1. Andrzej Bugajski running a business under the name of: Andrzej Bugajski “Dalpex” Przedsiębiorstwo Produkcyjno-Handlowe with the main plant at the following address: ul. Sołtysowicka 62A, 51-168 Wrocław, entered into the Central Register and Information on Economic Activity, NIP: 898002290, REGON: 931614796 (hereinafter referred to as Dalpex) is the administrator of personal data of persons providing services to Dalpex (hereinafter referred to as Clients and Contractors).
2. Respecting the rights of customers and contractors as subjects of personal data (data subjects) and respecting applicable law, including in particular Regulation of the European Parliament and of the (EU) Council 2016/679 of 27 April 2016 on the protection of persons individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Personal Data Protection Act (hereinafter referred to as the Act) and other relevant data protection provisions personal data, Dalpex undertakes to maintain the security and confidentiality of personal data obtained from clients and contractors. Dalpex, as the Personal Data Administrator, has implemented appropriate safeguards as well as technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforcement of all your rights as data subjects. Additionally, if necessary, we cooperate with the supervisory authority in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection in Poland (hereinafter referred to as Polish DPA).
3. a) Our company, as the Personal Data Administrator, has appointed the Data Protection Officer, which is Konrad Cioczek ENSIS Kancelaria Prawna Cioczek & Szajdziński Spółka jawna. All inquiries, requests, complaints regarding the processing of personal data by our company (Personal Data Administrator), hereinafter referred to as Notifications, should be sent to the following e-mail address of the Personal Data Protection Inspector: iod@dalpex.pl
4. The content of the Notification should clearly indicate:
5. a) data of the person or persons to whom the Notification relates,
6. b) the event that is the reason for the Notification,
7. c) present your requests and the legal basis for these requests,
8. d) indicate the expected way of settling the matter.
9. Personal data of Customers and Contractors are processed by Dalpex as the Personal Data Administrator in order to perform contracts and services provided by or for the Personal Data Administrator. In accordance with the principle of minimization expressed in the GDPR, we only process the categories of personal data that are necessary to achieve the purposes referred to in the preceding sentence.
10. Providing personal data is voluntary, but necessary to conclude a contract with Dalpex.
11. We process personal data for the time necessary to achieve the purposes mentioned in the preceding point. Personal data may be processed for a longer period than indicated in the preceding sentence, if such a right or obligation imposed on the Personal Data Administrator results from specific legal provisions (e.g. in the field of storing invoices).
12. The source of the Personal Data processed by the Administrator are the data subjects.
13. Your personal data is not transferred to a third country within the meaning of the provisions of the GDPR. If personal data is transferred to a third country, the data subjects are informed about it in advance, and the Personal Data Administrator applies the safeguards referred to in Chapter V of the GDPR.
14. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law, such as e.g. Social Security or the competent Tax Office).
15. Personal data may be entrusted for processing to entities processing such data for Dalpex as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement to entrust the processing of personal data with the processor. The processing entity processes the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our business. Personal data is entrusted primarily to the hosting provider, the company providing accounting services and, if necessary, a law firm providing legal services.
16. Personal data is not subject to profiling within the meaning of the GDPR.
17. In accordance with the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:
18. a) be informed about the processing of personal data referred to in art. 12 GDPR – controllers are obliged to provide the persons whose data they will process the information specified in the GDPR (including about their data, Personal Data Protection Inspector contact details, purposes and legal grounds for the processing of personal data, recipients or categories of recipients of personal data, if any or about the period during which the data will be processed or the criteria for determining this period). This obligation should be fulfilled as early as the moment the data is obtained, and if the data is not obtained from the data subject but from another source, within a reasonable time, depending on the circumstances. The administrator may refrain from providing this information if the data subject already has it,
19. b) access to their personal data, as referred to in art. 15 GDPR – by providing us with your personal data, you have the right to view and access them; however, this does not mean that you have the right to access all documents on which your data appears, as they may contain confidential information; However, you have the right to information about your data and for what purpose we process and the right to obtain a copy of your personal data, the first copy is issued free of charge, and for each subsequent copy, in accordance with the provisions of the GDPR, we charge an appropriate administrative fee corresponding to the cost of making a copy,
20. c) correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR – if your personal data has changed, please inform us as the Personal Data Administrator so that the data we have is consistent with the actual state and up to date; also in a situation where there has been no change of personal data, but for any reason the data is incorrect or has been recorded incorrectly (e.g. due to a typing error), please inform us in order to correct or rectify such data,
21. d) deletion of data (the right to be forgotten), referred to in art. 17 GDPR – in other words, you have the right to request “deletion” of data held by us as the Personal Data Administrator and the right to contact us as the Personal Data Administrator so that we inform other administrators to whom we have provided your data about the need to delete it. You may request the deletion of your personal data primarily when:

– the purposes for which the personal data have been collected has been achieved, e.g. we have fully completed the contract concluded with you,

– the basis for the processing of your personal data was only consent, which was then withdrawn and there are no other legal grounds for further processing of your personal data

– you have raised an objection pursuant to Art. 21 of the GDPR and you believe that we do not have any overriding legal grounds for further processing of your personal data,

– your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for the processing of personal data – please remember that in this case you must have a basis for your request,

– the need to delete your personal data results from legal provisions,

– personal data relates to a minor and was collected in connection with the provision of information society services,

1. e) restriction of processing referred to in art. 18 GDPR – you can contact Dalpex with a request to limit the processing of your personal data (which would mean that until the matter is resolved, Dalpex would only store it), if:

– you contest the accuracy of your personal data, or

– you believe that we process your data without a legal basis, but at the same time you do not want us to delete this personal data (i.e. you do not use the right referred to in the preceding letter), or

– you have lodged an objection referred to in point (a) f of this point, or

– your personal data is needed to establish, assert or defend claims, e.g. in court,

1. f) transfer the data referred to in art. 20 GDPR – you have the right to obtain your data in a format that allows the data to be read on a computer and the right to send this data in such a format to another administrator; you are entitled to this right only if the basis for the processing of your data was your consent or the data was processed automatically,
2. g) object to the processing of personal data, as referred to in art. 21 GDPR – you have the right to object if you do not agree to the processing of personal data by us, which we have processed so far for legitimate purposes in accordance with the law,
3. h) not being subject to profiling referred to in Art. 22 in connection with with art. 4 point 4 of the GDPR – you will not be subject to automated decision making or profiling within the meaning of the GDPR, unless you consent to it; additionally, we will always inform you about profiling, if it should take place,
4. i) lodging a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR – if you believe that we are processing your personal data unlawfully or in any way violate the rights resulting from the generally applicable provisions of law in the field of personal data protection.
5. With regard to the right to delete data (the right to be forgotten), we would like to point out that in accordance with the provisions of the GDPR, you do not have the right to exercise this right if:
6. a) the processing of personal data is necessary for Dalpex to fulfill its legal obligations resulting from the provisions – we cannot delete your data for the period necessary to comply with the obligations (e.g. tax obligations) that are imposed on us by law,
7. b) the processing of your data is carried out for the purposes of investigating, establishing or defending claims.
8. If you want to exercise your rights referred to in the preceding points, please send a message by e-mail to the following e-mail address: iod@dalpex.pl
9. Each identified security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects are informed about such a breach of the provisions on the protection of personal data, and – if applicable – the President of the Office for Personal Data Protection in Poland..