Information obligation
Contractors
Please be informed that:
1. The Controller of your personal data is GRENEVIA S.A., with its registered office in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS No.: 0000048716, Regon: 270641528, NIP: 6340126246. As the company is part of the GRENEVIA Group, your personal data will be subject to joint controllership and may be shared within the GRENEVIA Group for the purpose for which they are processed.
2. If you have any questions regarding the processing of your personal data, we encourage you to contact the Data Protection Officer via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1a, with the note “Data Protection Officer.” The Data Protection Officer will provide you with information regarding the arrangements between joint controllers.
3. Your personal data will be processed for the following purposes:
a) to take steps at the request of the data subject prior to entering into a contract and, in the event of selection of your offer, for the conclusion and performance of the contract, pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
b) to implement the gift policy applicable to the Data Controller (with regard to name, surname, job title, company name), which arises from the legitimate interest pursued by the Controller in compliance with the anti-corruption policy and the gift policy, pursuant to Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
c) to establish, exercise, or defend legal claims, which arises from the legitimate interest pursued by the Controller, pursuant to Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
4. Your personal data will not be processed in an automated manner, including profiling.
5. You have the right to request access to your personal data, their rectification, erasure, or restriction of processing, the right to object to the processing, as well as the right to data portability.
6. Your personal data will be stored for the duration of the contract performance and, after its termination, for the period necessary to establish, exercise, or defend legal claims, up to 10 years after the contract ends, in the case of data submitted in a procurement procedure for a period of 3 years from the end of the calendar year in which the procurement procedure was conducted, in the case of vehicle sales for 5 years from the date of sale, in the case of a procurement procedure carried out under a project related to obtaining funding from EU funds, for the period specified in the funding agreement. Personal data concerning the implementation of the gift policy will be stored for a period of 5 years from the end of the calendar year in which the data was recorded, as well as until the determination, pursuit, or defense of legal claims.
7. Selected data may be shared with the following entities: Economic Information Bureau (BIG), law firms, bailiffs, insurance companies, debt collection companies, software providers, technical support providers, and the cloud service provider Microsoft. The principles of personal data protection by Microsoft, in the form of a data protection statement, can be found on the website www.microsoft.com in the privacy protection section.
8. Your personal data will be stored on servers located within the European Union; however, due to the use by the Controller of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
9. Providing personal data is voluntary but necessary to participate in the procurement process and/or to conclude and perform a contract or order.
10. You have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.
Contractors’ employees
Please be informed that:
1. The Controller of your personal data is GRENEVIA S.A., with its registered office in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS No.: 0000048716, Regon: 270641528, NIP: 6340126246.
2. If you have any questions regarding the processing of your personal data, we encourage you to contact the Data Protection Officer via email at iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1a, with the note “Data Protection Officer.”
3. Your personal data will be processed for the following purposes:
a.) verification of the identity of persons authorized by the Parties to exchange information, make arrangements on behalf of the Parties, and undertake other actions specified in the contract using the provided email addresses and phone numbers of individual employees/collaborators, which arises from the legitimate interest pursued by the Controller and is necessary for the performance of the contract to which your employer/principal is a party; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council;
b.) implementation of the gift policy applicable to the Data Controller regarding name, surname, job title, and company name, which arises from the legitimate interest pursued by the Controller in compliance with anti-corruption regulations; Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
4. Your personal data will not be processed in an automated manner, including profiling.
5. You have the right to request access to your personal data, their rectification, erasure, or restriction of processing, the right to object to the processing, as well as the right to data portability.
6. Your personal data will be stored for the duration of the contract with your employer and after its termination, for the period required to establish, exercise, or defend legal claims. Your personal data related to the implementation of the gift policy will be stored for a period of 5 years from the end of the calendar year in which the data was recorded, as well as until the determination, pursuit, or defense of legal claims.
7. The recipients of your data may include law firms and the cloud service provider Microsoft. The principles of personal data protection by Microsoft, in the form of a data protection statement, can be found on the website www.microsoft.com under the privacy protection section.
8. Your personal data will be stored on servers located within the European Union; however, due to the use of cloud solutions provided by Microsoft, they may be transferred to a third country, namely the United States, based on standard contractual clauses. The standard contractual clauses used by Microsoft comply with the templates approved by the European Commission.
9. Providing personal data is voluntary but necessary to participate in the procurement process and/or to conclude and perform a contract or order.
10. You have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.
Shareholders
Please be informed that:
1. The Controller of your personal data is GRENEVIA S.A., with its registered office in Katowice (40-202), Al. Walentego Roździeńskiego 1a, KRS No.: 0000048716, Regon: 270641528, NIP: 6340126246.
2. If you have any questions regarding the processing of your personal data, we encourage you to contact the Data Protection Officer via email at iod@famur.com or in writing to the correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1a, with the note “Data Protection Officer.”
3. Shareholders’ personal data are processed for the purpose of fulfilling legal obligations or exercising the Company’s rights based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), in particular based on the provisions of the Commercial Companies Code and the Act on Trading in Financial Instruments.
4. Your personal data will not be processed in an automated manner, including profiling.
5. The recipients of your data may include law firms.
6. Your personal data will be stored for the period necessary to fulfill the legal obligations imposed on the Company and for the time required to establish, exercise, or defend legal claims.
7. You have the right to request access to your personal data, their rectification, erasure, or restriction of processing, the right to object to the processing, as well as the right to data portability.
8. Providing data is mandatory, as it is necessary to fulfill the legal obligation imposed on the Company.
9. You have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.
The reporting persons (Article 13 of the GDPR)
Please be informed that:
1. The controller of your personal data is GRENEVIA S.A., with its registered office in Katowice (40-202), Al. Walentego Roździeńskiego 1a, entered in the Register of Entrepreneurs of the National Court Register under number KRS: 0000048716, REGON: 270641528, NIP: 6340126246.
2. Should you have any questions regarding the processing of your personal data, we encourage you to contact the Data Protection Officer via email at: iod@famur.com or in writing to our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1a, with the annotation “Data Protection Officer”.
3. Your personal data will be processed in connection with the fulfilment of a legal obligation incumbent on the controller, for the purpose of protecting the identity of persons reporting a violation of the law based on legal provisions (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), on the basis of the legitimate interest pursued by the data controller (Article 6(1)(f) of Regulation (EU) 2016/679), in relation to the required period for the establishment, exercise or defence of legal claims, or on the basis of freely given consent if you decide not to remain anonymous (pursuant to Article 6(1)(a) of Regulation (EU) 2016/679).
4. Your personal data will not be processed by automated means, including profiling.
5. Your personal data will be stored for a period of 3 years from the end of the calendar year in which follow-up actions were completed, the external notification was submitted to a competent public authority for undertaking follow-up actions, or upon the conclusion of proceedings initiated as a result of such actions.
6. The provision of personal data is voluntary.
7. Your personal data processed on the basis of consent will be stored until such consent is withdrawn. Consent to the processing of personal data may be withdrawn at any time by sending an electronic message to iod@famur.com. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.
8. Withdrawal of consent does not constitute a withdrawal of the report of the violation. Withdrawal of consent means that the person who reported the violation and provided their personal data will become anonymous from the moment of consent withdrawal.
9. At the same time, we inform you that you have the right to request access to your personal data, rectification, erasure, or restriction of processing, the right to object to processing, as well as the right to data portability.
10. You also have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.
The reported persons (Article 14 of the GDPR)
Please be informed that:
1. The controller of your personal data is GRENEVIA S.A., with its registered office in Katowice (40-202), at Al. Walentego Roździeńskiego 1a, entered in the Register of Entrepreneurs of the National Court Register under number KRS: 0000048716, REGON: 270641528, NIP: 6340126246.
2. Should you have any questions regarding the processing of your personal data, we encourage you to contact the Data Protection Officer via email at: iod@famur.com or in writing at our correspondence address: 40-202 Katowice, Al. Walentego Roździeńskiego 1a, with the note “Data Protection Officer”.
3. Your personal data will be processed in connection with the fulfilment of a legal obligation incumbent on the controller, for the purpose of clarifying a reported violation of law (Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council), as well as based on the legitimate interest pursued by the data controller (Article 6(1)(f) of Regulation (EU) 2016/679), in relation to the required period for the establishment, exercise or defence of legal claims.
4. Your personal data has been obtained from the person reporting the violation.
5. Your personal data will not be processed by automated means, including profiling.
6. Your personal data will be stored for a period of 3 years from the end of the calendar year in which follow-up actions were completed, the external notification was submitted to a public authority competent to undertake follow-up actions, or upon the conclusion of proceedings initiated as a result of such actions.
7. At the same time, please be informed that you have the right to request access to your personal data, rectification, erasure or restriction of processing, the right to object to processing, as well as the right to data portability.
8. You are also informed of your right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.
Non-identifiable Report
Please be informed that:
In the case of an anonymous report, the Personal Data Controller is unable to identify the reporting person’s data, which means that, pursuant to Article 11 of the GDPR, processing does not require identification. Consequently, we inform you that Articles 15, 16, 17, 18, 19, and 20 of the GDPR do not apply unless the data subject provides additional information enabling their identification in order to exercise the rights granted under these articles.
Articles of the GDPR that do not apply to non-identifiable reports:
- Article 15 GDPR – the right to access one’s personal data and to obtain information, including about data categories and processing purposes, as well as the right to receive a copy of the data;
- Article 16 GDPR – the right to rectify incorrect or complete incomplete personal data;
- Article 17 GDPR – the right to erasure (“right to be forgotten”), meaning the deletion of data that is no longer necessary for the purposes for which it was collected, as well as data processed without a legal basis (when the data subject withdraws consent for processing) or unlawfully;
- Article 18 GDPR – the right to restrict data processing, meaning the right to suspend data operations or prevent their deletion, as appropriate to the submitted request;
- Article 19 GDPR – the obligation to notify about rectification or erasure of personal data or restriction of processing;
- Article 20 GDPR – the right to data portability for data processed in an automated manner.