PRIVACY AND COOKIES POLICY
PRIVACY POLICY
I. PRELIMINARY INFORMATION
The document (hereinafter referred to as the “Policy”) specifies what data we collect, how we process it and why we need it in connection with your visits to our websites available at:
Your visits to our profiles on social networking sites (including Facebook, Pinterest, Instagram and YouTube regarding the Defra, NAS and FIG brands (“Websites“).
The policy also specifies what rights you are entitled to and how you can exercise them.
II. WHO PROCESSES YOUR DATA
The Personal Data Controller is the company operating under the Deftrans Sp. z o. o. company name, based in Wszewilki (Sulmierzycka 73, 56-300 Milicz), entered into the register of entrepreneurs of the National Court Register under NCR (KRS) number 0000097852, the documentation of which is kept by the District Court for Wrocław-Fabryczna in Wrocław, 9th Commercial Division of the National Court Register, with tax ID (NIP): 916-13-17-735, REGON: 931931953) (“Company”).
Some processing areas are also subject to joint control. As part of the company’s telephone hotline at + 48 71 38 40 486 (“Helpline”):
- Deftrans sp. z o.o.,
- COMA INTERNATIONAL TECHNOLOGY sp. z o.o.,
- KOM T. DEFRATYKA sp. j.
(“Joint Controllers”) jointly process the data of persons contacting them via the Hotline. You will find more about data processing under joint control in the further part of the Policy.
III. CONTACT DATA
Our goal is to ensure the protection of your personal data while enabling you to contact us and provide our services at the highest level. Developments in technology mean that the Policy may undergo changes, which we will do our best to keep you informed of.
Should you have any questions, or if any part of the Policy is unclear or untransparent, please do not hesitate to contact us.
To learn more about the processing of your personal data by:
- Company, can be contacted via: e-mail address: biuro@deftrans.com.pl, or by phone at +48 71 38 40 486;
- Joint controllers, to facilitate contact, we have created common point of contact. Contact us by phone at: (+48) 71 38 40 486 or by e-mail: biuro@deftrans.com.pl or visit us at: DEFTRANS sp. z o.o., ul. Sulmierzycka 73, Wszewilki, 56-300 Milicz.
However, if you wish to contact a specific controller, please find the relevant email addresses below:
Deftrans sp. z o.o.: biuro@deftrans.com.pl,
COMA INTERNATIONAL TECHNOLOGY sp. z o.o. : office@comatechnology.pl
KOM T. DEFRATYKA sp. j. : office@kom.edu.pl
IV. DATA PROTECTION OFFICER AND CONTACT DETAILS
The Controller has appointed a Data Protection Officer: Sławomir Zieleziński – e-mail address: iod@deftrans.com.pl
The Data Protection Officer is the person whom any User or other personal data subject whose data is processed by this Controller may contact on matters relating to the processing of their Data and the exercise of their rights in relation to the processing of the Data.
V. YOUR RIGHTS
You shall have the following rights, in the cases specified by the provisions of Articles 15 to 22 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”), the right to:
- access to your personal data;
- rectification of personal data;
- deletion of personal data;
- restrictions on the processing of personal data;
- object to the processing of personal data;
- transfer of personal data;
- withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- submit a complaint to the President of the Personal Data Protection Office if you believe that your personal data is being processed contrary to applicable law.
Persons using the Hotline may exercise their rights related to the processing of personal data by the Joint Controllers towards each of the Joint Controllers, but to facilitate your contact with the Joint Controllers, it will be sufficient if you submit your request to the contact point indicated at the beginning. We agreed that the contact point would be primarily handled by the Company.
The same Joint Controller is also responsible for preparing the content of the information you are reading herein and for informing you of a possible breach if there is a high risk that your rights or freedoms may be infringed as a result, pursuant to Article 34 GDPR. Similarly when it comes to exercising your rights under the GDPR.
The Joint Controllers jointly determine technical and organizational measures to secure your data in connection with the use of the Hotline.
VI. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA IN CONNECTION WITH YOUR USE OF THE WEBSITES
The Company processes your personal data within the Websites for the following purposes and in the following scope:
- for the purpose of obtaining statistics on the use of individual functionalities available on the Websites, facilitating their use and ensuring IT security on the Websites, we process personal data regarding your activity on the Websites and the amount of time spent on each subpage, location, IP address, device ID, data regarding your web browser and operating system;
- for the purpose of marketing of our goods and services and those of our customers and partners, including remarketing, for these reasons we process personal data regarding your activity on the Websites. In the case of remarketing, we use data about your activity to reach you with our marketing messages outside the Websites and for this purpose we use the services of external suppliers
Facebook (more information at pl-pl.facebook.com/privacy/explanation), Google Analytics (more information at https://policies.google.com/privacy?hl=pl). These services involve displaying our messages on websites other than ours; - for the purpose of conducting statistical analyses on our profiles on social networking sites, which provide us with information on how many people have viewed our profile in a specific time, how you react to our posts, how often you click on the links we provide, what tags you are interested in, what locations you are from, whether you are included in our target group and to what extent;
- for the purpose of answering your questions when you contact us via our profiles. We then process your contact and identification details as well as the data provided to us in the communication you send us.
Your personal data regarding preferences, behaviour and selection of marketing content may be used, if you consent, as a basis for making automated decisions to determine the sales opportunities of the Websites and profiles on social networking sites.
When browsing the Websites, “cookie” files are used, hereinafter referred to as Cookies, i.e. small text information that is saved on your end device in connection with the use of our Websites. Their use is intended to ensure their correct operation and to provide you with personalized advertising and statistics.
These files allow you to identify the software you use and adapt the Websites individually to your needs. Cookies usually contain the name of the domain they come from, the time they are stored on the device and the assigned value.
You can find out what we specifically use individual cookies for from the cookie banner when you visit our website. There we described in detail what each file is “responsible for”. There you can also give us consent to their use by us, including providing you with personalized advertisements.
We also use third-party cookies for the following purposes:
- creating statistics – helping to understand how users or customers use the Websites, which allows improving its structure and content via Google Analytics analytical tools – by Google Inc. based in the USA and/or Meta Platforms, Inc. based in Menlo Park, California
- analysing Customers’ activity – matching the content displayed to them to their profile, which allows improving the management of advertising campaigns via analytical tools provided by Google Inc. based in the USA and/or Meta Platforms, Inc. based in Menlo Park, California.
To learn the rules of using Cookies, we recommend reading the privacy policies of the above-mentioned companies, including: https://www.google.com/policies/privacy/. . It is possible to block the Google Universal Analytics tool, according to the instructions available at: https://tools.google.com/dlpage/gaoptout/.
VII.WHAT IS THE LEGAL BASIS FOR COLLECTING YOUR DATA WITHIN THE WEBSITES
We use the data obtained on the Website on the basis of:
- our legitimate interest in ensuring the technical functioning of the Websites as well as analytical, statistical and marketing purposes if you are already our customer;
- based on your voluntary consent to the use of cookies to provide you with personalized marketing content;
- based on Article 6 (1)(b) and (f) (legitimate interest) of the GDPR as part of providing you with answers to questions you ask us when using our contact form;
- based on Article 6 (1)(b) and (f) (legitimate interest) of the GDPR as part of the execution of your orders, including for shipping purposes and defence against possible claims, including complaints.
VIII. PROCESSING WITHIN PROFILES ON SOCIAL NETWORKS
We process your personal data when you visit our profiles on social networking sites (such as Facebook, Instagram, Pinterest, YouTube). Personal data is processed in connection with maintaining such a profile in order to promote our activities and provide users with information about our products and services, as well as information about events and promotional campaigns organized by us. Personal data are processed pursuant to Art. 6 (1)(f) GDPR, i.e. the legitimate interest of the Controller.
The Websites include plug-ins such as Facebook and YouTube. By displaying our website that contains a Facebook or YouTube plug-in, your browser will establish a direct connection to the servers of the administrators of social networking sites (service providers). The content of the plug-in is transferred by the given service provider directly to your browser and integrated with the website.
For what purposes do we process your data on our social media profiles?
- in order to enable the user to use the content available on our profiles – we will process the following user data – name and surname or nickname;
- in order to enable the user to use the functionalities of Instagram, Facebook, Pinterest, YouTube, including reacting to our posts, posting comments under posts published on our profiles – we will process, apart from your nickname or name and surname, information posted in comments under posts published on profiles;
The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policies of individual service providers, including:
- Facebook (https://pl-pl.facebook.com/privacy/explanation/)
- Instagram (https://privacycenter.instagram.com/policy?__coig_consent=1)
- YouTube (https://www.youtube.com/intl/ALL_pl/howyoutubeworks/user-settings/privacy/)
- Pinterest (https://policy.pinterest.com/pl/privacy-policy)
You can also completely prevent plug-ins from being loaded on the website by using appropriate extensions for your browser, e.g. script blocking.
IX. MANAGING COOKIES IN YOUR BROWSER
The conditions for the use of necessary cookies can be specified in the web browser you are using, among others: in terms of limiting or completely disabling the possibility of saving cookies. However, changes to their settings may make it difficult or impossible to use some functions of our Websites.
Information on how to change cookie settings can be found in the settings of each web browser. Below you will find links to information about cookie management in the most popular browsers.
Google chrome – https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
Microsoft Internet Explorer – https://support.microsoft.com/pl-pl/topic/usuwanie-plik%C3%B3w-cookie-i-zarz%C4%85dzanie-nimi-168dab11-0753-043d-7c16-ede5947fc64d
Safari- https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
Mozilla – https://support.mozilla.org/pl/kb/ciasteczka
Opera – https://help.opera.com/pl/latest/security-and-privacy/
If you use a browser other than those listed, please visit the manufacturer’s website for information on how to change it.
X. PROFILING
When using our Websites and social profiles, if you consent, we will process your cookie data and provide you with content tailored to your needs and expectations. This makes it easier for customers to navigate our offer. This is possible thanks to the so-called profiling, i.e. the processing of information about you that allows you to automatically adapt the content displayed to your shopping preferences.
XI. PROCESSING AS PART OF OUR STANDARD OPERATIONS
entities affected by the processing | purpose of processing | types of personal data processed by the Controller | processing period |
natural persons – parties to contracts concluded with us or persons representing entities with whom the Controller has concluded a contract | conclusion and performance of the contract (Article 6(1)(b) of the GDPR) | Personal data in the form of identification data: name, surname, position; contact details (telephone number, delivery address, residential address) and in the case of proxies, personal data included in the content of the power of attorney (e.g. ID card number, PESEL) as well as identification data (e.g. NIP (tax ID), REGON), data related to the purchased goods. | Data related to the performance of the contract until the legally justified interests of the Controller are fulfilled, in particular related to the limitation of any claims that may result from the concluded contract. The data contained in the tax or accounting documentation will be stored by the Controller until the data storage obligations arising from specific regulations expire. |
determining and pursuing possible claims related to non-performance or improper performance of the contract (Article 6(1)(f) of the GDPR) | |||
maintaining contract documentation (Article 6(1)(b)(f) of the GDPR) | |||
accounting, financial and administrative services for contracts (Article 6(1)(c)(f) of the GDPR) | |||
determining the persons authorized to represent the entity with whom the company concludes an agreement and the scope of authorization (Article 6(1)(b)(f) of the GDPR) | |||
in order to verify the quality of the services we provide, the quality of assistance, your satisfaction, statistical data as our legitimate interest (Article 1(6)(f) of the GDPR); | |||
contact in connection with the performance of the contract, in particular for the purposes of determining the delivery date and its implementation (Article 6(1)(f) of the GDPR) | |||
Users using our website (including the services and functionalities offered therein) | providing and sending an answer to your question, including sending via e-mail important information regarding our goods and services in accordance with the content of the inquiry; | the scope is each time specified in the appropriate form related to the use of a given service or website functionality (Article 6(1)(b) or (f) of the GDPR), e.g. in the contact form or contacting us via e-mail – first name and last name, e-mail address | Until the legally justified interests of the Controller are fulfilled, in particular related to the limitation of any claims that may result from the correspondence and services provided. |
Natural persons corresponding with us, including via traditional mail or e-mail | conducting correspondence, including electronic correspondence, as the implementation of the legally justified interest of the Controller or taking action at your request before concluding the contract (Article 6(1)(a) b or f GDPR) | identification data, address and other data contained in the content of the correspondence; the scope is each time specified in the correspondence with us and results from the scope of content you provide us. | Until the legally justified interests of the Controller are fulfilled, in particular related to the limitation of any claims that may result from the correspondence and services provided. |
People we contact for marketing purposes | for the purpose of directing to you our marketing communications (in a situation where you are already our client pursuant to Article 6(1)(f) of the GDPR – as our legitimate interest or on the basis of your consent – Article 6(1)(a) of the GDPR – when you have not previously been our client and we are establishing a relationship with you for the first time) | Contact details (telephone number and/or e-mail address) and identification (first name and surname) | until you withdraw your consent or object to the processing of your data for this purpose |
newsletter subscribers | in order to deliver our newsletter at your request – pursuant to Art. 6 section 1 (b) GDPR | contact details enabling the delivery of the newsletter (e-mail address and/or telephone number) | until you complete your newsletter subscription |
XII. PROCESSING OF EMPLOYEE DATA
entities affected by the processing | purpose of processing | types of personal data processed by the Controller | processing period |
job candidates | ongoing recruitment – in connection with your wil tto participate in our recruitment process (Article 6(1)(b) of the GDPR) | data provided to us by you during the recruitment process, including data contained in your CV, cover letter and provided during the interview | until the recruitment is completed and the time necessary to defend claims after the recruitment is completed related to the recruitment process |
future recruitment – in connection with your expression of will to participate in future recruitment (at your request – Article 6(1)(b) of the GDPR) | data provided to us by you during the recruitment process, including data contained in your CV, cover letter and provided during the interview | 6 months | |
employees | organization and management of employees’ work to the extent necessary | for the period of employment and the period related to the limitation period for claims | |
calculating and paying remuneration in order to fulfil the obligation arising from the Labour Code (Article 6(1)(c), Article 9(2)(b) of the GDPR) | for the period of employment and the period related to the limitation period for claims | ||
deductions from wages in order to fulfil enforcement obligation from remuneration resulting from the Labour Code, the Code of Civil Procedure, the Act on enforcement proceedings in administration, Act on court bailiffs (Article 6(1)(c) of the GDPR) | for 3 years from the last deduction; | ||
implementation of the employer’s obligations towards employees arising from generally applicable and internal labour law provisions in order to fulfil the employer’s obligations arising from the Labour Code and other labour law provisions (Article 6(1) 9(2)(b) GDPR) | for the period of employment and the period related to the limitation period for claims | ||
implementation of occupational health and safety obligations – in order to fulfil the employer’s obligations arising from it from the Labour Code, the regulation on general health and safety regulations and other labour law provisions (Article 6(1)(c), Article 9(2)(b) of the GDPR) | for 10 years from the end of employment | ||
keeping employee files in order to fulfil the employer’s obligations from the Labour Code, the Act on the National Archival Resource and the regulation on the scope of documentation kept by employers in related matters with the employment relationship and methods of maintaining the employee’s personal files (Article 6(1)(c), Article 9(2)(b) of the GDPR) | for 50/10 years after termination of employment | ||
fulfilment of obligations towards Social Insurance Institution (ZUS) in order to fulfil the obligations of the payer of pension and disability pension contributions arising from the Act on pensions and disability pensions from the Social Insurance Fund, the Act on the social insurance system and the Act, and in the case of ongoing proceedings – for the duration of the proceedings until their final conclusion and until limitation period for claims. health care claims financed from public funds (Article 6(1)(c), Article 9(2)(b) of the GDPR) | for 50/10 years in the scope of storing documents on the basis of which the basis for calculating the pension or disability pension is determined | ||
fulfilment of tax obligations in order to fulfil the obligations of the income tax payer under the Tax Ordinance, the Personal Income Tax Act and other tax regulations (Article 6(1)(c) of the GDPR) | limitation of tax claims – for 5 years from the end of the calendar year | ||
book-keeping and accounting obligations in order to fulfil the obligations arising from the Accounting Act, the Tax Ordinance and the Corporate Income Tax Act (Article 6(1)(c) of the GDPR) | limitation of tax claims – for 5 years from the end of the calendar year | ||
promotion of the employer’s activities and photo reports – films, photos promoting the employer’s activities by making them available on the employer’s website, showcases, chronicles, social and local media in publications and folders promoting the employer – only in the case of consent pursuant to Art. 6(1)(a) and | image, voice, identification data | until consent is withdrawn | |
video monitoring pursuant to Art. 6(1)(a) c GDPR or Art. 6 section 1 letter f – towards the obligations related to ensuring the safety and protection of the employer’s property | image | until the recording is overwritten – 3 months | |
pursuing claims or defending against claims – based on the legitimate interest of the employer (Article 6(1)(f) of the GDPR) consisting in acting in court cases, pursuant to the provisions of the Labour Code, the Civil Code and the Criminal Code or other relevant provisions | all employment data | during the limitation period for employment-related claims | |
persons provided in the employee questionnaire | art. 6(1)(c) and art. 9(2)(b) GDPR – in order to fulfil the obligation arising from the Labour Code and other labour law provisions during the period of employment; | data provided in the questionnaire, including health data (e.g. disability) | for 50/10 years in the scope of storing documents on the basis of which the basis for calculating the pension or disability pension is determined |
People using the Dobra Przyszłość (Good Future) platform | the platform is intended for employees of the DEFTRANS group and their families, where we present our position and actions on the most important issues related to the future. We process your data for this purpose when you use the platform or when you respond to our posts. This is our legitimate interest (Article 6(1)(f) GDPR) | Identification data such as name and surname or nickname, other data provided to us by you on the platform, data provided to us by you when commenting on our posts. | for the period of operation of the platform or the lifespan of individual posts |
Providing personal data to the extent required by law is mandatory, and failure to provide them will result in the inability to perform the employment relationship. Providing other personal data is voluntary, and refusing to provide them will result in the inability to achieve the individual purposes indicated above.
XIII. RECIPIENTS OF YOUR DATA
Your data will be passed on to third parties if the applicable legislation requires it or for the purpose of fulfilling your order, for the purpose of fulfilling contracts, including with employees and also for the purpose of displaying content to you on the Websites. We transfer data to the following categories of recipients:
- Our employees and collaborators responsible for servicing you as a customer, accounting and persons dealing with marketing and maintaining contact with you on our behalf,
- third parties providing services on our behalf, including marketing companies, IT service providers, auditors, accounting, legal services, debt collection companies and other persons to the extent necessary for the purposes of mutual agreements concluded between us and other entities on the market.
- when such an obligation results from the provisions of applicable law, including to the Social Insurance Institution (ZUS), the National Health Fund (NFZ), labour offices, the National Fiscal Administration (NFA), PFRON, bailiffs, the State Labour Inspectorate (PIP), the State Sanitary Inspectorate, other state authorities;
- when it is necessary to meet the employer’s needs resulting from the concluded employment relationship;
- business partners, contractors and clients – only in the scope of business data, and in the remaining scope only after obtaining a separate, voluntary consent of the employee,
- postal operators and courier companies.
If we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with applicable laws.
We also transfer your personal data to service providers that we use to run the Websites, including our profiles on social networking sites. Depending on the contractual arrangements and circumstances, these entities act on our behalf or independently determine the purposes and methods of their processing, list of suppliers of Google Inc. (Google Analytics) based in the USA, Meta Platforms, Inc. based in Menlo Park, California – purpose: measuring traffic on websites, reporting on application errors, creating statistics, analysing user activity, measuring the effectiveness of advertising campaigns, managing advertising campaigns.
XIV. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
In connection with the use of Google Analytics tools and having profiles on social networking sites, your personal data may be transferred outside the EEA. The European Commission has not established an adequate level of protection for such data transfers.