Datenschutzrichtlinie

Who is the Controller of your personal data?

The Controller, that is the entity which determines the purpose of the processing of your personal data, is KAEM Sp. z o.o. with its registered office in Baranowo, ul. Rzemieślnicza 14 (62-081 Przeźmierowo) – hereinafter referred to as the Controller. The Controller directs this information to natural persons in connection with the performance of obligations specified in Article 13(1) and (2) and Article 14(1) and (2) of the General Data Protection Regulation of 27 April 2016, hereinafter referred to as the GDPR. How can you contact the Controller to get more information about the processing of your personal data? You can contact the Controller by e-mail, i.e. at [email protected]. You may also contact the Controller by sending a letter to the following address: KAEM Sp. z o.o. Sp. k. Baranowo, ul. Rzemieślnicza 14, 62-081 Przeźmierowo, Poland. Source of origin of your personal data. Your personal data may have been sent to the Controller directly by you, via, for example, the contact form included on www.kaem.pl, newsletter subscription, or by establishing trade cooperation with the Controller. Your personal data could also have been sent to the Controller from a different source, e.g. personal data of end customers serviced by trade networks that cooperate with the Controller and make the personal data available to them in connection with handling potential customer complaints. The source of obtaining personal data may also be the Controller’s contractor that provides them with the personal data of their employees in connection with ongoing cooperation. Other sources of obtaining personal data are companies related to the Controller by capital which sell and supply goods to customers.

What is the purpose and legal basis of the activities connected with the processing of your personal data?

1. The newsletter service that includes sending trade information – processing basis – your consent and legitimate interest of the Personal Data Controller, that is the marketing of own services (i.e. Article 6(1)(a) and (f) of the GDPR in connection with Article 10 of the Act of 16 July 2002 on providing services by electronic means). 2. Answering questions sent using the contact form – processing basis – your consent or legitimate interest of the Personal Data Controller, that is the marketing of own services and/or the action taken by the Controller at your request prior to entering into a potential contract (i.e. Article 6(1)(a) and (f) of the GDPR in connection with Article 10 of the Act of 16 July 2002 on providing services by electronic means and/or Article 1(b) of the GDPR). 3. Answering other questions and requests that do not refer to the goods and services offered by the Controller – processing basis – your consent (i.e. Article 6(1)(a) of the GDPR). 4 Execution of other forms of marketing of own services, including management of websites such as fan pages and organisation of contests and other company events – processing basis – your consent and/or the need of processing for the purposes of performance of a contract and/or fulfilment of the legitimate interest of the Personal Data Controller which can comprise the marketing of own services (i.e. Article 6(1)(a) and/or (b) and/or (f) of the GDPR). 5. Performance of a contract with a customer, supplier or any other type of contractor being a natural person, which includes actions taken at their request prior to entering into a contract – processing basis – the need of processing for the purposes of performance of a contract as well as any actions that you may request prior to entering into such a contract (i.e. Article 6(1)(b) of the GDPR). 6. Trade cooperation through the processing of your personal data (concerning natural persons conducting one-man business activity, as well as employees, representatives and persons performing a task for natural and legal persons) – processing basis – the need of processing in connection with the need for compliance with a legal obligation to which the Data Controller is subject (i.e. Article 6(1)(c) of the GDPR). 7. Fulfilment of all legal obligations to which the Controller is subject, i.e. accounting and tax obligations, or the obligations connected with exercising consumer rights (e.g. warranty and guarantee) – processing basis – the necessity of processing in connection with the need for compliance with a legal obligation to which the Data Controller is subject (i.e. Article 6(1)(c) of the GDPR in connection with the provisions of other specific acts). 8. Obtaining and further processing of public data or data included in generally available registers of entities conducting business activity is the legitimate interest of the Data Protection Controller, which comprises the performance of statutory activity (i.e. Article 6(1)(f) of the GDPR). 9. Protection of interests and property of the Controller and protection of own claims, as well as protection against potential claims – processing basis – is the legitimate interest of the Data Controller which comprises the protection of own interests and the property of the Controller, as specified above, also by using closed-circuit monitoring covering in its range the production and warehouse rooms as well as the surroundings of the Controller’s registered office (i.e. Article 6(1)(f) of the GDPR).

What is the scope of processing of your personal data?

During the processing activities the Controller applies the principle of data minimisation. Unless directly defined by legal regulations, we try to process a minimum and essential catalogue of personal data. In most cases, the performance of processing purposes described hereinabove does not require the processing of special categories of personal data, i.e. also data concerning the health condition. Therefore, if the personal data comes directly from you, it does not provide the Controller with an excessive data catalogue.

Who is the recipient of your personal data?

1. Depending on the fulfilment of a specific processing purpose your personal data may be entrusted to other processing entities or made available to other Controllers. In relation to the processing entities these will be: suppliers of software or technical services mostly connected with maintenance and supply of IT systems, IT infrastructure and websites, the entity managing the newsletter service, marketing agencies and entities participating in the organisation of corporate events, entities providing personal and property protection services, courier companies, warranty and post-warranty services, entities dealing with the destruction of data carriers, entities providing debt collection services as well as consulting and auditing entities. In relation to other Controllers these will include: banks, the postal operator, entities providing shipment and transport services, contractors, mostly trade networks, entities that provide information about business entities as well as insurance companies. 2. Your personal data may also be made available to entities authorised to their receipt under the applicable legal regulations, i.e. all the authorised state bodies. 3. Your personal data may also be made available to other entities linked by capital with the Controller. 4. In specific cases, i.e. using the selected IT solutions by the Controller as well as cooperation as part of holdings associated with the Controller, the personal data may be transferred outside the European Economic Area (mostly to countries such as: the Ukraine, Belarus, Russia and Serbia). Securing of the said transfer involves the declaration of joining the Privacy Shield programme, the so-called standard contractual clauses or recognition by the Controller that such processing is necessary for the purposes of performance of the contract concluded between you and the Controller, or for performance of the contract concluded in your interest.

How long do we process your personal data?

1. The basic criterion that determines the period of personal data processing is cessation of the basic processing purpose. 2. If the processing takes place with your consent, such consent may be withdrawn at any time. However, the Controller indicates that in the case of such an action there may be other conditions that justify further data processing. 3. If the processing takes place due to the need of fulfilling the legal obligation to which the Controller is subject, in connection with performance of the contract or fulfilment of legitimate interest of the Data Controller, the periods and criteria determining the storage time may depend on: • period of performance of a specific contract, • obligation of storage of accounting documents – 5 years from the beginning of the year following the financial year in which the specific transaction was finally completed or settled, • securing or pursuing potential claims – basic period: 6 years from the date in which the claim became due, • securing the visual monitoring recordings – basic period: 3 weeks from the date on which the recording was registered.

Which rights do you have in connection with the processing of personal data by the Controller?

Depending on the conducted processing activity the catalogue or rights that the data subjects may be entitled to is presented below. 1. Right of access to data. 2. Right to rectification of data. 3. Right to erasure of data. 4. Right to restriction of processing. 5. Right to data portability. 6. Right to object. The Controller indicates that the preferred form of contact while exercising the extended catalogue of rights is contact by e-mail to: [email protected].

Do you have to give us your personal data?

If the obligation of providing personal data does not directly result from contractual provisions or legal regulations (e.g. performance of the contracts), then the provision of personal data is always a voluntary act, which is, however, necessary for the purposes of using the Controller’s offer or making contact with them.

Is your personal data processed for the purposes of automated decision-taking or profiling?

No, the Data Controller does not conduct any actions towards you that involve automated decision-making or profiling. This document shows collectively most of the information concerning the processing of personal data; the additional information on the details of specific processing activities may be obtained by contacting the Controller at the following address: [email protected]. At the same time, the Controller indicates that they sent separate information about data processing to the specific group of entities such as their own personnel and candidates for work.