We protect your personal data
Our company has adapted to the requirements of GDPR, i.e. the EU General Data-Protection Regulation.
The new regulation was effective from 25 May 2018.
GDPR introduces and unifies the principles of personal-data processing throughout the European Union.
In particular, it involves personal-data security and protects the right to privacy.
What does it mean for you?
Most importantly, you don’t have to do anything. All consents you have given us are current and valid.
We have implemented the GDPR provisions to better and more-strongly protect your data. This allows you to enjoy many new rights.
On this page you will find practical information on how we protect your data in a short and accessible form.
Please read it.
GDPR at a glance
GDPR involves new rules for the protection of personal data – your rights and freedoms, which result from the EU General Data-Protection Regulation. At SuperDrob we appreciate that the European legislator has unified and updated the regulations protecting personal data. This gives us all greater control over your data and better protection of it. It is worth knowing your rights and principles on the basis of which companies and institutions process personal data.
Basic information on data protection at Superdrob
All personal data protection information is always available to our customers on our website. We are also happy to answer all questions asked by the customers.
- The personal-data controller is SuperDrob S.A., with its registered office in Karczew, at Armii Krajowej 80, 05-480 Karczew, registered at the District Court for the capital city of Warsaw in Warsaw, the 14th Commercial Division of the National Court Register under number KRS 0000053972, Tax-ID No. (NIP) 5320002463, (hereinafter “the Controller”).
You can contact us in the following ways.
- By letter to the address given above, with the reference “GDPR”
- By e-mail: firstname.lastname@example.org
- By phone: +48 22 77 90 600
- We have employed a Data-Protection Manager who is responsible for ensuring that our company complies with the data-protection provisions.
Contact with the Data-Protection Manager
The Data-Protection Manager
Armii Krajowej 80, 05-480 Karczew
- The Controller processes personal data for the purpose of
- implementing transactions, contracts, orders, and deliveries
- ensuring the safety and quality of products manufactured by our company, which is our legal obligation (resulting, among others, from the Act of 25 August 2006 on food and nutrition safety, and Regulation (EC) No. 853/2004 of the European Parliament and of the Council of 29 April 2004, laying down specific hygiene rules for food of an animal origin, as well as our justified interest
- handling and documenting complaints, which is connected with the performance of concluded agreements and which is our legitimate interest
- possible determination, investigation or defence against claims, which is our legitimate interest
- analysis and statistics
- archiving (evidentiary purposes)
- correspondence handling, communication and document circulation”
- replies to letters and requests;
- handling internal administrative matters within the capital group, which is our legitimate interest.
- What data do we process, and on what basis?
We process general personal data. Personal data is any information which identifies (or allows us to identify) a data subject. Most often we process general data such as
- identification data, e.g. first and last name, PESEL number, Tax-ID number (NIP), date of birth
- address details
- contact details, e.g. e-mail address, telephone number
- data from documents (ID card, passport).
We may process personal data when:
- the data subject has consented to that;
- we are engaging in contracts between us and the data subject, or taking action on the subject’s request before entering into such contracts;
- we are fulfilling our legal obligations – on this basis we are processing the data, e.g. in order to complete tax settlements;
- it is required by our legitimate interest, i.e. in situations where, for example, we are conduct direct marketing of the products or services of our company and of entities from our capital group, determining and asserting claims, or defending ourselves against them, preparing statistics and reports, preventing and detect crimes, or ensuring safety.
- For how long do we process the data?
We process the data for the period necessary to achieve the purpose of processing. Specific periods of time are indicated in the documentation which we provide to data subjects. Once the purpose of the processing has been achieved, we delete or anonymise the data. The period of processing of your personal data depends on the purpose for which the data is being processed.
The period during which your personal data will be processed is calculated on the basis of the following criteria.
- The period for which the consent has been given
- The period for which the agreement has been concluded or cooperation is being implemented
- The period necessary to defend the interests of the controller
- The period resulting from the provisions of law (e.g. the Accounting Act).
- To whom and for what purpose can we transfer the customer data?
We transfer personal data to entities processing personal data on request, and other personal-data controllers if they have a legitimate interest. These are entities from the capital group and cooperating entities, IT-service providers, entities processing data for the purpose of debt collection, entities providing archiving services, entities providing legal services, and entities providing other services related to the achievement of objectives.
- You have the following rights related to the processing of your personal data.
- The right to access the data
- The right to transfer the data
- The right to withdraw your consent to personal-data processing
- The right to request rectification of the data
- The right to request deletion of the data or the limitation of its processing
- The right to object to the processing of the data
- The right to file a complaint with the supervisory body (the President of the Office for Personal Data Protection).
- We do not perform profiling, i.e. the automatic evaluation of certain personal factors concerning you, on the basis of your personal data. We do not make automated decisions with regard to you.
- Providing your data is voluntary, but necessary for the achievement of the purpose of processing.
- You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the legality of the data processing which was carried out before its withdrawal.
- The rules for the transfer of the data outside Poland
As a rule, we do not transfer your data outside the European Economic Area. Such transfers may take place only if they are necessary for the purpose for which the data is processed (in particular for the performance of a contract).
We may transfer personal data to entities in the European Economic Area (EEA). This consists of the countries of the European Union, Iceland, Norway and Liechtenstein. In the case of third countries (outside the EEA), e.g. Thailand, we may transfer personal data if they guarantee at least the same level of data protection as in Poland. In practice, such a guarantee is provided by the European Commission’s recognition of such a country as providing adequate protection.
We may transfer personal information to other third countries where we have special arrangements with entities from those countries, as provided for by law or approved by the data-protection supervisory authority in Poland, or where we have obtained your express and unambiguous consent for such a transfer.