GDPR PRIVACY NOTICE FOR BUSINESS PARTNERS (CLIENTS, SUPPLIERS, CONTRACTORS)


1. Legal basis: Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 4/5/2016, p. 1), hereinafter referred to as “GDPR”, please be advised that:

2. The personal data controllers are:

  • MAXTO Sp. z o.o. S.K.A. with its registered office in Modlniczka at ul. Willowa 87, 32-085 Modlniczka
  • Maxto ITS sp. z o.o. with its registered office in Modlniczka, ul. Willowa 87, 32-085 Modlniczka
  • Maxto Technology sp. z o.o. with its registered office in Modlniczka, ul. Willowa 87, 32-085 Modlniczka
  • NEXCORE spółka z o.o. with its registered office in Modlniczka, ul. Willowa 87, 32-085 Modlniczka
  • Maxto Consulting spółka z o.o. with its registered office in Modlniczka, ul. Willowa 87, 32-085 Modlniczka

 

 

3. Data Protection Officer, contact information: address: 32-085 Modlniczka, ul. Willowa 87, e-mail: iod@maxto.pl.

4. Personal data will be processed for the following purposes:

  • execution and performance of contracts (Article 6(1)(b) of the GDPR),
  • fulfilment of legal obligations of the Controller, including, in particular, accounting obligations and fiscal and legal obligations (Article 6(1)(c) of the GDPR),
  • fulfilment of the Controller’s legitimate interest to establish, exercise or defend against any claims (Article 6(1)(f) of the GDPR),

 

5. The personal data of contact persons who represent or are employed by the business partner (“personal data”) will be processed to exercise the rights and fulfil the obligations connected with the activities preceding the execution of the contract and arising from the contract. Failure to provide them will prevent the execution of the contract.

6. The personal data are acquired directly from the data subject, and they can be provided by the employer or be acquired from public websites. In particular, these include the following data: First name and last name, place of employment, position, contact information (e-mail and business phone number, etc.).

7. Personal data controllers may include the following parties:

  • employees, associates and clients of the Controller authorised to process personal data,
  • sub-processors of the data for the Controller, including, in particular, providers of IT services, legal services and audit services,
  • entities and authorities competent under the law, including, in particular, common courts, administrative courts and state authorities,

8. The personal data will be retained throughout the term of the contract, and after the end of the term – for the duration of the limitation period for claims, after which the data will be retained for the period arising from the relevant law.

9. The data subjects have the right to access the content of their data, rectify or erase them and request that their processing be stopped as well as the right to data portability, the right to object and the right to withdraw their consent at any time, without affecting the lawfulness of processing done based on the consent before it was withdrawn.

10. Data subjects may lodge a complaint with the President of the Office for Personal Data Protection if the processing of their personal data breaches the provisions of the GDPR.

11. The provided personal data will not be subject to automated processing or profiling.

12. The personal data will not be transferred outside the European Economic Area.

13. Providing the personal data is required to execute and perform the contract. Where personal data processing is done based on the consent of the data subject, providing the personal data to the Controller is voluntary.