PRIVACY POLICY FOR PERSONAL DATA PROCESSING BY
SUNERZHA Sp. z o.o.
IN ACCORDANCE WITH GDPR

PRIVACY POLICY FOR PERSONAL DATA PROCESSING BY SUNERZHA Sp. z o.o.
IN ACCORDANCE WITH GDPR

SUNERZHA Sp. z o.o. with its registered office in Pruszcz Gdanski, at Przemyslowa 3 Street, 83-000 Pruszcz Gdanski, as the Personal Data Administrator, based on the Regulation of the European Parliament and Council (EU) 106/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/WE, known as the General EU Regulation (shortened to GDPR), processes personal data.

1. Personal data according to the definition in GDPR is any information related to the identification of a natural person in any form (e.g. written, audio, image), such as: name, surname, address, phone number, email address, PESEL, TIN.
In various departments of SUNERZHA Sp. z o.o., databases of customers’ personal data are maintained and secured in accordance with SUNERZHA Sp. z o.o. security policy, which is an integral part of the quality management system.

2. Personal data databases, according to the definition in GDPR, are any collection of personal data with a structured format that can be accessed based on specified criteria. SUNERZHA Sp. z o.o. has databases of employees, customers, suppliers, and collaborating individuals, which are only accessible by authorized employees.

3. Data processing according to the definition in GDPR refers to any operations performed on personal data, such as: collecting, storing, deleting, sharing, and processing.

4. 4. SUNERZHA Sp. z o.o. processes personal data for the following purposes:
a) implementation of civil law contracts with customers
b) implementation of commercial transactions
c) implementation of orders based on orders placed by customers
d) providing service services under warranty and post-warranty contracts
e) providing technical support for customers
f) conducting marketing activities, including: sales bonuses, contests, promotions, information campaigns
g) sending marketing and commercial messages by e-mail, newsletters related to the products and services offered by SUNERZHA Sp. z o.o.
h) telephone or automated system-initiated contact for marketing and commercial purposes related to the products and services offered by SUNERZHA Sp. z o.o.
i) sending marketing and commercial messages by post related to the products and services offered by SUNERZHA Sp. z o.o.

5. The collection, processing, and use of personal data by SUNERZHA Sp. z o.o. is based on the following legal basis:
I. based on the consent expressed by the customers in accordance with applicable law, including the regulations of the Act of July 18, 2002 on the provision of electronic services and the Act of July 16, 2004 – Telecommunications Law – in the case of contact through electronic mail and automatic calling systems and telecommunication terminal devices (including voice call and SMS messages).
II. legitimate interest of SUNERZHA Sp. z o.o. as a Personal Data Administrator, as referred to in Article 6, paragraph 1, point f) of the Regulation of the European Parliament and Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”) – in the case of sending marketing and sales messages by post.
The lack of consent for the processing of personal data for the aforementioned purposes by individuals and individuals conducting business activity:
1. will prevent the completion of commercial transactions
2. will prevent the execution of maintenance services
3. will prevent the sending of commercial and marketing communications to customers through electronic mail and automated call and telecommunication systems (including voice calls and SMS messages)
4. may prevent the sending of commercial and marketing communications to customers according to the terms outlined in this information.

6. To whom we can share your personal information and for what purpose.
We may share your data with: a) our employees and associates who need access to the data to perform our obligations or actions on your behalf.
b) Like most businesses, we also rely on the help of other entities, which often involves sharing personal data.
As a result, if necessary, we share personal information with the following recipients:
a) entities providing marketing, training, and event services to us,
b) entities managing our IT and telecommunications systems,
c) entities engaged in payment activities (banks, payment institutions),
d) entities engaged in credit (banks), leasing, factoring activities,
e) entities engaged in insurance activities,
f) entities engaged in postal, courier, or transport activities – shipping of goods or freight services,
g) research agencies/institutes acting on our behalf,
h) entities providing security services to us,
i) entities acquiring debts.
In addition, it may happen that, for example, based on a relevant legal provision or decision of the appropriate authority, we will have to share your personal data also with other entities, whether public or private.
Therefore, it is extremely difficult for us to predict who may request the release of personal data. However, SUNERZHA Sp. z o. o. ensures that each request for release of personal data will be analyzed very carefully and thoroughly to prevent information from being released to unauthorized persons. SUNERZHA Sp. z o. o. as the Data Controller undertakes to apply appropriate security measures, both technical and organizational, to protect processed personal data. Personal data is stored by SUNERZHA Sp. z o. o. or by data processing entities exclusively for the time necessary to achieve the purposes for which the data is collected, i.e. for the entire duration of the consent and for the period required by law (in particular tax law provisions and the statute of limitations period for claims) after its withdrawal.
Regarding the individual data processing periods, we kindly inform that personal data is processed for the following periods:
a) Contract duration — with regard to personal data processed for the purpose of concluding and performing the contract;
b) Up to 10 years — with regard to personal data processed for the purpose of establishing, pursuing or defending claims, but not longer than required by applicable law,
c) 1 year — in relation to personal data collected in connection with submitting an offer, provided that an immediate contract has not been concluded,
d) 5 years — in relation to personal data related to fulfilling tax obligations, such as storing invoices and receipts,
e) Until the revocation of consent or the achievement of the processing goal, but no longer than 2 years – in relation to personal data processed on the basis of consent,
f) Until effective objection or the achievement of the processing goal, but no longer than 2 years – in relation to personal data processed on the basis of the legally justified interest of the Administrator or for marketing purposes,
g) Until outdated or lose of usefulness, but no longer than 2 years – in relation to personal data processed mainly for the purpose of using cookies and managing the website,
h) For the duration of the cooperation, but no longer than required by applicable laws. The periods in years are counted from the end of the year in which SUNERZHA Sp. z o.o. started processing personal data to streamline the process of deletion or destruction of personal data.
Counting separate deadlines for each event would result in significant organizational and technical difficulties and significant financial costs, so establishing a single date for the deletion or destruction of personal data allows us to manage these processes more efficiently.

7. Right to be forgotten: In case of exercising the right to be forgotten, such situations are considered individually.

8. All persons whose data is processed have the rights in the field of personal data protection.
According to data protection law, individuals whose data is being processed are entitled to file a complaint with the relevant supervisory authority (i.e. the President of the Personal Data Protection Office or its successor).
Additionally, individuals whose data is being processed have the right to:
a) request access to personal data; the person whose data is concerned is entitled to receive confirmation from SUNERZHA Sp. z o. o. whether personal data concerning them is being processed and, if it is, is entitled to obtain access to it.. SUNERZHA Sp. z o. o. will provide a copy of the personal data being processed upon request. For any additional copies, SUNERZHA Sp. z o. o. may charge a reasonable fee reflecting administrative costs.
b) rectify personal data that is incorrect. Taking into account the purposes of processing, individuals whose data is being processed have the right to request the completion of incomplete personal data, including by providing an additional statement,
c) delete data (“right to be forgotten”); individuals whose data is being processed have the right to request, if the conditions set forth by law apply, the immediate deletion of their personal data and SUNERZHA Sp. z o. o. is obliged to delete such personal data without undue delay,
d) limit the processing of personal data; in such a case, SUNERZHA Sp. z o. o. shall indicate the data upon request and its processing may be limited only to specific purposes,
e) data portability; under certain conditions, individuals whose data is being processed have the right to receive their personal data in a structured, commonly used and machine-readable format, processed by SUNERZHA Sp. z o.o.
f) objection; under certain circumstances, individuals whose personal data is being processed have the right to object at any time to the supervisory authority – for reasons related to their particular situation – to the processing of their personal data, and SUNERZHA Sp. z o.o. may be obliged to stop processing such personal data.

9. We kindly inform you that we do not make automated decision-making, including profiling.

10. We kindly inform you that your personal data may be transferred outside the European Economic Area.

11. 11. SUNERZHA Sp. z o.o. does not have a Data Protection Officer.

12. Contact with the Personal Data Administrator
In case of any questions regarding data protection or the exercise of privacy rights, please contact the Personal Data Administrator:
SUNERZHA Sp. z o.o., located in Pruszcz Gdanski at Przemyslowa street 3, 83-000 Pruszcz Gdanski, or by e-mail: office@sunerzha.eu