As a responsible organization, which is aware that information has a certain value and is a resource that requires proper protection, we intend to inform you appropriately about issues related to the processing of personal data, particularly as regards the content of the new regulations on personal data protection, including the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). Due to this reason, we present in this document the key information on legal bases of the processing of personal data, methods of their collecting and using, as well as the rights of entities they apply to.

Based on art. 13 of the Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), with regard to collecting data from a person to whom such data applies, I would like to inform that:

The Controller of your personal data is ENPIRE Łukasz Wojciechowski (ul. Toruńska 151, 85-800 Bydgoszcz). In all cases related to the processing of personal data, please contact us by sending an email to iod@enpie.pl.

The joint Controller of your personal data is a company operating within a group of companies:

  • ENPIRE sp. z o.o. ul. Toruńska 151, 85-880 Bydgoszcz

 

In order to maintain safety of personal data processed by our companies, which have capital, personal and organizational ties, and also to assure high quality of services provided by us, we have accepted a model of joint control of data. Joint controllers ensure strict compliance with the laws concerning privacy of users and protection of their personal data. Joint controllers ensure sufficient warranties to implement appropriate technical and organizational measures, in order to make sure that the processing meets the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and protects the rights of the people who are data subjects. All companies apply the same Privacy Policy. Based on it, we control the personal data adhering to the laws, including in particular regulations concerning protection of personal data and safety requirements. Each of the joint controllers is severely liable for all violations in the processing of personal data. The person to whom such data applies can file a claim to the selected joint controller, who will be obliged to repair the damage, even when it was caused by a different joint controller.

Personal data provided by you will be processed for the following purposes:

  • Conclusion and performance of the contract of carriage based on art. 38 sec. 1 and 2 and art. 50 of the Act of November 15, 1984 of the Transport Law or art. 6 and 7 of the Convention on the Contract for the International Carriage of Goods, and art. 6 sec. 1 letter b and letter f of the GDPR,
  • Fulfilment of the legal obligation by the Controller pursuant to art. 6 sec. 1. letter. c of the GDPR,
  • Conducting marketing activities with the use of electronic communication means, art. 6 sec. 1 letter a of the GDPR,
  • Securing the claims, art. 6 sec. 1 letter f of the GDPR and undertaking activities related to debt recovery procedure,
  • Establishing of a contact based on art. 6 sec. 1 letter f of the GDPR as a legitimate interest pursued by the Controller (email, contact forms)
  • Claim submission process – art. 6 sec.1 letters b and c,
  • Legitimate interest pursued by the Controller – art. 6 sec. 1 letter f of the GDPR.

 

Recipients of your personal data:

We can forward your personal data to companies or other trustworthy business partners, providing services on our behalf. When we cooperate with entities which on our behalf process personal data, we use exclusively services of processing companies that ensure sufficient warranties for implementation of appropriate technical and organizational measures, making sure that data processing meets the requirements of the GDPR and protects the rights of the people who are data subjects. We verify in detail the companies to which we entrust processing of your data. We conclude with them detailed contracts, and perform periodic inspections regarding compliance of processing operations with the content of such contract and legal regulations. Your data can be accessed by our subcontractors, in particular carriers, as well as law firms, IT companies, claim adjustors, service providers within claim settlement, auditors, and consultants.

Your personal data can be also received by:

  • entities and bodies authorized to process personal data based on legal regulations, banks in the case of necessity of settlement of accounts,
  • institutions providing additional financing to perform the contract concluded with the Controller,
  • entities cooperating within marketing campaigns,
  • entities providing transport and loading services,
  • customs agencies,
  • platforms for exchange of information between carriers,
  • entities and bodies authorized to process personal data,
  • entities ensuring delivery of software,
  • entities providing IT services,
  • law firms,
  • owner of the social media portal Facebook on the principles not affected by changes regarding data specified by Facebook available at https://www.facebook.com/about/privacy.

    Personal data provided by you can be forwarded to entities having their place of business outside the European Economic Area (EEA), i.e. in third countries. In regard to these countries, no decision was issued by the European Commission confirming that these states ensure a proper level of protection within the meaning of the European regulations concerning data protection.

 

Data processing for marketing purposes takes place based on a separate agreement; such data is processed no longer until withdrawal of an agreement or notifying an objection or demanding to stop data processing for this purpose.

Your personal data will be stored until expiration of an obligation to store data resulting from legal regulations or until limitation of claims resulting from the contract concluded. The time of storing your personal data collected by ENPIRE Łukasz Wojciechowski, depends primarily on the purpose for which your data are collected, in accordance with the following criteria:

  • the time of performance of a contract / order – in the case of data processing for the purpose of concluding and performing a cooperation agreement,
  • period necessary to review a claim that was filed – in the case of data processing for the purpose of handling the claim submission process,
  • until settlement of a dispute / resolution between the parties, taking into consideration appropriate times of statute of limitations – in the case of data processing for the purpose of pursuing claims and undertaking activities related to debt recovery,
  • until filing by you a statement of opposition – in the case of processing data for the purpose of checking customer satisfaction among clients of the Controller and direct marketing (sending commercial information),
  • after periods indicated in articles a) – d) throughout the time, during which legal regulations order storage of data or throughout the limitation period for claims.

 

Images will be processed only based on a previously expressed consent – art.6 sec.1 letter a of the GDPR – consent from a person.

In the cases and based on the principles specified by the GDPR, you have:

  • the right to request from the Controller access to your personal data,
  • the right to rectify, erase or block processing of your personal data,
  • the right to object to the processing of your personal data,
  • the right to transfer data,
  • the right to withdraw your consent to process your personal data anytime, without affecting the lawfulness of data processing, which was made based on an agreement before its withdrawal (when data is processed based on a consent),
  • the right to lodge a complaint with the competent supervisory authority,
  • the right to request from the Controller access to your personal data.

 

Your personal data will not be subjected to automated decision making, including profiling by the Controller.

Providing your personal data is voluntary in nature, although failure to provide such data in the scope required by the Controller can result in the fact that concluding or performing of a contract will not be possible.