The controller of personal data (hereinafter referred to as Data) processed by us in connection with running a business is NEŁSA Spółka z ograniczoną odpowiedzialnością with its registered office in Opole (postcode: 45-061) at ul. Katowicka 67B/16, KRS 24048, NIP 7542432343, hereinafter referred to as the Controller or the Company.
The Company is a member of the portfolio (equity) group of NEŁSA, which includes:
– NEŁSA Sp. z o.o. with its registered office in Opole (postcode: 45-061) at ul. Katowicka 67B/16,
– NELSBUD Sp. z o.o. with its registered office in Opole (postcode: 45-061) at ul. Katowicka 67B/16,
– NELSBUD Sp. z o.o. Sp. k. with its registered office in Opole (postcode: 45-061) at ul. Katowicka 67B/16,
– NEŁSA GROUP Sp. z o.o. with its registered office in Warsaw (postcode: 00-777) at ul. Włoska 8,
– NEŁSA GROUP Sp. z o.o. Sp. k. with its registered office in Warsaw (postcode: 00-777) at ul. Włoska 8,
(hereinafter referred to as the NEŁSA Group).
All personal data are processed in accordance with the currently applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, pp. 1-88 (available at http://eur-lex.europa.eu/eli/reg/2016/679/oj) (hereinafter GDPR).
Data means any information about an identified or identifiable natural person. An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of identifiers such as: name and surname, PESEL identification number, location data, sensitive data (such as racial origin, political views, religious beliefs, religious affiliation, state of health, etc.) or one or more specific factors defining a given natural, physiological, genetic and psychological person , etc. (hereinafter: Data).
We have received them from you or affiliated companies in connection with the concluded contracts and provided services or on a voluntary basis/made available by you in connection with the desire to establish cooperation, as well as from other sources in accordance with the law (these sources may be public sources, e.g. KRS, CEIDG registers) – in each of the indicated cases we verify whether we have a legal basis for processing your personal data.
3.1. We may process your personal data because it is necessary to perform the contract concluded between you and the Company, as well as for tax and accounting purposes and on the basis of the legitimate interest of the Company.
3.2. The legal basis for the processing of personal data is:
– the necessity of personal data to perform the contract to which you are a party, i.e. art. 6 par. 1 letter b of the GDPR;
– the necessity of personal data to fulfil the legal obligation incumbent on the Company, i.e. art. 6 par. 1 letter c of the GDPR (to the extent we use your Data, e.g. to offer you our new services);
– the legitimate interest of the Company, i.e. art. 6 par. 1 letter f of the GDPR (to the extent that we use your Data, e.g. to monitor your activity, conduct marketing activities, contact you, support for financial services, organization of loyalty programs, debt collection, statistical analysis, data storage for archiving purposes).
3.3. Providing your personal data was necessary for the conclusion of the contract and performance of the contract concluded between us. Failure to provide these data would result in the inability to conclude and execute this contract.
The Controller provides due (special) diligence to protect the interests of the individuals to whom the Data applies, and hence ensures that the collected Data is:
– processed in accordance with applicable law, fairly and transparently for the persons to whom the Data refer;
– collected for specific, explicit and legitimate purposes, and furthermore not further processed in a way incompatible with those purposes;
– correct and up-to-date and updated as necessary;
– kept for a period not longer than is necessary for the purposes for which the Data is processed;
– processed in a manner that ensures adequate Data security.
We process Data in many situations, including such as: when you have provided your Data to us personally through various means of communication (communication channels, e.g. submitting your application for employment, directing inquiries/offers by e-mail or telephone) or as part of our mutual cooperation during negotiations, signing or performance of a contract, but also when we have obtained your Data from other sources (e.g. from a company with which you cooperate, which is our contractor, from companies with whom we mutually cooperate, from a company that works with you and who wants to start working with us, etc.).
6.1. What Data are we processing in connection with recruitment?
As the Controller, we process Data of persons applying for employment/cooperation, provided to us by any available recruitment channels, in particular we process all Data provided to our capital group as part of the application and collected as part of the recruitment process to the extent necessary to conduct the recruitment process, in particular consistent with expressed consent by the person applying for employment/cooperation.
In connection with the recruitment process (recruitment) we are entitled to process Data such as (some of the Data depend on your consent):
– Identification data,
– Contact details,
– Education data,
– Data on skills and previous employment,
– Data on licences,
– any other Data provided to us voluntarily as part of the recruitment process (during it).
6.2. What is the purpose of Data processing in connection with recruitment?
In connection with conducting recruitment processes (recruitment) we process Data for the following purposes:
– obtaining and considering the candidature, as well as the implementation of the recruitment process, and in the case of consent, also for the purposes of future recruitment or recruitment within the NEŁSA Group, referred to in paragraph 1 above,
– defence against potential claims or to direct any claims.
6.3. What is the legal basis for Data processing in connection with recruitment?
The legal basis for the processing of Data by us are the provisions of the generally applicable law, in particular the Labour Code and executive acts, and in a broader scope than specified in the provisions cited and in the scope of future recruitment, your free consent.
Providing Data is always voluntary, but necessary to carry out recruitment processes and establish possible further cooperation.
6.4. How long will Data be processed in connection with recruitment?
The Data will be processed for the purposes referred to in paragraph 6.2. above, for the duration of the recruitment process or future recruitments (depending on the consent given), and then until the expiration of the possible claims.
At the same time, for the purpose of accountability, the Company will store Data for the period in which it is required to maintain data or documents containing them to document the fulfilment of legal requirements, including the possibility to control their fulfilment by public authorities, i.e. for the period during which potential claims can be pursued by the Company and in relation to it in connection with the performance of your contract, i.e. in the case of entrepreneurs, the period is in principle three years, and in the case of other persons, including consumers, in principle 10 years.
6.5. Who is the recipient of Data in connection with recruitment?
The Data processed by us may be transferred to other companies from the NEŁSA Group and entities supporting our operational activities, including the recruitment process and providing services to us (e.g. IT, outsourcing, accounting, etc.).
7.1. What Data are we processing in connection with business relationships?
As the Controller, we process the Data of our business partners (investors, general contractors, subcontractors, contractors), their employees/contractors or co-workers, other people’s Data provided to us in negotiations or contracts, and other people who contact us via telephone or mail. In connection with the relationships referred to in the preceding sentence, we can process the following data: Identification Data, contact details, workplace details and professional licences, as well as any other Data provided to us in connection with cooperation.
The above Data is obtained directly from people whom the Data relate to, and also indirectly from other people, e.g. from their employers/ ordering parties/ principal officers/ colleagues, and the acquisition took place in accordance with applicable law, including in accordance with the GDPR.
7.2. What is the purpose of Data processing in business relationships?
Data in business relationships are processed for the following purposes:
– establishing cooperation,
– contract negotiations,
– conclusion and performance of the contract,
– settlement of the contract,
– correspondence regarding addressed inquiries/ applications and conducting further correspondence,
– marketing, etc.,
– legal protection against possible claims and their investigation.
7.3. What is the legal basis for Data processing in business relationships?
The legal basis for Data processing is:
– indispensability to perform the contract or take action to conclude it at the request of the data subject (Article 6 (1) (b) of the GDPR),
– necessity of personal data to fulfil the legal obligation incumbent on the Company, i.e. art. 6 par. 1 letter c of the GDPR (to the extent we use your data, e.g. to offer you our new services),
– implementation of legal obligations imposed on the Controller (Article 6 (1) (c) of the GDPR),
– the legitimate interest of the Company, i.e. art. 6 par. 1 letter f of the GDPR (to the extent we use your data, e.g. to monitor your activity, conduct marketing activities, contact you, support for financial services, organization of loyalty programs, debt collection, statistical analysis, data storage for archiving purposes).
We reserve that the provision of Data is voluntary, but it may be necessary to negotiate, conclude or perform the contract or to respond to a directed inquiry/offer and to conduct correspondence in connection with the events described earlier.
7.4. How long will Data be processed in business relationships?
Data collected for the purposes of negotiations, conclusion and performance of the contract will be processed for the duration of the contract, and then until the limitation period of any claims of the parties to the contract.
At the same time, for the purpose of accountability, the Company will store Data for the period in which it is required to maintain data or documents containing them to document the fulfilment of legal requirements, including the possibility to control their fulfilment by public authorities, i.e. for the period during which potential claims can be pursued by the Company and in relation to it in connection with the performance of your contract, i.e. in the case of entrepreneurs, the period is in principle three years, and in the case of other persons, including consumers, in principle 10 years.
7.5. Who is the recipient of Data in business relations?
The data may be transferred to other companies from the NEŁSA Group mentioned in paragraph 1 above, to our business partners (e.g. investors, subcontractors, service providers – as part of possible cooperation in a given investment/contract/project) and other our counterparties supporting our activities (e.g. IT departments, marketing, accounting, etc.).
Your Data may go outside the European Economic Area. The NEŁSA Group takes all appropriate steps to ensure protection of your Data by applying specific clauses approved by the European Commission (or an adequate level of protection established).
In connection with the processing of your personal Data by the Company, you have certain rights:
– you have the right to know which personal data relating to you are processed by the Company and to obtain a copy of this data (so-called access right). The first copy of the data is free, for the next we are entitled to charge a handling fee;
– if the data being processed becomes obsolete or incomplete (or otherwise incorrect), because we have not rectified it for any reason, knowing from you that it has changed, you have the right to demand rectification;
– in certain circumstances (situations), you may ask the Company to delete your personal data, i.e. when the data cease to be needed for the purposes for which we have informed you, when the processing would be unlawful or when the need to delete the data arose from the legal obligation binding to the Company;
– if you believe that the personal data being processed is incorrect, processed illegally, or we no longer need specific data, you can also request that we do not do any operations on it for a certain amount of time (e.g. data validation or redress), only keep it.
If the processing of Data is based on your voluntary consent, you have the right to revoke it at any time without affecting the legality of the processing which was made on the basis of consent before its withdrawal.
You have the right to lodge a complaint to the President of the Office for Personal Data Protection, if you consider that the processing of your personal data violates the provisions of generally applicable law, including the GDPR.
You can contact us:
– by letter: to the addresses given in paragraph 1 above
– by phone: +48 (77) 454 88 44
– by e-mail: biuro@nelsa.pl