Privacy Policy
Privacy policy
We treat data confidentiality and protection of our customers’ privacy as the highest priority. Therefore, for the sake of your personal data security, WDX S.A. with its registered office in Warsaw (02-677), at ul. Taśmowa 7 has established a policy setting out rules on personal data processing.
We process your personal data in accordance with the Regulation (EU) No 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter referred to as GDPR).
Personal data controller
The Controller of your personal data within the meaning of Art. 4 (7) of GDPR is WDX S.A. with its registered office in Warsaw (02-677), at ul. Taśmowa 7, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register under number 0000118662, (hereinafter referred to as the Controller).
Contact with the Controller
In all matters related to the processing of personal data, you can contact the Controller at the above mentioned address or by e-mail: odo@wdx.pl
Source of personal data collection
Personal data is collected directly from you or from third parties, e.g. the entity on whose behalf you act, or from our Partners, as well as from other publicly available registers. We also obtain information from completed contact forms or through cookies.
Scope of personal data processed
In case of contact with the Controller via the website or to the contact details given on the website, the Controller processes the data provided by you in order to establish contact, including your name, surname, e-mail address or telephone number, the content of the question or issue raised and possibly other data you have provided. In connection with the use of cookies for statistical purposes, the Controller may process the following data: IP address, length of a given session, frequency of visits to the website.
Purpose and legal basis for processing personal data
| Purpose of data processing | Legal basis |
| Providing a response or contacting the person who made contact with the Controller via the contact form, including “Ask for an offer”. |
Legitimate
interest of the Controller – Art. 6 (1) (f) of GDPR.
|
| Concluding and performing the contract – if you are a party to the contract. | Data processing is necessary for the conclusion and performance of the contract – Art. 6 (1) (b) of GDPR. |
| Providing the contacts necessary to handle and perform the contract concluded with the entity on whose behalf you act and maintaining business contacts. |
Legitimate
interest of the Controller – Art. 6 (1) (f) of GDPR.
|
| Considering possible complaints, as well as determining, investigating and defending against claims. |
Legitimate
interest of the Controller – Art. 6 (1) (f) of GDPR.
|
| Performing legal obligations imposed on the Controller, concerning, among other things, keeping of accounts and accounting records, as well as the exercise of data subjects’ rights. |
Fulfilling
the Controller’s legal obligation – Art. 6 (1) (c) of the GDPR.
|
| Sending marketing content in the form of a newsletter (containing, in particular, information about the company, new products, current offer) by e-mail. | Voluntary consent – Art. 6 (1) (a) of GDPR. |
| Conducting direct marketing activities. |
Legitimate
interest of the Controller – Art. 6 (1) (f) of GDPR.
|
| Conducting the recruitment process and choosing the right person for employment. | To the extent resulting from Art. 22 (1) of the Labor Code, the legal basis is the legal obligation of the Controller (Art. 6 (1) (c) of GDPR). This includes the name(s) and surname, date of birth and contact details indicated by the job applicant. If it is necessary for the performance of a specific type of work or a specific position, this also applies to information about education, professional qualifications and the course of previous employment. The legal obligation of the Controller includes also those data which are necessary to execute an entitlement or fulfill an obligation resulting from a legal provision. If a candidate submits more personal data than required by labor law, the legal basis for processing them for the above purpose is the candidate’s consent (Article 6 (1) (a) of GDPR). This applies to all data provided by the candidate for the job in the personal resume, cover letter or interview. |
| Collecting information about website traffic statistics. |
Legitimate
interest of the Controller – Art. 6 (1) (f) of GDPR
|
|
Executing the requests
of persons, processing of personal data notifications.
|
Performing
a legal obligation to examine your notification (Article 6 (1) (c)
of GDPR).
|
| Creating and maintaining an account in the online store, on the website: https://wozki.wdx.pl | The legal basis for the processing of your personal data for the purpose of using the account in the online store is the necessity of their processing for the performance of the contract, consisting in the provision by WDX S.A., by electronic means, of a service in the form of an account in the online store (Art. 6 (1) (b) of GDPR). |
Profiling of personal data
Your personal data will not be used for automated decision-making, including profiling.
Recipients of personal data
The recipients of your personal data will be:
- Controller’s authorized staff,
- entities processing personal data on behalf of the Controller in order to fulfill the purpose for which the data are collected (in particular entities providing IT solutions and IT and technical support services). These entities must have access to the data in order to perform their duties. These entities will have access to personal data only to the extent necessary to carry out their tasks.
- public authorities and bodies performing public tasks or acting on behalf of public authorities, to the extent and for the purposes that arise from the provisions of generally applicable law.
Can your personal data be transferred outside the European Economic Area?
As the Controller uses Google Analytics, personal data may be transferred outside the European Economic Area. In relation to data transfers outside the EEA, the Controller has ensured that only providers that guarantee a high level of personal data protection are used. These guarantees arise in particular from the participation of suppliers in the Privacy Shield program established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.
Retention period of personal data
The period of processing is related to the purposes and grounds for processing the data, therefore:
- data processed on the basis of statutory requirements will be processed for as long as the law requires data to be kept;
- data processed for the purpose of concluding and performing a contract will be processed for the period necessary for the performance and settlement of the contract, which may, where appropriate, be extended by the claims’ period of prescription.
- data processed on the basis of the legitimate interest of the Controller will be processed until such interest is effectively objected to or ceased, e.g. data processed for the purpose of investigating or defending against claims will be processed for a period equal to the period of prescription of these claims.
- data processed on the basis of consent will be processed until the withdrawal of consent.
- personal data processed for recruitment purposes will be retained until the end of the recruitment process in which you are participating. In the case of additional consent to the use of data for future recruitment purposes, your data will be retained for 9 months.
- personal account details will be processed until your account is deleted. You may delete your account yourself. In addition, WDX S.A. can delete your account if you violate the terms and conditions of the online store. Your account will also be deleted if it is inactive for five years.
Am I obliged to provide my personal data?
Providing your personal data is voluntary, but necessary to achieve the purpose you wish to achieve, including, for example, using the website, concluding a contract, obtaining a response to your inquiry or the issue you have raised.
The Controller points out that the candidate’s providing of personal data indicated in Art. 22 (1) of the Labor Code is obligatory in the light of the labor law provisions in force. Failure to do so will result in a lack of opportunity to participate in the ongoing recruitment process. The provision of personal data by the candidate beyond the scope of Article 22 (1) of the Labor Code is voluntary. The Controller declares that the failure to provide such data cannot be the basis for unfavorable treatment of the applicant for employment, nor can it cause any negative consequences for him/her, in particular it cannot constitute a reason justifying the refusal of employment.
Applicable rights
You have a right to:
- demand access, rectify, delete or restrict the processing of your personal data and the right to move the data,
- if the basis for the processing of personal data is the legitimate interest of the Controller, you have the right to object to the processing of personal data at any time for reasons related to the specific situation of the person,
- where the legitimate interest lies in carrying out direct marketing activities, you have the right to object at any time to the processing of personal data for the purpose of carrying out the marketing activities, without the need to justify your decision,
- withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal,
- file a complaint with the Supervisory Authority, i.e. the President of the Personal Data Protection Office.
You can submit a request to exercise your rights to the contact details provided at the beginning.
Cookies
Go to our Cookies Policy
