Personal data protection documentation in the Company
STM Spółka z ograniczoną odpowiedzialnością
DISCLOSURE REQUIREMENTS ON THE PROTECTION OF PERSONAL DATA (for customers/business partners)
Acting on the basis of Article 13 clause 1 and 2 of the Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter called RODO), we hereby inform you that:
PERSONAL DATA CONTROLLER
The Controller of personal data of our Customers and Business Partners is:
STM Spółka z ograniczoną odpowiedzialnością
with its registered office ul. Piaskowa 12, 78-520 Złocieniec, Poland, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court in Koszalin, IX Commercial Division of the National Court Register under no: 0000327545, holding, NIP: 253-020-70-52, business statistical number (REGON): 320073907
e-mail: daneosobowe@stm-pack.com
hereinafter also referred to as the “Controller“.
The Controller collects personal data for defined, lawful purposes, processes them in accordance with the law and does not subject them to further processing incompatible with these purposes. Data shall be collected only to the adequate, necessary and not excessive extent in relation to the purposes for which they are processed and to the applicable regulations.
PROCESSED PERSONAL DATA
We process personal data in connection with:
- Production, sale of goods and provision of services.
- Data subjects: contractors, potential contractors, business partners, potential business partners, as well as their employees and persons cooperating with them on various legal bases.
- The basis and the purposes of the data processing:
- conclusion and performance of the contract;
- to execute applicable legal obligations, e.g.:
- Preparation of accounting and financial documentation in accordance with the applicable regulations;
- Filing and processing complaints;
- Settlement of public liabilities;
- Storing the data for future proceedings of authorised bodies;
- legitimate legal interest:
- Documenting the execution of transactions and issuing relevant documents, including in particular financial documents;
- Establishing, defending and enforcing claims;
- Direct marketing;
- Production of summaries, analyses and statistics, including turnover and sales, for internal purposes;
- Verification of the contractor’s creditworthiness;
- Recovery of receivables;
- Filing system.
- Running our company and business services
- We process personal data as part of our everyday business services.
- Data subjects: entities contacting the company as well as their employees and persons cooperating with them on various legal basis, partners and persons residing on our premises and in our buildings in connection with the application of security measures in the form of video monitoring.
- The basis and the purposes of the data processing:
- conclusion and performance of the contract;
- to execute applicable legal obligations, e.g.:
- Storage of data for future proceedings carried out by authorised bodies;
- Filing and processing complaints;
- Preparation of all documentation in accordance with applicable regulations and our legal obligations;
- Settlement of public liabilities;
- Investor relations.
- legitimate legal interest:
- Documenting the activities;
- Establishing, defending and enforcing claims;
- Direct marketing;
- Production of summaries, analyses and statistics, for internal purposes;
- Verification of the contractor’s creditworthiness;
- Recovery of receivables;
- Filing system;
- Prevention and detection of criminal offences;
- Protecting our property, business secrets and ensure the safety of our employees and persons present on our premises.
PERSONAL DATA CONTROLLER
Processed personal data is transferred to us directly by the data subjects or other data controllers with whom we cooperate or from publicly available sources.
NO OBLIGATION TO PROVIDE PERSONAL DATA
The provision of personal data is generally voluntary, but may be required for concluding an agreement or other action. The obligation to provide personal data may also result from the applicable regulations.
PERSONAL DATA RECIPIENTS
We may transfer your personal data, including that of authorised persons, to third parties who process it:
- data processors on our behalf:
- entities acting as intermediaries in transactions we conclude;
- our subcontractors;
- entities providing advisory, consulting, auditing, IT, legal assistance, tax, accounting services, research agencies operating on our behalf, entities providing property protection services for us;
- other controllers processing the data on their own behalf, whose participation is necessary for the implementation of the relevant process, including:
- transport companies;
- forwarders;
- customs agencies;
- insurers;
- bodies and offices of state or self-government;
- courts;
- bailiffs;
- postal and courier operators;
- banks and payment operators;
- entities cooperating with us in the service of accounting, tax, legal matters – to the extent to which they become data controllers.
RETENTION PERIOD FOR THE PERSONAL DATA
We process your data for the time necessary to achieve the purposes of the processing or in accordance with the requirements imposed by applicable regulations. After the execution of a given purpose of processing, we archive personal data in accordance with the applicable legal regulations, including in particular taking into account the periods of limitation of civil law claims and the period of limitation of public law claims.
AUTOMATED DECISION MAKING AND TRANSFER OF PERSONAL DATA OUTSIDE THE EEA AREA
Personal data shall not be subject to automated decision making, including profiling, nor shall it be transferred outside the European Union or the European Economic Area if a third party processor or controller is not GDPR compliant.
RIGHTS OF DATA SUBJECTS
Data subjects have a right to:
- rectify (correct) the data, to the extent and in accordance with the principles laid down in Article 16 of RODO;
- delete the data, to the extent and in accordance with the principles laid down in Article 17 of RODO;
- processing limitation (suspension of processing or not deleting the data), to the extent and in accordance with the principles laid down in Article 18 of RODO;
- access to the data (by requesting information on the data processed by us and a copy of the data), to the extent and in accordance with the principles laid down in Article 15 of RODO;
- transfer the data, to the extent and in accordance with the principles laid down in Article 20 of RODO;
- object to the processing of personal data (including profiling) by us to the extent and in accordance with the principles laid down in Article 21 of RODO.
You can exercise these rights by contacting us at
or in writing to the address of the Controller‘s registered office indicated in point 1) above.
The extent of each of these rights and the situations in which they may be exercised are determined by law. The right will depend each time, for example, on the legal basis of the data processing by the Controller and on the purpose of its processing.
COMPLAINT WITH A SUPERVISORY AUTHORITY
The data subject has the right to lodge a complaint regarding the processing of their personal data with the supervisory authority, which is the President of the Office for the Protection of Personal Data.
If you have any questions regarding your personal data, please contact us at
or in writing to the address of the Controller‘s registered office indicated in point 1) above.