GDPR INFORMATION CLAUSE AT THE OFFER STAGE

[EN] INFORMATION ON PERSONAL DATA PROCESSING AND PROTECTION BY MAXIMA EUROPE SP. Z O.O. (GDPR)

KLAUZULA INFORMACYJNA RODO NA ETAPIE OFERTOWANIA

This information is addressed for our potential customers, subcontractors and suppliers, and their contact persons (employees, collaborators, attorneys, representatives, etc.), in connection with potential interest in establishing cooperation with the Controller.

Following Article 13 item 1 and 2 and 14 of the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as the GDPR) we inform you that:

[Personal Data Controller]

The personal data controller is Maxima Europe sp. z o.o. with its registered office in Kraków (30-305), Wasilewskiego Street 20/6, KRS No. 0000589963 (hereinafter referred to as the Controller). In matters concerning your personal data, you can contact the Controller by email: [email protected].

[Types of personal data]

The Controller processes the following categories of personal data of potential clients: first name, surname, e-mail address, telephone number, business address, correspondence address, company name, tax number, statistical number, National Court Register Number. 

Moreover, the Controller can also process identification and contact data of employees, co-workers, and representatives of the entities that the Controller conducts negotiations on the possible cooperation.

The Controller may obtain personal data from various sources. The Controller may obtain personal data directly from you. If the Controller makes contact, the Controller may obtain personal data from publicly available registers (e.g. National Court Register).

[Basis, purpose of processing personal data and retention period of personal data]

The basis for the Controller's processing of personal data is:

  1. the necessity to take action at the request of the data subject before entering into a contract, including by obtaining offers to enter into a contract (Article 6 item 1 point (b) of the GDPR). Personal data for such purpose will be processed by the Controller until a contract is concluded, and if a contract is not concluded, for 1 year from the time the data were obtained. If you conclude a contract with the Controller, please have a look at the GDPR information clause for customers, subcontractors and suppliers.;

  2. the legitimate interest of the Controller in making offers to conclude contracts (Article 6 item 1 point (f) of the GDPR). Personal data will be processed by the Controller until a contract is concluded, and in the case of failure to conclude a contract for 1 year from their acquisition. If you conclude a contract with the Controller, please have a look at the GDPR information clause for customers, subcontractors and suppliers;

  3. marketing, due to the legitimate interest of the Controller (Article 6 item 1 point (f) of GDPR), until lodging an effective objection;

  4. vindication of claims or defense against claims - based on the Controller's legitimate interest, until the expiry of possible claims (Article 6 item 1 point (f) of GDPR).

[Voluntariness]

Providing personal data is voluntary, but necessary to conclude the contract. Failure to provide data prevents the conclusion of the contract with the Controller.

[Recipients of the data]

The Controller share personal data with different groups of recipients, but only if it is related to the purposes for which we process personal data or our use of IT systems. Personal data may be transferred to entities providing legal, IT, accounting or advisory services, transport services, as well as to entities related  by capital or organizational to the Controller (including other companies from our Group of companies).

[Rights of data subjects]

in relation to the processing of personal data, you have:

  • the right to access the content of your data;

  • the right to rectification;

  • the right to erasure (so called “the right to be forgotten”)

  • the right to restriction of processing;

  • the right to data portability;

  • the right to object;

  • the right to complaint with the President of the Office for Personal Data Protection if you consider that the processing of personal data violates the law. 

The Controller would like to point out that the right to object is not automatic, which means that the cessation of data processing can only take place if there is a specific situation concerning you. In connection with the filing of an objection, the Controller can demonstrate compelling legitimate grounds to continue processing personal data or to do so in connection with the assertion of rights, defense. Furthermore, you may object, at any time and without further circumstances, to our processing of your personal data, but only if the Controller process it for direct marketing purposes.

[No profiling]

Personal data will not be processed by automated means or profiling.

[Transfer of personal data to third countries]

Personal data is also processed in an IT system. The Controller uses the Google Workspace service, based on the servers of Google Inc. As a result, personal data is transferred to a third country (USA). The transfer of personal data to a third country is based on the mechanism provided by GDPR, as the data are adequately protected using Standard Contractual Clauses (“SCC”). If you wish to review the SCCs, please be advised that they are available for review at the Controller, which allows you to review this document, according to an internal procedure. In addition, the Controller has entered into an agreement with the related companies situated in third countries, based on the legal instrument provided for by the GDPR, in the form of standard contractual clauses (“SCC”), adopted by the European Commission based on the implementing decision of 4 June 2021. If you wish to review this agreement, we inform you that they are available at the Controller, which allows you to review this document, according to an internal procedure.