1. The controller of personal data is MANUSAD sp. z o. o. with its registered office at ul. Bohaterów 3, 89-110 Sadki, entered into the Register of Entrepreneurs maintained by the District Court in Bydgoszcz, 13th Commercial Division of the National Court Register, under the KRS number 0000062374, Regon 090552583, Tax ID 558-16-81-670. 2. Personal data is processed in accordance with generally applicable legal provisions, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (hereinafter referred to as GDPR).
2. PERSONAL DATA PROCESSING RULES

When processing personal data, we apply the following rules:

3. Legality – personal data may be processed only if at least one of the conditions provided for by law is met;
4. Purposefulness – in order for data to be processed, there must be a specific, explicit and legitimate purpose for doing so. If processing is for multiple purposes, a basis for all purposes is needed.
5. Adequacy – The Controller processes only the personal data that is necessary for the purpose of its collection;
6. Substantive correctness – The data controller is obliged to ensure that the data collected thereby is correct and, if necessary, updated. Should assess the credibility of the source of data acquisition and implement a method of verifying the truthfulness of the processed data;
7. Temporality – the principle of limiting data storage – the Controller does not process personal data longer than necessary. In practice, the Controller makes an individual, specific assessment of the period for which personal data should be processed. The storage period depends on many variables.
8. Data integrity and confidentiality – personal data is secured using appropriate technical and organisational measures. The Controller exercises the utmost care to protect the information provided against all threats.

III LEGAL BASIS FOR PERSONAL DATA PROCESSING

In accordance with the principle of legality indicated above, the processing of personal data may only take place when at least one of the conditions provided for by law is met.

In the practice of the Controller’s activity, the premise authorizing the processing of your personal data will be in particular:

• Article 6(1)(a) GDPR – in such a case, data processing occurs on the basis of separate, voluntary consent;
• Article 6(1)(b) GDPR – the processing of personal data is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before entering into a contract;
• Article 6(1)(c) GDPR – processing is necessary to fulfil a legal obligation incumbent on the Controller;
• Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Controller.

IV SCOPE OF PROCESSED DATA

The Controller processes, among others, the following categories of personal data:

1. Customers’ personal data
2. a) the Controller collects this data in order to conclude the contract and its proper performance.

(b) such data, as appropriate, may include:

• identification data (including business activity data) • contact data • data necessary for settlement • personal data of the customer’s staff (name, surname, business contact details)

1. c) providing personal data is voluntary. However, refusal to provide it (or providing unreliable, untrue data) will make it impossible to conclude and perform the contract; d) the Controller will process this data for the period necessary to conclude and perform the contract. The basis for processing this data will cease when all justified obligations and risks expire (in particular, when the limitation period for the claims in question expires, when the Controller’s obligations under the tax ordinance cease).
2. Personal data of staff
3. a) personal data is processed for the purpose of implementing the rights and obligations of the employer and employee (customer and contractor). The basis for the processing of this data will be the relevant legal provisions (primarily the Labour Code) or the fact of concluding a contract;
4. b) the Controller collects only the information that is necessary for the performance of the employment. Most often, this will be:

• identification data • contact data • information on education, professional experience • information from employment certificates • other – depending on the circumstances of employment

1. c) In relation to persons employed under an employment relationship, the rule applies according to which the employer’s right under the Act to obtain personal data is matched by the employee’s legal obligation to provide it. The Controller, as an employer, does not abuse its powers and is guided by the principle of data minimization; d) the period for which the Controller is obliged to process the personal data of employees results directly from the provisions of the law. In terms of the most important data, it will most often be 50 years.
2. Data processed for the purposes of staff recruitment
3. a) personal data is processed in order to conduct the correct recruitment process, assess predispositions and ability to perform a given type of work;
4. b) the Controller collects only the information that is necessary to conduct the recruitment process. Most often, this will be:

• identification data • contact data • information about education, professional experience • information about qualifications and skills • other – depending on the circumstances of the recruitment

1. c) providing personal data is voluntary. However, refusal to provide it (or providing unreliable, untrue data) will make it impossible to carry out the recruitment process; d) the rule is that personal data is processed solely for the purposes of a given recruitment process. After its completion, the data of persons who were not employed is deleted (unless otherwise required by law or the consent of the data subject).
2. Personal data of contractors (suppliers of services and goods):
3. a) this data is processed for the purpose of concluding a contract and its proper performance;

(b) such data, as appropriate, may include:

• identification data (including business activity data) • contact data • data necessary to make settlements • personal data of the contractor’s staff (name, surname, business contact details)

1. c) providing personal data is voluntary. However, refusal to provide it (or providing unreliable, untrue data) will make it impossible to conclude and perform the contract; d) the Controller will process this data for the period necessary to conclude and perform the contract. The basis for processing this data will cease when all justified obligations and risks expire (in particular, when the limitation period for the claims in question expires, when the Controller’s obligations under the tax ordinance cease).
2. Data of persons contacting us using available forms of communication (including contact forms on the website www.manusad.com)
3. a) personal data will be processed in order to answer questions asked through available channels;
4. b) scope of data processing: • name and surname, • email address, • contact telephone number, • IP address;
5. c) personal data is processed for the time necessary to provide an answer. The Controller stops processing personal data after the contact ends,
6. d) the provision of personal data is voluntary. However, refusal to provide it (or providing unreliable or untrue data) may make it impossible to contact us and provide the expected answers.
7. Data of persons in the area of video monitoring:
8. a) personal data is processed to ensure the safety of persons and property;
9. b) this data will include the image of persons staying on the premises of the facility at ul. Bohaterów 3, 89-110 Sadki;
10. c) access to monitoring data is strictly limited. Monitoring operates in compliance with the principles of adequacy (a precisely defined area is monitored) and temporality (data is not stored longer than necessary).
11. DATA HANDLING

Personal data will be processed for the purpose for which it was collected. In addition, the data may be used for purposes resulting from legally justified interests pursued by the Controller, such as:

• detecting and preventing abuse • establishing, defending and pursuing claims • creating reports, analyses and statistics

The information processed by the Controller will never be passed on to unauthorized parties. It will not be traded. However, it may be transferred to the following categories of entities/bodies:

• entities/bodies authorized under the law • entities to which the transfer of personal data is necessary to perform a specific activity (e.g. hosting, email services, occupational medicine, carriers, etc.)

All entities that may come into contact with personal data, under separate regulations, are obliged to carefully secure it, keep it confidential and not make it available to unauthorized persons.

The Controller does not use profiling. Does not process personal data outside the EEA.

VI POWERS

The data subject has the following rights:

• the right to access and rectify your data, • the right to delete your data, • the right to limit processing, • the right to transfer data or obtain a copy of it, • the right to withdraw consent at any time without affecting the lawfulness of processing (if any), • the right to object.

In order to exercise your rights, please contact the Controller at office@manusad.com

Each request will be thoroughly reviewed by the Controller and will receive a response. The rights described above are not absolute (in practice, it may happen that, despite the request, the Controller will not be able to comply with the request and, for example, delete the data because, in accordance with the law, its processing will still be necessary due to the wording of generally applicable provisions).

Regardless of the above, it is possible to lodge a complaint with the President of the Personal Data Protection Office.

VII. COOKIES

The website www.manusad.com uses cookies.

Cookies are small pieces of information in the form of text files that are sent by the website you visit and saved on your end device (e.g. computer, tablet, smartphone).

The Controller may use cookies for the following purposes:

Cookies used to remember the preferences of visitors and personalize websites in terms of the content displayed (including adjustment of resolution, page layout, font size)

Cookies can be disabled in your browser settings. Using the site without changing your settings will be treated as an express affirmative action.