New regulations on the protection of personal data are in force as of 25 May 2018. The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), referred to as the GDPR, are applicable as of the aforementioned date.
We are obliged to provide you with the information on personal data processing pursuant to Article 13 of the GDPR. We recommend that you read the following information.
- Commercial cooperation with our business partners involves the need to process a number of personal data, including information relating to identifiable natural persons, i.a.:
– natural persons running a business activity;
– shareholders, statutory representatives, attorneys, representatives and employees of our business partners;
– other persons whose data are processed for the purpose of issuing or paying invoices.
The controller of personal data processed in relation with commercial cooperation is Miracle Art Grzegorz Wilk, Miracle Art Grzegorz Wilk, Jakubowice Konińskie, ul. Lubelska 193 Ciecierzyn, with its registered office in Lublin (registered office address: Józefa Franczaka „Lalka” 14, 20-325 Lublin) (hereinafter: “The Company”, “We”)
- You can contact the Company in any matters concerning the protection of personal data by writing at the following e-mail address: firstname.lastname@example.org
- As a rule, the scope of data which we process is limited to the data necessary to initiate and manage cooperation with a given business partner (e.g. the names, positions, e-mail addresses, phone numbers of contact persons, as well as the NIP and REGON numbers, bank account numbers, and addresses of self-employed persons).
- The data are obtained directly from data subjects, from our business partners or from publicly accessible sources, such as enterprise registers including CEIDG (Central Business Register and Information Service) and KRS (National Court Register).
- The Company shall act in line with the principle of collecting and processing only such personal data as required for the purposes for which the personal data are processed. While planning new projects and operations which require the processing of personal data obtained from our business partners, we will conduct a thorough analysis of which data are necessary for such purposes.
- The personal data of our business partners are processed for the following purposes:
– entering into and performing agreements between the Company and our business partners;
– complying with the legal obligations of the Company, arising from e.g. tax laws and accounting laws;
– pursuing our legitimate interests, including, e.g. contacts with business partners, including keeping internal records facilitating contacts with business partners; marketing products or services; providing commercial information, pursuing claims arising from our business activities; verifying the identity of persons employed in entities collaborating with the Company, e.g. couriers or persons collecting goods.
Article 6(1)(b), (c), and (f) of the GDPR forms the legal basis for the processing of personal data for the aforementioned purposes.
- The personal data of our business partners can be accessed by our authorised employees. Furthermore, the access, within a strictly defined scope, can be granted to entities with which we collaborate for the purposes of data processing referred to in point 6. This mostly pertains to entities we cooperate with on the performance of commercial contracts or fulfilling our legal obligations. The recipients of the personal data are, e.g.:
– IT system providers,
– data hosting service providers,
– courier and postage service providers,
– freight forwarding and transport companies,
– law firms,
– companies providing consulting or audit services,
– companies providing personal and property protection services.
- The personal data of our business partners shall not be transferred to third countries (states outside the European Union) or international organisations.
- The personal data are processed solely for defined purposes and for the period which is necessary for the fulfilment of such purposes. We process the personal data during the terms of agreements entered into with business partners and upon their expiry for the purpose of:
– pursuing claims related to the performance of agreements;
– fulfilling our obligations, including the obligation to archive data, arising from legal regulations, in particular tax laws and accounting laws;
– preventing misuse of funds and fraud;
As a rule, the personal data of our business partners is processed for up to 10 years of the termination or expiry of agreements.
With respect to marketing activities performed in relation to our products and/or services or providing commercial information, the personal data shall be processed during the term of a binding agreement or until the data subject objects to the processing, on the earlier of the two aforementioned dates.
- You have the right to:
– access to and rectification or erasure of personal data or restriction of processing of personal data;
– object to such processing;
– data portability.
- If the personal data is processed pursuant to consent only, you have the right to withdraw the consent at any time. However, this will not affect the lawfulness of processing based on consent prior to its withdrawal.
- You have the right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2; 00-193 Warsaw).
- It is not a legal requirement to provide personal data in trade relations, but it is usually necessary to initiate collaboration and enter into agreements. Failure to provide certain personal data may result in it becoming impossible to accept orders or execute agreements. In certain circumstances we are required by law to request specific personal data, e.g. for accounting and tax purposes.
Your personal data will not be processed in a way resulting in automated decision-making, including profiling. This means that we do not use IT systems which would collect data and make independent, automated decisions, which could produce legal effects to, or otherwise materially affect, our business partners.