Language and currency:
en |
Country of collecting the order:
Poland
Save to shopping list
Create a new shopping list

GDPR

INFORMATION ON PERSONAL DATA PROCESSING

In accordance with Article 13 paragraphs 1 and 2 of the GDPR, we hereby inform you about the principles of personal data processing by DEDRA-EXIM sp. z o. o.

1.    DATA CONTROLLER

The controller of your personal data is DEDRA-EXIM sp. z o. o. with its registered office in Pruszków, ul. 3 Maja 8, 05-800 Pruszków, entered into the register of entrepreneurs of the National Court Register under the KRS number 0000062517, NIP 5270204933, hereinafter referred to as: "Controller" or "DEDRA-EXIM".
In matters related to the protection of personal data, you can contact the Administrator at the following e-mail address: daneosobowe@dedra.pl .

2.    SCOPE OF PROCESSED DATA

Depending on the type of contact or cooperation, we may process the following data in particular:

  1. name and surname,
  2. position or function,
  3. the name of the company or entity you represent,
  4. e-mail address, telephone number, correspondence address,
  5. data contained in the content of correspondence, inquiries, orders, complaints or documents provided to the Administrator,
  6. data regarding the history of contact and cooperation,
  7. data necessary for billing, sales processing, complaints, servicing, pursuing or defending claims.

3. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

Your personal data may be processed for the following purposes:
a)    Correspondence and inquiries handling
We process data to respond to messages, handle the matter, maintain contact and conduct ongoing communication.
Legal basis: 
Article 6(1)(f) of the GDPR – the legitimate interest of the Controller in conducting correspondence and handling notifications.
b)    Preparing the offer, handling commercial inquiries and taking action before concluding the contract
If the contact concerns a request for quotation, an order, negotiations or cooperation, we process the data for the purpose of preparing the offer, providing commercial information, managing the sales process and taking steps to conclude a contract.
Legal basis:
Article 6(1)(b) of the GDPR – if the data subject is a party to a contract or steps are taken at their request prior to entering into a contract; 
Article 6(1)(f) of the GDPR – if the data subject acts as a representative, employee or contact person of a contractor or potential contractor.
c)    Contact with contractors' representatives, employees and contact persons
If you act as a representative, employee, associate, authorized representative or contact person of a contractor, supplier, business partner or potential contractor, we process your data for the purpose of maintaining business contact, managing cooperation, exchanging correspondence, fulfilling orders, offers, contracts and ongoing commercial or organizational arrangements.
Legal basis:
Article 6(1)(f) of the GDPR – the legitimate interest of the Controller consisting in conducting business activities, maintaining relationships with contractors and ensuring efficient business communication.
d)    Contract execution and commercial cooperation management
Data may be processed for the purpose of order fulfillment, deliveries, product sales, payment processing, contact with the contractor, after-sales, warranty and post-warranty service.
Legal basis: 
Article 6 paragraph 1 letter b of the GDPR – in the case of contracts concluded directly with a natural person; Article 6 paragraph 1 letter f of the GDPR – legitimate interest of the Controller consisting in the implementation and management of cooperation with contractors.
e)    Fulfillment of legal obligations
Data may be processed for the purpose of fulfilling obligations arising from legal provisions, in particular tax and accounting regulations, regulations relating to complaints, guarantees and documentation archiving.
Legal basis:
Article 6(1)(c) of the GDPR – legal obligation incumbent on the Controller.
f)    Pursuing and defending against claims
Data may be processed for the purpose of establishing, pursuing or defending against possible claims.
Legal basis: 
Article 6(1)(f) of the GDPR – the legitimate interest of the Controller in protecting its rights.
g)    Handling complaints, guarantees, warranties and service requests
We process data for the purpose of receiving, considering and handling complaints, warranty claims, guarantees, service repairs, contacting regarding a claim and documenting the course of after-sales service.
Legal basis:
Article 6(1)(c) of the GDPR – compliance with legal obligations incumbent on the Controller, in particular obligations related to complaints and consumer regulations;
Article 6 paragraph 1 letter b of the GDPR – if the service concerns a contract concluded with the data subject; 
Article 6 paragraph 1 letter f of the GDPR – the legitimate interest of the Controller consisting in handling service requests, documenting the course of the case and protecting against claims.
h)    Recording telephone conversations
If telephone calls are recorded, we process personal data in the form of voice, telephone number and content of the call for the purpose of documenting the course of the call, monitoring the quality of service, processing reports and pursuing or defending claims.
Legal basis:
Article 6(1)(f) of the GDPR – the Controller's legitimate interest in documenting findings, ensuring the quality of service and protecting against claims.

i)    Marketing of the Administrator's products and services
Data may be processed for the purpose of direct marketing of the Controller's products or services, including the presentation of offer information, provided that this is permissible in accordance with applicable regulations.
Legal basis:
Article 6(1)(f) of the GDPR – the legitimate interest of the Controller consisting in the marketing of its own products and services;
Article 6(1)(a) of the GDPR – consent, if the provisions require consent in a given case, in particular for a specific communication channel.
Consent is voluntary. You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
j)    Ensuring the security of communications and IT systems
Data may be processed to ensure the security of email and IT systems, protection against abuse and maintaining business continuity.
Legal basis:
Article 6(1)(f) of the GDPR – the Controller's legitimate interest in ensuring the security of information and systems.

4. VOLUNTARY DATA PROVISION

Providing data is voluntary, but may be necessary to conduct correspondence, provide a response, prepare an offer, conclude or perform a contract, process an order, handle complaints, service or carry out other matters with which you contact the Controller.
Failure to provide data may make it impossible to provide a response or process a given matter.

5. DATA RECIPIENTS

Personal data may be disclosed to the following categories of recipients:

  1. entities providing IT, hosting, e-mail, IT system and IT security services to the Controller,
  2. entities providing accounting, legal, auditing, consulting and debt collection services,
  3. courier, transport, postal and logistics operators,
  4. banks and payment operators – if it is necessary for settlements,
  5. authorized service providers, business partners or subcontractors – if this is necessary to complete the matter, order, complaint or service,
  6. public authorities or other entities authorized under the law.

Data may also be processed by entities acting on behalf of the Controller on the basis of appropriate personal data processing agreements.

6. DATA STORAGE PERIOD

Personal data will be stored for the period necessary to achieve the purpose for which they were collected, in particular:

  1. data related to correspondence – for the time necessary to process the case, and then for a period justified by the archiving of correspondence, securing claims or demonstrating the course of contact;
  2. data related to the preparation of the offer - for the duration of business talks and then for the period in which claims may arise or the need to demonstrate the course of contact;
  3. data related to the performance of the contract, sales, orders, complaints, warranty or service - for the duration of cooperation, performance of obligations arising from the contract and for the period required by law or the limitation period for claims;
  4. data processed on the basis of consent – until its withdrawal, unless there is another legal basis for further processing;
  5. data processed for tax and accounting purposes – for the period required by applicable law;
  6. data processed for the purpose of pursuing or defending claims – until the expiry of the limitation period for claims.

7. DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

As a rule, the Administrator does not intend to transfer personal data outside the European Economic Area.
However, if in connection with the use of certain services, in particular IT, hosting, e-mail or communication tools, data is transferred outside the European Economic Area, such transfer will only take place using the mechanisms provided for in the GDPR, in particular on the basis of a decision confirming an adequacy level of protection, standard contractual clauses or other appropriate safeguards.

8. AUTOMATED DECISION-MAKING AND PROFILING

Your personal data will not be used for purely automated decision-making, including profiling that produces legal effects for you or significantly affects you in a similar way.

9. RIGHTS OF DATA SUBJECTS

You have the following rights:

  1. the right to access data,
  2. the right to receive a copy of the data,
  3. the right to rectify data,
  4. the right to delete data,
  5. the right to restrict processing,
  6. the right to data portability – in cases provided for by the GDPR,
  7. the right to object to data processing – when the basis for processing is the legitimate interest of the Administrator,
  8. the right to withdraw consent – if data is processed on the basis of consent.

In order to exercise your rights, you can contact the Administrator at the following e-mail address: daneosobowe@dedra.pl.

10. RIGHT TO FILE A COMPLAINT

You have the right to lodge a complaint with the appropriate supervisory authority. In Poland, this is the President of the Office for Personal Data Protection . Contact: https://uodo.gov.pl/p/kontakt

 

pixel