Privacy policy
in BSI Management LLC. A limited partnership with registered office in Wroclaw
General conditions
- The administrator of personal data is BSI Management limited partnership with its registered office in Wroclaw, ul. Oltaszynska 8A, 53 – 010 Wroclaw, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the city of Wroclaw, Department VI Economic Department of the National Court Register, under KRS number 0000552181, Tax Identification Number: 8992765306, REGON: 361234646, contact e-mail address : office@managementbsi.com, contact telephone number: 71 360 20 36 (hereinafter referred to as: “Administrator”).
- This Privacy Policy sets out the rules for the processing and protection of personal data of the Administrator’s clients and contractors obtained in connection with any cooperation of the Administrator with these persons (hereinafter: “Clients”). This Privacy Policy is also an informative document regarding the processing of Customers’ personal data by the Administrator. In the context of this Policy, the Customers are also understood as employees and representatives of the Administrator’s clients and contractors whose details the Administrator has in relation to the cooperation with clients and contractors.
- The Administrator’s clients within the meaning of this Privacy Policy are in particular:
- clients and contractors of the Administrator who are natural persons;
- employees and other natural persons acting for the benefit of the Administrator’s clients and contractors;
- natural persons using or intending to use the newsletter service provided by the Administrator (hereinafter: “Newsletter”) available on the Administrator’s website https://www.managementbsi.com/ (hereinafter referred to as: “Website”).
- Processing of personal data with the Administrator takes place in a manner consistent with the applicable provisions of Polish and European law, in particular in a manner consistent with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals in connection with the processing of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC (OJ L 139, p. 1, hereinafter: “RODO”).
- Types of personal data processed
- As part of cooperation with clients, the Administrator processes the following personal data of clients:
- first and last name / company / position
- date of birth;
- telephone number;
- e-mail address;
- address: street, house / flat number, zip code, city, country;
- tax identification number;
- the IP number of the computer or other device with internet access.
- Providing personal data indicated in points 2.1.1-2.1.6 above is entirely voluntary. Each customer has the rights to his personal data set out in this Privacy Policy in accordance with applicable law.
- The personal data indicated in point 2.1.7 above are obtained automatically when you visit the Administrator’s Website. These data are stored in a log file on the server. These data are collected for technical reasons. These data may be processed in conjunction with other personal data only if the Customer consents to the processing of his personal data.
- In order to provide the Newsletter service, the Customer provides the data referred to in point 2.1.1. and 2.1.4 above. Providing this personal data is necessary to use the Newsletter service – their failure to do so will result in the Newsletter service being unable to be provided.
- Purposes of processing personal data
- Customers’ personal data are processed by the Administrator in order to establish and maintain business relations with the Customer and to provide the Newsletter service, including in order to:
- conclusion, implementation or termination of the contract with the Customer, in particular for the purpose of taking action before entering into a contract or providing services or delivering goods;
- establishing and maintaining current business contacts with the client, in particular in order to ensure effective customer service;
- considering complaints or claims made by the Customer;
- fulfill legal obligations incumbent on the Administrator, including regarding, for example, tax settlements;
- providing the Newsletter service available on the Website.
- Furthermore, Customers’ personal data may be processed for marketing purposes related to the Administrator’s own products or services or for other purposes for which the Customer agrees in cooperation with the Administrator.
- The administrator uses automated decision-making, including profiling, based on the following principles:
- In case the person receiving the mailing will use the link placed in this mailing – in the database, the label confirming interest in specific content is automatically assigned to the database.
Purposes of processing personal data
- Customers’ personal data are processed by the Administrator in order to establish and maintain business relations with the Customer and to provide the Newsletter service, including in order to:
- conclusion, implementation or termination of the contract with the Customer, in particular for the purpose of taking action before entering into a contract or providing services or delivering goods;
- establishing and maintaining current business contacts with the client, in particular in order to ensure effective customer service;
- considering complaints or claims made by the Customer;
- fulfill legal obligations incumbent on the Administrator, including regarding, for example, tax settlements;
- providing the Newsletter service available on the Website.
- Furthermore, Customers’ personal data may be processed for marketing purposes related to the Administrator’s own products or services or for other purposes for which the Customer agrees in cooperation with the Administrator.
- The administrator uses automated decision-making, including profiling, based on the following principles:
- In case the person receiving the mailing will use the link placed in this mailing – in the database, the label confirming interest in specific content is automatically assigned to the database.
- Also, if the subscriber downloads certain news content or reads certain subpages of the Website in the database, the label confirming interest in specific content may be assigned in an automated way to a given person.
- Based on the labels described in points 3.3.1 and 3.3.2. the data subject may be offered content consistent with his or her interests.
- Basics of personal data processing
- Providing personal data by clients is voluntary, however, in certain situations it may be necessary to use the services provided by the Administrator.
- The processing of personal data by the Administrator takes place on the basis of legal provisions, i.e. in particular when:
- it is necessary to perform the contract or to take action before the conclusion of the contract;
- it is necessary to fulfill the legal obligation of the Administrator (eg tax obligation);
- it is necessary for purposes resulting from the legitimate interests of the Administrator (eg marketing of own products or services of the Administrator, pursuing claims in court proceedings).
- In addition, the processing of personal data by the Administrator is based on the consent expressed by the client, including in the procedure of using the Newsletter service.
- Each customer has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the legality of the processing, which was made on the basis of the consent granted prior to its withdrawal, as well as does not affect the processing of personal data on the basis of a different than the consent of the customer.
- Only those Customers who are at least 16 years old may express their consent on their own behalf. For persons under the age of 16, the consent of parents or legal guardians is required.
- The period of storage of personal data
Customers’ personal data will be kept for the period necessary to achieve the purposes for which they are processed, including in particular for the period of:
- needed to take action before the conclusion of the contract, aimed at its conclusion;
- performance of the contract concluded with the Administrator and the period in which the Client or the Administrator is entitled to any rights or claims related to its performance (including the period of limitation of claims and one year after the expiry of the limitation period);
- sending the Newsletter and the period of limitation for claims for the Newsletter service and one additional year after the expiry of the limitation period;
- implementation of statutory requirements imposed on the Administrator.
- After the period of storage of personal data, they will be immediately removed by the Administrator, with the exception of personal data used for direct marketing purposes – their processing will continue until the Customer objects to the processing of such data.
- Recipients of personal data
- Customers’ personal data may be transferred to the following categories of recipients:
- authorized by the Administrator persons employed at the Administrator or cooperating with the Administrator on the basis of civil law contracts;
- entities processing personal data on behalf of and on behalf of the Administrator as well as authorized persons employed in these entities (eg services of external companies, subcontractors, legal advisors, financial or accounting advisors, IT service providers, etc.);
- state authorities or other public entities, in order to meet legal requirements.
- The transfer or sharing of Customers’ personal data is carried out with respect for the rights of clients and in accordance with applicable law.
- Data protection measures
- The Administrator protects Clients ‘personal data against unauthorized access by third parties, as well as provides organizational and legal measures in accordance with applicable law, aimed at guaranteeing confidentiality of Customers’ personal data and their use in a manner that prevents access to this data by unauthorized persons.
- The Administrator implements and applies appropriate technical solutions aimed at protecting Customers’ personal data. In particular, the Administrator uses the highest quality technical and IT security as well as physical security.
- Clients’ rights regarding personal data
- Every customer may file a complaint regarding the processing of his personal data.
- Every customer has the right to:
- to obtain from the Administrator confirmation whether personal data concerning him is being processed, and if this is the case, he is entitled to access to them and the following information:
- purposes of processing;
- categories of personal data;
- about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular about recipients in third countries or international organizations;
- if possible – information about the planned period of personal data storage, and if it is not possible, criteria for determining this period;
- the right to request the Administrator to rectify, delete or limit the processing of personal data relating to the data subject and to object to such processing;
- about the right to lodge a complaint to the supervisory body;
- if personal data have not been collected from the data subject – all available information about their source;
- on automated decision-making, including profiling, and relevant information about the rules for taking them, as well as on the importance and expected consequences of such processing for the data subject;
- file a complaint to the supervisory body;
- require the Administrator to immediately correct personal data concerning him that is incorrect; taking into account the purposes of processing, the Customer also has the right to request supplementing incomplete personal data, including by providing an additional statement;
- not to be subject to automated decision-making, including profiling;
- to lodge an objection – for reasons related to his special situation – to the processing of personal data concerning him in the cases specified in the regulations;
- require the Administrator to immediately delete personal data concerning him (“the right to be forgotten”) if one of the following circumstances occurs:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- The customer has withdrawn the consent on which the processing is based and there is no other legal ground for processing;
- The customer objects to the processing and this objection is based on the applicable regulations;
- personal data have been processed unlawfully;
- personal data must be removed in order to comply with the legal obligation provided for in Union law or rights
- . If you submit one of the requests specified in item 8.2 above, the complaint should contain:
- the content of the request;
- if necessary – its justification;
- indication of data allowing to inform about the manner of consideration of the complaint.
- The administrator may ask the complainant to provide additional information if they are necessary to process the application or request.
- If one of the requests referred to in item 8.2 above is submitted, it is recognized in accordance with the provisions on the complaint procedure. In this case, the Administrator may ask the person making the request to prove their identity in order to verify that he is entitled to submit the request.
- The complaint shall be recognized immediately, but no later than within 14 days from the date of notification.
- In the event that the complaint requires additional proceedings, the deadline for considering the complaint may be extended.
- The declarant may at any stage obtain information from the Administrator about the status of recognizing his complaint.
- Immediately after recognizing the complaint, the Administrator informs the applicant about the manner in which it was considered and about the actions that have been taken in connection with the complaint.
- The administrator communicates with the person submitting the complaint in electronic form – to the e-mail address provided by the applicant. If the declarant does not provide an e-mail address, the Administrator communicates with the applicant in writing.
- No response to the complaint within 30 days from the date of receipt of the complaint means its inclusion. If the Administrator does not take action in relation to the Customer’s complaint, the Administrator immediately informs the data subject about the reasons for the failure to take action and the possibility of lodging a complaint to the supervisory body and using the legal protection measures before the court, no later than one month after receiving the request.
- If the complaint is found that the personal data protection has been breached, the Administrator shall take measures in accordance with the applicable provisions.
- Cookies policy
- The Administrator uses the so-called mechanism on the Website. “cookie” files, ie IT data, in particular text files saved by servers on the Customer’s end device, which the servers can read every time they connect to this terminal device.
- Software used for browsing websites (web browser) by default allows the storage of cookies on the end device of the Customer. Customers can change their cookie settings at any time, in particular in such a way as to block the automatic handling of cookies in the web browser’s settings or to inform them each time they place the website on the Customer’s device. The result of such a change may be difficulties related to the use of the Website.
- Detailed information about the possibilities and ways of handling cookies are available in the web browser settings.
- Most cookies are so-called session cookies that are automatically deleted from the hard disk after the session ends, that is after logging out or closing the browser window. Some of the cookies allow you to identify the customer when you visit the site again because they are not automatically deleted.
- The administrator uses the cookie mechanism for informational purposes only, to improve and facilitate the operation of the Website to better adjust the Website’s appearance and to collect anonymous, aggregated statistics on how customers use the Website, which helps to improve the functionality and content Web page.
- Changes to the Privacy Policy
- This Privacy Policy applies from May 24, 2018.
- The Administrator reserves the right to change this Privacy Policy for an important reason, in particular in the case of:
- the need to adapt the Privacy Policy to legal provisions or decisions and judgments of courts or public authorities;
- data changes, including names, addresses, ID numbers, included in the Privacy Policy;
- improvement of customer service.
- The Customer will be informed about the change in the Privacy Policy by means of a message posted on the Website or by sending a notification about the change to the Privacy Policy to the Customer’s e-mail address.
- A change to the Privacy Policy does not affect the processing of personal data completed prior to making this change.
- Final provisions
- All inquiries or issues related to the processing and protection of personal data should be addressed to the Administrator in writing, by e-mail or by phone, for the following data:
- BSI Management LLC