GDPR Information Clause of Kayom Trade sp. z o.o.
Information clause regarding the processing of personal data
In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), we hereby inform you that:
1. Personal Data Controller
The controller of your personal data is Kayom Trade Sp. z o.o. with its registered office in Warsaw 00-844, ul. Grzybowska 87, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0001130420, NIP: 5273132720, REGON: 529821026 (hereinafter: ‘Controller’).
2. Purpose and Legal Basis for Data Processing
Your personal data will be processed for the purpose of:
• Concluding and performing commercial contracts and providing services related to our business, which constitutes the legitimate interest of the Administrator (Article 6(1)(b) and (f) of the GDPR). This applies to data necessary to establish, maintain and terminate commercial cooperation.
• Fulfilling the legal obligations incumbent on the Controller, resulting from legal provisions (e.g. tax and accounting regulations), in accordance with Article 6(1)(c) of the GDPR.
• Contact and business communication, including sending information about offers, products and services, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
• Pursuing or defending against possible claims, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).
3. Types of Data Processed
We process the personal data of our contractors (entrepreneurs), their employees or associates, which is necessary to achieve the purposes indicated above. This may include, in particular: name and surname, company name, address of the registered office/place of business, tax identification number, statistical number, contact details (telephone number, e-mail address), position, bank account number.
4. Recipients of Data
The recipients of your personal data may be:
• Entities authorised to obtain data on the basis of legal provisions (e.g. state authorities).
• Entities providing services to the Controller, such as: accounting, legal, IT, transport and courier service providers, only to the extent necessary to achieve the purposes of processing.
• Banks, in connection with the execution of payments.
5. Data Retention Period
Your personal data will be stored for the period necessary to achieve the purposes for which it was collected, and after that period for the time required by law (e.g. for tax and accounting purposes) or until the expiry of the limitation period for any claims.
6. Rights of Data Subjects
You have the right to:
• Access your personal data.
• Rectify (correct) your personal data.
• Erase your personal data (‘right to be forgotten’) in the cases specified in the GDPR.
• Restrict the processing of your personal data.
• Transfer your data in cases specified in the GDPR.
• Object to the processing of personal data based on the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) for reasons related to your particular situation.
• Lodge a complaint with a supervisory authority (the President of the Personal Data Protection Office) if you believe that the processing of your personal data violates the provisions of the GDPR.
7. Voluntary Provision of Data
The provision of personal data is voluntary, however, failure to provide such data may prevent the establishment or continuation of commercial cooperation.
8. Automated Decision-Making
Your personal data will not be used for automated decision-making, including profiling.
