PRIVACY POLICY

Introduction

In connection with the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as: GDPR is established at Megmar Logistics & Consulting Sp. z o. o. and Megmar Logistics & Consulting Elżbieta Maślarz – hereinafter collectively: Megmar, Personal Data Protection Policy.

Megmar Logistics & Consulting Sp. z o. o. Company (hereinafter: MLC) and Megmar Logistics & Consulting Elżbieta Maślarz – (hereinafter: MLC EM), jointly determine the purposes and methods of processing personal data, and thus become joint controllers of personal data.

Our goal is also to properly inform you about the legal basis for processing personal data, the methods of collecting and using it, as well as the rights of the persons whose data we process.

Personal data of joint controllers

Below we provide the details of the joint controllers:

Megamar Logistics & Consulting Sp. z o. o. with its registered office in Kutno at Marii Skłodowskiej – Curie 10, 99-300 Kutno, entered into the register of entrepreneurs maintained by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register, under the KRS number 0000386295, with the share capital of PLN 500,000.00 (fully paid up), TIN PL7752637229, REGON No 101085290,

Megamar Logistics & Consulting Elżbieta Maślarz, sole proprietorship entered into the Central Register and Information on Business Activity, with its registered office in Kutno at Marii Skłodowskiej – Curie 10, 99-300 Kutno, TIN PL7751005527, REGON No 610296735.

What are personal data and what does their processing mean?

Personal data means information relating to an identified or identifiable natural person. Personal data processing is any action taken on personal data, regardless of whether it is carried out by automated means or not, e.g. collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying. Megmar processes personal data for various purposes, and depending on the purpose, different collection methods, legal bases for processing, use, disclosure and storing periods may apply.

When does this Privacy Policy apply?

This Privacy Policy applies to all cases in which MLC and MLC EM are joint controllers of personal data and process personal data.

How, on what legal basis and what types of personal data does Megmar process?

We wish to be transparent about the methods and legal basis for processing personal data, as well as the purposes for which Megmar processes personal data. We make sure to always provide the necessary information in this respect to each person whose personal data we process as joint data controllers. Below is a summary of personal data processing operations.

At the same time, we would like to point out that in the case of processing personal data based on the legitimate interest of the joint data controllers, we try to analyse and balance our interest and the potential impact on the data subject and the rights of that person arising from the provisions on personal data protection. We do not process personal data based on our legitimate interest if we conclude that the impact on the data subject would outweigh our interests (in which case we may process personal data if, for example, we have the appropriate consent or if it is required or permitted by law).

  1. Processing of personal data of persons visiting the website operated by Megmar

The website and all its subpages and subdomains use cookies only for the following purposes:

Google Analytics (cookie administrator: Google Inc. based in the USA),

Google AdWords (cookie administrator: Google Ireland Limited, based in Ireland),

Facebook (cookie administrator: Facebook Ireland Limited based in Ireland),

Hotjar (cookie administrator: Hotjar Limited based in Malta),

Smartsupp (cookie administrator: Smartsupp.com, s.r.o. with its registered office in the Czech Republic),

Albacross (cookie administrator: Albacross Nordic AB is based in Sweden).

(a) creating aggregate statistics and analyses that facilitate understanding of how the Service is used and assist in its development,

(b) optimizing websites for different devices and browsers,

(c) measuring the effectiveness of conducted advertising campaigns and activities, as well as matching the content and forms of advertisements displayed both on the Service’s website and, for example, in the Google advertising network (more details: https://support.google.com/adwords/answer/2407785);

Cookies are computer data, in particular text files, which are stored on the user’s end device and are intended for using websites. Cookies usually contain the name of the website they come from, the time of their storage on the end device and a unique number.

The entities that place cookies on the user’s end device and obtain access to them are the co-administrators of the websites and sub-sites in the megmar.pl and megmar.eu domains.

Cookies are used for the following purposes:

  • customizing the content of websites to user preferences and optimizing the use of websites; in particular, these files enable the recognition of the user’s device and the appropriate display of the website, tailored to the user’s individual needs;
  • creating statistics that help understand how users use websites, which enables their structure and content to be improved;
  • maintaining the user’s session (after logging in), thanks to which the user does not have to re-enter their login and password on each subpage of the website.

The website uses two basic types of cookies:

  • “session cookies” are temporary files that are stored on the user’s end device until logging out, leaving the website or turning off the software (web browser).
  • “persistent cookies” are stored on the user’s end device for the time specified in the cookie file parameters or until they are deleted by the user.

The following types of cookies are used within the website:

  • “essential” cookies that enable the use of services, e.g. authentication cookies used for services that require authentication on the website;
  • cookies used to ensure security, e.g. used to detect authentication abuse on a website;
  • “performance” cookies, enabling the collection of information on how the website is used;
  • “functional” cookies, which enable “remembering” the settings selected by the user and personalising the user interface, e.g. in terms of the selected language or region the user comes from, font size, appearance of the website, etc.

In many cases, the software used to browse websites (internet browser) allows cookies to be stored on the user’s end device by default. Users may change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform each time they are placed on the user’s device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.

The Joint Administrators inform that restrictions on the use of cookies may affect some functionalities available on the website.

Cookies placed on the user’s end device are not used to display third-party advertising materials.

  1. Processing of personal data of persons contacting Megmar in order to obtain information about the offer, as well as those contacting in order to conclude a contract with Megmar

In the case of natural persons (acting both on their own behalf and on behalf of entities that are not legal persons) contacting Megmar in order to obtain information about the offer, as well as in order to conclude a contract with Megmar, we collect the following personal data: name and surname, position, rank, address of the entity represented by the contacting person, e-mail address, telephone number, fax number. In particular, these people may send us e-mail and contact us by telephone.

We ask you not to provide us with information that falls into special categories of personal data (such as information about race, ethnic origin, political opinions, religious or physiological beliefs, trade union membership, information concerning physical or mental health, genetic data, biometric data, information about sexual life or sexual orientation and criminal history). If you provide such information for any reason, it will constitute your express consent to our collection and use of such information in the manner set forth herein or as set forth at the point where such information is disclosed.

We collect the above data based on the legal basis for processing specified in the GDPR, i.e.:

  • based on the consent expressed by the person submitting the inquiry in order to obtain information about the offer – we consider the consent to be expressed and this Policy to be accepted by the given person contacting us and whose data it concerns, if they contact us in any way,
  • in order to perform the contract (fulfill the request submitted by a given person),
  • legitimate purpose of the joint data controllers.
  1. Processing of personal data of Megmar customers and potential customers

Megmar processes the personal data of its customers and potential customers, which include the data indicated above in point 2 (processing of personal data of persons contacting Megmar in order to obtain information about the offer, as well as contacting in order to conclude a contract with Megmar) and contact details, payment details, bank account numbers. Personal data of business contacts may be used for the purpose of conducting Megmar’s commercial activities.

The processing of personal data of customers is carried out in accordance with the GDPR on the basis of:

  • consent – we consider consent to be expressed and this Policy to be accepted by a given person if they contact us in any way as a customer,
  • performance of the concluded contract,
  • legal obligation (e.g. tax law, accounting regulations),
  • the legitimate interests of Megmar (e.g. marketing).

The processing of personal data of potential customers is carried out in accordance with the GDPR on the basis of:

  • consent – we consider consent to be expressed and this Policy to be accepted by a given person if they contact us in any way as a potential customer,
  • the legitimate interests of Megmar (e.g. marketing).
  1. Processing of personal data of persons visiting the Megmar office

In the case of natural persons (acting both on their own behalf and on behalf of entities that are not legal persons) visiting the Megmar office in Kutno at Marii Skłodowskiej – Curie 10, we collect the following personal data: name and surname, series and number of ID card, image (in the internal and external monitoring system).

The processing of personal data of customers is carried out in accordance with the GDPR on the basis of:

  • consent – we consider consent to be expressed and this Policy to be accepted by a given person when he or she appears at Megmar’s registered office,
  • legal obligation (e.g. regulations on the protection of classified information),
  • legitimate interest of Megmar.

How long do we process personal data?

The period for which we may process personal data depends on the legal basis that constitutes the legal premise for the processing of personal data by Megmar. We do not process personal data for a period longer than required by law. We hereby inform you that:

  1. in the event that Megmar processes personal data based on consent – the processing period lasts until the user withdraws this consent,
  2. in the event that Megmar processes personal data on the basis of the legitimate interest of the joint data controllers – the processing period lasts until the aforementioned interest ceases (e.g. the limitation period for civil claims) or until the data subject objects to further such processing – in situations where such an objection is available under the law,
  3. in the event that Megmar processes personal data because it is necessary due to applicable legal provisions, the periods of data processing for this purpose are specified by those provisions,
  4. In the absence of specific legal or contractual requirements, the basic data storage period for data and evidential documentation prepared in the course of performing a contract is a maximum of 10 years.

When and how do we share personal data with third parties?

As a rule, we do not transfer the collected personal data to third parties, however, we transfer personal data to others only when we are permitted to do so by law. This applies to Megmar’s subcontractors performing services on behalf of Megmar and entities authorised to obtain data under applicable law, i.e. courts or law enforcement authorities. We then transfer data to these entities only to a limited extent, ensuring the protection of other people’s data through security mechanisms and in compliance with our data protection and confidentiality standards.

What rights do data subjects have and how can they be exercised?

Natural persons have certain rights regarding their personal data, and joint data controllers are responsible for implementing these rights in accordance with applicable law.

Rights of persons providing data:

  • Access to personal data – natural persons have the right to access the data we store as joint data controllers,
  • Change of personal data – natural persons have the right to change, including updating, their personal data,
  • Withdrawal of consent – in the case of processing personal data based on consent, natural persons have the right to withdraw this consent at any time, as easily as it was granted,
  • The right to restrict or object to the processing of personal data – natural persons have the right to restrict or object to the processing of personal data at any time, unless the processing is required by law,

A natural person may object to the processing of his or her personal data when:

  1. the processing is based on a legitimate interest or for statistical purposes, and the objection is justified by the specific situation in which it finds itself,
  2. personal data are processed for direct marketing purposes,
  • The right to request the deletion of data – when a natural person withdraws their consent to the processing of data by Megmar, when a person objects to the processing of their data by Megmar, when the data is processed unlawfully and when the data is no longer necessary for the purposes for which it was collected by Megmar,
  • The right to data portability – when the processing of a person’s data is based on the consent of the natural person or a contract concluded with him or her and when the processing is carried out automatically.

For any questions or requests regarding the scope and implementation of your rights, or to contact us in order to exercise a specific right regarding personal data protection, please contact us at the following e-mail address: odo@megmar.pl. We reserve the right to exercise the above rights after positive verification of the identity of the person applying for a given activity.

Persons whose personal data is processed by Megmar also have the right to lodge a complaint with the supervisory authority, which is PUODO, ul. Stawki 2, 00-19 Warsaw.

Are there any possible changes to this Privacy Policy and when?

We undertake to regularly review this Privacy Policy and change it when it proves necessary or desirable due to new legal regulations, new guidelines from authorities responsible for supervising personal data protection processes, best practices in the area of personal data protection. We also reserve the right to change this Privacy Policy in the event of changes in the technology by which we process personal data, as well as in the event of changes in the methods, purposes or legal basis for processing personal data by us.

Privacy Policy last updated on November 25, 2024.