PROCESSING OF PERSONAL DATA IN THE WHITEPRESS GROUP ®
This notice concerns the rules for the collection and processing of personal data by the WhitePress Group, which is the Controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter also referred to as GDPR).
I. General information
Controller - jointly WhitePress Sp. z o.o. with its registered office in Bielsko - Biała (43-300), at ul. Legionów 26/28, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Bielsko - Biała, 8th Commercial Division of the National Court Register, under KRS number 0000651339, NIP: 9372667797, REGON: 243400145, and other companies from the WhitePress Group.
WhitePress Group - the controlling company and the companies controlled by it, comprising: WhitePress Sp. z o.o. (Poland), WHITEPRESS S.R.L. (Romania), WhitePress Kft. (Hungary), WhitePress s.r.o. (Slovakia), WhitePress s.r.o. (Czech Republic), WhitePress BV (the Netherlands), WhitePress Publishing LTD (United Kingdom), WHITEPRESS REKLAM TEKNOLOJİLERİ ANONİM ŞİRKETİ (Turkey).
GDPR or Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
II. Purposes of processing and legal basis for processing personal data
Your personal data is processed by the Controller for:
- necessary for pre-contractual action and for the performance of the contract, if a contract has been concluded, on the basis of Article 6(1)(b) of the GDPR;
- fulfilment of legal obligations, including in particular tax law and the Accounting Act, on the basis o Article 6(1)(c) of the GDPR;
- to assert or defend against possible claims, and as part of the Controller's legitimate interest, on the basis of Article 6(1)(f) of the GDPR;
- your consent to the processing of your personal data, on the basis of Article 6(1)(a) GDPR.
The Controller may process the following categories of your personal data - name, surname, address, telephone number, e-mail address, TAX no., personal no. and other data provided to the Controller.
III. Recipients of data
Your personal data may be made available to other entities authorised by law or by contracts concluded with the Controller, including the Controller's business and commercial partners - such as advertisers, telecommunications companies, postal operators, carriers, companies printing correspondence or handling the correspondence received, companies archiving documents, partners providing technical services (e.g. development and maintenance of IT systems and websites), technical contractors, entities providing legal or accounting services.
IV. Information on transfers of data to third countries
Your data may be transferred to WhitePress Group companies based outside the European Economic Area. In accordance with Article 47 of the GDPR, the WhitePress Group uses uniform, approved, binding internal data protection rules to guide the processing of personal data within each Group company. In accordance with the Regulation, the application of uniform internal data protection policies and procedures enables the transfer of data between members, even when the company is located outside the EEA.
V. Period of retention of personal data
Personal data will be processed (including stored) until the legal basis for their processing expires (respectively: the performance of a contract, the fulfilment of obligations under specific legislation or the withdrawal of consent to data processing) or the expiry of the data retention period resulting from the applicable legislation, but not lessthan until the expiry of claims to which you or the Controller are entitled in connection with the legal relationship under which your personal data are processed.
VI. Your rights
We would like to inform you that under the GDPR you have the right:
- access to their data and receive a copy of their data;
- rectification (amendment) of your data;
- request the deletion of data by the Controller;
- request the restriction of data processing by the Controller;
- to object to the processing of data;
- lodge a complaint with the supervisory authority responsible for personal data security - Data Protection Authority or with the supervisory authority of another European Union Member State;
- to withdraw consent to the processing of your data, insofar as the processing is based on your consent, whereby the withdrawal of consent shall not affect the processing activities undertaken by the Controller prior to the withdrawal of consent.
VII. Contact with the Controller
VIII. Information on profiling and automated decision-making
Your personal data will not be processed by the Controller by automated means, including profiling, and no automated decision-making will be carried out by the Controller in relation to your data.