+ 048 32 758 1001 | sekretariat@gorka.com.pl

INFORMATION

GDPR

GDPR

REGULATIONS IN FORCE AT GÓRKA CEMENT Sp. z o.o.

NOTIFICATION DUTY IN RESPECT OF PERSONAL DATA PROTECTION

Górka Cement Sp. z o.o. Lipcowa 58, 32-540 Trzebinia is the controller of the personal data. The Data Protection Officer may be contacted by e-mail at the following address: iod24@agileo.item

The personal data is processed in connection with:

A. Operation of the business:

I. We process personal data as a part of our day-to-day business operations.
II. Data subjects: entities contacting the company, as well as their employees and persons cooperating with them, shareholders holding personal actions and persons residing in our premises and buildings – in connection with video monitoring.
III. Processed data: first and last name, service information, contact details, address details, registration and record data, registration number of vehicles entering the area, as well as the images from the video surveillance system.
IV. The legal basis and the purposes of the data processing:
    1. conclusion and performance of agreements;
    2. complying with applicable legal obligations, e.g.:
    a. storage of data for the needs of future proceedings conducted by authorised bodies;
    b. filing and processing of complaints;
    c. settlement of public and government levies;
    d. investor relations;
    e. keeping the share register;
    3. legitimate legal interest:
    a. documenting the activities;
    b. establishing, securing and enforcing claims;
    c. direct marketing;
    d. creating registries, analysis and statistics for the internal use;
    e. verification of creditworthiness and legal credibility of business partners;
    f. archiving;
    g. prevention and detection of criminal offences (we care about safety).

B. Sales of our products (cement) and procurement of materials for production.

I. Data subjects: business partners, prospective business partners as well as their employees and persons cooperating with them.
II. Processed data: first and last names, service information, contact details, address details, bank account numbers, registration and record data (e.g.: PESEL [Personal Identification Number], ID card number). If the sales is accompanied by transport, additionally: vehicle registration numbers, driver’s passport or ID card number as well as driver’s driving license number).
III. The legal basis and the purposes of the data processing:
    1) conclusion and performance of agreements;
    2) complying with applicable legal obligations, e.g.:
    a. storage of data for the needs of future proceedings conducted by authorised bodies;
    b. filing and processing of complaints;
    c. settlement of public and government levies;
    3) legitimate legal interest
    a. documenting the completion of the transaction;
    b. establishing, securing and enforcing claims;
    c. marketing bezpośredni;
    d. creating registries, analysis and statistics, including turnover and sales ones, for the internal use;
    e. verification of creditworthiness of business partners;
    f. archiving.

C. Conducting recruitment of employees and co-workers.

I. Data subjects: applicants for employment.
II. Processed data: personal data provided by the recruitee or the recruitment agency, such as first and last name, date of birth, contact details, address details, educational details, previous employment history, professional rights.
III. Personal data pertaining to the recruitment process is collected on the basis of the granted consent. The person who has given their consent shall have the right to withdraw it at any time without affecting the lawfulness of the previous processing.
IV. The legal basis and the purposes of the data processing:
    1) consent;
    2) conclusion and performance of agreements;
    3) complying with applicable legal obligations, e.g.:
    a. storage of data for the needs of future proceedings conducted by authorised bodies;
    b. settlement of public and government levies;
    4) legitimate legal interest:
    a. recruitment;
    b. establishing, securing and enforcing claims;
    c. creating registries, analysis and statistics for the internal use;
    d. archiving.

THE ORIGIN OF THE PERSONAL DATA

Processed personal data is provided to us directly by the data subjects or other data controllers with whom we cooperate, or from publicly available sources.

ABSENCE OF THE OBLIGATION TO PROVIDE THE PERSONAL DATA

The provision of the personal data is voluntary, as to the principle, but may constitute a condition for the conclusion of an agreement.

THE RECIPIENTS OF THE PERSONAL DATA

We are allowed to transfer the processed personal data, including that processed by authorised persons, to:
1) entities processing the data on our behalf:
a) entities acting as intermediaries in transactions we conclude;
b) subcontractors;
c) entities delivering advisory, consulting, audit and IT services, legal tax and accounting assistance, research agencies acting at our commission;
2) other data controllers who process the data in their own name, the participation of which is necessary for the performance of a given process, including but not limited to:
    a) third parties to the transaction;
    b) shipping companies;
    c) forwarding agents;
    d) customs clearance agents;
    e) insurers;
    f) authorities and agencies of state or local government;
    g) courts;
    h) bailiffs;
    i) business information agencies;
    j) postal operators and couriers;
    k) banks;
    l) entities we cooperate with in respect of handling accounting, tax and legal matters – within the scope in which they will become data controllers;
    m) entities constituting Mapei SpA Group.

DATA RETENTION PERIOD

We process your data for the time necessary to achieve the purpose of the processing. Once the purpose is achieved, we either destroy the data or we archive it in line with the applicable law regulations. Due to statutory limitation periods for the civil law claims, the personal data is deleted after 10 years as of the end of the year in which the purpose of data processing was achieved.

LACK OF CONSENT TO DIRECT MARKETING

A person whose personal data is processed within the framework of direct marketing has the right to object to the processing of their data for marketing purposes. The object may be submitted to the following e-mail address: iod24@agileo.item

AUTOMATED DECISION MAKING

We do not make decisions that are based solely on automated processing, including profiling, of personal data.

TRANSFERRING THE PERSONAL DATA OUTSIDE THE EEA

In the event of a transaction with a counterparty outside the EEA, it may be necessary to transfer personal data outside the EEA. We may have to provide details of drivers or employees of the parties involved in the transaction. As to the principle, transferring the personal data outside the EEA will take place on the basis of standard contractual clauses, the content of which has been approved by the European Commission.

RIGHTS OF DATA SUBJECTS

Data subjects have the right to:
    1) rectification (correction) of data, to the extent and in accordance with the principles laid down in Art. 16 GDPR;
    2) erasure of data, to the extent and in accordance with the principles laid down in Art. 17 GDPR;
    3) restriction of processing (suspending data processing operations or not erasing data, as appropriate), to the extent and in accordance with the principles laid down in Art. 18 GDPR;
    4) access (by requesting information about the data we are processing and a copy of the data) to the extent and in accordance with the principles laid down in Art. 15 GDPR;
    5) data portability, to the extent and in accordance with the principles laid down in Art. 20 GDPR;
    6) object to processing their personal data (including profiling) if it is our legitimate interest that constitutes the grounds for the processing of data, to the extent and in accordance with the principles laid down in Art. 21 GDPR.
    Should you wish to exercise any of the above rights, you should send a request together with an indication of the scope of data subject to the request to the e-mail address: iod24@agileo.item

    As we protect your data against unauthorized access, we may request additional identification of the data subject or additional information to be provided.
    The possibility of exercising each of the aforementioned rights results from the binding legal regulations, e.g. depends on the legal basis of data processing and on the purpose of its processing.

COMPLAINT TO THE SUPERVISORY AUTHORITY

The data subject shall have the right to lodge a complaint with the supervisory authority regarding the processing of their personal data.

Code of ethics

The Code of Ethics is a set of principles of ethical conduct, compliance with which is a condition of doing business with the Mapei Group. The Code also discusses all the duties and responsibilities of directors, managers and other employees. This document is an essential tool developed by Mapei to control and prevent any violations of standards governing the Group's operations.

The Code is a "charter of values and principles" relating to the correct behaviour and is not assumed to be a source of detailed operating instructions regulating every aspect of the operation of the Company. The Code is an integral part of the model of the organisation, management and control.

The Mapei Group will make every effort to ensure that the Code of Ethics has been recognised as the standard of professionalism in the activities of all entities with which the Group maintains long-term business relationships, such as advisors, experts, agents, distributors, suppliers and customers. The Mapei Group believes that all business relations should be characterised by transparency, honesty and loyalty. These relations should be free from any conflict of interest between the Company and personal interests.