Privacy Policy

Information Clause for Customers Wojmar Automatyka Przemysłowa Sp. z o.o.

For the purpose of clarifying further communication, we shall use the following definitions:

The Company or Controller – Automatyka Przemysłowa Sp. z o.o. z siedzibą ul. Boczna 8, 44-0240 Żory zarejestrowana w SAD REJONOWY W GLIWICACH, X WYDZIAŁ GOSPODARCZY KRAJOWEGO REJESTRU SADOWEGO pod numerem KRS Wojmar 0000583280, NIP 6511718813/ REGON 362866791.

Customer – a natural or legal person with whom the Company has concluded at least one transaction within the scope of its business activity, or a business entity with which the Company establishes business contact, presents an offer to conclude an agreement, or responds to an offer, as well as any other person involved in the performance of the agreement. Contact Person – any natural person who contacts the employees and representatives of the Company for the purpose of establishing commercial cooperation and who may become a Customer. In particular, a contact person may be an employee of the Customer or a person designated for their representation. In such a case, the Customer may grant such a person appropriate authorizations, of which the Company may be informed.

 

GDPR INFORMATION

In performance of the information obligations concerning the protection of personal data arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1) ("GDPR"), which entered into force on 25 May 2018, in connection with obtaining your personal data, we provide the following information:

1. Who is the personal data controller?

We kindly inform you that the controller of your personal data, i.e., the entity that decides on the purposes and methods of their processing, is the Company.

2. Who is the Data Protection Coordinator and how to contact them?

Taking into account the nature, purposes, and scope of processing, as well as the risk of infringement of the rights or freedoms of natural persons, the Controller has not appointed a Data Protection Officer. In their place, the Controller has appointed a Data Protection Coordinator, who can be contacted at the postal address of the Controller's registered office or electronically in all matters concerning the processing of personal data and the exercise of rights related to the processing of personal data via e-mail: rodo@wojmar.pl.

3. For what purpose and on what basis is your data processed?

Personal data of Customers and Contact Persons may be processed by the Controller for the following purposes:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes – (art. 6 ust. 1 lit. a) RODO).
  • Conclusion of a commercial purchase/sale agreement and activities aimed at concluding such an agreement, including cases where the data of a person acting in the interest and on behalf of the Customer is required, e.g., such a person is authorized to place orders or collect orders on behalf of the Customer –(art. 6 ust.1 lit. f) RODO).
  • Responding to inquiries related to the assortment of goods offered by the Company as part of activities preceding the conclusion of a commercial agreement –(art. 6 ust.1 lit. f) RODO).
  • Establishment, exercise, or defense of claims related to the agreement concluded with you – the legal basis is the necessity of processing for the purposes of the legitimate interests pursued by the Controller –(art. 6 ust.1 lit. f) RODO).
  • Verification of whether a given natural person is authorized to represent the Customer, particularly if such a person incurs obligations on behalf of the Customer –(art. 6 ust.1 lit. f) RODO).
  • Fulfillment of the Controller's obligations to store accounting documents resulting from the Accounting Act – (art. 6 ust.1 lit. c) RODO).
  • Marketing, i.e., offering products and services provided by the Controller – the legal basis is the legitimate interest of the Controller. This includes activities based on consent, such as newsletters  –(art. 6 ust.1 lit. f) RODO).
  • Customer satisfaction surveys – based on the legitimate interest of the Controller in maintaining high quality of service –(art. 6 ust.1 lit. f) RODO)

4. Scope of data processed by the Controller

The Controller processes:

  1. Name and surname/company name,
  2. Business address,
  3. delivery addresses,
  4. Tax ID (NIP),
  5. bank account number,
  6. signatures,
  7. e-mail address,
  8. telephone number,
  9. transaction history,
  10. communication history.

For Contact Persons:

  • Name,
  • telephone,
  • company name,
  • e-mail, position,
  • authorizations,
  • ID number (if applicable),
  • communication history.

5. Can you refuse to provide personal data?

Providing the personal data referred to above is voluntary and does not constitute a statutory or legal requirement; however, failure to provide such data will render it impossible for the Administrator to perform specific actions aimed at concluding a commercial agreement or providing other services offered by the Administrator.

6. Automated decision-making and profiling

The Controller does not make decisions based on automated processing, including profiling, which produces legal effects.

7. Sources of data

Data is obtained directly from the data subject, from the Customer (regarding their representatives), or from public records (KRS, CEIDG).

8. Sharing data with other entities

The Administrator shall disclose data to the following entities that support the business activities conducted by the Administrator:

  • Transport and forwarding companies cooperating with the Administrator, within the scope of delivery addresses for goods and the data of persons authorized to collect goods on behalf of the Client;
  • A company providing support for the ERP system in use, to the minimum extent necessary for the purpose of performing maintenance works;
  • A company performing marketing services on behalf of the Administrator in the form of a newsletter and opinion survey services regarding the Administrator;
  • A company providing e-mail services and cloud storage resources to the Administrator;
  • Law firms, insurance companies, and debt collection agencies cooperating with the Administrator, within the scope resulting from ongoing matters related to debt recovery, transaction insurance, or defense against claims;
  • Contractors (e.g., suppliers) cooperating with the Administrator, to the extent necessary for the performance of commercial agreements (e.g., providing the client's address and contact details in the case of direct delivery of goods from the supplier to the client);
  • Entities processing data on our behalf and on the basis of agreements concluded with us, e.g., IT companies operating our systems;
  • Companies providing accounting, security, debt recovery, analytical, auditing, advisory, legal, and tax services to the Administrator;
  • Other entities that, as controllers, process your data in their own name, e.g.: postal and courier companies – in connection with the delivery of correspondence; entities conducting payment activities – in connection with payments made; entities purchasing receivables from us – in connection with the sale of debts; companies providing accounting, legal, and tax services to us – to the extent that they become data controllers.

In every case of disclosure of personal data or the possibility of such disclosure arising, the Administrator shall apply organizational procedures and technical measures to minimize the scope of the disclosed data and the risk of access to such data by unauthorized persons. The Administrator transfers the personal data of Clients and Contact Persons only to the extent necessary to achieve a specific commercial purpose; in particular, the Administrator does not disclose data to other entities for commercial purposes and does not sell personal data. Protecting information related to the data of Clients and Contact Persons is a priority task for the Administrator.

The Administrator does not disclose the data of Clients and Contact Persons outside the borders of the European Union, except in situations where such an instruction is commissioned by the Client (e.g., an order to ship goods outside the EU at the Client's request).

9.Will your personal data be transferred to third countries or international organizations (outside the European Economic Area)?

The Administrator shall not transfer your data to third countries or international organizations (outside the European Economic Area).

10. How long will your personal data be processed:

Personal data will be processed until the expiry of the limitation period for claims arising from concluded agreements, for no longer than 10 years, or until the expiry of the obligation to process data resulting from legal provisions, or until the withdrawal of consent by you, if the data were processed based on your consent.

11. What are your rights?

You have the right to:

  • access the content of your data and to rectify, erase, or restrict the processing thereof;
  • data portability, i.e., to receive from the Administrator information regarding the personal data being processed in a structured, commonly used, and machine-readable format, to the extent that your data are processed for the purpose of concluding and performing an agreement or on the basis of consent. You may transmit the personal data provided to another data controller;
  • object to the processing of personal data to the extent that the legal basis for the processing of personal data is the legitimate interest of the Administrator;
  • withdraw consent at any time to the extent that the legal basis for the processing of personal data is consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
  • lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

12. How can you exercise your rights?

The Administrator shall ensure that data subjects may exercise their personal data protection rights arising from the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC). In order to exercise the aforementioned rights, please contact the Data Administrator or the Data Protection Coordinator, whose contact details have been provided above.