Privacy policy and cookies

The owner of the website www.chemobudowa.pl, i.e. Industrial Construction Company Chemobudowa – Kraków S. A. with its registered office at Klimeckiego str. No. 24, 30-705 Kraków (KRS: 0000035770, NIP: 6750000378, REGON: 351000614) takes the utmost care to protect privacy, and therefore presents information about the actions taken on personal data so that all Users can use the website in question in a fully understandable way and according to their preferences.

For the above reasons, a Privacy Policy has been established, from which Users can learn what steps Przedsiębiorstwo Budownictwa Przemysłowego Chemobudowa – Kraków S. A. takes to ensure the reliability and transparency of personal data processing, what standards it observes and to what extent it collects and acts on personal data.

§1

1. Industrial Construction Company Chemobudowa – Kraków S. A. with its registered office at ul. Klimeckiego 24, 30-705 Kraków (KRS: 0000035770, NIP: 6750000378, REGON: 351000614) – is the Personal Data Administrator within the meaning of the Act of May 10, 2018 on the protection of personal data, including the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “RODO”), hereinafter referred to as the Controller.

2. The Administrator, hereby undertakes to adequately protect the personal data of the Users of the www.chemobudowa.pl website, and consequently introduces the subject Privacy and Cookies Policy, hereinafter referred to as the “Policy”, and undertakes to apply it absolutely.
3. The Administrator can be contacted:
   • In writing to the address: 24 Klimeckiego St., 30-705 Krakow;
   • by e-mail to: biuro@chemobudowa.pl;
   • by phone at: +48 12 652 75 00.

4. Out of concern for the security of the personal data provided, the Administrator applies very high security measures and maintains the confidentiality of any information provided. One of the safeguards is the Personal Data Processing Security Policy and the IT System Management Manual, which the Administrator has adopted and scrupulously applies. The Administrator also carries out all obligations incumbent on him as a personal data controller under the provisions of generally applicable law.
5. For effective implementation of personal data protection, the Administrator shall provide:
   • Technical measures appropriate to the risks and categories of data to be protected and organizational solutions;
   • control and supervision of the processing of personal data;
   • monitoring of the protection measures applied.

6. All personal data provided to the Administrator shall be processed in accordance with the principles of processing provided by law:
   • at least one of the legal grounds for data processing is present in each case;
   • personal data are processed fairly and transparently;
   • personal data are collected for specific, explicit and legitimate purposes
   • and not processed further in a manner incompatible with those purposes;
   • personal data are processed only to the extent necessary to achieve the purpose of the processing;
   • personal data are correct and updated as necessary;
   • the duration of data storage is limited to the period of its usefulness for the purposes for which it was collected, after which it is either anonymized or deleted;
   • an information obligation is exercised against the data subject in accordance with
   • as stated in Articles 13 and 14 of the RODO;
   • data is secured against violations of its protection.

7. The principles set forth in this Policy document are applied by all employees of the Administrator, as well as other persons who have access to personal data processed at the Administrator under other separate agreements.
8. The controller shall take all necessary measures so that also its subcontractors and other cooperating entities provide guarantees that appropriate security measures are applied whenever they process personal data. The Administrator conducts a risk analysis on an ongoing basis and monitors the adequacy of the data security measures applied to the identified risks.

§2

1. In the situation of directing correspondence to the Administrator by e-mail, using the form available at www.chemobudowa.pl, or by traditional mail – personal data contained in the correspondence in question are processed solely for the purpose of communication and settlement of the matter to which the correspondence pertained or matters related to it. The legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of correspondence addressed to it in connection with the services it provides. The Administrator processes only personal data necessary for the matter to which the correspondence relates.
2. In the situation of electronic contact, the Administrator may request personal data and to the extent that it is necessary for the handling of the matter to which the contact relates. In such a case, too, the legal basis for processing personal data is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of the necessity to handle the reported matter related to the Administrator’s services.
3. Personal data provided to the Administrator may be disclosed to other external entities, including those operating IT systems and equipment, as well as entities providing accounting and legal services and marketing agencies.
4. Other disclosure of personal data to competent authorities or third parties who make a request for such information may be made only on an appropriate legal basis and in accordance with the provisions of applicable law.
5. The period of data processing by the Administrator depends on the purpose of the processing, as well as may result from the provisions of law determining the basis for processing. In the case of data processing on the basis of the legitimate interest of the Administrator, the data are processed for a period allowing for its realization or until an effective objection to data processing is made. When data processing takes place on the basis of a granted consent to processing, data are processed until the consent is withdrawn. When the processing of personal data is necessary for the conclusion and performance of a contract, the data will be processed until the contract is terminated.
6. The period of data processing may be extended if the processing is necessary for the establishment, investigation or defense against possible claims, and after this period, only in the case and to the extent required by the provisions of applicable law. After the expiration of the period in question, the data will be permanently deleted or anonymized.
7. Users whose personal data is processed have the following rights in particular:
   • The right of access to data and information;
   • The right to request rectification and completion of data;
   • The right to object to data processing;
   • The right to data portability;
   • The right to be forgotten.
8. Users who believe that their data is being processed unlawfully will include:
   • The right to lodge a complaint with a supervisory authority if a person believes that the processing of personal data concerning him or her violates the law;
   • The right to an effective remedy before a court against a legally binding decision of the supervisory authority concerning the person in question;
   • The right to an effective remedy before a court, against the Personal Data Controller or the data processor.

§3

Personal data is stored on the Administrator’s server, or the servers of the Administrator’s suppliers, in accordance with the guidelines of the Act of May 10, 2018 on the protection of personal data – application of RODO and included in the Regulation of the Minister of Internal Affairs and Administration of April 29, 2004 on the documentation of personal data processing and technical and organizational conditions to be met by devices and IT systems used for personal data processing (Journal of Laws No. 100, item 1024 of 2004), and subject to the conclusion of appropriate personal data entrustment agreements.

§4

1. So-called “cookies”, or “cookies”, are numeric-text files stored by the browser on the disk of the User’s terminal device. They are used to identify the User or record the history of actions taken by the User on the website. These cookies allow to recognize the User’s device and appropriately display the website adapting it to the User’s preferences. Cookies do not contain personal data, nor are they used to transmit them.
2. “Cookies” are used by the Administrator to store session information and ensure its continuity after login, for statistical and marketing purposes, and to customize the content of the website to the User’s preferences. “Cookies” store information about geolocation, language of the site visitor, referrer information, information about user preferences, information for automatic login and random session ID data.
3. By default, your web browsing software allows the placement of “cookies” by default. However, this can be changed at any time in your browser’s cookie settings so that it does not accept cookies or informs you that cookies are being sent. Detailed information about the possibility and ways of handling “cookies” are available in the settings of your software (web browser). However, please note that not accepting “cookies”, may prevent the proper operation of the Websites.

§5

1. The Administrator reserves the right to make changes or additions to this Privacy and Cookies Policy. Any such changes will be published on the website www.chemobudowa.pl in the “Privacy and cookies policy” tab, in connection with which we recommend that you keep visiting our website and monitoring updates in the aspect of the rules of use of the service by all Users.
2. The Administrator processes personal data on the basis of generally applicable laws.
3. All rules described in this Policy shall be observed by persons authorized to process personal data, with particular regard to the welfare of data subjects.
4. In matters not covered by this Policy, the relevant provisions of generally applicable legal acts shall apply.