What data do we mean?
Personal data is information about an identified or identifiable natural person. It is therefore primarily about data that identifies you, including your name contact details such as your telephone number, e-mail address and mailing address.
Personal Data Controller
KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8, is the controller of your personal data.
You may address your query to any of the above-mentioned Controllers by sending it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address firstname.lastname@example.org.
Data Protection Officer
We have appointed a Data Protection Officer whom you may reach for all matters concerning the processing of your personal data and your rights in this regard. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8, 51-116 Wrocław, or contact by e-mail: email@example.com.
Why and on what basis do we process your personal data?
Your personal data may be processed by us:
• to the extent necessary to conclude and perform a contract between the Administrator and you or your employer (legal basis: Article 6(1)(b) of the GDPR)
• in order to fulfill the legal obligations incumbent on the Administrator (legal basis: Article 6(1)(c) of the GDPR), i.e. to counteract money laundering and financing terrorism - this is an obligation resulting from the Act on counteracting money laundering and financing terrorism ( AML) and the application of accepted accounting principles - this is an obligation that results from the provisions of the Accounting Act
• in order to implement the Controllers legitimate interests (legal basis: Article 6(1)(f) of the GDPR), i.e. to prepare statistics and reports for own needs and within a group of enterprises, − consider complaints and determine claims, pursue them or defense, − ensures the safety of persons and property of the Controller, including ensuring security as part of the entrusted tasks, in particular preventing abuses, − verifying whether you are a natural person who is a representative or real beneficiary of a company entered on national and international sanction lists, against which measures are applied limiting on the basis of national and international law in connection with the regulations applicable to the Controller
• to carry out other activities when we have your consent to process data (legal basis: Article 6(1)(a) of the GDPR)
How long do we keep your personal data?
The duration of the Controller's processing of your personal data depends on the purpose of the processing. It arises in the case of a contract usually from:
To whom may we pass your personal data?
Your data may be made available to entities supporting our activities, such as companies from the capital group, entities providing legal and accounting services, Your data may be transferred to our IT, ICT and cloud service providers. our consultants or auditors and law enforcement authorities, as well as other authorities and entities, if the obligation to provide data results from legal provisions, such as: General Inspector of Financial Information (GIIF).
Do you have to give us your personal information?
Your provision of personal data is voluntary. To the extent that the processing of your personal data takes place for the purpose of entering into and performing a contract, the consequence of failing to do so will be that you cannot be contacted for this purpose.
From whom may we receive your data?
In principle, we receive your data directly from you as a result of you providing it in the relevant contractual provisions. In some situations, we obtain your personal data by means other than directly from you, e.g. someone else provides you as a contact person for the conclusion and performance of a contract. This could be your supervisor or a co-worker.
Profiling and automated decision making
Please be informed that in the course of our activities your data will be processed by automated means, including profiling. We do not make automated decisions in relation to you.
Transfer of your personal data outside the European Economic Area (EEA)
We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
What rights do you have in relation to your data and how can you exercise them?
In our business, we ensure that you can exercise your rights under the GDPR.
Under the GDPR you have the right to:
You can also request:
Please note that, in accordance with the GDPR, we will not delete your personal data to the extent that its processing is necessary for us to establish, assert or defend our claims, e.g. a request for payment of a debt, or we have a legal obligation to process it, e.g. an obligation to keep accounting documents. If, on the other hand, we restrict the processing of your data at your request, we will still be able to process your data to establish, assert or defend our claims.
Where your consent is the basis for the processing of your personal data, you may withdraw it at any time. However, this will not affect the lawfulness of the Company's use of your data prior to the withdrawal of such consent.
If you wish to exercise the above rights, you may submit a request to us by:
You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.