares personal data to third parties? Does the data administrator transfer them to third countries?
A data administrator transfers personal data to other parties only when legal provisions allow to it. In this case in relevant contract concluded with third-part data administrator applies security provisions and mechanisms in order to data protection, its confidentiality and security. This type contracts are called contracts for entrusting the processing of personal data, and ZENEX has a control over in what way and in what field subject, which ZENEX entrusted processing certain categories of personal data process this data.
A data administrator informs, that receivers of personal data can be:
- Abovementioned subjects processing personal data under contracts entrusting personal data processing (so-called processors),
- Subjects providing hosting services to the administrator,
- Subjects realizing marketing or sales campaigns to the administrator,
- The others administrator’s subcontractors, providing services in the field of software delivery, maintenance services of software or equipment that uses administrator and also provider of goods from help administrator uses,
- Subjects providing services in the field of survey research, in this NPS research (client’s satisfaction),
- Collection agencies, but personal data will be transfer only in this field in what it is actually necessary for achieving given goal,
- Auditors and statutory auditors, legal advisers, tax advisers,
- Authorities supervising upholding the law, regulatory authorities and others public administration authorities, but transfer follows in the field of in which it is actually necessary and required in accordance with mandatory provisions of law and in a manner compatible with these provisions.
In case of personal data subject to UE provisions it is to be noted that transgenic transmission can concern countries not belonging to the European Economic Area (“EEA”) and countries in which do not apply provisions specifying special personal data security. An administrator made a commitment to ensure proper all personal data security off the ground of EEA. In case of transmission personal data beyond the ground EEA to country, which according to the European Commission does not proper level of personal data security, transmission takes place only on the basic of contract taking into account UE requirements in the field of personal data transmission beyond the ground of EEA.
Which rights are granted to subject, whose data concerns and what is the method of realization them?
- Right to personal data access
Physical persons have access to data, which we storage as data administrator.
Right to it can be done by sending an e-mail on address: email@example.com
- Right to correction of personal data
Changes, in this actualization of your personal data, which processes a data administrator, can be done by sending an e-mail on address firstname.lastname@example.org and in some cases also by website, on which data entry was made.
- Right to withdraw consent
In case of processing personal data on the basis of consent, physical persons have a right to withdraw this consent in each moment. A data administrator informs about that in almost every moment of colleting consents and enable withdrawal of consent in such easy way, as it was granted. In the lack of different information, e.g. lack of other address or contact number, in order to withdraw a consent, a data administrator asks about sending an e-mail on address: email@example.com.
- A right to limit processing or raising an objection against processing personal data
Physical persons have a right to limit processing or raising an objection against processing your personal data in any moment, because of their particular situation, unless processing is required according to legal provisions.
A physical person can raise an objection against processing his personal data when:
- Personal data processing is based on legally legitimate interest or to statistic purposes, and an objection is legitimate by particular situation, in which it was found
- Personal data are processed to the needs of direct marketing, in this are profiling for this purpose
From the objection right you can use since 25 May 2018.
A right to demand of reducing data processing shall have for instance when given person notice that data are incorrect. At that time person can demand reducing its data processing on period allowing administrator to check correctness of these data.
- Right to demand of data removing (so-called “right to be forgotten”)
From the right to data removing you can use, for instance, when:
- Data of physical person will not be necessary to purposes for which they were collected by data administrator,
- Physical person withdraws its consent on data processing by administrator,
- Physical person raises objection against processing its data,
- Data will be process against the law,
- Data should be also removed in order to comply with obligations resulting from law regulations.
In order to use abovementioned right, data administrator asks for sending an e-mail on address: firstname.lastname@example.org
- Right to data transfer
Right to data transfer shall have when data processing is based on consent of physical person or contract concluded with this person and when processing is done automatically.
- The right to lodge a complaint
Persons, whose personal data are processing, have a right to lodge a complaint to supervisory authority, which is in Poland the President of the Office for the Protection of Personal Data (address: the President of the Office for the Protection of Personal Data, Stawki 2 street, 00-193 Warsaw).