GDPR

GENERAL DATA PRIVACY NOTICE

According to Article 13(1)-(2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – (Text with EEA relevance), further “the GDPR”), please be advised that:

  1. The controller of your personal data is “MERCOR” Spółka Akcyjna with its registered office in Gdańsk, address: 80-408 Gdańsk, ul. Grzegorza z Sanoka 2 („the Controller” or „MERCOR”). You can contact the Controller via e-mail at odo@mercor.com.pl
  2. MERCOR processes your personal data on the basis of:
    • Article 6(1)(b) of the GDPR – in order to perform a contract or to take steps prior to entering into a contract,
    • Article 6(1)(c) of the GDPR – in order to comply with a legal obligation to which the Controller is subject,
    • Article 6(1)(f) of the GDPR – for the purposes of legitimate interests pursued by the Controller or a third party,
    • Article 6(1)(f) of the GDPR – for archiving (evidentiary) purposes in pursuit of our legitimate interest in securing information in the event of a legal need to prove facts or to establish, assert or defend against claims in pursuit of our legitimate interest,
    • Article 6(1)(f) of the GDPR – in order to measure customer satisfaction in pursuit of our legitimate interest in assessing quality of our service and level of Customer satisfaction with our products and services.
  3. You have the right to object to the processing of your personal data at any time. We will stop processing your data for such purposes unless we are able to demonstrate that there are important and legitimate grounds for us to process your data that override your interests, rights and freedoms or your data are necessary for us to establish, assert or defend against claims.
  4. Remember that providing personal data is voluntary; however, failure to provide such data will result in the inability to make or perform a contract.
  5. MERCOR processes personal data for the duration of negotiations, fulfilment of a contract or services provided after termination thereof, until expiry of the limitation period for claims or the limitation period for tax liabilities.
  6. Your personal data will also be processed by MERCOR for the purposes of marketing: its products and services.
  7. Categories of recipients to whom your personal data are or will be disclosed by MERCOR include MERCOR’s employees and collaborators. Your personal data can also be accessed by such recipients as IT companies, postal operators, couriers, suppliers, shipping companies, banks (for purposes of paying remunerations), entities that provide benefits to employees, entities that provide employee insurance services, advisory, accounting and tax services as well as claims adjusters.
  8. In general, your personal data will not be transferred to recipients in third countries or to international organizations. Exceptions may apply to statistical and analytical data. In such situation MERCOR transfers your personal data to the so-called “third country” within the meaning of the GDPR, namely the United States of America. The United States of America is a country that does not belong to the European Economic Area and does not meet high standards of personal data protection applicable in the European Union. However, your personal data are safe – we use a legal mechanism of personal data transfer between the European Union and the United States of America. MERCOR entrusts processors (for example Google) with the processing of personal data on the basis of entrustment agreements containing Standard Contractual Clauses (SCC). The SCC are model clauses accepted by the European Union and mentioned in Article 46(2)(c) of the GDPR that are aimed at facilitating the transfer
  9. While processing your personal data, no automated decision making, including profiling, will take place.
  10. You have the right to access your personal data, to rectify, delete, limit the processing thereof, transfer the data, make an objection to or withdraw your consent for processing at any time, without affecting the lawfulness of processing performed based the consent expressed prior to withdrawal thereof.
  11. You also have the right to lodge a complaint with a regulatory body, namely the President of the Personal Data Protection Office.


Controller