Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the Regulation), Xcomp spółka z ograniczoną odpowiedzialnością spółka komandytowa hereby presents the following information:

  • The Controller of your personal data within the meaning of the Regulation is Xcomp spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered seat in Szczecin (71-010) at ul. Białowieska 6B, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Szczecin-Centrum in Szczecin, 13th Commercial Division of the National Court Register under the number: 0000385091, Tax Identification Number [Numer Identyfikacji Podatkowej, NIP]: 955-19-45-132; National Official Business Register Number [REGON]: 811914821, hereinafter referred to as the Controller.
  • The Controller can be contacted:
    ➢ in person: at the Controller’s seat (ul. Białowieska 6b, 71-010 Szczecin),
    ➢ via email: biuro@xcomp.pl,
    ➢ by phone at: +48 91 31 23 461,
    ➢ in writing: to the Controller’s seat address
  • The Controller has appointed a Data Protection Officer, who can be contacted in all matters related to personal data processing and exercising the rights under the Regulation:
    ➢ in writing: to the Controller’s seat address,
    ➢ via email: iod@xcomp.pl,
    ➢ by phone at: +48 91 31 23 461,
  • Personal data categories processed by the Controller include, but are not limited to the following:
    ➢ identifying data (e.g. name, surname, job title, company);
    ➢ contact details (e.g. telephone, email, work or private (residence) address in case of service repairs).
  • The Controller obtains data directly from you or from third parties (employers/associates), as well as:
    ➢ in connection with tender procedures;
    ➢ in connection with marketing activities;
    ➢ from publicly available sources (e.g. National Court Register [Krajowy Rejestr Sądowy, KRS], Central Registration and Information on Business [Centralna Ewidencja i Informacja o Działalności Gospodarczej, CEIDG], Internet, social networks, websites, publications, advertising and promotional materials).
  • Your data will be processed by the Controller in the process preceding the conclusion of a contract and for the purpose of:
    ➢ performance and handling concluded contracts;
    ➢ performance and handling of sales processes;
    ➢ performance and handling of implementation and service works;
    ➢ conducting marketing campaigns (unless the consent to receive commercial information in the form of direct marketing has been expressly refused), consisting in informing about relevant, from the point of view of the counterparties’ data security, system and hardware solutions as well as the organization of meetings and training sessions. The processing of personal data for the above-mentioned needs falls within the scope of the Controller’s business activity, while at the same time data processing is necessary for the Controller to be able to create and provide counterparties with products and solutions that increase the security level of their data.
  • You personal data is processed under:
    ➢ Article 6(1)(a) of the Regulation, i.e. the consent obtained directly from you;
    ➢ Article 6(1)(b) of the Regulation, i.e. in order to perform the contract; to perform sales processes; to commission implementation and service works to which you or your employer/principal are a party to or to take action, before concluding the contract; to perform sales processes;
    ➢ Article 6(1)(c) of the Regulation, i.e. the necessity to fulfil the legal obligations of the Controller that include, but are not limited to tax and accounting obligations;
    ➢ Article 6(1)(f) of the Regulation, i.e. based on the necessity of processing for the purposes resulting from legitimate interests pursued by the Controller or by a third party. The legitimate interests pursued by the Controller consist in:
    − pursuing the Controller’s economic interests and ensuring the safety of the services and products offered by the Controller (unless the consent to receive commercial information in the form of direct marketing has been expressly refused) by offering:
    • IT services and maintenance;
    • sales, assembly and implementation of computer hardware;
    • system sales and implementation;
    • software design, development and sales;
    • meetings and training;
    − by means of marketing campaigns carried out by the Controller to provide information about system and hardware solutions that are important from the point of view of security of the Controller’s counterparties, necessary for the Controller to create and provide counterparties with products and solutions that increase the security level of their data;
    − processing data for the purposes of defending against claims or pursuing claims related to concluded contracts;
    − ensuring reliable identification of the counterparty and persons acting on their behalf.
  • Your personal data will be processed:
    ➢ for the duration of the contract for the provision of services or the performance of the sales contract with the Controller;
    ➢ upon termination of the contract for a period:
    − indicated in specific provisions of law, including for the period required to pursue claims until the end of the statute of limitations period;
    − required under generally applicable legal provisions, e.g. in the field of tax law;
    ➢ in the event that personal data processing is performed under Article 6(1)(a) of the Regulation, the personal data will be processed until such consent is revoked or the purpose of data processing based on it ceases.
  • For the purposes indicated above, your personal data may be shared by the Controller with:
    ➢ entities authorized to receive personal data under applicable legal provisions;
    ➢ entities providing accounting, legal, advisory, IT services to the Controller, as well as subcontractors, entities providing courier and postal services;
    ➢ entities related to the Controller, including, but not limited to Xcomp sp. z o.o.
  • Your personal data will not be processed in a manner based on automated decision-making, including profiling.
  • In connection with the processing of your personal data by the Controller under the Regulation, you have the right to:
    ➢ obtain confirmation whether your data is processed by the Controller, as well as the right to access your data (Article 15 of the Regulation);
    ➢ rectify and supplement your data (Article 16 of the Regulation);
    ➢ request the deletion of your data (Article 17 of the Regulation);
    ➢ request restriction of processing of your data (Article 18 of the Regulation);
    ➢ object to the processing of your data at any time (Article 21(1) of the Regulation);
    ➢ transfer your data;
    ➢ in the event that data processing takes place on the basis of consent, you have the right to
    withdraw your consent at any time, in the form in which it was expressed, without affecting the lawfulness of processing based on consent before its withdrawal;
    ➢ lodge a complaint with the supervisory authority, i.e. the President of the Personal Data
    Protection Office, if there is a suspicion that the processing of your personal data violates the personal data protection laws.
  • Your personal data will not be transferred to third countries nor international organizations.
  • Although providing personal data to be processed by the Controller is voluntary, it is necessary to conclude or perform a contract with you or your employer/principal.

The Controller makes every effort to ensure all means of physical, technical and organizational protection of personal data against their accidental or intentional destruction, loss, change, unauthorized disclosure, use or access, in accordance with all applicable regulations, which is confirmed by the Integrated Quality and Information Security Management System, confirmed by appropriate certificates, which has been operated continuously by the Controller since 2010.

On behalf of the Data Controller
Data Protection Officer

Contact:
Adrian Godlewski
Management Board Representative for the Integrated Quality and Information Security Management System
e-mail: adrian.godlewski(at)xcomp.pl
Mobile: +48 601 872 088