PRIVACY POLICY IN XENE P.S.A

(effective date: 01.02.2022)


Content:

  1. Introduction
  2. Administrator and controller
  3. Personal data processing
  4. Miscellaneous


  1. Introduction

    This Privacy Policy describes the general personal data processing rules which we apply in connection with our business and our website, www.xene.pl.

  2. Administrator and controller

    The www.xene.pl website administrator and the personal data controller is Xene P.S.A. with its registered office at ul. Puławska 145B, 02-715 Warsaw, entered in the register of entrepreneurs of the National Court Register kept by the Warsaw District Court in Warsaw, 13th Commercial Division of the National Court Register, at KRS number: 0000947844, NIP No.: 5213953577, and REGON No.: 521058418. In matters regarding the protection of personal data, please contact daneosobowe@xene.pl.

  3. Personal data processing

    We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1), hereinafter: GDPR, the Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, as amended), hereinafter: PDPA, as well as other legislative acts of national law and the European Union law. For the sake of transparency of personal data processing as well as respecting the informational autonomy of those whose data we process, in accordance with Article 13(1) and 13(2) of the GDPR, we hereby provide the information on data processing in the following order:

    • Purposes and legal basis for personal data processing;
    • Personal data retention period;
    • Recipients of personal data;
    • Transfer of personal data outside the European Economic Area (EEA);
    • Rights related to personal data processing;
    • Consequences of not providing personal data.
    1. Purposes and legal basis for personal data processing;
      Persons whose data we process Legal basis for the processing* Purposes of the processing
      When you submit a request or contact us using the contact details provided on the website or directly through our employees · Our legitimate interest You provide us with your data so that we can respond to your request, and – if necessary – take any other actions as you may request, which includes presenting our business proposal to you.
      When you place an order or we establish business relations · Actions desgined to conclude and perform a contract
      · Our legitimate interest
      We need your personal data to take the actions to conclude or perform a contract (e.g. to process your order) to which you are a party or to which the company you represent is a party. We may also use your personal data to conduct surveys and use the resulting information to improve the quality of our services.
      When we conduct marketing activities · Your consent
      · Our legitimate interest
      We may use your e-mail address or phone number for direct marketing of our products and services.
      *Legal basis for the processing:
      · Your consent – Article 6(1)(a) GDPR
      · Actions required to conclude and perform a contract – Article 6(1)(b) GDPR
      · Our legitimate interest – Article 6(1)(f) GDPR
    2. Personal data retention period;

      We store your personal data for the time as necessary to achieve the purposes for which they were collected, in particular until we provide you with comprehensive answers or take the actions as you requested, receive an objection to our marketing activities, and in the event of the conclusion of a contract, e.g. order placement, for the period resulting from the applicable laws, in particular the accounting and tax law. After this time, we may continue to process your personal data in order to assert or defend any claims.

    3. Recipients of personal data;

      We transfer the personal data provided to us to entities that work with us on a regular basis and whose services we use in our business: providers of IT services and resources, including our e-mail and website, marketing agencies, auditors, banks or law firms.

    4. Transfer of personal data outside the European Economic Area (EEA);

      In our daily work, we use Google Workspace and the tools it contains to increase our productivity. Since some of the servers used by the app are located outside the EEA, we transfer your data to third countries. We secure your data using standard data protection clauses approved by the European Commission. For more information on the applied security measures, contact us using the contact details provided above.

    5. Rights related to personal data processing;

      In connection with personal data processing, those whose data we process have the following rights:

      Right Legal basis for the processing
      Your consent
      (Article 6(1)(a) GDPR)
      actions to conclude and perform a contract
      (Article 6(1)(b) GDPR)
      our legitimate interest
      (Article 6(1)(f) GDPR)
      the right to withdraw the consent YES NO NO
      the right to access personal data YES YES YES
      the right of data rectification, erasure or restriction ofthe processing of personal data YES YES YES
      the right to data portability YES YES NO
      the right to object to the processing of personal data NO NO YES
      the right to lodge a complaint with the President of the Personal Data Protection Office YES YES YES

      You can exercise the right to withdraw your consent at any time. Withdrawal of consent, however, does not affect the lawfulness of data processing that performed on the basis of your consent before the withdrawal.
      To exercise the above-mentioned rights, please contact us using the contact details provided in section IV below.

    6. Consequences of not providing personal data.
      Legal basis for the processing Consequences of not providing personal data
      Your consent
      (Article 6(1)(a) GDPR)
      You provide your data freely but they are necessary for the purposes of the processing. Failure to provide the data makes it impossible to further such purposes.
      actions required to conclude
      and perform a contract
      (Art. 6(1)(b) GDPR)
      You provide your data freely but they are necessary to conclude a contract. Failure to provide data prevents its conclusion.
      our legitimate interest
      (Article 6(1)(f) GDPR)
      You provide your data freely but they are necessary for the purposes of the processing. Failure to provide the data makes it impossible to further such purposes.
  4. Miscellaneous

    The provisions of this Privacy Policy may change from time to time. The new privacy protection rules will be published on the website along with their effective date.
    In matters not covered by this Privacy Policy, the provisions of the GDPR, the PDPA and the Polish Civil Code of 23 April 1964 shall apply (consolidated text Journal of Laws of 2017, item 459, as amended).
    Submit any questions or doubts regarding this Privacy Policy should to: daneosobowe@xene.pl, to +48 607 241 659 or by mail to our registered office.
    Notice under the form
    Xene P.S.A. is your personal data controller. We process your data to respond to your request and present our business proposal to you. We process your data on the basis of our legitimate interests. You have in particular the right to access your data, the right of data erasure, the right to object and the right to lodge a complaint with the supervisory authority. For more information on personal data processing go to: Privacy Policy.