Counterparty – representative of a legal entity

As part of its business processes, ATAL S.A. enters into various types of contracts/agreements for the supply of goods and services with legal entities. We are aware that the GDPR excludes from its jurisdiction the processing of personal data of legal entities but each legal entity is represented by an individual who signs a contract/agreement on its behalf. Therefore, we process the personal data of individuals entering into a contract/agreement on behalf of a legal entity. You can find more details below.

NOTICE FOR REPRESENTATIVES OF A LEGAL ENTITY

In accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of the European Union of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “GDPR”), we are obliged to provide the following information regarding the processing of your personal data:

1. Personal Data Controller – ATAL S.A. with its registered office in Cieszyn (hereinafter: “Controller”), address: 43-400 Cieszyn, ul. Stawowa 27, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Bielsko-Biała, VIII Commercial Division of the National Court Register (KRS) number: 0000262397, NIP (Tax Identification Number): 548-248-72-78, REGON (National Business Registry Number): 240415672, share capital: PLN 216,073,050.00, paid in full.
2. Data Protection Officer – in all matters relating to the processing of personal data and exercising your rights related to the processing of personal data, you can contact the designated Data Protection Officer via e-mail: [email protected] or in writing at: ATAL S.A., Cieszyn (43-400), ul. Stawowa 27, with the note “Personal data”.
3. Processing purposes and legal basis for processing – we process your personal data for the following purposes:
   a) to effectively conclude a contract/agreement on the basis of Art. 6(1)(c) GDPR, i.e., to fulfill a legal obligation incumbent on the Controller,
   b) Art. 6(1)(f) GDPR, i.e., to pursue the Controller’s legitimate interest in defending against claims under a concluded contract.
4. Source of personal data – we obtained your personal data in connection with the concluded contract/agreement.
5. Categories of personal data – we process your following personal data: full name, position or role and any other data provided to us.
6. Period for which personal data will be stored – your personal data will be kept for the period of performance of the contract/agreement and then for the period of limitation of possible claims under generally applicable laws or tax regulations.
7. Data recipients – your personal data may be shared with, for example, IT service providers or technical service providers – whereas such entities process personal data on the basis of a contract concluded with the Controller and in accordance with our instructions.
8. Rights of the data subject – you have the right to request access to your personal data, to data rectification or erasure and to restriction of data processing and the right to lodge a complaint against the processing.
9. Right to lodge a complaint – you also have the right to lodge a complaint with the supervisory authority, i.e., the President of the Office for Personal Data Protection, sent to: ul. Stawki 2, 00-193 Warsaw, if you believe that the processing of your personal data violates the GDPR.
10. Automated decision-making and profiling – your personal data will not be used for automated decision-making, including profiling as referred to in Art. 22 GDPR.