"I always prefer to believe the best of everybody,
it saves so much trouble"

- Rudyard Kipling

Privacy Policy

In this Privacy Policy, users can find all important information regarding our use of personal data, regardless of the channel or means (online or in person) used to interact with us.

Users who wish to find out how we use cookies and similar technologies that may be installed on our customers' and users' terminal equipment are advised to read the Cookie Policy

Data controller

The administrator of your personal data, i.e. the entity that decides on the purposes and means of processing, is "bez owijania" sp. z o.o. with its registered office at Al. Jana Pawła II 22, 00133 Warsaw.

You can also contact us on matters relating to the processing of your personal data by email at: biuro@bezowijania.com

Data acquisition and purpose of data processing

We process personal data for the following purposes:

Purpose of processing:

Legal basis and data retention period:

Activities aimed at concluding and fulfilling a contract with a client or customer, within the scope of the administrator's activities, including for the purpose of providing on-site and online training courses

Article 6(1)(b)
(concerning customers);

Article 6(1)(f) of the GDPR
(concerning persons who cooperate with us on behalf of the client/contractor).

The need to contact customers/employees/co-workers of customers and contractors in connection with activities undertaken for the purpose of concluding a contract or its execution

Handling of complaints, applications and claims.

Article 6(1)(b), (c) and (f) GDPR

For the duration of the contract or until the warranty expires or the claim is settled.

Need to liaise with clients' staff/co-workers in relation to dealing with complaints, requests and claims.

Determination, investigation and defence of claims

Article 6(1)(f) GDPR
For a period of time until the expiry of the limitation periods for contractual claims - in accordance with the applicable legislation.

Processing of data of customers or contractors and their employees /co-workers in connection with the establishment, investigation and defence of claims.

Carrying out accounts, bookkeeping and financial reporting.

Article 6(1)(c) of the GDPR
For a period of time until the expiry of data retention obligations under the law, in particular the retention of accounting documents (as a general rule, for 5 years after the year in which the legal event occurred that obliged the issuing of the accounting document).

Keeping statistics

Article 6(1)(f) GDPR
For the duration of any other processing operation indicated in this table. We do not store personal data exclusively for statistical purposes.

Improving business operations through lessons learned from statistical activities

Data processing as part of the Facebook profile.

Art. 6(1)(f) GDPR The
data is co-administered by the Company "without wrap" and Meta Platforms

Data will be processed until you object to the processing.

Conducting ongoing correspondence using tools provided by Facebook, including Messenger, and conducting other marketing activities.

Cookie processing.

Article 6(1)(f) GDPR
The administrator uses the necessary cookies to enable the basic functions of the website. In addition, in the case of statistical research, marketing or the recording of user preferences using cookies, the administrator will obtain consent to store cookies on the user's device.

In this case, the data will be processed for the periods indicated in the Cookies Policy or until you object to the processing.

Enabling the basic functionality of the website. To adapt the content of the website to the users' needs, including for marketing and statistical purposes, to optimise the use of the website

Replying to enquiries via the contact form on the website

Article 6(1)(f) GDPR

Data stored for 3 months or until an objection is lodged

Human resource management - employees and colleagues.

Article 6(1)(a), (b), (c) and (f) of the DPA;
Article 9(2)(b) of the DPA
In accordance with the applicable legislation requiring the archiving of employment law documents, i.e. we keep personnel files for 50 or 10 years.

If the retention period for the selected documents is shorter, the administrator will respect this shorter period.

Civil law contracts will be stored until the expiry of the limitation periods for claims arising from them.

Dissemination of an employee's /co-worker's image on the basis of copyright permission

Driving recruitment.

Article 6(1)(a) and (c) of the GDPR
(concerning job applicants);

Art. 6(1)(a) and (b) GDPR
(for co-op candidates)
Up to 6 months after the end of the recruitment process, and in the case of consent given for further recruitment processes, no longer than one year.

Recipients of data

We will disclose your personal data to the following entities:

  • business persons, including solicitors and barristers, who cooperate with us in the provision of consultancy services to clients, and trainers in the provision of training courses
  • to state authorities or other entities authorised by law,
  • entities supporting us in our operations on our behalf, in particular: providers of external ICT systems to support our operations, including Microsoft, entities auditing our operations, entity providing accounting services .

Rights with regard to the data processed and the voluntariness of their provision

Every person whose data is processed has the right to:

  • access to their data and receive a copy of their data,
  • rectification (amendment) of your data,
  • delete your data,
  • restrict the processing of your data,
  • portability of your data - where the legal basis for processing is consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or contract (Article 6(1)(b) GDPR),
  • to object to the processing of his/her personal data - where the legal basis for the processing is a legitimate interest (Article 6(1)(f) GDPR).
  • revoke consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before revocation.

For more information on data subjects' rights, please refer to the provisions of Articles 12 to 23 of the GDPR.

In addition, the data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.

More information at: https://uodo.gov.pl/.

Obligation/voluntariness to provide your personal data?

The provision of data is necessary for the conclusion of contracts and the settlement of business and to comply with legal requirements. This means that if you want to make use of the services we offer (such as training, audits, support for the implementation of GDPR or ISO, employee appraisal system, management control or other solutions), become our contractor (supplier) or employee/co-worker, you must provide your personal data.

If your employer or another entity has nominated you as a contact person in connection with the conclusion/performance of a contract (including your participation in a training course organised by us), your data will be processed to the extent disclosed by this entity (as standard, this is your first name, surname, job title, e-mail address and telephone number).

Otherwise, the provision of data is voluntary.

Transfers of data to third countries

Personal data will in principle not be transferred outside the European Economic Area (hereinafter: "EEA").

If, over time, we contract for ICT services with entities operating outside the EEA structures, this will always be done with proven entities that ensure the protection of personal data.

Indeed, according to the European Commission's decision, recipient countries outside the EEA provide an adequate level of protection of personal data in line with EEA standards. The Commission's decision against the US covers companies participating in the Data Privacy Framework programme. We only work with companies participating in this programme. For more information, please visit: https://www.dataprivacyframework.gov/s/

The safeguards applied to your data comply with the principles provided for in Chapter V of the GDPR. You can request further information about the safeguards applied, obtain a copy of these safeguards and find out where they are shared.

Processing of personal data by automated means

Your personal data will not be used for the purpose of automated decision-making (including in the form of profiling) in such a way that such automated processing could result in any decisions that would produce legal effects or similarly affect any effects on customers, contractors, their employees or associates, as well as employees or associates of the controller or job applicants.

 

 

Warsaw, 02 October 2023

public.common.backtop