PRIVACY POLICY

ZM SILESIA SA, acting as the Data Controller, informs that as of May 25, 2018, new regulations on personal data protection have been in force, namely the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – GDPR – and the Personal Data Protection Act (Journal of Laws 2018, item 1000).

The protection and security of our contractors’ and customers’ data is the Company’s highest priority.

A key task is to ensure the proper exercise of the rights of data subjects. In fulfilling the obligations arising from Articles 13 and 14 of the GDPR, we provide you with the following information.

The personal data controller is ZM SILESIA Joint Stock Company, headquartered in Katowice at 8 Konduktorska Street, postal code 40-155. Phone: +48 32 35 87 400, email: biuro@silesiasa.pl.

For all matters concerning the processing of your personal data, you may contact the Data Protection Officer (DPO) appointed by the Controller, Robert Hyla, at the Controller’s registered office address in Katowice, 8 Konduktorska Street, postal code 40-155, or electronically via e-mail: iod@rhodo.pl.

In accordance with Article 5 of the GDPR, the processing of personal data is carried out according to the principles of:

  • Lawfulness – personal data is processed in compliance with all legal requirements, including having one of the legal bases for processing as specified in Articles 6 and 9 of the GDPR;

  • Fairness – data is processed with adherence to legality at every processing stage;

  • Transparency – the nature of personal data processing operations performed by the Controller must be clear to the data subjects;

  • Purpose limitation – data is collected for specific, explicit, and legitimate purposes and is not processed further in a manner incompatible with those purposes;

  • Data minimization – data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed;

  • Accuracy – data is accurate and kept up to date; the Controller takes all reasonable steps to erase or rectify data that is inaccurate with regard to the purposes of processing without delay;

  • Storage limitation – data is kept in a form that permits identification of data subjects for no longer than necessary for the purposes of processing;

  • Integrity and confidentiality – data is processed securely, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures;

  • Accountability – the Controller is responsible for, and must be able to demonstrate, compliance with the GDPR.

The Controller collects personal data of natural persons within its operations, including from:

  • employees and collaborators,

  • contractors,

  • customers and other business contacts,

  • suppliers or recipients, customers, and other business contacts,

  • persons contacting us in any manner (including job applicants).

The Company as Controller collects personal data voluntarily provided by you:

  • when contacting us,

  • when placing orders with us,

  • when visiting our premises,

  • when providing your contact details via business cards or other means, including automatically – information contained in cookies.

The Controller may collect personal data such as name and surname, gender, position, photographic identification, e-mail address, phone number, home or business address, and other contact details, details of your interests, and communications with you (including notes from phone calls or meetings).

The Controller also collects personal data by searching available resources published by you on your company websites, publicly accessible registers, and databases. This data is processed to present you with an offer – the Controller’s legitimate interest under Article 14(2)(b) of the GDPR.

We process your personal data for the following purposes:

  • providing you with product information and fulfilling your product requests,

  • responding to your inquiries,

  • conducting promotions and marketing,

  • sending emails,

  • communicating with you and third parties,

  • ensuring compliance with applicable laws and regulations,

  • other business purposes, including negotiating, concluding, performing contracts, and their registration and settlement.

The retention period of your data depends on the purpose for which it was collected. Data sent in response to job advertisements is deleted after recruitment is completed. Data voluntarily provided to the Controller is processed until you withdraw consent. Contractor data is processed according to applicable tax regulations for up to six years after the contract execution. Data obtained by the Controller to present offers is retained for three years.

Regarding the processing of your personal data by the Controller under GDPR, you have the following rights:

  • right to access personal data (including the right to obtain a copy),

  • right to restrict processing,

  • right to rectify personal data,

  • right to erasure (“right to be forgotten”),

  • right to data portability,

  • right to object to processing,

  • right to withdraw consent at any time where processing is based on consent,

  • right to lodge a complaint with the President of the Personal Data Protection Office if you believe the processing violates GDPR.

Using available technical and organizational security measures, we protect your personal data against accidental or unlawful destruction or misuse, accidental loss, unauthorized access, unauthorized modification, or disclosure.

We retain your personal data only as long as necessary for the purposes stated above. This period may vary depending on your contact with us. If there is no justified need to retain your data, it will be deleted.

Data protection regulations grant specific rights to individuals regarding their personal data held by the Controller. If you wish, for example, to request a copy of your personal data, request correction, deletion, or restriction of processing, please send written requests to the Controller’s address.

The accuracy and currency of the information and data held by the Controller are very important to us. Inaccurate or incomplete information may affect our contacts with you. Please inform us of any changes required in your personal data by contacting us at: iod@rhodo.pl.