Information Obligation Under GDPR
In accordance with the General Data Protection Regulation (GDPR) of May 25, 2018, we declare that personal data is processed by 2KMM Sp. z o.o. solely in connection with the services it provides, in compliance with legal principles and to the extent necessary for achieving the legitimate purposes of the Controller. We also ensure that appropriate technical and organizational measures have been implemented to protect your personal data against unauthorized access. In light of the above, we would like to inform you that:
1. Data Controller
The Data Controller is:
2KMM Sp. z o.o. with its registered office at:
Strzelców Bytomskich 3,
40-310 Katowice,
Phone: +48 32 479 99 90, Fax: +48 32 479 99 91,
Email: 2kmm@2kmm.pl
2. Contact Details Regarding Data Protection
For matters related to personal data protection, you can contact us as follows:
- By email: rodo@2kmm.pl
- In writing to the Controller’s registered address.
3. Legal Basis and Purpose of Data Processing
Personal data is processed based on Article 6(1)(f) of GDPR, i.e., based on the necessity of processing for purposes arising from legitimate interests pursued by the Controller or a third party.
Categories of processed data include:
- Personal data processed in connection with submitted correspondence.
- Personal data processed in connection with contract execution, where the legal basis for processing is the necessity to perform a contract to which the data subject is a party.
- Personal data of job applicants, including private contact details, professional qualifications, and information about previous employment for decision-making on hiring.
- Employee personal data, collected for purposes related to human resource management, performance, salaries, and taxes.
- Monitoring data processed to protect property and persons on the premises/buildings owned by the Controller.
4. Recipients of Personal Data
The recipients of personal data are authorized and trained individuals who process the data, entities processing data based on written contracts, and postal operators for correspondence delivery.
5. Transfer of Data to Third Countries
Personal data is not transferred to third countries or international organizations.
6. Retention Period for Personal Data
- Personal data will be retained only for the period necessary to fulfill the purpose for which it was collected or as required by law.
- After fulfilling the purpose, data may be retained solely for archival purposes, for a period determined primarily by legal regulations.
7. Rights of Data Subjects, Including Access to Personal Data
Under the GDPR, you have the right to request the following from the Controller:
- Access to your data,
- Correction of your data,
- Deletion or restriction of processing,
- Objection to processing,
- Data portability.
8. Right to Withdraw Consent
If data is processed based on the subject’s consent, the subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the legality of processing based on consent prior to its withdrawal.
9. Right to File a Complaint with the Supervisory Authority
You have the right to file a complaint about our actions related to personal data processing with the President of the Personal Data Protection Office.
10. Automated Decision-Making (Profiling)
Your data will not be subject to automated decision-making, including profiling.
11. Information on the Requirement/Voluntary Nature of Providing Data
Providing personal data is a legal requirement for entering into a contract and is voluntary; however, failure to provide data required by the Controller may result in the non-performance of the contract. In other cases, data provision is based on the voluntary consent of the data subject or legal regulations (particularly the Regulation); however, failure to provide data required by the Controller may result in the inability to perform the contract.
