INFORMATION CLAUSE ON PERSONAL DATA PROCESSING
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection) , hereinafter referred to as: GDPR, Neon Shake sp. z o.o. based in Wrocław provides you with the following information regarding the collection of data in connection with initiating contact, in order to establish business cooperation or use the services or products offered by the Administrator.
Pursuant to Article 13 (1) GDPR, we inform you that:
1. PERSONAL DATA ADMINISTRATOR
The administrator of personal data is Neon Shake sp.z o.o. with headquarters in Wrocław (address: Gabrieli Zapolskiej 1/301, 50-032 Wrocław, entered into the register of entrepreneurs of the National Court Register under KRS number 0000473194).
In matters related to the protection of personal data, the data subject may contact The administrator by submitting a letter to the Administrator’s office or sending it by registered mail to the address of the Administrator’s seat:
Neon Shake sp. z o.o.
Gabriela Zapolska 1/310
50-032 Wroclaw
with the annotation GDPR,
as well as by e-mail kontakt@neonshake.pl.
2. PURPOSE and BASIS FOR THE PROCESSING OF PERSONAL DATA
Personal data provided to the Administrator will be processed for the following purposes:
- For the purpose of the so-called the legitimate interest of the Administrator in connection with the provision of answers or information to contact initiated by you by phone, letter, e-mail or via communication channels.
- In social media (chats, instant messaging, etc.).
In this case, the basis for data processing is your consent resulting from the initiation of contact (Article 6 (1) of the GDPR), after the contact is completed, it is the legally justified purpose of the Administrator – archiving correspondence for the purpose of showing its course in the future and until any claims are time-barred (Article 6 (1) of the GDPR).
- For the purpose of the so-called the Administrator’s legitimate interest in connection with the Administrator initiating contact with you, as an entrepreneur or as a representative of the entrepreneur (e.g. an employee), in order to establish economic cooperation. Then most often your data:
- we obtained from publicly available registers of entrepreneurs (e.g. KRS, CEIDG, REGON database, etc.), public sources (advertisements, information brochures, etc.), including the Internet (your company’s website, LinkedIn, social media, etc.)
- we have received directly from your employer or a co-worker who assured us that we can contact you
- we have received them from you, e.g. on a business card, by e-mail, during written correspondence, via communication channels in social media (chats, instant messaging, etc.) or during a telephone conversation.
The basis for data processing in this case is the Administrator’s legitimate interest, which should be understood as the implementation of the economic goal related to the presentation and sale of own services or products by initiating contact with you (Article 6 (1) of the GDPR), your consent to initiate contact by the Administrator , e.g. by providing a business card, posting a publicly available announcement, providing data for sending correspondence (Article 6 (1) of the GDPR), after the end of the contact it is the legally justified purpose of the Administrator – archiving the correspondence for the purpose of showing its course in the future and until any possible expiry claims (Article 6 (1) (a) GDPR).
- In order to perform and on the basis of the contract concluded by you with us (the basis of Article 6 (1) of the GDPR).
- For archival (evidence) purposes to secure information in the event of a legal need to prove facts, which is our legitimate interest (the basis of Article 6 (1) of the GDPR).
- In order to possibly establish, investigate or defend against claims, which is our legitimate interest (the basis of Article 6 (1) of the GDPR).
3. CATEGORIES OF PERSONAL DATA PROCESSED BY THE ADMINISTRATOR
The administrator will process the following categories of data that you provide to us in connection with contact or conclusion of a contract or that the Administrator obtained from publicly available sources:
- basic identification data, such as:
- first name (names) and surname,
- pseudonym (e.g. which you use in social media)
- correspondence address or other contact details, including telephone number or e-mail address,
- the company under which you conduct business activity or under which your employer operates (client, etc.),
- the performed function or the professional position held.
- data on professional qualifications,
- image, if it is made available by you publicly (e.g. in social media) or in e-mail correspondence (e.g. in the footer);
- identification data granted by public authorities,
- financial identification data,
- contracts and settlements.
4. RECIPIENTS OF PERSONAL DATA and THEIR TRANSMISSION
The recipients of your personal data may only be:
- relevant state authorities operating on the basis of generally applicable laws,
- entities processing personal data at the request of the Administrator in connection with the provision of services to the Administrator necessary for his business, including IT service providers (hosting providers of the Administrator’s own website and its mail servers, a company providing e-mail marketing software, entities providing tools to improve contact with subscribers, etc.), postal operators, couriers, entities providing accounting and legal services, owners of social networking sites (if you contact this way), and such entities process data on the basis of a contract with this Administrator and only in accordance with the Administrator’s instructions.
Your personal data may be transferred to third countries in the context of the IT infrastructure used by the Administrator. In the cases of the indicated transfer, the relevant provisions on the protection of personal data (e.g. entered on the so-called Privacy Shield list) are applied and it is possible to obtain a copy of the data transferred to third countries.
5. PERIOD OF STORAGE AND PROCESSING OF YOUR PERSONAL DATA
Personal data will be processed by the Administrator – depending on the purpose and basis of processing – until:
- the cessation of the business purpose or your objection to the processing of their personal data for the purpose of contact,
- expiry of claims related to initiated contact and correspondence,
- expiry of claims related to the contract concluded with you.
Your data will also be processed in an automated manner, because the Administrator will use computer programs to process the data. Nevertheless, as part of the above data processing, the Administrator will not use methods consisting in automated decision making, including profiling.
6. RIGHTS OF PERSONS WHOSE PERSONAL DATA ARE PROCESSED
Due to the processing of personal data provided by the Administrator by the Administrator, the data subject has the right to:
- access to your data and receive a copy of it,
- to rectify (correct) your data,
- to delete data provided voluntarily,
- to request restriction of data processing,
- to object to data processing,
- to transfer data, including the right to receive in a structured, commonly used, machine-readable format (“CSV” format), personal data provided to the Administrator and order the Administrator to send this data directly to another entity indicated by you,
- to withdraw consent to the processing of personal data provided voluntarily at any time. The withdrawal of consent to the processing of data will not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.
In addition, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection, if he considers that the processing of his personal data violates the provisions of the GDPR.
7. INFORMATION ON THE REQUIREMENT TO PROVIDE DATA
Providing your personal data – depending on the purpose and basis of processing – is:
- voluntary,
- the condition for contract’s conclusions,
- statutory requirement.