Processing of personal data and cookies
I. GENERAL INFORMATION
- ways of processing of personal data by ALLcom Sp. z o.o. (Ltd.) with its registered office in Gdynia, Poland,
- types of cookies used on the Website and the rules for their use,
This website is not targeting or intended for use by children under 18 years of age. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. We may need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.
II. PERSONAL DATA
We kindly ask you to read the following information provided pursuant to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
We are committed towards compliance with the principle of accountability and the 6 GDPR Data Protection Principles:
- Lawfulness, fairness and transparency; to process personal data lawfully, fairly and in a transparent manner;
- Purpose Limitation; to process personal data for specified, explicit and legitimate and compatible purposes;
- Data Minimisation; to process personal data only as is adequate, relevant and limited to what is necessary in relation to the purposes;
- Accuracy; to process personal data which is accurate and up to date
- Storage Limitation; to process personal data for no longer than is necessary for the purposes for which it was processed;
- Integrity and Confidentiality; to process personal data in a manner that ensures appropriate security of the personal data;
Who is the personal data Controller?
The Controller of the personal data is: Allcom Sp z o.o. (Ltd.) with its registered office in Gdynia (Poland) 10 Lutego Street 16, 81-364 Gdynia, phone: 58 660 78 00, e – mail: email@example.com (hereinafter referred to as “Controller“).
What are the rights you have?
You have the right to:
- be informed about how your personal information is being used,
- access the personal information and request, that we submit to you a copy of your personal data,
- request the rectification of inaccurate personal information,
- request the erasure of your personal data,
- request the restriction of processing,
- transfer your personal data (right to data portability),
- object to certain data processing (e.g. if based on legitimate interest).
- stop certain processing (e.g. marketing),
- withdraw consent,
- complain to the competent authorities.
In case of processing data on the basis of your consent – you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you think, that your personal data is being processed unlawfully, you have the right to file a complaint to the supervisory authority in Poland: President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych).
Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond. The rights are subject to limitations and conditions stipulated by law.
How to exercise your rights?
The above rights may be exercised in writing or electronically via e – mail: firstname.lastname@example.org.
How do we process your data?
Depending on the relationship existing between the Controller and the data subject, personal data may be processed for different purposes:
1. Processing of Website users’ data.
a. Personal data provided by the user shall be processed for the following purposes:
• in relation to inquiries sent to the Controller via a contact form or e-mail – personal data shall be processed in order to respond to such inquiries,
• in relation to cookies – the data shall be used for the configuration of the Website and user authorization,
b. The processing of personal data in relation to cookies and inquiries sent to the Controller via a contact form is based on article 6.1.a of the GDPR (consent), the consent can be withdrawn at any time. Withdrawal of consent shall not affect the lawfulness of the processing of personal data before the withdrawal of the consent,
c. The processing of personal data in relation inquiries sent to the Controller via form or e-mail is based on article 6.1.f of the GDPR (legitimate interests pursued by the Controller), that is providing necessary customer service and responding to inquiries sent by potential clients and contractors,
d. Users’ personal data shall not be transferred to other entities, however, access to the personal data may be obtained by following entities:
• web hosting service provider – an entrepreneur that provides the technologies and services needed for the website to be viewed in the Internet. Websites are hosted or stored on special computers called servers. Such servers may be provided by the web hosting service provider – in such case above – mentioned entity shall store data and information regarding the website or its users,
• e-mail server provider – an entrepreneur that operates email servers and stores data and information included in e – mails
• cloud storage service provider – an entrepreneur that stores data and information uploaded to the cloud,
• IT service provider – a person or entity responsible for the efficiency and security of our IT systems.
e. Personal data shall not be transferred to third countries.
f. The provision of personal data is not a statutory requirement; however we need the personal data to respond to user’s inquiries and to ensure that the Website remains functional.
i. Legal and regulatory requirements and guidance;
ii. Minimum retention periods provided by law;
iii. Laws which require retention of periods for undefined terms, including the GDPR;
iv. Laws which grant special powers to authorities to investigate or take action within periods commencing after discovering breaches;
v. Prescriptive Limitation periods that apply in respect of taking legal action;
vi. Our ability to defend ourselves against legal claims and complaints;
vii. Good practice; and
viii. The operational requirements and the nature of our business.
ix. The set of circumstances relevant to a client, the services rendered, degree of risk, type of data and others risk factors;
We strive to maintain a retention policy which sets out the different retention periods for the types of information we hold – however it is not always possible to have fixed retention periods, and therefore we apply the above-mentioned criteria using a risk-based approach. As a guide:
i. we will keep personal data while your engagement with us is active or until such time as you ask us to stop communications with you, and for some years thereafter, unless we need to keep the data for longer;
ii. we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;
iii. we may keep certain categories of personal data for longer for back-up and redundancy purposes, including to ensure business continuity;
iv. and, we may keep different types of personal data for different lengths of time if required by law (for instance, we may need to keep certain personal data relating to purchases for about 6 years in order to comply with tax reporting requirements);
v. When it is no longer necessary to retain your personal data, we will delete or anonymise it.
2. Processing of customer data, business partner’s data and persons acting on their behalf.
Depending on the enquiry received, personal data may be processed in order to conduct our business activity consisting in the provision of international forwarding and transport services, customs agency services and storage services. During the performance of the orders received from our clients we often engage subcontractors.
• If you are an entrepreneur running your own business:
i. processing is necessary for entering into or for the performance of the contract concluded between us (article 6.1.b of the GDPR). Your personal data can be also processed when it is necessary for legitimate interests pursued by the Controller (Article 6.1.f of the GDPR), that is:
a. activities connected with the performance of the contracts and orders, in particular the transmission of information regarding the order or contract to initial customers, final clients or subcontractors,
b. recovery of claims and protection of rights
c. Maximising efficiency – so that we can deliver the best service to you using the various levels of expertise and making most efficient use of our back-office administration;
e. Client Assessments – to carry out research and analysis of your data (including billing information) as this helps us understand our clients better, who they are and how they interact with us;
f. Tailoring Services – to allow us to provide bespoke services where requested by you;
g. Confidentiality, IPRs and Trade Secrets – Protecting our commercially valuable information and intellectual property;
h. Crime Prevention – Preventing and detecting fraud and/or criminal activity;
i. Credit Control – For credit control purposes and to make sure clients can pay for the services we provide;
j. Risk Management – For the purposes of risk management and to maintain our accreditations so we can demonstrate we operate to the highest standards; and
k. Communicating with Clients – Ensuring keep up to date with our clients and contacts and developments in their organisations.
l. Security of our Systems – ensuring that our IT and communications systems, including networks and servers, are secure – also to protect your sensitive commercial and personal data;
m. Improved Web Presence – to improve and ensure the security of the website (for example, for statistical, testing and analytical purposes, troubleshooting).
n. Cross Reference – To share data with related entities or entities with whom we are closely associated;
o. Where we apply legitimate interest as a basis to process personal data we acknowledge that you may object to such processing at any time.
ii. your data may also be processed on the basis of article 6.1.c of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject) – for example transfer of data to public authorities, issuing invoices,
iii. your data may also be processed for direct marketing purposes – based either on your consent (article 6.1.a of the GDPR), in which case you shall have the right to withdraw your consent at any time The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
iv. we will obtain your personal data from contracts, orders, commercial inquiries, commercial offers, websites, freight exchanges, public registers,
v. we process the following categories of your personal data: contact details, data necessary for invoicing, identification numbers (tax identification numbers etc.) and in some cases the registration number of the vehicle (to the extent that it is necessary to “pre-authorize” goods or drivers).
• if you are a person employed by the entrepreneur or person acting on his behalf:
i. your personal data is processed by us in order to perform the contract concluded between us and the entrepreneur on whose behalf you act, in such case your personal data is processed for the legitimate interests pursued by the Controller (Article 6.1.f of the GDPR), that is:
– ensuring the possibility of performing the contract concluded between the Controller and the entrepreneur on whose behalf you act, and your personal data are processed only for the purpose and to the extent necessary for the proper performance of such contract,
– recovery of claims and protection of rights,
ii. your data may also be processed for direct marketing purposes – based on your consent (article 6.1.a of the GDPR), you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
iii. if you have not provided us with your personal data, it means that we have obtained it from contracts, orders, commercial inquiries, websites, commercial offers, freight exchanges or directly from the entrepreneur on whose behalf you act. Your data could also have been obtained from public registers, if your authorization to act on behalf of the entrepreneur was disclosed in such register,
iv. we process the following categories of your personal data: business contact details, such as your name, e-mail address, telephone number.
The recipients of personal data of clients and contractors as well as their employees and proxies may be:
– institutions authorized by law (for example tax office and customs office),
– employees, associates, contractors and clients of the Controller, if it is necessary for the execution of contracts, orders or legitimate interests of the Controller,
– mail server provider, cloud applications services provider,
– an entity providing IT services,
– entities providing postal and courier services,
– entities providing legal services and debt collection services.
– Auditors, insurers, brokers, lawfirms
– Translation service providers
– Credit reference agencies
Personal data may be transferred outside the European Union – only if it is required to perform a specific order or contract. It is possible that such third countries do not provide an adequate level of protection – in that case the transfer of data shall take place using standard data protection clauses adopted by the European Commission, referred to in article 46.2.c of the GDPR, unless other derogations apply (such as article 49(1)(b) of the GDPR which allows personal data to be transferred when the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request). Detailed information about the entity to which the data was transferred and the security used shall be submitted upon your request (in writing or by e – mail).
Personal data shall be stored for the period necessary for the execution of contracts and orders and for the execution of legally justified interests of the Controller and the accounting data shall be stored for a period of 5 years counted from the end of the year in which the settlement was made.
Providing personal data is not a statutory requirement, it is voluntary, however your personal data is necessary for the performance of contracts and orders.
Personal data will not be subject to automated decision making, including profiling.
3. Candidates for work.
Personal data will be processed in order to carry out the recruitment process:
• personal data within the scope mentioned in art. 221 § 1 of the Polish Labor Code, that is: name and surname, parents’ names, date of birth, place of residence (address for correspondence), education, course of previous employment will be processed based on art. 221 § 1 of the Polish Labor Code and art. 6.1.b of the GDPR (processing is necessary in order to take steps at the request of the data subject prior to entering into a contract),
• other data, including contact details and image will be processed on the basis of a voluntary consent (article 6.1.a. and the GDPR), you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• if the documents contain data referred to in art. 9.1. of the GDPR, that is: special categories of personal data (sensitive data) we will need your consent for the processing, you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The basis for processing in relation to such data will be article 9.2.a of the GDPR,
Providing personal data within the scope specified in article 221 of the Polish Labor Code is necessary to participate in the recruitment procedure. Providing other data is voluntary and does not affect the opportunity to participate in recruitment.
The data shall be stored until the end of the recruitment process.
Predicted categories of data recipients: mail server provider, entities providing HR services, cloud applications services provider, IT services provider.
Personal data shall not be transferred to third countries or international organizations.
Personal data will not be subject to automated decision making, including profiling.
- The Website operator is the entity that places cookies on the Website user’s end device and is getting access to the cookies.
- Cookies are small files that are sent by the server via the Website, then the cookies are stored using a web browser on the user’s device. The cookies collect the information about the user and his behavior on the Website.
- Cookies are used to improve user’s comfort and to obtain information on how the Website is used. Cookies help optimize the Website and user-displayed content. The primary purpose of cookies is to present the user a Website that meets his needs. Cookies do not cause any configuration changes on the user’s device and the software installed on it.
- The Website may use both: session cookies that are subject to deletion after closing the web browser window, as well as “persistent” cookies, saved for a specified period of time in user’s end devices.