Privacy Policy

Initial information

By respecting the right to privacy of those who shared their personal data with Colian sp. z o.o.[1] (hereinafter “Colian”) we want to ensure that the acquired data is processed in accordance with national and European legislation and in conditions that ensure their safety – meaning their confidentiality, accessibility, integrity and accountability of the tasks being carried out. Wanting to ensure transparency of the personal data processing carried out by us, we would like to present the safeguarding measures for personal data at Colian established on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).

Data Controller

The Data Controller, meaning the entity that decides on the objectives and means of personal data processing is Colian sp. z o.o. with its registered office at ul. Zdrojowa 1, 62-860 Opatówek, and also as relevant the entities listed in the footer. In matters related to the processing of your personal data you can contact us by email, writing to rodo@colian.com

Data acquisition and purpose of their processing

Colian is a leading Polish enterprise with Polish capital on sweets, beverages, condiments, dried nuts and fruits market. It is also present on the logistic services market. By executing its business functions, we process personal data for the following purposes:

Purpose of processing

Legal basis and period for which the personal data will be stored

Legitimate interest, if present

Concluding and executing an agreement with a customer or contractor.

Article 6 (1) (b) and (f) of GDPR

 

During the whole agreement term, and once the agreement was terminated till the moment the time for making claims resulting from the agreement expires, as a rule 3 years, up to 6 years.

Data Controller, due to the steps taken to conclude or execute an agreement will contact the employees/co-workers of customers and contractors. Moreover, the Data Controller can acquire from the contractor basic data of their employee/co-worker (name and surname, place of work, phone number and in specific cases document number with a photo) due to the execution of an agreement from an entity where such a person is hired/with which such a person cooperates.

Handling claims and complaints.

Article 6 (1) (b) and (f) of GDPR

 

For 1 year, once the guarantee period expires or a complaint was settled.

Data Controller, due to complaints handling, will contact the employees/co-workers of customers.

Pursuing claims or defence against legal claims

Article 6 (1) (f) of GDPR

 

During the course of the proceedings concerning claims, that is till the time they are legally settled, and in case of enforcement proceedings till the time the claims are settled.

Data Controller due to pursuing claims or defence against legal claims can process personal data of employees/co-workers of customers or contractors.

Documents archiving that is archiving of agreements and settlement documents

Article 6 (1) (c) of GDPR

 

For the time periods indicated by law, and if for specific documents such time periods are not defined, for the time their storage is in line with the legitimate interest of the data controller that is regulated with the time of possible pursuing of claims.

-

Statistical purposes

Article 6 (1) (f) of GDPR

 

For the time for carrying out other processing activities indicated in this table. We do not store personal data solely for statistical purposes.

Information on statistics carried out by the Data Controller makes it possible to facilitate the activity carried out.

Marketing activities without the use of electronic communication

Article 6 (1) (f) of GDPR

 

Till the time an objection is filed, that is providing us with a declaration of any type that you do not want any contact with us and you do not want to receive any information about activities we are undertaking.

Marketing activities promoting our business activity.

Marketing activities with the use of electronic communication

Article 6 (1) (a) of GDPR

 

These activities, due to other legally binding provisions of law,

especially Telecommunications Law and Act on provision of services by electronic means are carried out on the basis of held consents.

 

Till the time such a consent is withdrawn, that is providing us with a declaration of any type that you do not want any contact with us and you do not want to receive any information about activities we are undertaking, and after the withdrawal of such a consent for the purpose of proving that Colian complied with its legal obligations and claims related to them (up to 6 years from consent withdrawal).

Marketing activities promoting our business activity with the use of emails and phone numbers.

Access control, including monitoring of data at the data controller’s premises to increase the safety of employees and protect the property and to maintain the information confidentiality.

Article 6 (1) (c) and (f) of GDPR

 

Till the moment an objection is raised, no longer than 1 year.

 

Video surveillance records are processed only for the purposes for which they were recorded and are stored for a period not exceeding 3 months from the date of recording, unless the recording is an evidence in the proceedings, then till the moment a legally binding decision on the proceedings is made or till the moment an objection is filed.

Access control for those being at the data controller’s premises is the data controller’s legitimate interest and in case of employees it stems from the provisions of law (article 222 of Labour Code).

 

Data Controller can acquire basic data of employee/co-worker (name and surname, place of work, phone number and in specific cases document number with a photo) before the data subject arrived from an entity where such a person is hired/with which such a person cooperates.

Recruitment

Article 6 (1) (a) (c) and (f) of GDPR

 

Up to 6 months from the moment the recruitment was completed, and in case a consent for processing for further recruitment was given, no longer than 1 year.

Data Controller, without an additional consent of data subject can store work candidates’ personal data who were not hired up to 6 months once the recruitment is over as a legitimate interest of the data controller as the hired employee/co-worker can resign or turn out to be not fit for the position.

HR management – management of employees and co-workers

Article 6 (1) (a) (b) (c) and (f) of GDPR

Article 9 (2) (b) of GDPR

 

In line with the binding provisions of law that require archiving of labour law documents that is personal files for 50 years, in some cases for 10 years. The 10-years storage period of documents in matters related to employment relationship and personal files will apply to all employees employed after 1 January 2019. In case of employees employed in the period from 31 December 1998 to 1 January 2019, the documents related to employment relationship and personal files will be stored for 50 years from the moment the employment relationship was terminated or expired, unless the employer files a declaration to provide for all employees and contractors hired in that period information reports and will provide such reports.

 

If the storage period for selected documents is shorter, the data controller will abide by the shorter period. In case of civil-law contracts, such contracts will be stored till the moment limitation periods expire.

The image is used solely on the basis of consent given by employee/co-worker.

Contact form on the website

Article 6 (1) (b) of GDPR

Answering requests and questions sent via contact form or in other form, including storage of sensitive requests and provided answers to maintain the accountability principle.

 

If the time periods for pursuing claims are shorter than storage periods of settlement documents for tax purposes, such documents will be stored for the time necessary for tax and settlement purposes that is for 5 years from the year when the tax liability was satisfied.

Data recipients

Due to its business activity, Colian will share your personal data with the following entities:

-         State authorities (for example Tax Offices, Customs Offices, Police) or other entities authorized under the provisions of law,

-         Entities that support us in our business on our order in particular with: external suppliers of ICT systems that support our activities, audit firms or entities cooperating with Colian within marketing campaigns and such entities will process personal data on the basis of agreement concluded with Colian and in accordance with its orders as well as with other Colian Group entities, listed in the footer, as necessary,

-         Banks in case of the need for settlement services.

Rights within data processing and voluntary data submission

Every person whose data is being processed by Colian has the right to:

-         access their personal data,

-         correct their personal data,

-         delete their personal data,

-         limit the processing of their personal data,

-         object to the processing of their personal data,

-         move their personal data.

More information on the data subjects’ rights can be found in Article 12-23 GDPR that can be accessed by clicking the link: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

Moreover, data subject whose data is being processed has the right to file a complaint to the supervising authority, that is President of the Office for Personal Data Protection. More information can be found here: https://uodo.gov.pl/pl/p/skargi

Do you need to share your personal data?

Providing data is necessary to conclude agreements and settle the carried activity and for Colian to fulfil its legal obligations. In other scope (in particular for the processing of personal data for marketing purposes) the providing of data is voluntary.

Transfer of data to third countries

Personal data will be processed in the European Economic Area.

Moreover, it may happen that the basic professional data of an employee/co-worker of Colian (such as: name and surname, position, business phone number and email address) can be transferred to third countries. The necessity to transfer data to third countries is subject to an agreement between Colian and employee/co-worker whose data is being transferred. Transfer to third country of personal data of an employee/co-worker does concern those who will be carrying out activities for a customer or potential customer from a third country.

Automated processing of data

Personal data will not be processed with the use of automated means (including profiling) in a way that would result in any decisions being made that could produce legal effects or in other way significantly influence out customers, contractors and their employees/co-workers.



[1] but also with:

Colian Holding S.A., ul. Zdrojowa 1, 62-860 Opatówek

 

and entities that have economic/capital/personal ties with Colian Holding S.A.:

 

Colian Factory sp. z o.o., ul. Zdrojowa 1, 62-860 Opatówek

 

Colian Logistic sp. z o.o., ul. Zdrojowa 1, 62-860 Opatówek

 

Manufaktura Goplana sp. z o.o., ul. Majkowska 32, 62-800 Kalisz

 

Ziołopex sp. z o.o., ul. Zdrojowa 5, 62-860 Opatówek