By force of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we are required to provide you with the following information on the protection of your personal data:
I. INFORMATION CONCERNING PROCESSING OF PERSONAL DATA at ATAL S.A.
- The data controller (hereinafter: controller) is ATAL S.A. with registered offices in Cieszyn, 43-400 Cieszyn, ul. Stawowa 27, entered into the Companies Register of the National Court Register at the Regional Court in Bielsko-Biała 8th Economic Division with the number KRS 0000262397, national taxpayer identification number NIP: 548-248-72-78, national statistical registry number REGON: 240415672.
- Contact details – In all matters concerning the processing of personal data by our company and legislation concerning data processing, please contact our Data Protection Officer by e-mail at: [email protected] or by traditional mail at: ATAL S.A. with registered offices in Cieszyn (43-400), ul. Stawowa 27 with the comment “Personal data”.
Legal basis of processing:
For undertaking necessary steps previous to entering into an agreement, to conclude and execute an agreement, and to provide services in accord with the provisions of an agreement:
Art. 6 para. 1b and 1f of the GDPR, as the legitimate business interest of the controller, including the pursuit of claims and defence of rights.
For the controller’s marketing purposes, including profiling for marketing and analytical purposes:
Art. 6 para. 1b and 1f of the GDPR, as the legitimate business interest of the controller, or art. 6 para. 1a – consent provided.
For marketing purposes, including for analytical and profiling purposes of third parties, including the controller’s partners:
Art. 6 para. 1a of the GDPR - consent, in the case of a lack of consent personal data are not processed for this purpose.
For the execution of legal obligations of the controller resulting from relevant legislation:
Art. 6 para. 1c of the GDPR – processing is essential to meet legal requirements to which the controller is subject.
For processing any claims resulting from an agreement with or services provided for you:
Art. 6 para. 1b and 1f of the GDPR, as the legitimate business interest of the controller, including pursuit of claims and defence of rights.
The specific purpose and legal basis for processing are provided in separate information addressed to the data subject in question.
- Period of data storage – Your personal data will be stored until the expiration of the validity period of claims based on an agreement/services provided or until the legal obligation to store such data expires, in particular the legal obligation to store accounting documents regarding agreements. All data processed for accounting purposes or for taxation purposes shall be processed for a period of five years beginning with the end of the calendar year in which the tax liability arose. After the expiration of such periods, your data will be deleted or subjected to anonymisation.
In any case in which personal data are processed based on the legitimate business interest of the controller, personal data will not be processed for a specific purpose if you lodge a complaint to such processing.
If we process data based on consent from you, this processing shall stop at the moment you withdraw your consent.
- Data recipient – Your personal data may be shared with third parties for the purposes outlined above or for marketing purposes if you express consent for specific marketing purposes for which sharing of data is essential.
Moreover, data may be transferred to or shared with entities which process personal data on behalf of the controller, including entities which are part of the controller’s capital group (a current list of companies which are part of the capital group can be found at: https://atal.pl/dla-inwestorow/o_spolce/grupa_kapitalowa.html), providers of renovation and construction services, IT service providers, auditors, entities which process data as part of debt recovery processes, notaries public, banks, building managers and residential cooperative representatives, and marketing agencies. Such entities shall process personal data provided by the controller solely on the basis of agreements concluded with the controller and strictly in accordance with our instructions.
- Transfer of data beyond the European Economic Area – Data collected shall not be transferred to recipients beyond the borders of the EEA (the countries of the European Union, Iceland, Liechtenstein, and Norway).
- Rights of data subjects – You are entitled to access your data and demand correction, removal or restriction of processing. If the legal basis for the processing of your personal data is the legitimate business interest of the controller, you can lodge a complaint against the processing of your data. In particular, you are entitled to reject the processing of your personal data for the purposes of direct marketing, including profiling and analytical purposes. If the processing of your data is based on your consent, you are entitled to withdraw that consent. Withdrawal of consent has no impact on the legality of processing which took place before withdrawal of consent. If the processing of your data is conducted for the purpose of concluding or executing an agreement or providing services, or if your data are processed based on your consent, you are entitled to transfer your data to another controller. In such a case, you will receive your data from us in a structured, commonly used format which can be machine read. You may send this data to another data controller.
You are also entitled to lodge a complaint with the supervisory body dealing with data protection. The provision of data in connection with the conclusion of an agreement or the provision of services is voluntary yet necessary for the conclusion of the agreement or the provision of services.
The provision of personal data for marketing purposes is voluntary.