Privacy policy

PRIVACY POLICY AT “SUPERFALA” LLC

Contents

1. Purpose and scope of the Privacy Policy regulations.
2. Types of personal data that are processed.
3. Methods of processing your personal data.
4. Who may we share your data with and why.
5. Your rights in connection with data processing by “SUPERFALA” LLC
6. Whether we process your data automatically and whether we profile it.
7. How we protect your personal data

“SUPERFALA” LLC in Czartki is a Polish commercial law company subject to personal data protection obligations arising from the Regulation of the European Parliament and of the EU Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to data processing personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter GDPR). In order to ensure that the use of the services and the “SUPERFALA” website is safe and guarantees the legally required protection of data identifying you, including personal data, please read the following rules that have been implemented in our company.

1. Purpose and scope of the Privacy Policy regulations

The purpose of the privacy policy is to explain in an accessible and transparent way what personal data we collect, record, store, use and process and how we do it.

This Privacy Policy applies to all former, current and potential customers of “SUPERFALA” who are natural persons. This also applies to sole proprietorships, legal representatives or contact persons acting on behalf of our clients. Moreover, we apply the Privacy Policy to persons who are not customers of “SUPERFALA”. This may mean any person who visits our website, company headquarters, contacts our office or representative, who uses our services, our debtor, employee or other person involved in a transaction with our participation.

2. Types of personal data that we process

Personal data is any information that enables the identification of a natural person or that can be associated with such a person.

We obtain your personal data by:

• making them available to us when you become our clients, contractors, employees, fill out an online form, place an order with us, sign a contract with “SUPERFALA”, contact us via one of the provided remote communication channels or visit our website online;
• by making them available to your organization (employer, client) when it becomes our potential client or when it is our client;
• from other publicly available sources, e.g. debtor registers, land records, commercial registers, association registers, online or traditional media, third parties or public authorities and administration bodies.

Your personal data that we process includes:

In the case of customers and contractors (including contractors and service recipients):

• identification data: name and surname, company, address, PESEL number, tax identification number, ID card number,
  e-mail address, telephone numbers, data of identifiers used in instant messengers and other communication platforms;
• name and surname, PESEL number, of persons being members of the bodies of legal persons or representing legal persons or organizational units without legal personality;
• transaction data, such as the content of contracts, the content of orders and declarations submitted, bank account numbers, details of the bank where you maintain an account, any payments made from your account in connection with the transaction, as well as information on when they were made;
• financial data such as invoices, debit and credit notes, credit notes, balance confirmations, payment behavior, debt data;
• data about your interests and needs that you provide to us via means of communication when submitting an inquiry, offer, request for a quote, etc.;
• data in audiovisual form – if applicable and lawful, we process monitoring recordings at our headquarters or recordings of telephone conversations, videoconferences or chats with our employees. We use these recordings to verify orders placed by telephone to prevent fraud;
• Your interactions with “SUPERFALA” on social media such as Facebook, Twitter, Instagram, Google+ and YouTube.

In the case of employees of clients or contractors and persons cooperating with clients or contractors:

• identification data: name and surname, employer/client details, e-mail address, telephone numbers, data of identifiers used in instant messengers and other communication platforms;
• data regarding transactions in which the data subject participated, such as the content of contracts, the content of orders and declarations placed;
• data in audiovisual form – if applicable and lawful, we process monitoring recordings at our headquarters or recordings of telephone conversations,
• videoconferences or chats with our employees. We use these recordings to verify orders placed by telephone to prevent fraud;
• Your interactions with “SUPERFALA” on social media such as Facebook, Twitter, Instagram, Google+ and YouTube.

In the case of “SUPERFALA” employees:

• identification data: name and surname, date of birth, PESEL number, and in the absence thereof, type and number of the identity document, address of residence, bank account number used to pay remuneration and other benefits resulting from the employment relationship;
• content and other data regarding the employment relationship, content of declarations submitted to the employer, data on remuneration and other benefits arising from the employment relationship;
• data on the employee’s education, authorizations and professional qualifications, if required to perform work in a given position, as well as data on the course of employment so far;
• the content of medical certificates confirming the lack of contraindications to work in a given position and the content of referrals for tests that are the basis for issuing such certificates;
• biometric data, when providing such data is necessary to control access to particularly important information, the disclosure of which may expose the employer to damage, or access to premises requiring special protection.

In the case of candidates for work at “SUPERFALA”:

• identification data: name and surname, date of birth, contact details – according to the candidate’s choice: correspondence address, e-mail, telephone numbers, data of identifiers used in instant messengers and other communication platforms;
• data on the candidate’s education, authorizations and professional qualifications, if required to perform work in a given position, as well as data on the employment history;

With the consent of the job candidate and the employee, “SUPERFALA” may also process other personal data provided by these persons, in particular:

• data enabling faster communication, such as correspondence address if different from the residential address (applies to the employee), e-mail, telephone numbers, data of identifiers used in instant messengers and other communication platforms,
• data in audiovisual form in the form of an image and a recording of statements – if applicable and lawful, we process monitoring recordings at the company’s headquarters;
• personal and family data, including health data, if the exercise of employee rights depends on them (only on the employee’s initiative);
• data on participation in political, social organizations and trade unions, if the employee orders part of his remuneration to be transferred to membership fees and contributions (only on the employee’s initiative).

The consent of the job candidate and the employee must be voluntary, informed and explicit. Consent may be withdrawn at any time, and the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. However, the lack of consent or its withdrawal cannot be the basis for unfavorable treatment of a person applying for employment or an employee, and cannot cause any negative consequences for him or her. First of all, they cannot constitute a reason justifying refusal to employ, termination of an employment contract or its termination without notice by the employer.

Data of other people interacting with “SUPERFALA”, the scope of which each time depends on the type of interaction and the necessary needs of “SUPERFALA” related to it, e.g.:

• contact details of the person who should be notified about emergency situations affecting the employee, including accidents, in the form of telephone numbers;
• data of employees’ family members in the form of: name and surname, PESEL number, place of residence, information on the degree of kinship or affinity,
• information on education, if the exercise of employee rights depends on their processing;
• identification data in the form of name and surname, identity document number, company or employer’s name and image data (recorded by the video monitoring system) in relation to persons entering the premises of “SUPERFALA”;
• the image of people registered by video monitoring who did not enter the company’s premises – without identifying their identity;
• identification data: name and surname, PESEL number, residential address, correspondence address if different, e-mail, telephone numbers of persons submitting civil claims against “SUPERFALA” and persons against whom “SUPERFALA” may submit civil claims under any circumstances titles.

Except where required by applicable legal provisions regarding the employment relationship, as described above, we may process sensitive data, i.e. data regarding your health, ethnic origin, beliefs, religious, political, genetic or biometric data, data relating to crimes, in exceptional circumstances. cases, if we obtain your express consent to the above on your initiative or if permitted by applicable law.

3. Methods of processing your personal data.

Processing means any action that may be taken in connection with personal data, e.g. collecting, recording, storing, changing, organizing, using, disclosing, transfer or deletion of such data in accordance with applicable law. The multitude of such operations makes it impossible to list in detail all cases of processing your data, but we can point out some examples.

In the case of clients and contractors, we use personal data only for business purposes, such as:

• performing contracts to which you are a party or taking actions before concluding contracts – we use information about you if you conclude a contract with us or if we need to contact you, submit an offer of products or services or clarify such an offer;
• relationship management and marketing: we can analyze data about you in order to adapt our offer to your needs, use it to present our company and our products;
  business processes, internal management and management reporting: Your data will be processed for internal purposes of the “SUPERFALA”, for example in order to determine future directions of development and forms of activity through their analysis;
• performing obligations imposed by applicable law: e.g., this applies to obligations arising from tax law (including issuing invoices, reporting JPK, fulfilling the obligation to register in the SENT system, providing information and explanations to tax authorities), environmental protection law or regulations regulating waste management (including obligations related to documenting the transfer of waste, BDO registration and reporting), fulfilling the obligation to archive and store specific data, etc.;
• pursuing claims and defending against submitted claims – your data may be used to conduct debt collection procedures, complaints or court proceedings;
  safety of people, property and the production process: for this purpose, we register the data and image of every person entering our premises and review this data in the event of events that violate the subject of protection;
• security of each person’s personal data: it is our responsibility to protect your personal data, prevent, detect and stop data breaches.

In the case of clients’ employees and people cooperating with clients, your data is also processed only for business purposes, such as:

• performing contracts to which your employers are a party or taking actions before concluding contracts: we use information about you if we are negotiating a contract or if we need to contact you, submit an offer of products or services or clarify such an offer;
• safety of people, property and the production process: for this purpose, we register the data and image of every person entering our premises and review this data in the event of events that violate the subject of protection;
• security of each person’s personal data: it is our responsibility to protect your personal data, prevent, detect and stop data breaches.

In the case of “SUPERFALA” employees, your data is processed only for purposes related to the implementation of the employment relationship, such as:

• execution of employment contracts – e.g. data is used to establish contact with you, to make decisions about the scope of entrusted tasks, to issue orders, to determine the amount of benefits resulting from the employment relationship and their payment, to refer to training, medical examinations, etc.;
• performance of obligations arising from legal provisions, in particular the provisions of social security law and tax law, as well as labor law provisions – e.g. your data is used to submit the required notifications to social security, to declare and pay income tax on wages and other benefits, to refer you to medical examinations, occupational health and safety training, and finally, data is archived as part of personal files and additional employee documentation, in accordance with the law;
• performance of contracts to which the employer is a party – e.g. data must be made available to clients from whom services are to be provided or to contractors with whom “SUPERFALA” cooperates in order to enable contact and coordination of work;
• safety of people, property and the production process: for this purpose, we register the data and image of every person entering our premises and review this data in the event of events that violate the subject of protection;
• pursuing claims and defending against submitted claims – your data may be used to conduct debt collection procedures or court proceedings;
  security of each person’s personal data: it is our responsibility to protect your personal data, prevent, detect and stop data breaches.

In the case of candidates for work at “SUPERFALA”, their data is used only in connection with the recruitment process:

• establishing contact: telephone conversation, exchange of regular or electronic correspondence, arranging a meeting date, initial selection of candidates via remote communication;
• analysis of education, qualifications and professional experience in the context of the needs and expectations of the “SUPERFALA”;
  negotiating employment conditions – shaping proposals in relation to the data provided by the candidate.

The data of other people interacting with “SUPERFALA” are processed in a manner each time depending on the type of interaction and the necessary needs of “SUPERFALA” related to it, this may be, for example, the use of data to bring a lawsuit against the perpetrator of the damage or request the prosecution of the perpetrator of theft., but also using the provided contact number to inform a member of the employee’s family about his or her accident. It is impossible to predict and describe each of these situations in this Policy.

The principles that guide “SUPERFALA” when processing all data are: the principle of compliance with the law of data processing (which states that each data processing process must be based on at least one legal basis indicated in the GDPR), the principle of reliability and correctness (according to which the data controller must ensure that the collected personal data are correct and up-to-date and that their processing takes place without interruption), the principle of purpose limitation (meaning that personal data may be collected only for a specific, explicit and legitimate purpose that cannot be achieved using other methods), the principle of data minimization (meaning that the scope of data obtained must be adequate and limited to the minimum necessary to achieve the indicated purpose), the principle of integrity and confidentiality (which imposes on the data controller the obligation to process data in a way that guarantees an appropriate level of security), and also the principles of transparency and accountability.

4. Who may we share your data with and why.

In order to fulfill the legal obligations of SUPERFALA, your personal data may be made available to authorized state authorities:

• public authorities and administration bodies, including tax authorities,
• judicial and law enforcement authorities, such as the police, prosecutors, courts and arbitration bodies, upon their express and lawful request.

If we use the services of other service providers or other third parties to perform specific activities as part of our business activities, it may be necessary to share the processed personal data necessary to perform a specific task. Service providers support us in activities such as:

• design, development and maintenance of websites and online tools;
• providing solutions or IT infrastructure (e.g. providing, updating and servicing accounting applications, cloud services, hosting services);
• marketing activities or events and managing customer communications;
• preparing reports and statistics, conducting research and audits;
• printing materials;
• placing advertisements in applications, websites and social media;
• legal, debt collection or other specialized services provided by lawyers or other professional advisors;
• postal, transport and courier services;
• banking, financial, brokerage and insurance services;
• providing specialized services such as archiving physical documentation, operating audiovisual and IT equipment used to record video monitoring, etc.

Your data may be transferred to our contractors if we provide services to you under subcontracting or cooperation conditions. The data of “SUPERFALA” employees may also be made available to customers when, for example, they perform work-related activities on the premises of these entities.

In exceptional cases, in particular related to the use of financial, brokerage, insurance or IT services offered by international corporations, it may happen that your data will be made available outside the European Economic Area (EEA).

Whenever such a situation arises, i.e. data is made available to third parties in countries outside the European Economic Area (EEA), we apply the necessary safeguards in

for their protection. In such cases, we rely on the EU Model Clauses (if applicable), which are standardized contractual clauses used in contracts with service providers, so that we can be sure that personal data transferred outside the European Economic Area complies with the GDPR.

5. Your rights in connection with the processing of data by “SUPERFALA”.

If your personal data is processed by “SUPERFALA”, you have a number of rights resulting directly from the GDPR:

• at the request of a person regarding access to his/her data (Right of access to data), “SUPERFALA” informs the person whether his/her data is being processed and informs about the details of processing, as well as grants the person access to data concerning him/her. Access to the data may be achieved by issuing a copy of the data;
• at the request of the authorized person, inaccurate data is corrected (Right to request correction of data). “SUPERFALA” will exercise this right if the authorized person reasonably demonstrates data inaccuracies for which correction is requested. In the event of correction of data, the person is informed about the recipients of the data, at the request of this person;
• at the request of an authorized person, his or her data is supplemented and updated (Right to request supplementation and updating of data). “SUPERFALA” will exercise this right as long as the addition is not incompatible with the purposes of data processing (e.g. the data is unnecessary for the purposes of processing);
  at the request of an authorized person, his or her data is deleted (Right to be forgotten) when:
  a) the data are not necessary for the purposes for which they were collected or processed for other purposes;
  b) consent to their processing has been withdrawn and there is no other legal basis for processing;
  c) the person has lodged an effective objection to the processing of these data;
  d) the data was processed unlawfully;
  e) the need to remove results from a legal obligation;
  f) the request concerns the child’s data collected on the basis of consent for the purpose of providing information society services offered directly to the child.
• “SUPERFALA” restricts data processing (Right to request restriction of data processing) at the request of an authorized person when:
  a) the person questions the correctness of the data – for a period enabling its correctness to be checked,
  b) the processing is unlawful and the data subject objects to the deletion of personal data and requests instead the restriction of their use,
  c) “SUPERFALA” no longer needs personal data, but they are needed by the data subject to establish, pursue or defend claims,
  d) the person has objected to the processing for reasons related to his or her particular situation – until it is determined whether there are legally justified grounds for “SUPERFALA” that override the grounds for objection.

During the restriction of processing, “SUPERFALA” stores data, but does not process it (does not use, does not transfer) without the consent of the data subject, unless in order to establish, pursue or defend claims, or to protect the rights of another natural person or legal basis, or for important reasons of public interest.

• at the request of an authorized person, “SUPERFALA” will issue in a structured, commonly used, machine-readable format or transfer to another entity (Right to request data transfer), if possible, its data that it provided to the Administrator, processed on the basis of the consent of this person or in order to conclude or perform a contract concluded with it, in the IT systems of “SUPERFALA”;
• if a person raises an objection to the processing of his or her data based on his or her special situation (Right to object), and the data is processed by “SUPERFALA” based on the legitimate interest of the Administrator or a task entrusted to him in the public interest, “SUPERFALA” will take into account the objection, unless there are valid legitimate grounds for processing which override the interests, rights and freedoms of the person submitting the objection, or grounds for establishing, pursuing or defending claims. If an authorized person objects to the processing of his or her data by “SUPERFALA” for direct marketing purposes (including profiling), “SUPERFALA” will take into account the objection and discontinue such processing;
• if “SUPERFALA” would process data automatically, including in particular profiling of persons, and, as a result, decisions were made regarding them that would produce legal effects or otherwise significantly affect the situation of such persons, “SUPERFALA” would provide the possibility of appealing to human intervention and decisions after the “SUPERFALA” website (Right to human intervention in automatic processing), unless such an automatic decision:
  a) is necessary for the conclusion or performance of a contract between the appealing person and “SUPERFALA”;
  b) is expressly permitted by law;
  c) is based on the express consent of the requesting person;
  If you have any objections to the way in which your data is processed by SUPERFALA or the way in which SUPERFALA exercises your rights, you may submit a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection.

6. Do we process your data automatically and profile it?

“SUPERFALA” does not automatically process personal data of its clients, potential clients or contractors. Data of “SUPERFALA” employees may be processed automatically, in particular in IT systems securing access to rooms, applications, machines or devices. “SUPERFALA” does not profile your personal data.

7. How we protect your personal data.

In the “SUPERFALA”, a number of policies and procedures were implemented to protect processed personal data.

In particular, the “SUPERFALA” identifies personal data resources, data classes, relationships between data resources, identification of ways of using data, including: cases of processing sensitive data, cases of processing data of unidentified persons (UFO), cases of data processing children and cases of data co-administration. In addition, the legal basis for data processing is ensured, identified, verified and registered, as well as justification of cases where data is processed on the basis of the legitimate interest of the Administrator. SUPERFALA maintains a system for managing consents to data processing. It also ensures that the rights of data subjects are served by fulfilling requests received in this regard, in particular by verifying and ensuring the possibility of effective execution of each type of request by itself and its processors.

“SUPERFALA” has implemented a number of data protection measures against loss of confidentiality, availability and integrity. These are organizational security measures (e.g. system of accessibility restrictions, authorization system, obligations to keep data confidential, behavioral procedures, etc.), physical (e.g. locks, alarm systems, video monitoring, etc.) and technical (e.g. applications data encryption, back up servers, passwords, firewalls, etc.).

Additionally, “SUPERFALA” applies procedures for responding to incidents involving a breach of personal data protection, allowing for identification, assessment and reporting to the supervisory authority, as well as procedures for determining the need to notify persons affected by an identified data protection breach.

Any doubts you may have regarding the manner in which your data is processed by “SUPERFALA”, their protection or the manner in which “SUPERFALA” exercises your rights, can be consulted with the Data Protection Inspector of “SUPERFALA” – iod@prdim.com.pl.

Czartki, June 1, 2021
“SUPERFALA” Limited Liability Company