INFORMATION CLAUSE. CONTRACTING PARTNERS.

This document is a part of the Information Security Management System in force at Ziaja Ltd Zakład Produkcji Leków Sp. z o.o. (limited liability company), and is applicable in respect of adopted security policies.

The information presented in this document is the fulfilment of the obligation of the Personal Data Controller in accordance with Article 13 of the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Regulation, GDPR).

INFORMATION ON THE PERSONAL DATA CONTROLLER.

The Personal Data Controller is Ziaja Ltd Zakład Produkcji Leków Sp. z o.o. (limited liability company), with its registered office in Gdańsk at Jesienna 9, 80-298 Gdańsk, NIP: 5840201186, REGON: 008102970, KRS number: 0000021573.

 

In all matters related to personal data processing, please contact the Personal Data Controller as follows:

 

INFORMATION ON THE PURPOSES, LEGAL BASIS AND THE PERIOD OF PERSONAL DATA PROCESSING

THE PURPOSE OF PERSONAL DATA PROCESSING

THE LEGAL BASIS OF PERSONAL DATA PROCESSING

THE PERIOD OF PERSONAL DATA PROCESSING

Carrying out effective business trading with an entity represented by a natural person

Personal data processing is necessary for the purpose of a legitimate interest pursued by the Personal Data Controller (Article 6 (1) (f) of the GDPR) which consists in establishing and maintaining business relations with contracting partners.

Until the statute of limitations for any mutual claims expires, no longer than 10 years calculated from the end of the calendar year following the year when the event which might give rise to a claim occurred.

Arrangements to conclude a contract with the data subject

Personal data processing is necessary for taking actions prior to the conclusion of the contract, at the request of the data subject (Article 6 (1) (b) of the GDPR).

Until the statute of limitations for any mutual claims expires, no longer than 10 years calculated from the end of the calendar year following the year in which the arrangements to conclude the contract were completed.

Implementation of the contract

Personal data processing is necessary for the implementation of the contract to which the data subject is a party (Article 6 (1) (b) of the GDPR).

Until the statute of limitations for any mutual claims expires, no longer than 10 years calculated from the end of the calendar year following the year in which the contract was terminated.

Maintaining accounting and tax records

Personal data processing is necessary for performing legal obligations (Article 6 (1) (c) of the GDPR) in conjunction with Article 74 of the Accounting Act and other relating to taxes.

5 years calculated from the end of the calendar year following the year in which the contract was terminated.

Formulating and responding to a request or other queries

Personal data processing is necessary for the purpose of a legitimate interest pursued by the Personal Data Controller (Article 6 (1) (f) of the GDPR), which consists in the opportunity of providing an answer to a question or query concerning the activities carried out.

The period of maintaining current relations, e.g. answering questions, presenting offers, exchange of correspondence.

Support, investigation and defence in the event of mutual claims

Personal data processing is necessary for the purpose of a legitimate interest pursued by the Personal Data Controller (Article 6 (1) (f) of the GDPR), which consists in the right of defence or investigation in the event of mutual claims.

Until the statute of limitations for any mutual claims expires, no longer than 10 years calculated from the end of the calendar year following the year when the event which might give rise to a claim occurred.

Consideration of claims, complaints and queries

Personal data processing is necessary for the purpose of a legitimate interest pursued by the Personal Data Controller (Article 6 (1) (f) of the GDPR), which consists in ensuring high quality products and services, and a good image of the company.

Until the statute of limitations for any mutual claims expires, no longer than 10 years calculated from the end of the calendar year following the year when the event which might give rise to a claim occurred. 

Direct marketing

Personal data processing is necessary for the purpose of a legitimate interest pursued by the Personal Data Controller (Article 6 (1) (f) of the GDPR), which consists in promoting the company, as well as its services and products.

Until an objection is raised.

 

INFORMATION ON THE RECIPIENTS OF PERSONAL DATA

Your personal data may be disclosed to the following categories of recipients:

The data will be disclosed only to trusted recipients and processed only to the extent that it is necessary to provide services for the benefit of Ziaja Ltd Zakład Produkcji Leków Sp. z o.o. (limited liability company).

INFORMATION ON THE RIGHTS OF THE DATA SUBJECT

In connection with the processing of your personal data, you have the following rights:

INFORMATION ON THE OBLIGATION TO PROVIDE DATA

Providing data is not mandatory but necessary for effective handling of queries, answering individual inquiries, carrying out effective business trading and keeping financial and accounting records required by law.

INFORMATION ON AUTOMATED DECISION-MAKING, INCLUDING PROFILING

Your personal data will not be used for automated decision-making, including profiling.

INFORMATION ON THE TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

Your personal data will not be transferred to third countries, i.e. outside the European Economic Area.