Information on processing personal data
for business partners and business partners’ representatives

With transparency of processing personal data in mind and pursuant to the applicable regulations on personal data protection, we hereby present the information on processing personal data of our business partners:

1. Data Controller and Data Protection Officer

The controller of personal data of persons acting as:

  • business partners doing business with us and potential business partners (natural persons running the so-called one-man business, natural persons running the companies under the civil law),
  • persons representing current and potential institutional business partners (authorized to represent the entities in the form of partnerships and limited liability companies, foundations, associations, etc.), persons nominated by current and potential business partners to be reference persons and to perform the agreements/commercial relations (e.g. members of project teams,
  • persons responsible for ongoing contact, including orders or complaints, etc.),

is Abakus Systemy Teleinformatyczne Sp. z o.o. with its registered head-office in Bielsko-Biała, ul. Działowa 8a, 43-300 Bielsko-Biała, hereinafter „Data Controller”.
We have appointed the Data Protection Officer whom you can contact in writing by sending the correspondence to the following address: Data Protection Officer, ul. Działowa 8a, 43-300 Bielsko-Biała, or e-mail: iod@abakus.net.pl
2. Purposes of processing and legal basis

As part of our business relations with business partners, we can process personal data of aforesaid persons for the following purposes and in accordance with the following legal bases:
a) fulfilling contractual obligations towards you, if you are or will be a party to the contract concluded with us or to take specific actions before the conclusion of the contract, such as: negotiations, exchange of documents, etc. (art.6 par.1 (b) GDPR);
b) compliance with legal obligations (art.6 par.1 9 (c) GDPR) – e.g. resulting from tax and accounting regulations oraz other specific regulations;
c) realize justified interests – our’s or third party’s (art. 6 para. 1 (f) of GDPR). Therefore said justified interests are the following:
• allowing contacting, including exchange of correspondence and keeping internal business partner records which let us contact business partners for the purposes related to actual or potential cooperation;
• undertaking actions in the form of direct marketing, including marketing communication with the use of user’s telecommunication devices (e.g. telephone) and automatic call systems, and sending commercial information by electronic means;
• establishing or pursuing potential claims, or defending against such claims;
• preventing frauds or criminal activities, including verification of business partners in public and commercial registers.

3. Disclosure of personal data

We can disclose your personal data for the above-stated purposes to the following types of recipients:
• Cooperating entities who participate in processes required to undertake our business activities, including entities which support us with regard to technical and IT service, law firms and debt collection agencies, entities rendering document archiving services, entities responsible for accounting and books, auditors and advisers, entities providing payment services, postal operators and transportation companies, freight forwarding companies and couriers,
• Authorities entitled to receive the data on the basis of the rules of law, including public administration bodies and law enforcement authorities. Moreover, recipient of the data are authorities authorized to receive data on the basis of legal provisions, including public administration and law enforcement authorities.

4. Storage period

Your personal data will be deleted if their storage is no longer necessary for the purposes they have been collected. As a rule we store the personal data for the following period:
• throughout the term of agreements signed and until they have been properly settled,
• when fulfilling legal obligations related to storage (specified by tax regulations and accounting principles),
• until potential claims regarding agreements signed expire (fall under the statute of limitation) and for the period required to pursue specific claims,
• required to document proper fulfillment of legal obligations with regard to personal data protection before the supervising bodies,
• until the objection to data processing is raised (when the data are processed on the basis of legally justified interest),
• until the consent for receiving commercial information by electronic means and/or for marketing communication with the use of user’s telecommunication devices (e.g. PC, mobile phone) and automatic calling systems has been withdrawn.

5. Disclosure of data out of EEA

We can disclose the personal data out of the European Economic Area (EEA). The disclosure of personal data is based on legally required personal data protection means which are (depending on the case) the following: decision stating the suitable protection level, accreditation in the Privacy Shield program, binding corporate rules or standard contractual clauses adopted by the European Commission.

6. Applicable rights
You have a right to do the following:
• require us to confirm whether your personal data concerning you are processed and to gain access to these data,
• rectify wrong personal data and supplement personal data, if incomplete,
• delete your personal data in cases stipulated by GDPR rules, • limit processing in cases stipulated by GDPR rules,
• transfer data in cases stipulated by GDPR rules
• raise an objection to processing personal data for the purposes arising from our legally justified interests,
• lodge a complaint to the supervising body dealing with personal data protection, e.g. in Poland – to the Head of the Personal Data Protection Office,
• withdraw its consent at any time (if personal data processing is based on your consent). Withdrawal of the consent does not affect the legality of processing on the basis of the consent before it is withdrawn.

7. Source of data origin and data provision requirement
If you contact us on behalf of the business partner, your data may have been disclosed to us by the aforesaid entity due to our business relationship. When the contact is initiated by us, your data in specific cases may come from widely available registers/databases, including the National Court Register, Central Registration and Information on Business, Public Information Bulletin or websites.
When the personal data come directly from you, their disclosure is voluntary but required to conclude or properly perform the agreements signed, or may be your official duty. Disclosure of data for the purposes arising from rules of law is obligatory on the basis of relevant rules of law.
8. Automated decision-making process
The personal data processed for the aforesaid purposes will not be subject to automated decision-making process, including profiling.