S&H IMEX SP. Z O. O., with registered address at Wita Stwosza 16, 50-148 Wroclaw, Poland, VAT ID PL8971828987, registered with the Commercial Register maintained by the Regional Court in Wroclaw under File Ref. No. 539189173, (hereinafter referred to as the “Administrator”), processes personal data and treats it in accordance with the regulation of the European Parliament and of the Council of the EU No. 2016/679, on the protection of private individuals in connection with the processing of personal data and on free movement of such data and on repealing of Directive 95/46/EC (general data protection regulation), (hereinafter referred to as “GDPR”), and the legislation in force and effective within the territory of the Poland governing the protection of personal data and its treatment.
For the purposes of personal data protection
1. Personal data shall mean all information relating to an identified or identifiable private individual, while an identifiable private individual is one that may be identified directly or indirectly, especially by reference to a certain identifier, e.g. a name, identification number, tracking data, network identifier in respect of one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of such private individual.
a. General personal data shall mean in particular the name, address, permanent address of residence, delivery address, gender, age, date of birth, place of birth, birth certificate number, marital status, photographic record, e-mail address, telephone number, IP address, identification data issued by the state, such as identification number, tax identification number, ID card number, driving licence number, travel document number, etc.
b. Special categories of personal data is such personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, medical state or sexual life or sexual orientation of a private individual. Special categories of data are considered also genetic and biometric data, processed for the purpose of unique identification of a private individual. The administrator does not process such personal information of the data subjects.
2. The data subject shall mean any living private individual to whom the personal data is related and whose personal data is processed by the Administrator, i.e. anyone who submitted to the Administrator his or her personal data by means of the application form located on this web site or by any other means (by e-mail, post, etc.). Data subject shall mean in particular a jobseeker seeking employment with the Administrator, a potential customer of the Administrator, person entering the registered address of the Administrator, or other premises, a person undergoing work experience with the Administrator as preparation for the performance of his or her future career, as well as another private individual who disclosed to the Administrator his or her personal data by any means.
3. The Administrator shall mean S&H IMEX SP. Z O. O., with registered address at Wita Stwosza 16, 50-148 Wroclaw, Poland, VAT ID PL8971828987, registered with the Commercial Register maintained by the Regional Court in Wroclaw under File Ref. No. 539189173, which by itself or jointly with others determines the purposes and means of processing of personal data.
4. The Processor shall mean any natural or legal entity, public authority or any other entity, which on the basis of a written contract entered into with the Administrator processes personal data on behalf of the Administrator, doing so within the agreed scope, in accordance with the purpose of provision of personal data and for a specified period, while this processor provides sufficient guarantees of implementation of appropriate technical and organisational measures so as to ensure protection of rights of the data subjects. The processor shall mean in particular persons providing services on behalf of the Administrator, such as personnel recruitment services, accounting services and surveillance services of premises of the Administrator.
5. The third party shall mean any entity which is not the data subject, the Administrator or the processor, in particular subcontractors of the Administrator, shipping companies etc.
6. The person responsible for supervision of personal data protection shall mean a staff member of the Administrator, whose task is to oversee protection of personal data processed by the Administrator and who may be contacted by data subjects in the context of their personal data. This person is:
7. The Supervisory Authority shall mean an independent public authority responsible for the monitoring of application of GDPR with the aim of protecting fundamental rights and freedoms of private individuals in connection with the processing of their personal data and to facilitate free movement of personal data within the European Union. The supervisory authority which exercises its powers and competences in the field of personal data protection within the territory of the Poland is the Office for the Protection of Personal Data.
Purpose of processing
Personal data of the data subjects is processed by the Administrator for the purpose of implementation of contracts, production and delivery of steel pipes, cut shapes and sheet piles, (hereinafter referred to as “products”) to customers, contacting of potential customers on the basis of their demand, contacting applicants for employment, who provided the Administrator with their personal data, and in order to protect persons and property of the Administrator.
Furthermore the Administrator processes personal data of data subjects in order to identify behaviour of persons visiting the website of the Administrator in browsing of these websites on a PC or a mobile device, in order to track the number of visitors to these websites and in order to measure their functionality; with the assistance of cookies files and the Google Analytics tool.
(Cookies files means the information held in simple text files saved into a computer from the web. These cookies may be read by web pages at subsequent visits of the website of the Administrator. Information stored in a cookie file may be related to behaviour of a person when browsing a web page or contain a unique identification number, so that the website may remember him at a subsequent visit. At each visit of the website of the Administrator the analytical software stores anonymous cookies. They help determine how many visitors visit the website of the Administrator repeatedly, how do the visitors behave when visiting the website, what do they prefer and what interests them. For this purpose the Administrator uses also a tool developed by Google, namely Google Analytics, which allows website owners to obtain statistical data on the users of their website. Thanks to this service it is possible to track current as well as historic website traffic, behaviour and characteristics of visitors, sales, etc.. Details about this tool may be found here: https://www.google.com/intl/cs_ALL/analytics/index.html. For more information on further processing using this tool please contact Google.)
The legal basis for the processing of personal data of customers is the implementation of measures adopted before entering into a contract, the performance of a contract (purchase contract, contract for work, etc.), where the contracting party is the customer, as well as compliance with a legal obligation appertaining to the Administrator (e.g., accounts management, archiving of accounting documentation, etc.). Customer personal data is processed by the Administrator for the duration of the above legal reason and the purpose of processing. If the last legal grounds for the processing of personal data cease to exist, and if the Client does not grant the Administrator his or her explicit consent to the processing of his or her personal data, the Administrator terminates the processing of personal data of the Client.
The legal basis for the processing of personal data of applicants for employment is the legitimate interest of the Administrator in the search for a suitable candidate for a post in the company of the Administrator, the need for the processing in order to implement measures adopted before the entering into a contract of employment, as well as consent to the processing of personal data granted for a possible inclusion of a job applicant into a future selection procedure published by the Administrator. The data processed during the selection procedure is deleted by the Administrator as soon as it is clear that the work will not be offered to the given applicant, or that it has not been accepted by him and the tenderer has not given his or her consent to a further processing of his or her personal data.
The legal basis for the processing of personal data of persons entering the headquarters of the Administrator, or other premises of the Administrator, which are monitored by a recording camera system is the legitimate interest of the Administrator on the protection of people and property from its destruction, or theft. The legal basis for the processing of personal data of persons gaining work experience at the Administrator as preparation for the performance of their future job is the performance of a contract (contract on work experience) entered into between these individual entities, while the Administrator processes personal data of such persons only to the extent necessary for the performance of such work experience.
The legal basis for the processing of personal data (identification numbers, IP addresses, etc.) of visitors to web pages of the Administrator with the help of cookie files is the legitimate interest of the Administrator, where the latter, thanks to cookies, provides the data subjects with relevant website content.
Rights of data subjects
The data subject has in relation to the processing of personal data by the Administrator in particular the following rights, guaranteed by GDPR:
a. The right to be provided with information on the processing of personal data
The data subject has the right to be informed by the Administrator in respect of the processing of his or her personal data, in particular the purpose of processing, identity of the Administrator, its legitimate interests, any personal data recipients, etc.
b. The right of access to personal data:
The data subject has the right to obtain from the Administrator information, i.e. confirmation as to whether the Administrator processes or does not process his or her personal data, and if it does, the data subject has the right to obtain this personal data including information on the purpose of the processing, the category of the personal data processed, on any recipients of the personal data, the period of processing etc.
c. The right to a correction
If the data subject believes that the Administrator processes personal data which is inaccurate, the data subject is entitled to contact the Person in charge of the supervision of protection of personal data with a request for correction of his or her personal data.
d. The right to erasure
The data subject has the right in writing to notify and request the Administrator via the Person responsible for the supervision of personal data protection without undue delay to erase personal data of the data subject if any of the following reasons is provided:
the personal data is no longer needed for the purpose for which it has been processed,
the data subject withdrew his or her consent and there are no other legal grounds for the processing of his or her personal data,
the data subject raised an objection to the processing of the personal data and there are no overriding legitimate reasons to the processing of his or her personal data,
the personal information of the data subject was processed unlawfully,
the legal obligation due to which the Administrator processed the personal data of the data subject was duly met.
e. The right to restrict personal data processing
In the cases provided for in Article 18 of GDPR, especially in the event that the Administrator processes inaccurate personal data, where the processing of personal data is unlawful or where the data subject raised objections against the processing and so far no decision was passed, the data subject may contact the Person in charge of supervision of personal data protection with a requirement that the Administrator stops its processing.
f. The right to raise an objection
Pursuant to terms of Art. 21 of GDPR the data subject is entitled at any time to raise an objection to the processing of personal data at the Person responsible for the supervision of personal data protection. The Administrator shall not further process his or her personal data, unless it is proven that there are serious justified reasons for its processing which outweigh the interests or the rights and freedoms of the data subject.
All of the above rights of the data subject may be claimed at the Administrator by means of a written submission filed at the Person in charge of supervision of personal data protection.
Personal data transmission
The Administrator maintains confidentiality on any personal data processed even after termination of personal data processing. Personal information of data subjects is not provided to any third parties without their knowledge, except where such is necessary in order to meet the requirements of a data subject, or in order to supply goods, e.g. for the shipment of goods ordered.
Personal data is processed by the Administrator exclusively within the European Union or in countries which ensure adequate level of its protection on the basis of decisions taken by the European Commission.