Information clause concerning your personal data

big comma Spółka z o.o. with its registered office in Rybnik at ul. 3-go Maja 30, 44-200 Rybnik, entered into the Register of Entrepreneurs kept by the District Court in Gliwice, Economic Department X of the National Court Register in Gliwice under KRS number: 0000767863, NIP: 8961583774, REGON: 382380050, with the share capital of PLN 253,005.00 (hereinafter referred to as “the Company” or “the Data Controller”) would like to inform you as follows. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC will hereafter be referred to as “GDPR”.

1. Personal data controller

In connection with the disclosure of your personal data to the Company, the Company becomes, to the extent of the data provided, their controller. The Company’s contact details: phone: +48 32 44 20 789 e-mail address: correspondence address: Sp. z o.o., ul. 3 Maja 30, 44-200 Rybnik

2. Processing purposes

If you provide data to the Company in connection with: – the desire to use a service (e.g. FireTMS application) – your personal data will be processed in order to perform the service and fulfil related obligations, such as accounting, billing (and statutory obligations), – by giving consent to receiving marketing information - your personal data will be processed for the purpose of informing about services/products offered by the Company, as well as services and products promoted by the Company in the context of cooperation - in case of filling out the registration form to try fireTMS without obligations, the personal data provided by you may be processed for the purpose of conducting presentations related to the products and services offered by the company based on a legally justified interest pursued by the Company - by accepting the information clause, you agree to the above, – in the case of disclosure of data in order to establish contacts, obtain information or lodge a complaint, your personal data will be used solely to answer the question asked, to provide information or to perform a given service for you. Regardless of the above purposes, the data may also be used in order for the Controller to fulfil other obligations resulting from generally binding legal regulations, if such an obligation arises.

3. Legal basis for processing

In connection with the purposes of the processing indicated under para. 2 above, the legal bases for data processing are: – Article 6(1)(a) of the GDPR (in the case of processing based on your consent), – Article 6(1)(b) of the GDPR (in the case of the performance of a specific service for you, such as the preparation of a contract, the provision of a service or the provision of an answer to a question) – Article 6(1)(c) of the GDPR (in the case of legal obligations imposed on the Controller).

4. Recipient categories

Data recipients may be entities providing the Controller with services or activities that directly or indirectly enable the Company to correctly perform the activities aimed at achieving the purposes referred to in para. 2 above. In particular, the recipients may be employees of the Company, its contractors, associates connected with the Company by other legal relations, or external service providers of such services as legal, accounting, financial, IT, hosting or SaaS services, insofar as the processing of your personal data by the aforementioned entities aims to achieve the purposes indicated in para. 2 above.

5. Processing time

Your personal data will be processed until you withdraw your consent to the processing (provided that this is the basis for the processing) or for the period necessary for the Controller to perform the services/contract in your favour or for the period necessary to comply with the obligations incumbent on the Company by law, whichever of the above periods expires later.

6. Your rights – the right to withdraw your consent

In relation to the processing of your personal data by the Company, you are entitled to: a) request access to your data from the Company, b) demand rectification, deletion, or limitation of data processing, c) object to processing, d) demand data transfer, e) withdraw the consent for the processing of personal data – the withdrawal of consent is possible at any time. However, it should be noted that the withdrawal of consent does not affect the lawfulness of processing your data, which had been carried out before the withdrawal of consent. To exercise the above-mentioned rights, please contact the Controller – contact details are indicated in para. 1 above.

7. The right to lodge a complaint

You are entitled to lodge a complaint with the supervisory authority in relation to the processing of your personal data. This body is the President of the Personal Data Protection Office.

8. Transferring data outside the EEA

We strive to ensure that the personal data we process are not transferred outside the European Economic Area (hereinafter “EEA”), and if such transfer is to take place, it is possible only after meeting the requirements of the GDPR in this respect. The most common mechanism that is used is the conclusion of a data processing agreement with an entity operating outside the EEA, containing the so-called standard contractual clauses. This is a solution provided for in Art. 46(2)(c, d) of the GDPR, which consists in the fact that the entrustment agreement is mainly based on model clauses previously developed and approved by the European Commission, which is to ensure an adequate level of protection as if the data were processed in the area covered by the GDPR regulation.

9. Voluntary provision of data and consent to processing.

The provision of data is not a statutory or contractual requirement, nor is it a condition for entering into a contract, so you are not obliged to provide it. Your consent is also by no means obligatory and you are free to do so or not. However, the Company would like to point out that if it does not have your data or an appropriate consent, it will not be able to actually achieve the purposes indicated in para. 2 above and it will become impossible to provide services to you.