Information Clause

When processing personal data, we always abide by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).

We do our utmost to ensure that your personal data is properly secured by the latest technologies. We train our personnel and raise awareness in the area of personal data protection.

We also do everything to act openly and transparently. This site is for you to learn the most relevant information about our processing of personal data.

If you have questions regarding the method and scope of personal data processing by Asseco Business Solutions S.A., as well as regarding your rights, please contact the Company at: ul. Konrada Wallenroda 4c, 20-607 Lublin, Poland, or get in touch with our Data Protection Officer, Ms Ewa Iwanko, via e-mail at: odo@assecobs.pl

Information Clause on the processing of personal data by Asseco Business Solutions S.A. in connection with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).

Controller
The controller of your personal data is Asseco Business Solutions S.A., having its registered office in Lublin (20-607), at ul. Konrada Wallenroda 4C, reg. no. KRS: 0000028257, business ID REGON: 017293003, tax ID NIP: 5222612717 (hereinafter “Controller”).
Contact in matters related to personal data processing;
For any matters related to personal data processing, please, contact the Controller via the designated Data Protection Officer at: Asseco Business Solutions S.A. ul. Konrada Wallenroda 4C, 20-607 Lublin or by e-mail by writing to: odo@assecobs.pl.
Purpose of processing Legal basis
If you are a natural person and a sole proprietor who has entered into an agreement with Asseco BS, your personal data will be processed for the following purposes:
  • to perform under an agreement that you have entered into with the Controller;
  • Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR);
  • for the Controller to comply with the legal obligations, in particular related to tax law and accounting regulations;
  • Article 6(1)(c) GDPR;
  • resulting from the Controller’s legitimate interests, in particular to maintain contact with a party concluding an agreement and during the term of the same; to carry out direct marketing of the Controller’s products and services, including, if you consent to it, the distribution of commercial information by electronic means (such as invitations to events organised by the Controller or information about its products and services); to monitor and improve the quality of services provided, including the handling of complaints, and to establish, exercise or defend against legal claims.
  • Article 6(1)(f) GDPR.
If you are a contact person, agent, or another person representing an entity that has entered into an agreement with the Controller or another person involved in the performance of an agreement with the Controller, your personal data will be processed for the following purposes:
  • resulting from the Controller’s legitimate interests, in particular to maintain contact with a party concluding an agreement with the Controller,  to verify whether any person who contacts the Controller is authorised to take action on behalf of that party; to ensure the proper performance under the said agreement, and to defend against any claims;
  • Article 6(1)(f) GDPR;
  • for the Controller to comply with the legal obligations, in particular related to tax law and accounting regulations.
  • Article 6(1)(c) GDPR.
If you participate in a recruitment procedure held by Asseco BS, your personal data will be processed for the following purposes:
  • to carry out the recruitment process involving your submission of application documents;
  • Article 6(1)(b) GDPR – to take action at the request of the data subject prior to concluding an agreement;
  • Article 6(1)(c) GDPR – a legal obligation under Article 221 § 1 of the Polish Labour Code and the Regulation of the Minister of Family, Labour and Social Policy on employee documentation (applicably only to persons applying for a position that requires the conclusion of a contract of employment);
  • Article 6(1)(a) GDPR – data subject’s consent to the processing of his or her personal data other than provided for in labour law (e.g. a photo in a CV);
  • Article 9(2)(a) GDPR – data subject’s consent if the application contains special categories of personal data (sensitive data);
  • Article 10 GDPR – data processing is allowed by EU or Member State law if recruitment for a specific position requires the disclosure of personal data relating to convictions or offences;
  • future recruitment procedures carried out by the Controller;
  • Article 6(1)(a) GDPR – consent;
  • establishment, exercise or defence against legal claims.
  • Article 6(1)(f) GDPR – legitimate interest.
If you are a recipient of commercial information and marketing communications distributed by Asseco BS or visit the Asseco BS website, your personal data will be processed for the following purposes:
  • direct marketing of the Controller’s products and services;
  • the processing of application forms;
  • distribution of commercial information by electronic means, in particular newsletters, invitations to events organised by the Controller, information about the Controller’s operations and services, and the offering of the Controller’s products and services;
  • distribution of information about the Controller’s operations, services, and events, and other information that may be of interest to users;
  • Article 6(1)(f) GDPR – legitimate interest;
  • Commercial information will be sent only to persons who have agreed to receive it from Asseco BS within Article 10(2) of the Act of 18 July 2002 on the Provision of Services by Electronic Means;
  • Direct marketing via a telecommunications terminal device (telephone) will be addressed only to persons who have consented to it in accordance with Article 172(1) of the Act of 16 July 2004 Telecommunications Law.
  • administration and management of the Controller’s website (in particular, confirmation and authentication of identity and prevention of access by unauthorised persons);
  • aggregation (statistics) of data for the purpose of analysis and enhancements in the operation of the website;
  • Article 6(1)(f) GDPR – legitimate interest;
  • Cookies are small text files saved in your computer while you are visiting a website to enable a more personalised user experience upon further visits. If you do not wish to receive cookies, you can manage and control them in your browser settings. Before getting registered on our website, you must accept cookies. Upon leaving our website, you can delete cookies from your browsing history (cache memory). For more information, please go to the dedicated cookies tab (Cookies Policy).
  • establishment, exercise or defence against legal claims.
  • Article 6(1)(f) GDPR – legitimate interest.
If you participate in events (conferences, demos, fairs, webinars) held by Asseco BS, your personal data will be processed for the following purposes:
  • organisation of events (conferences, demos, fairs, webinars);
  • Article 6(1)(a) GDPR – data subject’s consent;
  • sharing personal data with the event organiser(s) (e.g. to inform about the time and venue of the event); this applies to situations where an event is held by an entity other than the Controller.
  • Article 6(1)(f) GDPR – legitimate interest;
  • establishment, exercise or defence against legal claims.
  • Article 6(1)(f) GDPR – legitimate interest.
If you are or may be a party to an agreement (order), your personal data will be processed for the following purposes:
  • conclusion, performance, and settlement of the agreement (order), including the Controller’s provision of a user account in one of its websites;
  • Article 6(1)(b) and (c) GDPR – performance of an agreement to which the data subject is a party and a legal obligation;
  • establishment, exercise, and defence against legal claims.
  • Article 6(1)(f) GDPR – legitimate interest.
Transfer of personal data to other entities
The recipients of your personal data, but only in cases where necessary and to the necessary extent, may be entities cooperating with the Controller in the provision of Controller’s services and supporting the Controller’s regular business operations, in particular entities providing IT, legal, and shipment services as well as other entities commissioned to act on behalf of the Controller.
Categories of personal data
We process the following categories of personal data: name and surname along with any of the following categories: e-mail address, telephone number, fax number, geographical address, and, if an agreement has been concluded, also the relevant personal identifier, such as PESEL or NIP; in each case, the processing is limited only to this data that is necessary to achieve a specific purpose.
Transfer of personal data to a third country
Your data will not be transferred outside the European Economic Area (EEA).
Storage of personal data
Your personal data will be processed throughout the term of an agreement concluded with the Controller, and after this period, for the period of limitation of any claims under generally applicable law.

If the processing is necessary for the Controller to fulfil a legal obligation, your personal data will be processed for the period provided for in generally applicable law, in particular tax law and accounting regulations.

If the processing is necessary for the purposes of the Controller’s or third party’s legitimate interests, your personal data will be processed for a period not longer than necessary for the purposes for the processing takes place or until an objection to the processing is raised, subject to the Controller or a third party claiming legitimate grounds for processing which override your interests, rights and freedoms or grounds for establishing, exercising, or defending against claims.
Your rights in relation to personal data processing
If you are a natural person and a sole proprietor who has entered into an agreement with the Controller, you have the right to demand:
  • access to your personal data
  • rectification of your personal data
  • deletion of your personal data
  • restriction of the processing of your personal data
  • transfer of your personal data, including the right to receive it and send it to another controller or to demand, if technically possible, that the data be transferred directly to another controller, to the extent provided for the agreement
  • the lodging of a complaint to a supervisory authority, i.e. to the President of the Office for Personal Data Protection.
Besides, you have the right to object to the processing of your personal data as regards the processing based on the Controller’s legitimate interest.+
If you are a contact person, agent, or another person representing an entity that has entered into an agreement with the Controller or another person involved in the performance of an agreement with the Controller, you will have the right to demand:
  • access to your personal data
  • rectification of your personal data
  • deletion of your personal data
  • restriction of the processing of your personal data
  • transfer of your personal data, including the right to receive it and send it to another controller or to demand, if technically possible, that the data be transferred directly to another controller, to the extent provided for the agreement (however, due to the fact that the Controller does not process your your personal data on the basis of Article 6(1)(a-b) GDPR, you will not be able to exercise this right)
  • the lodging of a complaint to a supervisory authority, i.e. to the President of the Office for Personal Data Protection.
Besides, you have the right to object to the processing of your personal data as regards the processing based on the Controller’s legitimate interest.
Is the provision of personal data obligatory?
If you are a natural person and a sole proprietor who has entered into an agreement with the Controller, the provision of personal data is voluntary, yet necessary to enter into that agreement.

In some cases, the law may impose on the Controller an obligation to obtain your personal data, e.g. for tax or accounting purposes. In the remaining cases, your provision of personal data is voluntary but failure to provided it may make it impossible to achieve the purposes listed above (e.g. the Controller will not be able to send you any commercial communication about its products).
If you are a contact person, agent, or another person representing an entity that has entered into an agreement with the Controller or another person involved in the performance of an agreement with the Controller, the provision of personal data is voluntary, yet necessary to establish contact and ensure proper performance of the agreement concluded with the Controller.

In some cases, the law may impose on the Controller an obligation to obtain your personal data, e.g. for tax or accounting purposes.
Automated decision-making
Under no circumstances may the Controller use your personal data for automated decision-making that may affect your legal situation.
Source of personal data
If you are a contact person, agent, or another person representing an entity that has entered into an agreement with the Controller or another person involved in the performance of an agreement with the Controller, the Controller has obtained your personal data as a result of its provision in the following circumstances: (i) you were named as the person authorised to represent an entity that had entered into an agreement with the Controller or the contact person in an agreement concluded with the Controller, (ii) your personal data was transferred in a different way during the term of an agreement concluded with the Controller for the purposes of proper performance under the agreement, or (iii) your personal data was obtained from publicly available sources (e.g. Central Register and Information on Economic Activity).

    What can we do for your company?

    Send us a message or just leave your contact details. We will reach you at our earliest convenience!