GDPR – Information Clause
INFORMATION ON THE PROCESSING OF PERSONAL DATA
AT CODLAKE S.A.
This document (hereinafter referred to as the “Policy”) provides information on the principles for processing your personal data at Codlake S.A. (hereinafter referred to as “Codlake”).
The following text will inform you, among other things, about the purposes and duration for which Codlake processes or will process your personal data, the categories of entities that may have access to your personal data, as well as the rights you may exercise regarding the processing of your data.
The scope of information provided herein meets the requirements of European data protection regulations, namely Regulation (EU) 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter referred to as “GDPR”).
I. Data Controller and Data Protection Officer
I.1. The data controller of your personal data is Codlake S.A., headquartered in Kraków:
address: ul. Stanisława Skarżyńskiego 14, 31-866 Kraków, Poland.
phone: +48 12 39 51 300,
e-mail: biuro@codlake.com
- Codlake, as the data controller, is committed to fulfilling GDPR requirements to the fullest extent possible, thus protecting your personal data.
- The appointed Data Protection Officer (hereinafter “DPO”) supervises the correct processing of personal data at Codlake S.A.:
address: Inspektor Ochrony Danych, Codlake S.A., ul. Stanisława Skarżyńskiego 14, 31-866 Kraków.
e-mail: iodo@codlake.com
You may contact the DPO regarding any questions or concerns related to the processing of your personal data and your rights.
I.2. Joint Controllers
Within the Euvic Group, agreements have been made to co-manage data in the following areas:
- Sharing information about available human resources for IT projects.
- Processing data in HR, sales, and marketing processes.
Key terms of the joint controller agreement include:
Each joint controller is responsible for GDPR compliance in relation to personal data processing.
List of Joint Controllers:
| Company Name | Website |
| Euvic S.A. | www.euvic.com |
| CLICKAD S.A | euvicperformance.com |
| Euvic Energia sp. z o.o. | energia.euvic.pl |
| Sirocco Mobile sp. z o.o. | www.siroccomobile.com |
| Internetium sp. z o.o. | www.internetium.pl |
| Edge One Solutions sp. z o.o. | www.edge1s.com |
| Euvic Services sp. z o.o. | services.euvic.pl |
| Euvic IT S.A. | www.eit.euvic.pl |
| Euvic Investments sp. z o.o. | |
| EO Networks S.A | eo.pl |
| UNITY S.A | www.unitygroup.com |
| IT Challange sp. z o.o. | itch.pl |
| LEOCODE sp. z o.o. | leocode.com |
| Aden Plus sp. z o.o. | aden.pl |
| Euvic AB (Szwecja) | www.euvic.se |
| RITS PROFESSIONAL SERVICES sp. z o.o. | rits.center |
| Codlake S.A. | www.codlake.com |
| IFORMATION sp. z o.o. | |
| IT-DEV sp. z o.o. | www.it-dev.pl |
| Omnis sp. z o.o. | www.omnis.pl |
| SOFITQ sp. z o.o. | softiq.pl |
| Euvic Solutions sp. z o.o. | www.euvic.solutions |
| X-Code sp. z o.o. | www.x-code.pl |
| Stermedia sp. z o.o. | stermedia.ai |
| HAND2BAND GROUP sp. z o.o. | hand2band.media |
| Śląski Park Informatyczny sp. z o.o. | www.parkinformatyczny.pl |
| Blue Brain sp. z o.o. | bluebrain.pl |
| DVM Data Vision Media sp. z o.o. sp. k. | data-vision-media.com |
| Speednet sp. z o.o. | speednet.pl |
| MULTISHORING sp. z o.o. | multishoring.com |
| Jcode sp. z o.o. | jcode.pl |
II. For what purpose and how long will we process your personal data?
Codlake guarantees that it will process your personal data only for specific, explicit, and legally justified purposes and will not process them further in a manner inconsistent with these purposes. The purpose of processing data is the reason for which we process your personal data. If Codlake intends to process your personal data for other purposes – not mentioned below – you will be separately informed about the new purpose of processing.
The purposes of data processing are listed below. Each of the mentioned purposes has been carefully assessed by Codlake in terms of compliance with the GDPR regulations and the regulations governing Codlake's operations. The following list specifies the purpose of data processing and its corresponding legal basis. Your personal data will be stored for a period appropriate to the fulfillment of the stated purposes.
| 1. Purpose: | Conclusion, proper execution, termination of contracts, or other actions necessary for the execution of the agreement with you. |
| Explanation: | This refers to all actions necessary for preparing for the conclusion of the contract, executing the contract, analyzing and assessing the client's creditworthiness, handling complaints, providing "help center" services, terminating the contract, archiving, performing other legal actions related to the contract, as well as actions to conclude agreements through Codlake with other entities (e.g., signing a leasing contract). |
| Legal basis: | GDPR, Art. 6, para. 1, lit. b) |
| Data processing period: | Until the contract is executed, and thereafter, for other legally justified purposes related to the contract, such as securing potential claims for up to 5 years. In case of no contract conclusion – until the service is completed and for 5 years in case of potential complaints or claims. |
| 2. Purpose: | Fulfillment of obligations arising from legal regulations or the performance of tasks in the public interest. |
| Explanation: | In this case, Codlake processes personal data to fulfill obligations imposed by law or to perform tasks in the public interest. This includes fulfilling Codlake's obligations related to conducting business in terms of tax, accounting, and statistical regulations, as well as executing signed contracts and for archival purposes. |
| Legal basis: | GDPR, Art. 6, para. 1, lit. c) and specific regulations that impose the obligations indicated above, or GDPR, Art. 6, para. 1, lit. e). |
| Data processing period: | GDPR, Art. 6, para. 1, lit. c) and specific regulations that impose the obligations indicated above, or GDPR, Art. 6, para. 1, lit. e). |
| 3. Purpose: | Marketing of Codlake’s products and services |
| Explanation: | This refers to Codlake’s marketing, especially carried out by sending, displaying, or transmitting commercial information via traditional mail or, if consent is obtained, also via electronic communication devices or telephone. Marketing may also be based on profiling, which means processing data for marketing purposes considering the customer’s characteristics, behaviors, or preferences. Using profiling, Codlake can tailor the commercial offers to your interests and needs based on past cooperation. |
| Legal basis: | GDPR, Art. 6, para. 1, lit. f) |
| Data processing period: | Until you object to such processing or until the contracts with Codlake expire. |
| 4. Purpose: | Execution of activities based on given consents. |
| Explanation: | This refers to marketing of services and products of Codlake’s business partners, processing information that constitutes business secrets (including assessing the customer’s payment credibility) after the obligation has expired. In each case, the consent collected from you will specify, among other things, the purpose of data processing that we intend to pursue based on this consent. |
| Legal basis: | GDPR, Art. 6, para. 1, lit. a) |
| Data processing period: | Until consent is withdrawn. |
| 5. Purpose: | Conducting communication or providing services through Codlake's websites and mobile app. |
| Explanation: | Under this purpose, we will also process your data to enable communication or provide services via Codlake’s websites and mobile app. This includes processing identifiers such as the device’s IP address or geolocation information. |
| Legal basis: | GDPR, Art. 6, para. 1, lit. b) or Art. 6, para. 1, lit. f) |
| Data processing period: | For the duration of communication or providing services, no later than until an effective objection is made. For the period of contract execution, and thereafter for other legally justified purposes related to the contract, such as securing potential claims for up to 5 years. |
| 6. Purpose: | Other purposes carried out within the framework of the so-called legitimate interests of the data controller. |
| Explanation: | Purposes realized under the so-called legitimate interests of the data controller are related to the execution of the contract concluded with you or, without a contract, within the framework of supplying goods or services. These include: 1) ensuring the security of Codlake’s premises and property, including monitoring the Codlake headquarters, while respecting the privacy and dignity of individuals, 2) ensuring the security of business transactions, particularly preventing fraud, 3) customizing the marketing content on Codlake's websites based on the behavior of individuals viewing it, 4) protection against claims and collection of debts. 5) internal administrative, accounting, analytical, and statistical purposes. When assessing whether these purposes are legitimate, we consider, among other things: a) any relationship between the purposes for which personal data was collected and the intended further processing purposes, b) the context in which the personal data was collected, especially the relationship between the data subjects and the administrator, c) the nature of the personal data, d) the potential consequences of the intended processing, e) the existence of appropriate safeguards. |
| Legal basis: | GDPR, Art. 6, para. 1, lit. f) |
| Data processing period: | Until the legally justified interests of Codlake supporting this processing are fulfilled or an objection is raised against such processing, not longer than for 5 years. In case of a dispute or ongoing proceedings, particularly court proceedings, the storage period will be counted from the date of the dispute's conclusion or the finalization of the proceedings. |
III. Where Do We Obtain Your Personal Data?
Codlake processes personal data obtained directly from you (e.g., data provided in various forms) as well as data acquired from other sources, legally and based on agreements with partners. These other sources may include public registers, such as KRS, CEIDG, or limited-access sources like BIG, KRD. In each case, Codlake carefully verifies the legal basis for data processing.
IV. What Categories of Personal Data Do We Process?
Depending on your relationship with Codlake, we may process the following categories of personal data collected from you or third parties:
a) personal data (e.g., name, surname, address of residence),
b) contact data (e.g., phone number, mailing address, email address),
c) identification data (e.g., personal identification number, PESEL),
d) transaction data (e.g., payment details),
e) contractual data (e.g., details of concluded agreements),
f) behavioral data (e.g., data on products or services owned and their usage),
g) communication data (e.g., data related to communication with you),
h) audio-visual data (e.g., data related to recording conversations or images for security and evidence purposes),
i) publicly available data or data obtained from third parties (e.g., data obtained from CEIDG, BIK),
j) technical data (e.g., device data used for mobile services),
k) browsing history data (e.g., data necessary for the proper exchange of information between the server and browser when using Codlake’s websites and services).
V. To Whom May Your Data Be Disclosed?
V.1. Access to Your Personal Data – within Codlake’s organizational structure – will only be granted to employees authorized by Codlake and only to the extent necessary. In certain situations, your personal data may be disclosed by Codlake to recipients outside its organizational structure. In every such situation, Codlake carefully examines the legal basis for the disclosure of personal data. It is important to note that the recipient of the data, under the GDPR, is both the entity that processes personal data on behalf of Codlake and the entity to which the data is made available for its own purposes (e.g., public administration authorities).
V.2. Recipients of Your Personal Data may include:
a) public authorities, institutions, or third parties entitled to request or receive personal data based on legal provisions, e.g., courts, Ministry of Finance, Tax Office, Arbitration Court,
b) entities to whom Codlake has entrusted personal data processing based on concluded agreements, e.g., courier service providers, business partners (e.g., agents, call centers, sponsors), postal operators, carriers, companies handling mail or document archiving, companies conducting customer surveys, partners providing technical services (e.g., system and website maintenance), IT service providers, and others processing data on behalf of Codlake,
c) banks, financial institutions, or credit institutions, or other institutions that may receive personal data in connection with the business relationship between Codlake and you (e.g., institutions intermediating in leasing or other similar financial agreements), as well as credit rating agencies (KRD, BIG),
d) electronic payment operators such as Visa, MasterCard, PayU, PayPal, and other entities involved in settlements (e.g., KIR, Swift),
e) telecommunications service providers,
f) entities providing advisory and control services (e.g., auditing firms),
f) entities providing advisory and control services (e.g., auditing firms),
g) entities processing data for debt collection or legal representation, e.g., law firms,
h) insurance companies (e.g., for transaction or shipment insurance),
i) other entities to whom you have given consent for the disclosure and processing of your personal data.
VI. Realization of Rights
Detailed Information on Your Rights:
a) you have the right to access your personal data, including obtaining a copy of the data,
b) if you believe your personal data processed by Codlake is incorrect, you have the right to rectify or complete it,
c) you have the right to request the deletion of your personal data in cases provided by law,
d) you have the right to request the restriction of processing your personal data,
e) you have the right to object to the processing of your personal data in the case of processing for Codlake’s legitimate interest,
f) you also have the right to receive your personal data in a structured format and transfer your personal data to another administrator if technically possible. In the case of data transfer, due to other legal provisions, your consent or that of another person may be required or other conditions set by those provisions must be met,
g) you have the right not to be subject to decisions based solely on automated processing, including profiling, that have legal effects or similarly significant impacts on you, unless this decision is necessary for the performance of a contract, authorized by law, or you have explicitly consented to it beforehand,
h) in cases where the processing of data is based on consent, you have the right to withdraw your consent at any time. You can withdraw consent at Codlake’s headquarters, by phone, on websites, or via electronic correspondence. Withdrawal of consent does not affect the legality of processing done until the moment of withdrawal.
- If you have entered into a contract or transaction, providing personal data is necessary for their execution.
- If you believe Codlake's processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority. From May 25, 2018, this will be the President of the Personal Data Protection Office.
VII. Automated Decisions
When you have a contract with Codlake or if actions are taken to conclude a contract, the processing of your personal data may be automated, which could result in automated decision-making, including profiling. This particularly applies to assessing the Client’s creditworthiness for the purpose of transaction or contract conclusion with Codlake, based on your order details, data contained within internal and external databases (BIG, KRD, etc.). The result of such profiling may be a decision to withdraw from the transaction or contract conclusion.
VIII. Privacy Policy
We have also updated our Privacy Policy to:
- provide clearer and more detailed information about collective rights and obligations regarding privacy and personal data,
- make it easier for you to control the information you provide to us,
- provide more details on the measures ensuring the security of personal data. You can read the full text of our Privacy Policy at: http://website.codlake.com/polityka-prywatnosci/
- The updated Privacy Policy will automatically apply to all Codlake users starting on May 25, 2018. Therefore, continuing to use Codlake’s websites and services from that date will be subject to this obligation.
[ Data Administrator: Codlake S.A. ]
Kraków, October 2024