PRIVACY POLICY KMB POLAND
Who is the controller of your personal data?
The data controller of your personal data, i.e. the entity which decides on the purposes and means of its processing, is KMB Poland sp. z o.o. with its registered office in Gościcino, ul. Południowej 8, 84-241 Wejherowo, entered in the register of entrepreneurs kept by the District Court (Sąd Rejonowy) in Gdańsk, Gdańsk-North, VIII Commercial Division KRS, under KRS no.: 0000682192, NIP (tax identification number): 5882429149.
How can I contact you on matters relating to personal data?
If you wish to contact us in relation to the processing of your personal data, you can do so:
· by email at: info@e-kmb.com
· in writing - by post at:
8 Południowa Street, 84-241 Wejherowo
In what circumstances you process my personal data?
We process your personal data whenever:
✓ you use our services, in particular, visit our website, create an account or order our products,
✓ in certain cases we may need to use your data to resolve legal disputes, in the case of official proceedings, in matters relating to compliance with the law,
✓ we may also process your personal data if we send you a Newsletter (provided that you have given your prior consent),
✓ we also process your personal data when we send you marketing information about us or our business partners (provided you have given your prior consent).
✓ we collect your data when you contact us by phone or email.
Do I have to give you my personal data?
If you enter into a contract with us - the provision of data is necessary to the extent that it is needed for the performance of this contract. In addition, some of your data is necessary so that we can comply with the legal requirements referred to below.
What data do you process?
We only process data that is necessary to fulfil the purpose for which it was collected. Depending on the type of service provided, the scope of the data may be different:
1) If you conclude a contract with us we process your personal data such as - name, contact details and payment details.
2) If you use our electronic services (create an account) we process your data to enable you to log into your Account.
3) If you have consented to us sending you newsletters and marketing information we process, among other things, your name and email address.
4) If we issue a sales document to you then we process data such as your name, address of residence (registered office), VAT number.
5) If we communicate with you electronically or using telecommunication terminal equipment and automatic calling systems (with your prior consent to such communication) then (depending on the form of communication) we process such data as: your name, telephone number, e-mail address.
For what purpose do you process my data?
We process your personal data in order to take action at your request (e.g. to respond to an enquiry or request), for the purposes necessary for the conclusion and performance of a contract or the provision of a service, including the handling of any complaints, claims or the assertion of debts arising from contracts concluded.
The processing of some of your personal data is also necessary in order for us to comply with our legal obligations, such as those relating to the obligation to store certain data for a certain period of time, the collection of certain information for the purpose of verification and identification of the user or the transfer of data to authorities or entities, such as those arising from:
1) the Accounting Act of 29.09.1994,
2) Act of 11.03.2004 on Goods and Services Tax,
3) Act of 16.11.2000 on the prevention of money laundering and terrorist financing,
If we decide to process your data for a purpose other than that for which we collected it, we will inform you of this and ask for your consent, insofar as it is required by law.
Cookies
To a limited extent, we may collect personal data automatically via cookies on our websites.
Cookies are small text files which are stored on your computer or other mobile device when you use websites. These cookies are used, among other things, to make use of the various functions provided for on a website or to confirm that a user has seen certain content from a website. Among the cookies, we can distinguish those that are essential for the operation of websites
▪ user input cookies (session ID) for the duration of the session
▪ authentication cookies used for services that require authentication (authentication cookies)
▪ security cookies, such as those used for detecting misuse of authentication (user centric security cookies)
▪ multimedia player session cookies (e.g. flash player cookies) for the duration of a session
▪ persistent user interface customization cookies, for the duration of the session or a little longer (user interface customization cookies)
▪ cookies used for website traffic monitoring, i.e. data analytics, including Google Analytics cookies (cookies used by Google to analyse your use of the website, to generate statistics and reports on the functioning of the website). Google does not use the data collected to identify you, nor does it combine this information to allow identification.
By using the Website, you consent to the placement of the cookies described above on your computer or other device. However, it is possible to control and manage the cookies installed. Please note, however, that deleting or blocking cookies may affect the use of the Site, as some areas of the Site may become inaccessible.
The Data Controller stipulates that after rejecting cookies, some of the functions offered by the Websites may not function properly, and even in some cases this may entail the complete inability to use the selected product.
On what legal basis do you legal basis do you process my data?
We process your Personal Data in accordance with applicable law, in particular in accordance with the provisions of the Personal Data Regulation (GDPR).
The legal basis for processing your data is:
✓ your consent or
✓ the processing of your application or request, or
✓ the conclusion and performance of a contract, or
✓ the fulfilment of the Data Controller's legitimate interests or
✓ the fulfilment of our obligations under applicable law.
How long will you process my data?
For individual cases, the duration of processing is as follows:
1) where we are processing your data on a contractual basis, the processing will continue for as long as the contract lasts and the period of limitation for any claims,
2) where you have consented to processing for a specific purpose, we will process your personal data until you revoke your consent, after which we will delete it immediately,
3) data which we process on the basis of the Data Controller's legitimate interest - the period of processing shall last until the aforementioned interest ceases to exist (e.g. the period of limitation of civil law claims) or until the data subject objects to further such processing - in situations where such an objection is legitimate under the law,
4) we will process data processed for the purpose of complying with our obligations under applicable laws for as long as such laws require.
Who are the recipients of the data?
Recipients of the data are persons authorised by the Data Controller to use the data in the performance of their professional duties and to whom the Data Controller instructs them to perform such activities.
In certain situations, we have the right to transfer your data if this is necessary so that we can perform our services, meet our obligations and duly comply with applicable laws.
In performing some of our tasks (e.g. document shredding, data storage, accounting and payroll services, legal services, marketing services, IT services) we use external parties. In justified cases, the relevant authorities will also receive them from us.
In this case, we entrust personal data to subcontractors in the performance of a specific purpose at our request (on the basis of a Data Entrustment Agreement), while still remaining the Data Controller of your data and responsible for its security.
We will only transfer data to three groups:
1) persons authorised by us, our employees and associates, who need to have access to the data in order to properly perform their duties,
2) processors to whom we outsource this task for a specific purpose (e.g. accounting office, law firm, IT company),
3) to other data recipients (e.g. law enforcement agencies, banks in case they request information based on an appropriate legal basis in accordance with the applicable law).
Whether and to whom do you share my data?
We do not share your data with third parties or entities, except where:
1) you have voluntarily consented to such sharing. Your consent given in advance may be revoked by you at any time, in the same simple manner in which it was given.
2) the sharing is necessary for the performance of a contract or the provision of a service.
3) in specific cases, your data may be made available to entities authorised to do so under generally applicable legislation (e.g. law enforcement authorities, an auditor for the purpose of auditing financial statements).
Each request for access is thoroughly investigated by us, and the transfer of data only takes place if, as a result of this analysis, we determine that there is a valid and effective legal basis for requesting disclosure of your data to these entities.
Do you transfer personal data outside EU countries?
Our partners are mainly based in Poland and other countries in the European Economic Area (EEA). Some of our suppliers are based outside the EEA. In connection with the transfer of your data outside the EEA, we have ensured that our suppliers provide guarantees of a high level of protection of personal data. We minimise the extent of data sent outside the EEA. At the same time, we verify, in the case of the application of the SCC, whether there is a risk of a data breach by these non-EEA providers, among other things, what their data security process is like and whether the data shared could potentially be of interest to third countries.
How do you protect my data?
The Data Controller shall endeavour to provide measures for the physical, technical and organisational protection of personal data against accidental or wilful destruction, accidental loss, alteration, unauthorised disclosure, use or access, in accordance with all applicable legislation.
What are my rights and how can I exercise them?
In relation to the processing of your personal data, you have the following rights:
1) to be informed regarding the processing of your personal data, the so-called "information obligation" (pursuant to Articles 12 and 13 of the GDPR),
2) to access the content of your personal data (pursuant to Article 15 GDPR),
3) request the rectification of your personal data (pursuant to Article 16 GDPR), i.e. the correction of inaccurate data and the completion of incomplete data,
4) to request the restriction of the processing of your personal data (pursuant to Article 18 GDPR),
5) The right to request the transfer of your personal data to another Data Controller (in accordance with Article 20 GDPR),
6) to object to the processing of your data on grounds relating to your particular situation (pursuant to Article 21(1) GDPR), however, this right is not absolute - i.e. despite your objection we will still be able to process your personal data if we can demonstrate that there are compelling legitimate grounds for the processing which override your rights and freedoms or grounds for establishing, asserting or defending claims,
7) to object to the processing of your personal data carried out for direct marketing purposes, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions of effectiveness, in which case we will no longer be able to process your personal data for direct marketing purposes.
8) The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
9) to request the erasure of your personal data (pursuant to Article 17 of the GDPR) - the so-called "right to be forgotten", you can exercise this right for example when:
a. the Data Controller processes your personal data unlawfully,
b. you object to the processing of your data for marketing purposes,
c. your data must be erased in order for the Data Controller to comply with a legal obligation;
10) In addition, you have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection (formerly GIODO).
How do you keep your privacy policy up to date?
We may update this policy from time to time. If we make material changes, we will notify you by email. To the extent permitted by applicable law, your use of our services after such notification constitutes your consent to updates to this policy.
We encourage you to periodically review this policy for the latest information about our privacy practices. We also make previous versions of our privacy policy available for review.
The Policy is reviewed on an ongoing basis. The current version of the Policy has been adopted and is effective as of. You can find archived versions of this document on our website.