![](data:image/svg+xml;utf8,
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 155 24"
enable-background="new 0 0 155 24" xml:space="preserve" height="24" width="155"><g>
<rect width="155" height="24" fill="transparent"/></g></svg>){kind=small}
![](data:image/svg+xml;utf8,
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="Layer_1" x="0px" y="0px" viewBox="0 0 113 24"
enable-background="new 0 0 113 24" xml:space="preserve" height="24" width="113"><g>
<rect width="113" height="24" fill="transparent"/></g></svg>){kind=small}
GDPR
GDPR
Information clause
In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. (the GDPR), we would like to inform you of the following rules for the processing of personal data:
Personal Data Controller (PDC)
Hayne Polska Sp. z o.o. ul. Dąbrowskiego 286/288, 60-406 Poznań,
+48 61 841 02 05, info@hayne.pl; www.hayne.pl
Data Protection Officer (DPO)
Krzysztof Dziemian, email: rodo@hayne.pl
Deputy Data Protection Officer
Krzysztof Kowal, email: rodo@hayne.pl
The PDC processes your data for the purpose of:
1. Recruitment of staff
Legal basis: Art. 6 Section 1 item b) of the GDPR, art. 22(1) Labour Code, and art. 9 Section 2 item b) of the GDPR
(sensitive data). The provision of this data is a statutory requirement and necessary for the purpose of recruitment. You are obliged to provide them and the consequence of not doing so will be that you will not be able to take part in the recruitment process. We process other personal data not required by law (e.g. interests) on the basis of Article 6 Section 1 item a) of the GDPR, i.e. on the basis of your voluntary consent and the provision of such data does not affect your ability to participate in the recruitment.
Period of storage of personal data: We process your personal data until the end of the recruitment process and, where you have consented to participate in future recruitments, for no longer than 12 months from the date of submission of your application documents.
2. Employment of staff
Legal basis: Article 6 Section 1 item b) of the GDPR, Article 22 22(1) of the Labour Code, and Article 9 Section 2 item b) of the GDPR (sensitive data) – processing is necessary for the performance of a contract, Article 6 Section 1 item c) of the GDPR – processing is necessary for the fulfilment of a legal obligation, Article 6 Section 1 item f) of the GDPR – the legal basis for processing is the legitimate interest of the Controller, and Article 6 Section 1 item a) of the GDPR – with regard to personal data not required by law – the legal basis for processing is your consent.
Period of storage of personal data: depending on the fulfilment of the purpose for which the personal data are processed, the period of storage is: 50 years or 10 years for contracts concluded after 1 January 2019 (depending on the date of hiring) from the end of the year in which the employment relationship ended. For contracts concluded after 31 December 1998 and before 1 January 2019, the employer may file a special information report with the Social Insurance Institution, as referred to in Article 4 Section 6a of the Act of 13 October 1998 on the social insurance system, in which case the period may be reduced to 10 years, counting from the end of the calendar year in which the information report was filed.
3. Cooperation with external companies with whom the PDC has a contract for the provision of services
Legal basis for processing: Art. 6 Section 1 b) of the GDPR – processing is necessary for the performance of a contract or for taking steps prior to the conclusion of a contract, the provision of data is necessary for the purpose of cooperation.
Period of storage of personal data: for the period necessary for the performance of the contracts concluded and the principles set out therein. A minimum of 5 years from the end of the year in which the last invoice/accounting document was issued.
4. Implementation of the agreement
Source: Data of employees and collaborators provided as part of the collaboration by the entity being a party to the contract.
Legal basis for processing: Article 6 Section 1 item f) of the GDPR, for the purposes of contact for matters related to the performance of the Main Contract, for administrative purposes, including those related to the organisation of the cooperation and supervision of the performance of the Services or the fulfilment of other obligations or entitlements performed under the Main Contract, for evidential purposes related to the performance of the Main Contract, for the purpose of asserting claims related to the performance of the Main Contract.
Period of storage of personal data: Your personal data will be stored by the Controller for at least the duration of the contracts concluded between the companies, and if necessary for evidentiary purposes – your personal data may also be stored until the statute of limitations for business claims or the end of legal proceedings related to the aforementioned contracts.
5. Sale of services
Legal basis for processing: Article 6 Section 1 item b) of the GDPR – processing is necessary for the performance of the contract between you and the Office, Article 6 Section 1 item c) of the GDPR – for the purpose of keeping accounting and tax records, and Article 6 Section 1 item f) of the GDPR – for the purpose of possibly establishing, pursuing or defending against claims.
Period of storage of personal data: Your data will be stored for the duration of the contract. A maximum of 6 years from the end of the financial year in which the last invoice was issued.
6. Future assertion of claims
Legal basis for processing: Art. 6 Section 1 item f) of the GDPR.
Period of storage of personal data: for the period of the statute of limitations for claims under the relevant type of contract: contract of specific work, contract of mandate – 2 years, cooperation contract – 3 years.
7. Conducting marketing activities related to the conducted business activity
Legal basis for processing: Art. 6 Section 1 item a) of the GDPR and art. 6 Section 1 item f) of the GDPR. The provision of data is voluntary.
Period of storage of personal data: Until the data subject withdraws consent or objects.
8. Providing answers to questions sent by email
Legal basis for processing: Article 6 Section 1 item f) of the GDPR – legitimate interest of the PDC. The provision of data is voluntary.
Period of storage of personal data: until an answer is provided to the request sent, with a maximum of 12 months.
9. Protection of persons and property on the premises of the PDC
Source of data: monitoring data.
Legal basis for processing: Art. 6 Section 1 item f) of the GDPR.
Period of storage of personal data: from the moment of recording for a maximum period of 3 months.
10. Running an online store
Data processed in accordance with the privacy policy available at www.hayne.pl/politykaprywatnosci
11. Handling of complaints
Legal basis for processing: art. 6 Section 1 item c of the GDPR and art. 6 Section 1 item f of the GDPR.
Period of storage of personal data: Your personal data will be stored for the period related to the product complaint, no later than the period of the statute of limitations for claims, and no longer than 6 years.
12. Customer satisfaction surveys
Legal basis for processing: art. 6 Section 1 item f of the GDPR.
Period of storage of personal data: 12 months.
In the event that a purpose other than the one mentioned above arises, the information obligation will be communicated to you directly in the form or during the first action addressed to you.
Rights relating to the processing of personal data:
• Where the legal basis is Article 6 Section 1 item a or b of the GDPR:
the right of access to the content of the data
the right to rectification of the data
the right to deletion of data (right to be forgotten)
the right to restrict data processing
the right to data portability
• Where the legal basis is Article 6 Section 1 item c of the GDPR:
the right of access to the content of the data
the right to rectification of the data
the right to restrict data processing
• Where the legal basis is Article 6 Section 1 item e or f of the GDPR:
the right of access to the content of the data
the right to rectification of the data
the right to deletion of data (right to be forgotten)
the right to restrict data processing
the right to object to the processing of data
Right to withdraw consent:
If the processing is carried out, based on your consent (Article 6 Section 1 item a of the GDPR), we will process your data until you withdraw it. You can withdraw your consent at any time by sending an email to the address indicated above or in person at the Administrator’s premises. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.
After the withdrawal of the consent, the data will be processed for the purpose of protection against claims (Article 6 Section 1 item f of the GDPR) for a period in accordance with the applicable legal provisions, being the maximum of 3 years.
The right to lodge a complaint with a supervisory authority:
If you see violations on the part of the PDC regarding the security of the processing of these data, you can lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Office for Personal Data Protection. The current address of the supervisory authority is: President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
Data security:
Your personal data will be processed, in accordance with the provisions of the GDPR, in writing or electronically, for the purposes stated above and using appropriate methods designed to guarantee the security and confidentiality of your personal data in accordance with Article 32 of the GDPR. Cooperation between our company and business entities is regulated by the relevant legislation.
Data recipients:
In connection with data processing, your personal data may be shared with other recipients or categories of recipients, such as:
• Authorities and institutions as well as relevant entities of the public administration and local government to the extent and for the purposes that result from the provisions of generally applicable law.
• To companies providing services to the PDC, in particular in the field of: personal data protection, to entities providing audit services, IT support, financial, insurance, computer software, equipment maintenance or correspondence.
• Other entities that process personal data for the controller under relevant contracts.
Your data will not be processed by automated means including profiling. Your data is not processed outside the EEA.
e-commerce platform by