GDPR
INFORMATION OBLIGATION
In fulfilment of the information obligation under Article 13 of Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, pp. 1-88). In order to give you full control over how your personal data is used, we provide you with the following information, which has been prepared taking into account the GDPR, i.e. the General Data Protection Regulation in force since 25th May 2018.
PERSONAL DATA ADMINISTRATOR (“Administrator”)
DEMEX sp. z o.o. ul. Wypusty 66, 16-300 Augustów, Poland, NIP (tax identification number) 846-167-11-04, REGON (national economy number) 52245558700000, KRS (national court register) 0000976427
PERSONAL DATA AND PRIVACY
Your data are processed by us for the purposes indicated below, related to the operation of our company and the provision of services carried out in the scope of business activities.
Purpose of the processing:
Depending on what you will have opted for, this may be:
- Provision of the services offered by our company
- Completion of your orders
- Direct marketing of the services offered
- Sending you newsletters and promotional material
Basis for the processing:
- Sales contract (Article 6(1)(b) GDPR)
- Legal obligation incumbent upon us, e.g. in connection with accounting (Article 6(1)(c) GDPR)
- Contract for the provision of services (Article 6(1)(b) GDPR)
- Our legitimate interest in order to establish, assert or defend claims (Article 6(1)(f) GDPR)
- Our legitimate interest in profiling for marketing purposes (Article 6(1)(f) GDPR)
Data submission:
- Voluntary, but necessary for the conclusion of the contract and the presentation of the commercial offer
The effect of failure to provide data:
- Impossibility to conclude a contract of sale, to present a commercial offer
Possibility to withdraw the consent:
- At any time
Data processing remains lawful until you revoke your consent.
PROFILING
As part of the presentation of a commercial offer, we may automatically tailor certain content to your needs, i.e. carry out profiling, using the personal data you have provided for this purpose. Before we carry out profiling on the basis of which decisions are made:
- Having legal effects on you.
- Affecting you in a similarly significant manner, we will ask for your consent.
You can revoke your consent at any time. The processing of your data remains lawful until you revoke your consent.
THE TERM OF THE PROCESSING
We will only process your data for as long as we have a legal basis for doing so, i.e. until:
- We are no longer under a legal obligation to process your data.
- It ceases to be possible for either party to assert claims relating to the contract of sale.
- You withdraw your consent to the processing of your data, if it was the basis for such processing.
- whichever is applicable in the case and which occurs at the latest.
DATA SECURITY
When processing your personal data, we apply organisational and technical measures in accordance with the relevant legal provisions.
YOUR RIGHTS
You have the right to request:
- Access to your personal data
- Rectification of data
- Have your data deleted (if legally justified)
- Restriction of processing
Furthermore, the right to: - Object to the processing
- Request data transfer to another administrator
Contact us if you wish to exercise your rights.
If you consider that your data is being processed unlawfully, you can complain to the supervisory authority.
EXTERNAL SERVICES / DATA RECIPIENTS
We use external entities to whom your data may be transferred. Below is a list of these entities:
- Delivery agent
- Payment provider
- Accounting office
- Hosting provider
- Website optimisation facilitator
- Persons working with us under civil law contracts to support our day-to-day operations
- Provider of business support software (e.g. accounting software)
- Provider of technical support for us
- Mailing system provider
- Provider of marketing services
- Provider of software needed to operate an on-line shop
- Social networking sites
CONTACT WITH THE ADMINISTRATOR
- DEMEX sp. z o.o. ul. Wypusty 66, 16-300 Augustów, Poland, NIP: 846-167-11-04, REGON: 52245558700000, KRS: 0000976427, the Administrator can be contacted in writing, by postal mail to the address: ul. Wypusty 66, 16-300 Augustów, Poland or email: poczta@demex.pl and by telephone, at +48 87 644 7513.
- Your personal data is processed on the basis of Article 6(1)(f) of the GDPR, i.e. on the basis that the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party.
- The legitimate interests pursued by the company consist of offering products and services to customers within the scope of its activities disclosed in the KRS (National Court Register).
- The processing of your personal data for the purposes of the aforementioned products and services falls within the scope of the business activities of DEMEX sp. z o.o., and at the same time the processing of your data is necessary for the company to be able to create and deliver such products and services to its customers.
- Your personal data is processed manually and automatically in order to provide DEMEX sp.
z o.o. customers with comprehensive business information within the scope of the products offered. - The controller processes your personal data to the extent that it is made available by public sources.
- In relation to the processing of your personal data, you have the right to:
- Request from the Administrator access to your personal data
- Request the Administrator to rectify your personal data
- Request the Administrator to delete your personal data
- Request the Administrator to restrict the processing of your personal data
- Lodge an objection to the processing of your personal data
- Transfer your personal data
- Lodge a complaint with a supervisory authority
The above rights can be exercised by:
- Email contact at: poczta@demex.pl,
- Postal mail to: ul. Wypusty 66, 16-300 Augustów, Poland
- The Administrator shall make every effort to ensure all physical, technical and organisational measures to protect personal data against accidental or wilful destruction, accidental loss, alteration, unauthorised disclosure, use or access, in accordance with all applicable legislation.