We publish this document to explain the reasons why we collect and process personal data in the course of our business:

1. What are personal data ?

This is all information that allows you to distinguish one person from another without much effort. These pieces of information can be either directly about that person (such as a name, identification number, and sometimes even an email address or web account), or ones that do not directly describe that person. For example, they relate to this person’s characteristics, health, views, place of residence, addictions, race or religion.

2. What kind of personal data are we talking about in our case ?

This is data provided to us by our Customers, Contractors and Employees and Associates in connection with the use of our services, cooperation with us or employment. This data is processed by us.

3. What does data processing mean ?

Processing is any activity that we may perform with personal data – related to both its active use, such as collecting, capturing, recording, combining, modifying or sharing, and its passive use, such as storing, limiting, deleting or destroying.

4. Who is the Data Controller (i.e. who has influence on data processing and security)?

Personal Data is controlled by ELSTAR FATS Sp. z o.o. ul. Marynarki Wojennej 2C, 82-220 Stare Pole. You can contact the Controller via e-mail sekretariat@elstarfats.pl or by post to the following address: ELSTAR FATS Sp. z o o. ul. Marynarki Wojennej 2C, 82-220 Stare Pole

5. What are the legal grounds and what is the purpose of data processing?

Any processing of your data must be based on an appropriate legal grounds that comply with current legislation. Such grounds may include your consent to the processing of your data or other legal provisions allowing it that are contained in the Personal Data Protection Act of 29 August 1997 and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (referred to as “GDPR”)

Your data may be processed by us for several different purposes, for example:

• If you are our customer or a person interested in using our services or products also offered in the online shop, your personal data will be processed on the basis of Article 6(1)(b) of the GDPR for the purpose of processing which is necessary to execute a contract which the data subject is a party to or in order to take steps at the request of the data subject prior to entering into a contract. By expressing your intention to enter into a contract, you will know what personal data you will need to sign the contract, and once you have signed the contract, you will know what data you have provided for this purpose or will provide at a later date,
• If you are interested in working for us, your data contained in your application or CV are processed in paper or electronic form. The legal basis here is the fulfilment of legal obligations of binding for the Controller under Article 221 § 1 of the Labour Code of 26 June 1974, and takes place in accordance with Article 6(1)(c) of the GDPR, and in order to take action upon request before concluding a contract of employment – in accordance with Article 6(1)(b) of the GDPR. Your personal data, other than those listed in Article 221 § 1 of the Labour Code of 26 June 1974, may be processed in accordance with Article 6(1)(a) of the GDPR on the basis of your consent which you may withdraw at any time. In this case we will not consider your application and will immediately delete all the data you have entered. However, once you are employed with us, the further processing of your data and the mandatory scope of their transfer and further processing by us is determined by the provisions of employment law,
• If you make a complaint or claim related to the contract – we process the data on the basis of Article 6(1)(b) of the GDPR
• If you use our website and its subpages where cookies are used – this is our legitimate interest and we process data on the basis of Article 6(1)(f) of the GDPR
• We process your data in connection with the need to ensure the security of persons and facilities or network and information security. This is our legitimate interest and we process data on the basis of Article 6(1)(f) of the GDPR. If video surveillance is used for this purpose, you will be made aware of this through appropriate signs and pictograms,
• We process your data in connection with the creation of records under separate legislation – on the basis of Article 6(1)(c) of GDPR (obligation under the law) and Article 6(1)(f) GDPR (legitimate interest of the controller).

6. Whom do we transfer your data to?

In accordance with applicable law, we may transfer your data to entities processing them on our behalf, such as hosting companies where we maintain this website or to subcontractors of our services. We are also obliged to make them available at the request of entities entitled to do so under other provisions of law, e.g. National Insurance Institution, Tax Office and courts or law enforcement agencies. In some cases, however, it will be shared only upon their request indicating the law they are making such a request under.
As a rule, the Controller does not provide for transferring data to third countries outside the European Economic Area. However, due to the use of Google and LinkedIn on our websites and social media, your User Data may be transferred outside the European Union to third countries and, if this occurs, will only be transferred on the basis of standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the GDPR.
Detailed information is available in the privacy policy of each
of the providers of these services, available on their websites. For example:
Google LLC: https://policies.google.com/privacy?hl=pl
LinkedIN: https://www.linkedin.com/legal/privacy-policy
Currently, the services offered by Google and Linkedin are mainly provided by entities located in the European Union. You should, however, always refer to the privacy policy of these providers in order to receive the most up-to-date information on data protection.
Within the European Union, in all member states, thanks to the GDPR, the contents of which are available HERE , the same level of protection it provided for your data too.

7. How long will we process your data?

We pay great attention to limiting the scope of the data we collect as well as the time of their processing to a necessary minimum. For this purpose, we perform a systematic review of the paper and electronic documents in our possession removing unnecessary documents the usefulness of which has expired. Please note that the duration of the processing of your data, depending on the basis on which we obtained them, may be determined by separate – independent of us – legal regulations which may oblige us to store your data, regardless of your will or desire. Examples include labour law, social security law and employee personnel file regulations.

If we were to use the data in our possession for a purpose other than that for which it was collected, we will always inform you of the fact and you will be able to object.

8. What rights do you have in relation to your data?

• right to request to access your data – within the limits of Article 15 of the GDPR,
• right to their rectification – within the limits of Article 16 of the GDPR,
• right to request their deletion – within the limits of Article 17 of the GDPR, or right to restrict processing activities – within the limits of Article 18 of GDPR,
• right to object to the processing of data – within the limits of Article 21 of GDPR,
• right to transfer your data, including obtaining a copy of the data – within the limits of Article 20 of GDPR.

All these rights are detailed in Articles 15 to 21 of the GDPR, the text of which is available at the link above.

You can also withdraw your consent to the processing of your personal data, in which case we will immediately delete your personal data as long as there is no legal obligation requiring us to continue processing it. For example, if you have purchased goods from us, we will continue to hold them for your financial and accounting records and process them for a period of 5 consecutive calendar years from the date of purchase, in accordance with accounting regulations.

If you feel that we have in any way – of course unintentionally – violated your rights or failed to ensure the security of your personal data, you have the right to lodge a complaint with the supervisory authority which is currently the President of the Office for Personal Data Protection.

9. Automated decision making and profiling information.

We do not make any automated decisions based on your data, i.e. decisions without human intervention. We also do not take any steps to profile you.

10. How do we protect your data?

We use organisational and technical measures required by law to ensure the security of your data. We have installed the necessary physical security at our premises to prevent unauthorised access to data. Our employees have the required authorizations and may process the data in a limited manner, i.e. only insofar as this is necessary for the proper performance of their duties.