Privacy policy
I. General Information
In this Privacy Policy, we provide information on the legal grounds for the processing of personal data, the methods of collecting, processing, and using such data, as well as the rights of data subjects.
This Policy applies to all cases in which Eurosteel Sp. z o.o. acts as the data controller and processes personal data obtained directly from the data subject, as well as cases in which personal data has been obtained from other sources, except for employees’ personal data and data processed under data processing agreements.
II. Personal Data Controller
The controller of your personal data is Eurosteel Spółka z ograniczoną odpowiedzialnością, with its registered office in Kielce, 25-852, Chorzowska 22, entered into the Register of Entrepreneurs maintained by the District Court in Kielce under KRS No. 0000438761, NIP: 959-194-95-21, REGON: 260631472, hereinafter referred to as “Eurosteel”.
III. Contact Details for Personal Data Protection Matters
Any inquiries or requests related to the processing of personal data by Eurosteel should be directed as follows:
– in person or by post to the company’s address:
Eurosteel Sp. z o.o.
ul. Chorzowska 22
25-852 Kielce
– by phone: +48/41 346 81 90
– by email: ar@eurosteel.pl
IV. Purposes, Legal Grounds, and Data Retention Periods
– performance of an agreement or order to which the data subject is a party – (Article 6(1)(b) GDPR, performance of an agreement or order to which the data subject is a party). Data is processed until the completion of such agreement or order and until the limitation period for claims arising from legal provisions expires.
– performance of an agreement or order – personal data of persons indicated in agreements or designated for contact purposes (Article 6(1)(f) GDPR, legitimate interest of the data controller). Data is processed until the agreement is completed and until the limitation period for claims arising from legal provisions expires.
– recruitment (Article 6(1)(a) GDPR, consent of the data subject). Data is processed for 6 months from the end of the recruitment process.
– newsletter (Article 6(1)(a) GDPR, consent given by the data subject). Data is processed until consent is withdrawn.
– responding to an inquiry (Article 6(1)(a) GDPR, consent given by the data subject). Data is processed until consent is withdrawn by the person making the inquiry.
– complaint handling (Article 6(1)(f) GDPR, legitimate interest of the controller). Data is processed until the limitation period for claims arising from legal provisions expires.
– accounting and tax purposes (Article 6(1)(c) GDPR). Data is processed for 6 years from the completion date of the service, agreement, or order.
– pursuing claims or defending against claims (Article 6(1)(f) GDPR, legitimate interest). Data is processed for the period necessary to perform the obligation and until the limitation period for claims expires.
– marketing of products and services, including profiling (Article 6(1)(a) GDPR, consent of the data subject). Data is processed until consent is withdrawn.
– marketing of products and services, including profiling (Article 6(1)(f) GDPR, legitimate interest of the controller) – until an objection is raised.
V. Source of Data and Type of Data Provided by Other Entities
Eurosteel receives personal data directly from data subjects or through other persons (for example, from the person’s employer, another employee, or another entity with which the person regularly cooperates).
Where we obtain personal data directly from you, you have direct control over the scope of data collected by Eurosteel.
Where data is provided by another person, Eurosteel collects contact data related to professional activity, such as: first name, last name, telephone number, email address, company name, position or function, and possibly other data resulting from the order or agreement on the basis of which the data is disclosed.
VI. Cookies
On our website, we may automatically collect personal data through cookies. Cookies are small text files that a website may send to a user’s browser for storage on the user’s computer, tablet, or other mobile device. Cookies may facilitate the use of the website by storing information about status, applications, preferences, and other user-related information, as well as administering such information.
Most browsers allow cookies to be accepted by default, but users may change their settings to refuse cookies or to receive a warning when cookies are being sent.
VII. Automated Decision-Making
The data you provide may be processed for profiling purposes and for adapting the marketing content, offers, or information we send to your interests and your business or professional activity.
The data you provide will not be processed for the purpose of automated decision-making.
VIII. Consequences of Failure to Provide Data
In the case of electronic forms (e.g. contact forms), providing data is voluntary; however, failure to provide data marked as mandatory will result in the inability to submit the form.
In the case of persons who are parties to an agreement or order, providing data necessary for the performance of the agreement and legal obligations is a condition for concluding and performing the agreement.
In the case of data collected by representatives in connection with marketing, purchasing, or sales activities, providing such data is entirely voluntary. The consequence of not providing such data is the inability to contact you in the future.
IX. Recipients of Personal Data
We disclose personal data to other entities only where permitted by law. In such cases, we enter into agreements with the third party containing provisions and security mechanisms to ensure adequate protection of personal data and to maintain our standards.
The data we store may be disclosed to:
– entities processing personal data on the basis of data processing agreements (processors),
– entities providing hosting and website management services,
– entities providing software delivery services, software and hardware maintenance services, backup creation, security, and data analysis services,
– entities carrying out marketing campaigns,
– entities providing survey services, including customer satisfaction surveys,
– debt collection companies,
– auditors, experts, legal and tax advisors,
– authorities supervising compliance with the law, regulatory authorities, state authorities, and local government authorities under applicable legal provisions.
X. Rights of Data Subjects
In accordance with the GDPR, you have the right to:
– access your data, including obtaining a copy of the data,
– rectify (change, update) your data,
– erase your data (in the cases specified in the GDPR),
– restrict the processing of your personal data,
– object to the processing,
– data portability, where the legal basis for processing is your consent or an agreement to which you are a party,
– withdraw consent, where your data is processed on the basis of consent,
– lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office. A list of supervisory authorities in other EU Member States is available at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
If you wish to withdraw your consent to the processing of your data, please use the contact details provided in Section III “Contact Details for Personal Data Protection Matters”.
Eurosteel reserves the right to exercise the above rights only after positive verification of the identity of the person requesting the exercise of such rights.
Please do not send special categories of personal data via contact forms or websites (data revealing racial or ethnic origin, political opinions, philosophical beliefs, trade union membership, information concerning physical or mental health, genetic data, biometric data, information about sex life, sexual orientation, criminal convictions, and violations of law). If you provide such information, this will mean that you have given your explicit consent for Eurosteel to collect and use such information in the manner specified in the form or document in which the data was disclosed to us.
XI. Social Media
If the user logs into a social media service through our website, the operators may link the visit to the Eurosteel website directly with the user’s profile on those services. If the user interacts with plugins, for example by clicking the “Like” button, the relevant information is also transmitted directly to the operator’s server and stored there. This information is also published on the social network and visible to the user’s contacts.
The purpose and scope of data collection, its further processing and use by the social media operator, as well as the relevant rights and privacy protection settings options, can be found in the privacy statements of the respective service operators.
XII. Security
To ensure the security of personal data, Eurosteel selects and applies appropriate technical and organizational measures to protect the processed data and applies safeguards protecting the data against disclosure to unauthorized persons, as well as against processing in breach of applicable legal provisions.
We have implemented appropriate policies, procedures, and training in the field of personal data protection and regularly verify whether the measures applied are adequate to protect the data we hold.
XIII. Note from the Controller
Eurosteel reserves the right to amend this Privacy Policy, in particular where it proves necessary or advisable due to guidelines issued by authorities responsible for supervising personal data protection processes, practices applied in the field of personal data processing, changes in technology, or changes in the methods, purposes, and scope of personal data processing.