Skrivanek sp. z o.o. („Company”, „Skrivanek”, also „we”, „us”, „our”) processes personal data in accordance with the provisions of the Polish law, in particular Regulation of the European Parliament and of the Council No. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (27 April 2016) (“Regulation 2016/679”) and personal data protection act.
- Data Controller and Data Protection Officer – Contact Data
The Controller of your personal data is Skrivanek sp. z o.o., registered seat at: Warszawa, Plac Konstytucji 6/75, 00-550 Poland.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Skrivanek Sp. z o.o.
Ul. Podlaska 12
Tel.: +48 81 4709930 or email: email@example.com.
- Data Processor
2.1. Providing services which may require that our Customer, as the controller, commissions us with processing personal data (e.g. translating content that contains personal data or training Customer’s employees), Skrivanek will act on his (Controller’s) instructions as a processor according to Regulation 2016/679. Processing of such data will be subject to a separate data processing agreement between us pursuant to art. 28 of the Regulation 2016/679.
2.2. In order to sign such data processing agreement, Customer shall inform Skrivanek where such processing as specified in par.2.1. above will take place.
3.1. We abide by generally accepted standards of technology and security in order to protect all data we process from loss, misuse, alteration or destruction, and our information security management system is independently certified as complying with the requirements of ISO/IEC 27001:2013.
3.2. Our policies, procedures and trainings as well as other technical safety measures regarding data protection are regularly reviewed to keep the data we hold secure.
3.3. We assume no responsibility for any unauthorized access to your personal data and/or loss of personal data if it is independent of Skrivanek, for example, due to your fault and/or negligence.
- How we collect personal data
4.1. We may collect personal data from you directly when you:
- order our products or services (including through our Websites, by telephone, e-mail, at our offices);
- visit our Websites;
- contact us with an enquiry, comment or complaint;
- subscribe to our newsletters, news or other service from us (e.g. ask for pricing);
- respond to a survey or participate in a contest;
- provide us with business card or other contact information, for instance during fairs or events.
Providing information is voluntary but may be necessary to provide you with a required service.
4.2. We record some of information automatically when you use our Websites (including with technologies like cookies) or when you are filmed by our video surveillance at Skrivanek.
4.3. We may receive information about you from other companies, like SKRIVANEK Holding SE Group companies and affiliates, and from third parties (e.g. holders of debt registers) upon your prior consent. Moreover, if you are our Customer’s employee, we may receive your business contact data from your employer.
4.4. We may also gather some information about you from publicly available sources, as permitted by applicable law, such as public registries, social media or from publicly available websites.
- What data we collect
Depending on the service provided to you the categories of data we process may include:
5.1. your name, surname, address, contact data;
5.2. personal identity number, tax identification number
5.3. bank details;
5.4. details of identity documents;
5.5. business contact data of Customer’s employees;
5.6. other data that you yourself might provide us with;
5.7. video surveillance recordings and images;
- How we use your personal data
We use the personal information we obtain about you to:
6.1. provide professional services based on any contract with you if you are our existing customer, which involves:
6.1.1. taking the necessary activities to conclude or to perform a contract with you,
6.1.2. payment and debt management,
6.1.3. providing you Customer support, including technical support and claim processing,
6.1.4. sending you Customer satisfaction survey,
6.1.5. informing you from time to time about special offers and other services, including those offered by SKRIVANEK Holding SE group companies,
6.1.6. video surveillance for security reasons at our offices;
6.2. develop our business and services, which involves:
6.2.1. informing you about our new services which we think will be of interest to you with your consent or otherwise in accordance with applicable law;
6.2.2. developing business models using customers’ statistical data;
6.3. facilitate security and quality management, including:
6.3.1. administration of our Websites, systems and applications;
6.3.2. monitoring and documenting procedures in relation to our services to you;
6.4. comply with legal requirements, which involve keeping records (also with personal data) for tax and accounting purposes;
6.5. to provide you with information and services which you required while using our Websites;
6.6. for any other purpose where you have provided valid consent where it is legally required.
- What legal grounds we use to process personal data
7.1. Performance of a contract with you (or actions taken in order to enter into a contract with you) – For example, if you ordered the translation service from us, we need to use your contact data and payment information in order to process your order and deliver the translation (paragraph 6.1.1.);
7.2. Our legitimate interest – We may process your data (when we assess that it does not infringe your basic rights and freedoms) mainly to ensure high quality services to you and to secure our interests with regard to services provided (paragraphs 6.1.-6.3, 6.5).
In particular we may contact you to send you commercial information about new services that might be of interest to you or our special contractual terms, for instance about discounts we may offer.
Besides, as a member of SKRIVANEK Holding SE group, we consider it as our legitimate interest to process our Customers data by sending it to other companies in the group for internal administrative purposes.
7.3. Legal obligation – We will process your data if it is necessary to comply with a legal obligation such as tax law or accounting obligation (paragraph 6.4).
7.4. Your Consent – We may process your data based on the valid consent that you yourself have freely given to us for a particular purpose such as for subscribing our Newsletter. You may provide the consent either in writing e.g. by filling in a form at our office, by using our Websites, or by e-mail correspondence. You can withdraw your consent at any time.
- How long we store your data
Our data retention period depends on the purpose of data processing. It is estimated according the following criteria:
8.1. as long as is necessary to provide services and Customer support;
8.2. the storage period required by or arising from applicable Polish and European law;
8.3. as long as is necessary to protect our legitimate interests;
8.4. until your consent to the processing is revoked.
- How we share your data
We only share your data where it is legally permitted and in order to provide or improve our services. We have the contractual arrangements or security mechanisms in place to make sure that all those with whom we share you data will take steps to protect it. We will not share it with third parties for commercial reasons.
9.1. We may share your personal data with companies (processors) who provide services such as information processing, VPS hosting, marketing, accounting or services which you ordered or used.
9.2. We share your data with duly authorized individuals: our staff, vendors and associates who need to know that information to operate our services.
9.3. Where it is required by law, we may share your data with appropriate public authorities.
9.4. We may share your data within SKRIVANEK SE Holding group.
9.5. If we have a contract with an entity (our Client) concluded on Your behalf, we may share the data within the scope of the contract performance (in particular the attendance and results information with regard to the participants of language trainings provided by Skrivanek) with this entity in line with the contract.
- What rights do you have
10.1. To contact us for a copy of all personal data which we hold about you and to request it to be corrected it if it is found inaccurate or outdated;
10.2. To request the deletion or limitation of processing where it is no longer necessary to retain it;
10.3. To withdraw your consent to processing at any time, where consent was the legal grounds for processing your data;
10.4. To object to our processing of your personal data, in particular to opt out of marketing emails – if you do not wish to receive from us offers related to additional products and services, you may opt out at any time from emails and by contacting us at: firstname.lastname@example.org / email@example.com;
If you want to make any of these requests, please contact us using our Contact Data (See par.1 of the Policy). We may need to request specific information from you to confirm your identity and to speed up our response.
10.5. You also have a right to complain about handling your personal data to the Polish Supervisory Authority.
- Rights in relation to profiling
11.1. Profiling is any type of automated processing of personal data, which is the use of personal data for the purpose of evaluating specific personal aspects of a natural person, in particular analysing or predicting aspects related to the personal preferences, interests, reliability, behaviour, location or movement of that individual;
11.2. While processing your data we may collect certain information about you, such as purchase history, to prepare an individual offer for you. Automated individual decisions are made for business purposes only, and they will not produce legal consequences for the Customer. You have the right to object to profiling by contacting us at: firstname.lastname@example.org / email@example.com; or otherwise using our Contact Data in par. 1 of this Policy
- Data Transfers outside EEA
From time to time we may transfer data outside EEA. Such transfer will always be subject to appropriate safeguards in accordance with the Regulation 2016/679. For example we may transfer data outside EEA if it’s necessary for the purpose of translating documents, and this is always done on the basis of the EU approved Standard Contractual Clauses.