RODO information clause

RODO information clause for Clients, Contractors, Service Contractors, Employees and Job Applicants.

The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU L 119 of 4 May 2016), hereinafter referred to as “GDPR”

  1. The Controller of your personal data is ALWERO Sp. z o.o. based at ul. Krajowska 1, 43-300 Hecznarowice. You can contact the Controller via e-mail: alwero@alwero.pl
  2. Purposes and legal basis for data processing:

    Your personal data is processed by the Controller:

    • for the purpose of entering into an agreement with the Controller and its subsequent execution (legal
    • basis for the processing: GDPR Article 6(1)(b))
    • in order for the entity you represent to enter into an agreement with the Controller and its subsequent execution (legal basis for processing: GDPR Article 6(1)(f))
    • in order for the Controller to carry out the activities you request, other than those specified above, or in order to carry out the activities you consent to (legal basis for processing: GDPR Article 6(1)(a))
    • in order to fulfill the Controller’s legal obligations in connection with the type of business conducted and the performance of agreements entered into by the Controller (legal basis for processing: GDPR Article 6(1)(c))
    • in pursuit of the legitimate interests of the Controller, for example: (a) for the preparation of commercial offers, (b) for archival and evidential purposes, (c) for the possible establishment, investigation or defense against claims, (d) for the analytical selection of services to meet the needs of the Controller's customers, (e) for customer satisfaction surveys, (f) for internal administrative purposes, (g) for the execution of the complaint process (legal basis for processing: GDPR Article 6(1)(f))
  3. Types and categories of personal data processed:
    • personal data that identifies a person and allows the Controller to prepare offers
    • data that identifies or verifies a person, i.e. data that makes it possible to ascertain or verify the identity of a person or entity, for example, to place an order and sign an agreement with the Controller
    • data on persons or entities needed to fulfill legal obligations incumbent on the Controller or processed under the Controller’s legitimate interest,
    • personal data about browsing the Controller’s website, which are collected in accordance with the Cookies Policy and Privacy Policy or the Client’s individual consents in a given case.
  4. Your data may be shared with the following recipients or categories of recipients:
    • your data may be accessed by the Controller’s subcontractors, for example: legal, IT, debt collection companies and other entities, on the basis of personal data entrustment agreements signed with them by the Controller
    • data may also be accessed by authorized third parties under generally applicable law
  5. The Controller may transfer your personal data, if you are an employee or provide services to the Controller, outside the European Economic Area, among others:
    • to the UK, which is due to the nature of the business. The European Commission has adopted a decision finding an adequate level of personal data protection provided by the UK.
    • to countries outside the EU with which the Controller has business relations. The Controller shall exercise due diligence in verifying business partners for their use of appropriate data protection safeguards.
  6. Period of data storage by the Controller:
    • for the performance of the agreement concluded by you or by the entity you represent with the Controller, for the duration of the agreement
    • with regard to the processing of data the prerequisite of which is consent to processing, until such consent is revoked by the data subject without affecting the legality of processing carried out on the basis of consent prior to its revocation
    • in terms of fulfilling the legal obligations of the Controller in connection with the Controller’s operation and performance of the agreements concluded, for the period obliging the Controller to fulfill these obligations
    • to the extent of the existence of a legitimate interest of the Controller, for a period of time during which the Controller is able to document the existence of such interest and demonstrate the primacy of its legal interest over the interests or fundamental rights and freedoms of the data subjects
  7. Rights of data subjects:
    • the right to access data, i.e. to obtain information about the purpose and manner of processing personal data and a copy of the data
    • right to data portability
    • the right to withdraw consent, which means that you can withdraw any consent you
    • have given at any time, with the withdrawal of consent not affecting the lawfulness of the processing performed on the basis of consent before its withdrawal (as of the submission of such instruction, the Data Controller does not process the data for the purpose indicated by the data subject)
    • the right to rectify, complete, personal data in case it is incorrect or incomplete
    • the right to lodge a complaint to the President of the Personal Data Protection Office as supervisory authority
    • the right to object, which means that in certain situations you can object to processing at any time
    • the right to restrict data processing
    • the right to partial or complete erasure of data processing (right to be forgotten) that is processed by the Data Controller without a legitimate legal basis
    • the right to transfer personal data, i.e. to send data to another Data Controller (e.g. another operator).
  8. Your provision of personal data for most of the processes carried out by the Controller is not based on your consent, and although in many cases it is voluntary, in order to carry out the processing in question, it is necessary.
  9. The source of the data in the vast majority of cases is the data subjects, so it is obtained directly from the persons with whom the Controller performs the legal or factual act in question, while in the case of obtaining personal data in a manner other than from the data subjects, the source of the data is third parties.
  10. The Controller does not process personal data in an automated manner through profiling, with the exception of certain data of specific users of the website www.ealwero.com, which processes are described in the Privacy Policy and Cookies Policy posted on the Controller’s website.
  11. Personal data is collected with due diligence and properly protected from access by unauthorized persons.