The protection of privacy is important to us. We do our best to protect your personal data and present to you, in a transparent way, the way we use it.
This policy (“Privacy Policy”) was drawn up by SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k. with its registered office in Warsaw (00-124) at ul. Rondo ONZ 1 and is addressed to the natural persons, whose personal data are being processed by the Data Controller due to their using of Data Controller’s webpage, Data Controller’s business activity and its marketing and promotional activity.
SSW processes personal data pursuant to the generally applicable regulations of law, including, in particular, the Regulation of the European Parliament and the EU Council 2016/679 of 27 April 2016 on protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of the Directive 95/46/EC (general data protection regulation) (GDPR) and the Act of 10 May 2018 on personal data protection.
1. Who is responsible for your personal data? (Data Controller)
The Data Controller of your personal data is SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k. seated in Warsaw (00-124) at ul. Rondo ONZ 1, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw, the 12th Division of the National Court Register under KRS number: 0000583564, NIP: 525-256-91-33, REGON: 146936694 (the “SSW” and/or the “Controller”).
2. How to contact the Data Controller?
Our Data Protection Officer is Rafał Rępiński.
In all matters related to processing of your personal data You can contact him or the Data Controller:
a) via traditional post to the address SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k., ul. Rondo ONZ 1, p. 12, 00-124 Warszawa or;
b) via dedicated email address: privacy@ssw.solutions.
3. On what basis and in what purpose do we process your personal data?
Your personal data, which you pass on to the Controller are processed:
If your personal data were collected not directly from you, the Controller process them within following scope: name, surname, firm, correspondence address, e-mail and phone for the purposes listed above. In such an event your personal data were passed on the Controller by your employer, mandator or other entity whose interest you represent in contacts with the SSW.
The Controller’s legitimate interest means establishing and pursuing claims or rights of the Controller or defence against such claims, direct marketing of the services rendered by the Controller or third parties, delivery of services and communication with the Customer.
4. What are your rights with respect to personal data?
Pursuant to GDPR provisions you have many rights with respect to your personal data. Below, you will find a general description of your rights:
a) Access to personal data. You can exercise your right to access your data at any time.
b) Rectification and supplement to data. You have right to ask the Data Controller to rectify immediately your incorrect personal data and complete uncomplete personal data.
c) Right to deletion of data. You have right to ask the Data Controller to delete immediately your data under any of the following circumstances:
However, the Data Controller will not be entitled to delete your personal data to the extent that such processing is necessary: (i) to exercise the right to freedom of information and expression, (ii) to settle legal obligation requiring processing under the law of the European Union or Poland, (iii) to establish, request the recovery or defend against claims.
d) Right to limit data processing. You have right to ask the Data Controller to limit processing under the following circumstances:
e) Right to object. You have right to object to processing your personal data when the Data Controller processes such data based on the legitimate interest. The Data Controller of data may not take into account the objection if they prove reasonable grounds to process, taking precedence over your interests, rights and freedoms or grounds to establish, request the recovery or defend against claims.
f) Right to withdraw the consent. To the extent that your personal data are processed on the basis of your consent, you have right to withdraw your consent at any time. The withdrawal of the consent does not affect the lawfulness of the processing made on the basis of the consent prior to its withdrawal.
g) Right to data portability. To the extent that your data are processed for the purpose of concluding and executing the agreement or processed on the basis of the consent and data are processed by automated means – you have right to receive from the Data Controller, in a structured, commonly used and machine readable form, the personal data you have provided before or during the cooperation with the Data Controller. You have also the right to transfer such personal data to another data controller.
h) Right to file a complaint. You have the right to file a complaint on processing of personal data by the Data Controller to the supervisory authority – in Poland, such a function is held by the President of the Office Personal Data Protection.
The rights provided for in items a)-g) above can be exercised by contacting our Data Protection Officer:
a) via traditional post to the address SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k., ul. Rondo ONZ 1, p. 12, 00-124 Warszawa or;
b) via dedicated email address: privacy@ssw.solutions.
You can exercise the right to file a complaint provided for in item h) above by contacting directly the supervisory authority.
5. Processing of sensitive personal data and personal data related to criminal convictions and infringements
Some categories of personal data are considered to be sensitive pursuant the provisions on data protection and are subject to higher level of protection and security. According to the provisions, the following categories of personal data are considered to be sensitive: (1) racial or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) sex life or sexual orientation; (6) physical or mental health or determinants; (7) genetic and biometric data and (8) data related to criminal convictions and infringements.
The Data Controller may collect and process your sensitive personal data and data related to criminal convictions and infringements in very limited cases and only when it is necessary for the purpose of their processing and only when it is authorised by law.
6. Providing personal data
In the case of collecting personal data directly from you, their provision is voluntary. Refusal to provide personal data may prevent conclusion of the agreement with the Controller or may affect the scope of services which can be provided to you by the Controller or may make it impossible to contact you or to provide you with marketing materials including newsletter.
7. Who do we share your personal data with?
We can share your personal data with the following data recipients or categories of data recipients:
a) service providers providing services in our name or on our behalf. In the agreements concluded with such providers, we require respecting the applicable provisions on data protection;
b) entities affiliated with the Controller;
c) if required under generally applicable provisions of law, to the necessary extent also to third parties, in particular authorised national authorities.
8. Communication of personal data to third countries
In case of communicating your personal data to third countries, i.e. recipients established outside the European Economic Area or Switzerland in the countries which, according to the European Commission do not provide an adequate level of data protection (third countries which do not provide an adequate level of data protection), the Data Controller communicates them using the mechanisms in compliance with applicable law, including, but not limited to (1.) “Standard Contractual Clauses” of EU, (2.) obtaining the certificate of compliance with the Privacy Shield by the third party (in case when it is seated in the US), (3.) if data are communicated to the third country, which, according to the European Commission, on the basis of the decision, provides an adequate level of data protection. You can obtain more information on existing safeguard implemented by the Data Controller for the purpose of ensuring lawful data processing and on possibility to obtain a copy of data or on place of their availability by contacting us as indicated in item 2 above.
9. How long do we keep your personal data?
The Data Controller is committed to process your personal data in an adequate manner and as long as it is necessary for the purpose for which they were collected. With this in mind, the Data Controller keeps your personal data for a period not exceeding the one necessary for purpose for which such data were collected or, if it is necessary, for the purpose of compliance with applicable law, in particular with regard to the period of execution of the agreement and the limitation period.
10. Automated decision making
The Data Controller does not carry out the automated decision making process, including profiling on the basis of provided data.
11. Changes in Privacy Policy
This Privacy Policy can be changed, especially if the need or necessity of such changes results from amendments to the relevant provisions of law, including changes to data recipients.
Clients, whose data are processed under this Privacy Policy will be informed on its changes in advance.