PŘIDEJ SE K NÁM!

Dej si šanci naplnit své profesní ambice! Přidej se k nám!

ČTĚTE VÍCE O NÁS

Přihlas se k odběru našeho newsletteru

Kontaktuj nás!

Menu
Menu
NABÍDKY PRÁCE
Menu

Zásady ochrany osobních údajů

Dear User
We care about your privacy and want you to feel comfortable and safe when using our services, so we have prepared a document where you will find detailed information on the processing of your personal data.

Table of Contents:

  1. Definitions
  2. Introduction
  3. General information
  4. Recipients of the Website Users’ personal data
  5. Acquisition, collection, purpose, scope and personal data processing activities
  6. Rights of data subjects
  7. Cookies mechanism, operating data and analytics
  8. Final provisions

§ 1
Definitions

  1. Administrator – Metaal Flex Poland Sp. z o.o., with its registered office in Kędzierzyn-Koźle (47-200) at 2 Czerwińskiego Street, which provides services by electronic means and stores and accesses information on the User’s devices.
  2. User – a person using the Website; an entity for which, in accordance with the law, services may be provided electronically or with which an agreement for the provision of Electronic Services may be concluded.
  3. Website – the website located at the domain www.metaalflex.pl, through which the Administrator operates the online Service.
  4. Electronic service – a service provided electronically by the Administrator to the User via the Website.
  5. Recruitment form – an electronic service, a form available on the Website that allows the User to apply for a job position.
  6. Device – an electronic device through which the User gains access to the Website.
  7. Consumer – a natural person who concludes with the Seller a contract via the Website, the subject of which is not directly related to their business or professional activity.
  8. Client:
    1. a natural person with full legal capacity, and in cases provided for by generally applicable law also a natural person with limited legal capacity,
    2. a legal person,
    3. an organizational unit without legal personality to which the law grants legal capacity,

    – who uses or intends to use the Service or the Electronic Service.

§ 2
Introduction

  1. This Privacy Policy sets out the rules for the processing and protection of personal data of Users of the online Service (including potential Users) using the online Service available at: www.metaalflex.pl, hereinafter referred to as the Website. The document primarily describes the legal bases, purposes, and scope of personal data processing, describes the functionalities of the Website, indicates the entities to which data is entrusted, and also contains information concerning cookies and analytical tools used within the Website.
  2. The controller of personal data collected via the Website, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (OJ EU L No. 119, p. 1), hereinafter “GDPR” (the text of the regulation is available here: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is Metaal Flex Poland Sp. z o.o., with its registered office in Kędzierzyn-Koźle (47-200) at 2 Czerwińskiego Street, entered in the National Court Register by the District Court in Opole, 8th Commercial Division of the National Court Register, under KRS number: 0000183635, NIP: 7491882302, REGON: 531668497, represented by: Teresa Majchrzak, contact phone: +48 77 40 60 190 / +48 77 40 60 191, e-mail address: info@metaalflex.pl, hereinafter referred to as the Administrator and at the same time the Service Provider of the Website.
  3. The Data Protection Officer appointed by the Administrator is: Mariusz Kwaśnik, contact with the Officer is possible by phone: 537 926 362 and/or by e-mail at: iod@valven.pl.
  4. Users’ personal data is processed in accordance with the provisions on personal data protection and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).
  5. The personal data Administrator declares that the Privacy Policy is informative in nature, which means it is not a source of obligations for Users of the Website. Its purpose is to define the actions taken by the Administrator and to describe services, tools and functionalities related to the Website used by Users of the Website, e.g. to use the recruitment form or other activities undertaken within the Website.

§ 3
General information

  1. The Administrator of the Website makes every effort to protect the privacy of Users of the Website and all data and information obtained from them. With due diligence, it selects and applies technical protection measures, both software and organizational, thereby ensuring complete protection against disclosure, loss, destruction, unauthorized modification, or processing in violation of applicable law.
  2. The Administrator informs that the Website uses a transmission protocol ensuring the security of data transfer on the Internet, namely the SSL protocol (Secure Socket Layer v3) is installed. This security method consists in encrypting data before it is sent from the User’s browser and decrypting it after securely reaching the Website’s server. Information sent from the server to the User is also encrypted and decrypted upon arrival.
  3. The data collected by the Administrator is processed lawfully, respecting the principles of fairness and transparency, collected to the minimum extent necessary for the specified purposes and processed accordingly, not subjected to further processing incompatible with those purposes, adequate and substantively correct for their intended use, and stored in a manner enabling identification of the data subjects. The retention period depends on the processing purpose and is limited to the time needed to achieve the intended purpose.
  4. The Administrator of the Website has access to data under the rules set out in the Privacy Policy, but may entrust Users’ personal data to external entities cooperating with the Administrator. Such entrustment is possible on the basis of appropriate data processing agreements concluded between the Administrator and the processor. The agreements specify the scope and conditions for processing personal data necessary to provide the services. The Administrator declares that it cooperates only with entities that guarantee the security of personal data processing by implementing safeguards meeting the requirements set out in the GDPR.
  5. The Administrator has the right and a statutory obligation to provide information concerning Users of the Website to public authorities, e.g. in connection with proceedings concerning possible violations of the law, or to third parties that submit such a request based on applicable Polish law.
  6. Using the services and tools provided within the Website, as well as providing personal data by the User, is voluntary. However, providing data may be necessary to conclude and perform an agreement for the provision of services and/or Electronic Services on the Website; the lack of such data will make it impossible to conclude such an agreement. The scope of data required to conclude the Agreement is indicated on the Website.
  7. A User using the services and tools provided within the Website confirms that they have read the provisions of this Privacy Policy, and at the same time consents (if required) to the use of their personal data in accordance with these provisions by checking the appropriate checkboxes placed on the Website (the contents of the checkboxes specify the purpose for which the provided personal data will be used).

§ 4
Recipients of the Website Users’ personal data

  1. To ensure the proper operation of the Website, its functionalities, and to provide services, the Administrator uses the services of external entities. The Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
  2. Examples of recipients of personal data of Users of the Website include:
    • providers of services supporting the work of the Website Administrator, e.g. providers of computer software for operating the Website, e-mail services, hosting providers,
    • entities commissioning tasks to the Administrator on the basis of a separate agreement within the Website’s activity,
    • entities preparing marketing offers of the services provided,
    • entities operating the functionalities of the Website.
  3. Data recipients (external entities) process personal data on the basis of relevant data processing agreements signed with the Website Administrator. These entities collect, process, and store personal data in accordance with their own terms and privacy policies.
  4. Processing of personal data of the Service Users of www.metaalflex.pl is entrusted by the Administrator to the following entities:
    • Leszek Grün 4 PROJEKT, ul. Wojska Polskiego 17, 47-220 Kędzierzyn-Koźle, NIP: 7491861151. REGON: 16016356 – for the purpose of storing data on the server on which the Website is installed and for providing IT/technical maintenance of the Website,

§ 5
Acquisition, collection, purpose, scope and processing activities

    1. The Administrator acquires information about Users, among other things, by collecting server logs, IP addresses, software and hardware parameters, pages viewed, the mobile device identification number, and other data concerning devices and the use of systems. The above information will be collected in connection with the use of the Website. These data are not used by the Administrator to identify the User.
    2. Navigation data may also be collected from Users, including information about links and references or other actions taken on the Website, in order to facilitate the use of the services provided electronically and to improve their functionality.
    3. The Administrator reserves the right to filter and block messages sent via the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the security of Users of the Website.
    4. As part of operating the Website, the Administrator processes Users’ personal data for the following purposes:
      • providing services created or co-created by the Administrator,
      • tailoring the offer and the User experience,
      • accounting/payroll support within the conducted activity,
      • providing information on services rendered to the User on the basis of a separate agreement with external entities,
      • conducting recruitment processes using the data contained in the recruitment form,
      • facilitating the use of the Website and ensuring its IT security,
      • establishing, pursuing and enforcing claims and defending against claims in court and before other enforcement authorities,
      • handling complaints and requests,
      • marketing and advertising related to the preparation of a service offer.
    5. The Administrator informs that it collects, processes and stores the following User data: first and last name, e-mail address, residential address, postal code, voivodeship (province), city/town, mobile phone number, place of birth, date of birth, citizenship, driving licence, education, professional experience.
    6. Personal data collected for the purposes indicated in the Privacy Policy will be stored for the duration of the services (including electronic services) provided by the Administrator and for the period resulting from limitation periods for claims, tax law provisions, consumer rights and other applicable laws in this respect.
    7. The User has the right to file a complaint in the event of non-performance or improper performance of a service provided electronically by the Administrator. If this right is exercised, the Administrator is obliged to take a position on the matter without undue delay, but no later than within 14 calendar days from the date the complaint is submitted. To exercise this right, the User sends, in writing or by e-mail to: info@metaalflex.pl, an unequivocal statement of termination of the agreement for the provision of services by electronic means. To speed up the processing of the complaint, it is recommended to provide the following information: circumstances concerning the subject of the complaint and the occurrence of any defects, the Client’s request, and contact details. The above recommendations are not mandatory and do not affect the effectiveness of complaint handling.

CONTACT WITH THE USER

    1. The legal basis for data processing in connection with User support, which includes contacting the User to respond to an inquiry sent via e-mail or the recruitment form, is Article 6(1)(a) of the GDPR, i.e. consent to processing. If a contract is concluded after contact, data will be processed on the basis of Article 6(1)(b) of the GDPR. The legal basis for processing after any contact has ended will be the legitimate interest in archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).

RECRUITMENT FORM

    1. As part of the Website’s activity related to sourcing job candidates for external entities on the basis of a separate agreement, and to facilitate job searching for Users, we provide a recruitment form on the site. Using the form requires providing the data necessary to carry out the recruitment process, as a result of which the User may obtain employment with our Clients.
    2. Data from the form will be processed on the basis of the job candidate’s consent for the duration of the recruitment process, for this and future recruitments, for the period indicated by the data controller.

SOCIAL TOOLS

    1. The Website www.metaalflex.pl uses a plugin and other tools provided by the Facebook social network. When viewing a page of the Website where such a plugin has been placed, the User’s browser establishes a direct connection to the Facebook server.
    2. The content of the plugin is transmitted by the given Service Provider directly to the User’s browser and integrated with the page. This integration allows the Service Provider to receive information that the User’s browser displayed a page of the Website www.metaalflex.pl even if the User does not have a Facebook profile or is not logged in at that time. If the User is logged in to the social network, the Service Provider will be able to directly assign the visit on the Site to the given Facebook profile.

In a situation where a User of the Website uses the “Like” or “Share” button, the relevant information will also be sent directly to the Service Provider’s server and stored there. In addition, this information will be published on the social network and will appear, for example, on the Facebook timeline. The purpose and scope of data collection and their further processing and use by the Service Providers, as well as contact options and the rights of Users in this respect and the possibility of making settings to ensure privacy protection, are indicated in each Service Provider’s privacy policy.

§ 6
Rights of data subjects

  1. The GDPR grants Users the rights listed below. They are available without giving a reason; however, they are not absolute and will not apply to all personal data processing activities. If the User wishes to exercise any of the rights available to them, they may at any time send a declaration of intent to the Website’s e-mail address or to the Administrator’s registered office address.
    1. Right of access – Article 15 GDPR

The User may contact the Administrator at any time to confirm whether their data is being processed, and if so, the User has the right:

      • to obtain access to personal data,
      • to receive information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the User’s data or the criteria for determining this period (when specifying the planned processing period is not possible), the rights granted to the User under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making including profiling, and the safeguards used in connection with the transfer of data outside the European Union,
      • to obtain a copy of their personal data.
    2. Right to rectification – Article 16 GDPR

The User has the right to request the Administrator to promptly rectify their personal data that is inaccurate. They also have the right to request the completion of their personal data. To rectify or complete your personal data, please send information to the Website’s e-mail address.

  1. Right to erasure (“right to be forgotten”) – Article 17 GDPR
    1. The User may request the Administrator to erase all or some of their data.
    2. The User has the right to request the erasure of their personal data when:
      • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
      • they have withdrawn specific consent to the extent that the personal data were processed on the basis of the User’s consent,
      • they have objected to the use of their data for marketing purposes,
      • the personal data have been processed unlawfully,
      • the personal data must be erased to comply with a legal obligation under the law of the Union or a Member State to which the Administrator is subject,
      • the personal data were collected in connection with the offer of information society services
    3. Notwithstanding the User’s request for erasure due to objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defence of legal claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject,
    4. Erasure of personal data or cessation of their processing by the Administrator may result in the inability to provide services via the Website or may limit the ability to use the functionalities of the Website.

  2. Consent to the processing of personal data and the right to withdraw consent – Article 7(3) GDPR
    1. By accepting the statements placed by the Administrator in the interactive forms available on the Website, the Client/User consents to the processing of their data for specified purposes,
    2. The Client/User may consent to the processing of their data for additional purposes by accepting optional statements proposed in the forms available on the Website,
    3. The Client has the right to withdraw any consent given to the Administrator; the withdrawal will take effect from the moment of withdrawal,
    4. Withdrawal of consent will not have any negative consequences for the Client, but it may prevent further use of services or functionalities which, by law, the Administrator may provide only with consent,
    5. Withdrawal of consent does not affect the lawfulness of processing carried out by the Administrator before the withdrawal.

  3. Right to object to processing – Article 21 GDPR
    1. The Client/User has the right at any time to object, on grounds relating to their particular situation, to the processing of their personal data, including profiling, if the Administrator processes personal data on the basis of legitimate interests,
    2. Sending by the Client/User an e-mail message resigning from receiving marketing information about products and services constitutes an objection by the Client/User to the processing of their data, including profiling for these purposes,
    3. If the Administrator has no other legal basis permitting the processing of the Client’s/User’s data and the objection proves justified, the personal data to which the objection relates will be erased.

  4. Right to request restriction of processing – Article 18 GDPR
    The Client/User has the right to request restriction of their personal data when:
    1. they contest the accuracy of their personal data – the personal data Administrator will restrict processing of your personal data for a period enabling verification of the accuracy of the data,
    2. the processing of the Client’s/User’s personal data is unlawful and instead of erasure the Client/User requests restriction of processing of their personal data,
    3. the Client’s/User’s personal data are no longer needed for processing purposes but are required for the establishment, exercise or defence of legal claims,
    4. the Client/User has objected to the processing of their personal data – in which case processing will be restricted until it is determined whether the legitimate grounds of the personal data Administrator override the grounds indicated in the Client’s/User’s objection.
  5. Right to data portability (Article 20 GDPR)
    The Client/User has the right to receive from the Administrator their personal data in a structured, commonly used, machine-readable format and to transmit those data to another personal data controller.
    You may also request that the personal data Administrator transmit the Client’s/User’s personal data directly to another controller (where technically feasible).
  6. The Client also has the right to lodge a complaint with the President of the Personal Data Protection Office regarding any violation of their personal data protection rights or other rights granted under the GDPR.

§ 7
Cookies Policy, operating data and analytics

  1. The Website uses small files called cookies, which are saved and stored on the Users’ and Clients’ computer or other end device if the web browser allows it. Cookies usually contain the domain name from which they originate, the time they are stored on the Device and an assigned value.
  2. Cookies are used to optimize the use of the Website, to collect statistical data that make it possible to identify how Users use the Website, which allows improving the structure of the Website. They are also necessary to maintain the Client’s session after leaving the Website.
  3. The Administrator uses two types of cookies:
    a) Session (temporary) cookies: stored on the Client’s/User’s end device and remain there until the browser session ends. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Client’s/User’s Device.
    b) Persistent cookies: stored on the Client’s Device and remain there until deleted. Ending the browser session or turning off the Device does not delete them from the Client’s/User’s Device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Client’s/User’s Device.
  4. The service provider uses external cookies in order to:
    a) promote the Website via the social networking site www.facebook.com (Administrator of the external cookies: Facebook Inc. based in the USA or Facebook Ireland based in Ireland).
  5. Facebook Inc. is an entity from a third country – the United States – which has joined the Privacy Shield to ensure an adequate level of personal data protection required by the GDPR.
    Under the agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.
  6. In order to create personalized ads based on the behavior of visitors to the Website and to monitor events on the Website, the Administrator uses the Facebook conversion pixel (a JavaScript code snippet). The information collected as part of the Facebook pixel is anonymous, i.e. it does not allow the Administrator to identify a given person; it only provides information about actions taken on the Website. Detailed information on Facebook’s use of data collected via the pixel is available at https://www.facebook.com/privacy/explanation.
  7. The Client may change cookie settings at any time using the web browser they use, including blocking the collection of cookies. Such action may hinder or prevent the use of the Website’s services and tools, including preventing the placement of an Order.
  8. If the User decides not to consent to the use of cookies for the purposes described above, they can delete them manually at any time. Detailed instructions and information on cookies can be found in the help menu of the web browser currently used by the User. Example web browsers supporting cookies: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
  9. Some external entities operating within the Website allow Users to withdraw consent to the collection and use of data for advertising purposes based on User activity. More information on this subject and the ability to make a choice can be found, for example, at: www.yuoronlinechoices.com.

§ 8
Final provisions

  1. This Privacy Policy contains links to other websites; it is recommended to read the Privacy Policies and Terms of those websites.
  2. The above Privacy Policy applies only to the Administrator’s Website.
  3. There is a possibility of expanding the Website’s offer, which may result in changes to this Privacy Policy; you will be informed about this by an appropriate notice on the Website.
  4. If you have additional questions regarding the Website’s Privacy Policy, please send a message to the e-mail address provided by the Administrator: info@metaalflex.pl.
Dear User We care about your privacy and want you to feel comfortable and safe when using our services, so we have prepared a document where you will find detailed information on the processing of your personal data.Table of Contents:
  1. Definitions
  2. Introduction
  3. General information
  4. Recipients of the Website Users’ personal data
  5. Acquisition, collection, purpose, scope and personal data processing activities
  6. Rights of data subjects
  7. Cookies mechanism, operating data and analytics
  8. Final provisions

§ 1 Definitions

  1. Administrator – Metaal Flex Poland Sp. z o.o., with its registered office in Kędzierzyn-Koźle (47-200) at 2 Czerwińskiego Street, which provides services by electronic means and stores and accesses information on the User’s devices.
  2. User – a person using the Website; an entity for which, in accordance with the law, services may be provided electronically or with which an agreement for the provision of Electronic Services may be concluded.
  3. Website – the website located at the domain www.metaalflex.pl through which the Administrator operates the online Service.
  4. Electronic service – a service provided electronically by the Administrator to the User via the Website.
  5. Recruitment form – an electronic service, a form available on the Website that allows the User to apply for a job position.
  6. Device – an electronic device through which the User gains access to the Website.
  7. Consumer – a natural person who concludes with the Seller a contract via the Website, the subject of which is not directly related to their business or professional activity.
  8. Client:
    1. a natural person with full legal capacity, and in cases provided for by generally applicable law also a natural person with limited legal capacity,
    2. a legal person,
    3. an organizational unit without legal personality to which the law grants legal capacity,
    – who uses or intends to use the Service or the Electronic Service.

§ 2 Introduction

  1. This Privacy Policy sets out the principles for processing and protecting personal data of Users of the Website (including potential Users) using the online service available at: www.metaalflex.pl, hereinafter referred to as the Website. The document primarily describes the legal bases, purposes, and scope of personal data processing, describes the functionalities of the Website, indicates the entities to which data is entrusted, and also contains information on cookies and analytical tools used within the Website.
  2. The controller of personal data collected via the Website, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter “GDPR” (the text of the regulation is available here: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is Metaal Flex Poland Sp. z o.o., with its registered office in Kędzierzyn-Koźle (47-200) at 2 Czerwińskiego Street, entered in the National Court Register by the District Court in Opole, 8th Commercial Division of the National Court Register, under KRS number: 0000183635, NIP (Tax ID): 7491882302, REGON: 531668497, represented by: Teresa Majchrzak, contact phone: +48 77 40 60 190 / +48 77 40 60 191, e-mail address: info@metaalflex.pl, hereinafter referred to as the Administrator and at the same time the Service Provider of the Website.
  3. The Data Protection Officer appointed by the Administrator is: Mariusz Kwaśnik, contact by phone: 537 926 362 and/or by e-mail at: iod@valven.pl
  4. Users’ personal data is processed in accordance with the personal data protection regulations and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).
  5. The Administrator declares that this Privacy Policy is informative in nature, which means it is not a source of obligations for Users of the Website. Its purpose is to define the actions taken by the Administrator and to describe services, tools and functionalities related to the Website used by Users, e.g. to use the recruitment form or other activities undertaken within the Website.

§ 3 General information

  1. The Administrator of the Website makes every effort to protect the privacy of Users and all data and information obtained from them. With due diligence, it selects and applies technical protection measures, both software and organizational, thereby ensuring full protection against disclosure, loss, destruction, unauthorized modification, or processing in violation of applicable law.
  2. The Administrator informs that the Website uses a data transmission protocol ensuring secure data transfer on the Internet, namely the SSL protocol (Secure Socket Layer v3) is installed. This security method consists in encrypting data before it is sent from the User’s browser and decrypting it after securely reaching the Website’s server. Information sent from the server to the User is also encrypted and decrypted upon arrival.
  3. The data collected by the Administrator is processed lawfully, respecting the principles of fairness and transparency, collected to the minimum extent necessary for the specified purposes and processed accordingly, not subjected to further processing incompatible with those purposes, adequate and substantively correct for their intended use, and stored in a way that allows identification of the data subjects. The retention period depends on the processing purpose and is limited to the time needed to achieve the intended purpose.
  4. The Administrator of the Website has access to data under the rules set out in this Privacy Policy, but may entrust Users’ personal data to external entities cooperating with the Administrator. Such entrustment is possible on the basis of appropriate data processing agreements concluded between the Administrator and the processor. The agreements specify the scope and conditions for processing personal data necessary to provide the services. The Administrator declares that it cooperates only with entities that guarantee the security of personal data processing by implementing safeguards meeting the requirements set out in the GDPR.
  5. The Administrator has the right and legal obligation to provide information about Users of the Website to public authorities, e.g. in connection with proceedings concerning possible violations of the law, or to third parties that submit such a request based on applicable Polish law.
  6. Using the services and tools provided within the Website, as well as providing personal data by the User, is voluntary. However, providing data may be necessary to conclude and perform an agreement for the provision of services and/or Electronic Services on the Website; the lack of such data will make it impossible to conclude such an agreement. The scope of data required to conclude the agreement is indicated on the Website.
  7. A User using the services and tools provided within the Website confirms that they have read the provisions of this Privacy Policy, and at the same time consents (if required) to the use of their personal data in accordance with these provisions by checking the appropriate checkboxes placed on the Website (the contents of the checkboxes specify the purpose for which the provided personal data will be used).

§ 4 Recipients of the Website Users’ personal data

  1. To ensure the proper operation of the Website, its functionalities, and to provide services, the Administrator uses the services of external entities. The Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
  2. Examples of recipients of personal data of Users of the Website include:
    • providers of services supporting the work of the Website Administrator, e.g. providers of computer software for operating the Website, e-mail services, hosting providers,
    • entities commissioning tasks to the Administrator on the basis of a separate agreement within the Website’s activity,
    • entities preparing marketing offers of the services provided,
    • entities operating the functionalities of the Website.
  3. Data recipients (external entities) process personal data on the basis of relevant data processing agreements signed with the Website Administrator. These entities collect, process, and store personal data in accordance with their own terms and privacy policies.
  4. Processing of personal data of Users of the Website www.metaalflex.pl is entrusted by the Administrator to the following entities:
    • Leszek Grün 4 PRO.studio, ul. Szczęśliwa 4, 47-230 Kędzierzyn-Koźle, NIP: 7491861151, REGON: 16016356 – for the purpose of storing data on the server on which the Website is installed and for providing IT/technical maintenance of the Website,

§ 5 Acquisition, collection, purpose, scope and processing activities

    1. The Administrator acquires information about Users, among other things, by collecting server logs, IP addresses, software and hardware parameters, pages viewed, the mobile device identification number, and other data concerning devices and the use of systems. The above information will be collected in connection with the use of the Website. These data are not used by the Administrator to identify the User.
    2. Navigation data may also be collected from Users, including information about links and references or other actions taken on the Website, in order to facilitate the use of the services provided electronically and to improve their functionality.
    3. The Administrator reserves the right to filter and block messages sent via the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the security of Users of the Website.
    4. As part of operating the Website, the Administrator processes Users’ personal data for the following purposes:
      • providing services created or co-created by the Administrator,
      • tailoring the offer and the User experience,
      • accounting/payroll support within the conducted activity,
      • providing information on services rendered to the User on the basis of a separate agreement with external entities,
      • conducting recruitment processes using the data contained in the recruitment form,
      • facilitating the use of the Website and ensuring its IT security,
      • establishing, pursuing and enforcing claims and defending against claims in court and before other enforcement authorities,
      • handling complaints and requests,
      • marketing and advertising related to the preparation of a service offer.
    5. The Administrator informs that it collects, processes and stores the following User data: first and last name, e-mail address, residential address, postal code, voivodeship (province), city/town, mobile phone number, place of birth, date of birth, citizenship, driving licence, education, professional experience.
    6. Personal data collected for the purposes indicated in this Privacy Policy will be stored for the duration of the services (including electronic services) provided by the Administrator and for the period resulting from limitation periods for claims, tax law provisions, consumer rights and other applicable laws in this respect.
    7. The User has the right to file a complaint in the event of non-performance or improper performance of a service provided electronically by the Administrator. If this right is exercised, the Administrator is obliged to take a position on the matter without undue delay, but no later than within 14 calendar days from the date the complaint is submitted. To exercise this right, the User sends, in writing or by e-mail to: info@metaalflex.pl, an unequivocal statement of termination of the agreement for the provision of services by electronic means. To speed up the processing of the complaint, it is recommended to provide the following information: circumstances concerning the subject of the complaint and the occurrence of any defects, the Client’s request, and contact details. The above recommendations are not mandatory and do not affect the effectiveness of complaint handling.

CONTACT WITH THE USER

    1. The legal basis for data processing in connection with User support, which includes contacting the User to respond to an inquiry sent via e-mail or the recruitment form, is Article 6(1)(a) of the GDPR, i.e. consent to processing. If a contract is concluded after contact, data will be processed on the basis of Article 6(1)(b) of the GDPR. The legal basis for processing after any contact has ended will be the legitimate interest in archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).

RECRUITMENT FORM

    1. As part of the Website’s activity related to sourcing job candidates for external entities on the basis of a separate agreement, and to facilitate job searching for Users, we provide a recruitment form on the site. Using the form requires providing the data necessary to carry out the recruitment process, as a result of which the User may obtain employment with our Clients.
    2. Data from the form will be processed on the basis of the job candidate’s consent for the duration of the recruitment process, for this and future recruitments, for the period indicated by the data controller.

SOCIAL TOOLS

    1. The Website www.metaalflex.pl uses a plugin and other tools provided by the Facebook social network. When viewing a page of the Website where such a plugin has been placed, the User’s browser connects directly to the Facebook server.
    2. The content of the plugin is transmitted by the given Service Provider directly to the User’s browser and integrated with the page. This integration allows the Service Provider to receive information that the User’s browser displayed a page of the Website www.metaalflex.pl even if the User does not have a Facebook profile or is not logged in at that time. If the User is logged in to the social network, the Service Provider will be able to directly assign the visit on the Site to the given Facebook profile.
If the User of the Website uses the “Like” or “Share” button, the relevant information will also be sent directly to the Service Provider’s server and stored there. In addition, this information will be published in the social network and will appear, for example, on the Facebook timeline. The purpose and scope of data collection and their further processing and use by the Service Providers, as well as contact options and the rights of Users in this respect and settings to protect privacy, are indicated in each Service Provider’s privacy policy.

§ 6 Rights of data subjects

  1. The GDPR grants Users the rights listed below. They are available without giving a reason; however, they are not absolute and will not apply to all personal data processing activities. If the User wishes to exercise any of the rights available to them, they may at any time send a declaration of intent to the Website’s e-mail address or to the Administrator’s registered office address.
    1. Right of access – Article 15 GDPR
The User may contact the Administrator at any time to confirm whether their data is being processed, and if so, the User has the right:
      • to obtain access to personal data,
      • to receive information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the User’s data or the criteria for determining this period (when specifying the planned processing period is not possible), the rights granted to the User under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making including profiling and the safeguards used in connection with the transfer of data outside the European Union,
      • to obtain a copy of their personal data.
    2. Right to rectification – Article 16 GDPR
The User has the right to request the Administrator to promptly rectify their personal data that is inaccurate. They also have the right to request the completion of their personal data. To rectify or complete your personal data, please send information to the Website’s e-mail address.
  1. Right to erasure (“right to be forgotten”) – Article 17 GDPR
    1. The User may request the Administrator to erase all or some of their data.
    2. The User has the right to request the erasure of their personal data when:
      • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
      • they have withdrawn specific consent to the extent that the personal data were processed on the basis of the User’s consent,
      • they have objected to the use of their data for marketing purposes,
      • the personal data have been processed unlawfully,
      • the personal data must be erased to comply with a legal obligation under the law of the Union or a Member State to which the Administrator is subject,
      • the personal data were collected in connection with the offer of information society services,
    3. Notwithstanding the User’s request for erasure due to objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defence of legal claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject,
    4. Erasure of personal data or cessation of processing by the Administrator may result in the inability to provide services via the Website or may limit the ability to use the functionalities of the Website.
  2. Consent to processing and the right to withdraw consent – Article 7(3) GDPR
    1. By accepting the statements placed by the Administrator in the interactive forms available on the Website, the Client/User consents to the processing of their data for specified purposes,
    2. The Client/User may consent to the processing of their data for additional purposes by accepting optional statements proposed in the forms available on the Website,
    3. The Client has the right to withdraw any consent given to the Administrator; the withdrawal will take effect from the moment of withdrawal,
    4. Withdrawal of consent will not have any negative consequences for the Client, but it may prevent further use of services or functionalities which, by law, the Administrator may provide only with consent,
    5. Withdrawal of consent does not affect the lawfulness of processing carried out by the Administrator before the withdrawal.
  3. Right to object to processing – Article 21 GDPR
    1. The Client/User has the right at any time to object, on grounds relating to their particular situation, to the processing of their personal data, including profiling, if the Administrator processes personal data on the basis of legitimate interests,
    2. Sending by the Client/User an e-mail message resigning from receiving marketing information about products and services constitutes an objection by the Client/User to the processing of their data, including profiling for these purposes,
    3. If the Administrator has no other legal basis permitting the processing of the Client’s/User’s data and the objection proves justified, the personal data to which the objection relates will be erased.
  4. Right to request restriction of processing – Article 18 GDPR The Client/User has the right to request restriction of their personal data when:
    1. they contest the accuracy of their personal data – the Administrator will restrict processing for a period enabling verification of the accuracy of the data,
    2. the processing of the Client’s/User’s personal data is unlawful and instead of erasure the Client/User requests restriction of processing,
    3. the Client’s/User’s personal data are no longer needed for processing purposes but are required for the establishment, exercise or defence of legal claims,
    4. the Client/User has objected to the processing of their personal data – in which case processing will be restricted until it is determined whether the legitimate grounds of the Administrator override the grounds indicated in the Client’s/User’s objection.
  5. Right to data portability (Article 20 GDPR) The Client/User has the right to receive from the Administrator their personal data in a structured, commonly used, machine-readable format and to transmit those data to another personal data controller. You may also request that the personal data Administrator transmit the Client’s/User’s personal data directly to another controller (where technically feasible).
  6. The Client also has the right to lodge a complaint with the President of the Personal Data Protection Office regarding any violation of their personal data protection rights or other rights granted under the GDPR.

§ 7 Cookies Policy, operating data and analytics

  1. The Website uses small files called cookies, which are saved and stored on the Users’ and Clients’ computer or other end device if the web browser allows it. Cookies usually contain the domain name from which they originate, the time they are stored on the Device and an assigned value.
  2. Cookies are used to optimize the use of the Website, to collect statistical data that make it possible to identify how Users use the Website, which allows improving the structure of the Website. They are also necessary to maintain the Client’s session after leaving the Website.
  3. The Administrator uses two types of cookies: a) Session (temporary) cookies: stored on the Client’s/User’s end device and remain there until the browser session ends. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Client’s/User’s Device. b) Persistent cookies: stored on the Client’s Device and remain there until deleted. Ending the browser session or turning off the Device does not delete them from the Client’s/User’s Device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Client’s/User’s Device.
  4. The service provider uses external cookies in order to: a) promote the Website via the social networking site www.facebook.com (Administrator of the external cookies: Facebook Inc. based in the USA or Facebook Ireland based in Ireland).
  5. Facebook Inc. is an entity from a third country – the United States – which has joined the Privacy Shield to ensure an adequate level of personal data protection required by the GDPR. Under the agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.
  6. In order to create personalized ads based on the behavior of visitors to the Website and to monitor events on the Website, the Administrator uses the Facebook conversion pixel (a JavaScript code snippet). The information collected as part of the Facebook pixel is anonymous, i.e. it does not allow the Administrator to identify a given person; it only provides information about actions taken on the Website. Detailed information on Facebook’s use of data collected via the pixel is available at https://www.facebook.com/privacy/explanation.
  7. The Client may change cookie settings at any time using the web browser they use, including blocking the collection of cookies. Such action may hinder or prevent the use of the Website’s services and tools, including preventing the placement of an Order.
  8. If the User decides not to consent to the use of cookies for the purposes described above, they can delete them manually at any time. Detailed instructions and information on cookies can be found in the help menu of the web browser currently used by the User. Example web browsers supporting cookies: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
  9. Some external entities operating within the Website allow Users to withdraw consent to the collection and use of data for advertising purposes based on User activity. More information and opt-out options can be found, for example, at: www.yuoronlinechoices.com.

§ 8 Final provisions

  1. This Privacy Policy contains links to other websites; it is recommended to read the Privacy Policies and Terms of those websites.
  2. The above Privacy Policy applies only to the Administrator’s Website.
  3. The Website’s offer may be extended, which may result in changes to this Privacy Policy; you will be informed about this by an appropriate notice on the Website.
  4. If you have additional questions regarding the Website’s Privacy Policy, please send a message to the e-mail address provided by the Administrator: info@metaalflex.pl.