Principles of personal data processing

Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; OJ EU L 2016.119.1; hereinafter referred to as the GDPR).

Personal data controller

The controller of the personal data (hereinafter referred to as the Data Controller) is Winkelmann Foundation Screw spółka z ograniczoną odpowiedzialnością  seated in Legnica, ul. Jaworzyńska 305, 59-220 Legnica.

The Data Controller can be contacted by e-mail at dane.osobowe@winkelmann-group.de

Scope of the processed personal data

The data we process about you includes contact details and data related to your function or relationship with the entity on whose behalf you are acting. The Data Controller obtained personal data directly from you or received it from the entity on whose behalf you are acting.

Purpose and legal basis for the processing

1.      Personal data is processed for the following purposes:

1)     to establish and implement cooperation with the entity on whose behalf you are acting and to handle and carry out the services commissioned by you;

2)     to maintain accounting records relating to cooperation with the entity on whose behalf you are acting;

3)     to conduct activities related to the streamlining and coordination of the Data Controller’s work, including keeping internal records, e.g., recording correspondence;

4)     to establish, assert, or defend against claims.

2.      The legal basis for the processing of personal data is as follows:

1)     fulfillment of the Data Controller’s legal obligation (Article 6(1)(c) of the GDPR) to keep the Data Controller’s accounts, arising in particular from the Tax Code of 29 August 1997, the Accounting Act of 29 September 1994, and the Value Added Tax Act of 11 March 2004;

2)     the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR) in:

·        providing information and contacts necessary to conduct business and in particular to establish and implement cooperation with the entity on whose behalf you are acting and to handle and carry out services commissioned by you;

·        coordinating and streamlining work organisation by handling the Data Controller’s office;

·        establishing, asserting, and defending against claims.

3.      The provision of personal data is voluntary, but failure to do so will result in the inability to establish and implement cooperation with the entity on whose behalf you are acting.

Recipients of personal data

Recipients of your personal data include authorised personnel of the Data Controller, subcontractors of the Data Controller, related companies, post offices, couriers, insurers, banks, shipping companies, and other entities providing services to the Data Controller (in particular companies providing IT and technical support services, cooperating law and tax law firms, external auditors, translators, and other entities performing services for the Data Controller) who need to have access to the data to perform their duties. These entities will only have access to your personal data to carry out their tasks and to the extent necessary to do so.

Your personal data may also be accessed by authorised state authorities, in particular tax authorities.

Personal data retention period

Personal data will be retained for the period necessary to implement and settle cooperation and until the expiry of the periods under the relevant laws, i.e., until the expiry of the statute of limitations for tax liabilities related to accounting records, which may be extended by the statute of limitations for civil law claims, if applicable.

To the extent that personal data is processed to operate the Data Controller’s office, personal data will be retained for a period of 5 years.

Your rights

You have the right to:

·        request access to your personal data, have your personal data rectified or erased, restrict the processing, and transfer your personal data;

·        where the basis for the processing of personal data is the legitimate interest of the Data Controller – object, at any time, to the processing of your personal data on grounds relating to your particular situation;

·        where the basis for the processing of personal data is the legitimate interest of the Data Controller consisting of direct marketing – object, at any time, to the processing of your personal data;

·        lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office.

You also have the right to withdraw any consent you have given to process your personal data or to receive information from us (e.g., marketing content) without affecting the lawfulness of any processing or transfer of information carried out on the basis of consent prior to its withdrawal.

For the exercise of your rights, please contact us at the above e-mail address.

Use of personal data for automated decision-making, including profiling

Your personal data will not be used to make automated decisions, including profiling.

To the main page