ELSTAR Engineering Spółka z o. o. ELSTAR Engineering Spółka z o. o.

Data protection policy

  1. Home
  2. Data protection policy

PRIVACY POLICY - ELSTAR ENGINEERING Sp. z o.o.

This privacy policy and cookie policy set out the principles of processing and protection of personal data. Both documents are also intended to explain the reasons why we collect and process personal data in the course of our business activity.

  1. What are personal data?

Personal data are any information that allows to distinguish one person from the others without much effort. This information may refer to the person themselves (e.g. their first and last name, identification number, and sometimes even an email address or an account on an online platform), but also includes data that do not describe them directly. For example, it may concern their characteristics, health, beliefs, place of residence, addictions, race or religion.

  1. What personal data are relevant in our case?

These are data we receive from our Clients, Business Partners, Associates and Employees in connection with the use of our services, cooperation with us or employment. These are the data we process.

  1. What does data processing mean?

Data processing is any action that we may perform on personal data

- related to their active use, such as collection, retrieval, recording, combination, alteration or making available, as well as to passive use, such as storage, restriction, erasure or destruction.

  1. Who is the Personal Data Controller (that is, has an influence on their

processing and security)?

The Controller of your personal data is ELSTAR ENGINEERING Sp. z o.o., address: ul. Rosnowskiego 11, 82-300 Elbląg, KRS (National Court Register): 0000248837, REGON (National Business Registry Number): 170925453, NIP (Tax Identification Number): 5782699518.

The Personal Data Controller can be contacted at the following mailing address: ELSTAR ENGINEERING Sp. z o.o., ul. Rosnowskiego 11, 82-300 Elbląg, and at the following email address: rodo@elstar-engineering.com

  1. On what legal grounds and for what purpose do we process your data?

Any processing of your data must be based on an appropriate legal basis in accordance with applicable law. Such grounds may be your consent to the processing of data or legal provisions allowing it, in accordance with the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781, as amended) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119/1) - referred to as the “GDPR”.

Your data may be processed by us for the following purposes:

If you are our customer or a person interested using the services we provide, your personal data will be processed on the basis of Article 6(1)(b) of the GDPR for the purpose related to the processing which is

necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. When expressing your intention to conclude a contract, you know what personal data will be needed to sign it, and after signing, you know what data you have provided or will provide at a later date.

If you use our services, we may also process your data on the basis of Article 6(1)(c) and (e) of the GDPR, where the processing is necessary for compliance with a legal obligation to which the controller is subject, and the processing is also necessary for the performance of a task carried out in the public interest, and in accordance with Article 9(2)(g) of the GDPR, where the processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law.

We may also process your data in connection with the requirement to ensure the security of persons and facilities, or the security of networks and information. This is our legitimate interest and we process the data on the basis of Article 6(1)(f) of the GDPR. If video monitoring is used for this purpose, you will be informed about it in the form of appropriate information plates and pictograms.

If you are interested in working for us, your data contained in the application or CV are processed in a paper or electronic form. The legal grounds here are related to compliance with a legal obligation to which

the Personal Data Controller is subject, resulting from Article 221 § 1 and § 3 of the Labour Code of 26 June 1974 (Journal of Laws of 2019, item 1040, as amended) and this takes place in accordance with Article 6(1)(c) of the GDPR, and in order to take steps at the request of the data subject prior to entering into an employment contract - in accordance with Article 6(1)(b) of the GDPR. Your personal data other than those listed in Article 221 § 1 and § 3 of the Labour Code, may be processed in accordance with Article 6(1)(a) of the GDPR on the basis of your consent, which you can withdraw at any time. In this case, we will not consider your application and will immediately delete all data you have provided. However, as soon as you are employed with us, further rules of processing your data and the mandatory scope of their provision and further processing by us are determined by the labour law.

  • If you use our website and its pages where cookies are used - this is our legitimate interest and we process the data on the basis of Article 6(1)(f) of the GDPR.
  • We also process your data in connection with the creation of registers under separate provisions of law - on the basis of Article 6(1)(c) of the GDPR (compliance with a legal obligation) and Article 6(1)(f) of the GDPR (legitimate interest of the controller).
  • If you contact us via our website, we process your data on the basis of Article 6(1)(a) of the GDPR - to the extent of your consent for contact.
  • If you use and/or interact with our social media profiles: Page on LinkedIn - ELSTAR Engineering - These data are processed in accordance with Article 6(1)(b) of the GDPR for the performance of services, i.e. the contract for the provision of electronic services in accordance with the Fanpage terms and conditions, and in accordance with Article 6(1)(f) of the GDPR, in the legitimate interest of the Controller and users, i.e. the need to ensure contact between users and the Controller, and the processing of these data does not violate the rights and freedoms of users.
  • In order to improve the quality of its services, the Controller processes statistical information on the use of the website, including information about the session, IP, the time spent on specific websites and pages, the use of specific functionalities, services, information about the device and the web browser. The Controller uses cookies or other similar technologies and statistical tools. These data are processed in accordance with Article 6(1)(f) of the GDPR in the legitimate interest

of the Controller, i.e. facilitating the use of the Website, improving the quality and functionality of the services provided, and the processing of these data does not violate the rights and freedoms of users. Information about users is not used for any additional purposes, and due to the specificity of the website service, adjusting the way the content of the website is displayed, facilitating the use of the website and improving the quality of services provided on the website is not only a market standard, but also the expectation of users toward website providers. In addition, the user may at any time withdraw their consent by changing the web browser settings for the application of cookies or other similar technologies.

For the publication of marketing information about its services and current activities on its website. The Controller displays this content under Article 6(1)(f) of the GDPR, in the Controller’s legitimate interest, i.e. The publication of content related to the services provided and content of promotional campaigns in which the Controller is involved. At the same time, this action does not violate the rights and freedoms of users; users know that they may receive this type of content, and sometimes even expect it, or this is the direct purpose of their visit to the website.

6. Who do we transfer your personal data to?

In accordance with applicable law, we may transfer your data to entities that process them on our behalf, e.g. to hosting companies where we maintain this website or to subcontractors of our services. We are also obliged to make them available on request of entities authorised to request them on the basis of other provisions of law, e.g. to the Social Insurance Institution, Tax Office and courts or law enforcement agencies. In some cases, however, these data will be made available only occur if they submit their application in this respect, indicating the law that allows them to make such a request.

The Personal Data Controller does not, in principle, does not envisage the transfer of data to third countries outside the European Economic Area. However, due to the use of Google and Facebook services on our websites and on social media: The users’ data may be transferred outside the European Union, to third countries, and if this happens, these data will be transferred only on the basis of standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the GDPR.

Detailed information is provided in the privacy policy of each of the providers of these services that is available on their websites. For example:

Google LLC: https://policies.google.com/privacy?hl = pl

Linkedln: https://www.linkedin.com/legal/privacy-policy

Currently, the services offered by Google and LinkedIn are mainly provided by entities located in the European Union. However, you should always consult the privacy policies of these providers in order to get the up-to-date information on the protection of personal data.

In the European Union, in all member states, thanks to the GDPR, the text of which

is available HERE, you have the same level of protection of your data.

  1. How long will we process your data?

We pay very close attention to limiting the scope of data we collect and the time of their processing to the necessary minimum. For this purpose, we carry out systematic reviews of paper and electronic documents we hold, removing unnecessary ones, past their period of usefulness. Please note that processing time of your data, depending on the grounds on which we have obtained it, may be determined by separate legal provisions beyond our control, which may impose an obligation on us to store your data regardless of your will or desire. Examples include labour law, social security law or accounting regulations.

If the data we hold should be used for a different purpose than for which they have been obtained, we will always inform you about this and you will have the opportunity to express your objection.

  1. What rights do you have in relation to your data?

If we process your personal data, you always have the following rights:

  • the right to request access to your data - as specified in Article 15 of the GDPR,
  • the right to their rectification - as specified in Article 16 of the GDPR,
  • the right to request their erasure - as specified in Article 17 of the GDPR, or to request restriction

of their processing - as specified in Article 18 of the GDPR,

  • the right to object to the processing of data - as specified in Article 21 of the GDPR,

the right to data portability, including obtaining their copy - as specified in Article 20 of the GDPR.

All these rights are discussed in detail in Articles 15 to 21 of the GDPR, the link to which is provided above.

You can also withdraw your consent to the processing of your personal data; in this case, we will immediately erase your personal data, unless there is a legal obligation requiring us to continue their processing. For example, if you request the deletion of your data in the HR files, we will immediately erase your data from the database. However, in accordance with the provisions on HR, we will continue to hold them in our financial and accounting documentation for the period regulated by the currently applicable provision of law.

If you believe that we have violated your rights in any way or have not ensured security of your personal data - which we obviously do not want, you have the right to lodge a complaint with a supervisory authority, namely the President

of the Personal Data Protection Office.

  1. Automated decision-making and information about profiling.

We do not make any automated decisions based on your data, that is, decisions made without human involvement. We also do not take any actions aimed at profiling towards you.

Please note that our website may contain links to other websites. They will open in a new browser window or in the same window. We are not responsible for the content provided by these websites, and you - as a User - are obliged to read the privacy policy or terms and conditions of these websites.

10. How do we protect your data?

In order to ensure the security of your data, we use the technical and organisational measures required by law. We have installed the necessary physical safeguards on our premises to prevent unauthorised access to data. Our employees have the required authorisations, appropriate confidentiality agreements and data sub-processing agreements, and may process the data in a limited scope, i.e. as necessary for the proper performance of their employee duties.

The security of your data transmitted electronically is ensured by the 128-bit SSL security protocol we use. Its graphic symbol is a green padlock that appears in the web browser next to the address of our website. Thanks to its encryption before transmission, you can be sure that our website you are entering has not been modified in any manner on its way to you over the Internet.

Please bear in mind that you, as a User, should at the same time exercise care in securing your personal data transferred within the Internet, in particular you should not disclose your login credentials to third parties, and you should use anti-virus protection and update your software.

11. The Personal Data Controller reserves the right to amend this privacy policy, in accordance with applicable law. Such amendments may be made in relation to the development of Internet technology, changes in the generally applicable law or the development of the website through new administration tools.

13. On its websites, the Personal Data Controller uses:

Contact form - it requires providing the following in the relevant places: subject

of the message, name, email address, phone number. These fields are mandatory. Then, in order to send us your inquiry, you must consent to the processing of the data provided and confirm that you have read this data protection policy. The data sent in this way will be used to contact you.

14. Disclaimer and copyright

Our website at www.elstar-engineering.com also contains links to other websites and information that we find valuable or interesting. However, we are not responsible for the content of these websites and any changes made to them, and we are not responsible for the privacy policies of their current or future owners.

All content provided on our website at www.elstar-engineering.com is covered by the copyright of certain persons and / or the Controller (e.g. photos, texts, videos, free materials, etc.). The Personal Data Controller does not allow the copying of this content in whole or in part without its express prior consent.

COOKIES POLICY

  1. What are cookies and what are they used for?

Cookies are text files that are stored on your device and used by the server to recognize this device when you reconnect; they are retrieved every time you “enter” and “exit” our website. Cookies are not used to determine

your identity, just your device - e.g. so that the displayed image, after recognizing the browser you use, is best adapted to the technical capabilities of your equipment, e.g. its resolution or version.

Cookies are most often used in the case of counters, analytics, online stores, websites requiring login, advertising, and to monitor the activity of visitors. Cookies also allow, among other things, to remember your interests and adapt websites as appropriate in terms of the displayed content and matching ads. These files are used by virtually all websites operating on the Internet - search engines, blogs, online stores, office websites, etc. Our site uses them as well.

  1. What do cookies do?

In general, their principle of operation is as follows:

  • they identify the data of the computer and browser used to browse used to browse websites - e.g. they allow to find out whether a particular computer has already visited the website,
  • data obtained from cookies are not in any way combined with personal data of users obtained, e.g., during registration on websites,
  • they are not harmful to you or your computers or smartphones - they do not affect their operation,
  • they do not cause configuration changes to the terminal devices or to the software installed on these devices,
  • the default parameters of cookies allow to read the information they contain only to the server that created them,
  • based on your behaviour on the websites you visit, they transmit information to servers, and as a result the displayed page is better adapted to individual preferences.
  1. What are the types of cookies?

There are the following types of cookies:

  • “Session cookies” - these are temporary files stored in the browser’s memory until the end of its session. These files are mandatory for some applications or their functionalities to work properly. After closing the browser, they should be automatically removed from the device you used to display the website,
  • “Persistent cookies” - they facilitate the use of frequently visited websites. These files are stored in the appropriate folder for an extended period that you can adjust in the browser settings. Each time you visit the website, the data from these cookies is transmitted to the server. Such cookies are sometimes called “tracking” cookies.
  • “Third parties cookies” - these are files usually from advertising servers, search servers, etc., cooperating with the owner of a particular website. Thanks to these cookies,

the displayed ads are tailored to your interests and habits, which in return often allows you to use some content of the website free of charge. They also enable counting of “clicks” on ads, user preferences, etc.

4. Do you have to agree to our use of cookies?

Remember that you can manage cookies yourself. This is possible, for example, in the browsers you use (usually the mechanism is enabled by default). In the most popular browsers, you can:

accept cookies, to be able to fully use the options offered by websites,

manage cookies at the level of individual websites of your choice,

set the settings for different types of cookies, e.g. to accept

persistent files as session files, etc.,

block or delete cookies.

Information on the options to enable and disable cookies in the most popular browsers can be found in their settings.

If you leave your browser settings unchanged, you agree to our use of cookies. Blocking cookies or disabling some of their types may prevent you from taking advantage of the full functionality of the website or interfere with its proper functioning.

5. What do we use cookies for?

The website uses both session and persistent cookies. We use them for the following purposes:

to generate statistics, which allows to improve the content of websites, their structure and content,

to maintain the website user’s session.

In order to display the website correctly, the following information is collected: name and version of the web browser, language settings, date and time of sending the request to the server, IP from which the request was sent, the requested URL. This data is collected in order to enable the proper operation of the website.

Statistics are generated with the use of a web analytics tool - Google Analytics, which collects data and uses its own cookies in accordance with the Google Privacy Policy available here.

On its servers, Google collects data obtained from placing cookies on devices and uses this information to create reports and provide other services related to traffic and use of the Internet. Google may also transfer this information to third parties if required to do so by law or if these third parties process such information on Google’s behalf.

The data collected by our website is not disclosed or made available to third parties, except for the competent law enforcement authorities authorised to conduct criminal proceedings in connection with its initiation at our request.