PERSONAL DATA PROCESSING POLICY
Based on Article 13(1) and (2) and Article 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/56/ EC (hereinafter: "GDPR") applicable as of 25 May 2018, we inform you about the manner and purpose we process your personal data (hereinafter: "data"), as well as your data protection rights.
1. Who is responsible for data processing and who can you contact?
The controller of your data is Mihi Sp. z o.o. (hereinafter referred to as the "Company"), which can be contacted: in writing by addressing correspondence to: Mihi Sp. z o.o., ul. Modlińska 6A/224; 03-216 Warsaw, Poland, by e-mail, at: help@mihi.care
The Company has designated a Data Protection Officer, who can be contacted in writing by directing correspondence to: Mihi Sp. z o.o., ul. Modlińska 6A/224; 03-216 Warsaw, with the notation: "Data Protection Officer" and by e-mail at: help@mihi.care
2. Why, for which purpose and on what legal basis do we process your data?
We process your data in accordance with the provisions of the GDPR and Polish data protection legislation. We do this because we fulfil: contractual obligations and take action at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR), legal obligations (Article 6(1)(c) GDPR), tasks serving the public interest (Article 6(1)(e) GDPR).
What does this mean?
Data is processed for the purpose of carrying out the activity, entering into or performing the contract in relation to which it has been provided to the Company, for example, for the recruitment process, the establishment of a relationship under an agency, intermediation, cooperation or other commercial contract, depending on the circumstances.The data is processed in order for the Company to carry out its business activities and provide other services in the performance of contracts concluded with customers or employees, or for the performance of activities carried out at the customer's request before or in connection with the conclusion of the contract. If necessary, we will process your data in order to fulfil the requirements imposed by, among others, the above-mentioned regulations. Your data may furthermore be processed for purposes such as: the performance of obligations in accordance with tax legislation, social security obligations. Furthermore, it is relevant that: we process your data, if necessary, for purposes arising from legitimate interests pursued by the Company or a third party (Article 6(1)(f) GDPR).
3. Who can we share data with?
Data may be shared with other recipients in order to perform a contract with you, in order to comply with a legal obligation incumbent on the Company, based on your consent or for purposes arising from the legitimate interests of the controller or a third party. Recipients may be, in particular: authorised employees of the Company and other persons acting under the authority of the Company. Data is also transferred to entities processing data on behalf of the Company and to persons acting under their authority, whereby such entities process data on the basis of a contract with the Company and only in accordance with the Company's instructions and subject to professional and insurance secrecy (i.e. specific information protection obligations under the relevant legislation). Entities performing tasks for and on behalf of the Company include those providing services, in particular in the areas of banking, IT, debt collection, legal, insurance (including insurance mediation), agency, brokerage and marketing.
4. Will your data be transferred to a third country (outside the European Union)?
Data may be transferred to recipients in countries outside the European Union ("third countries"): if this is necessary for the performance of a contract concluded between you and the Company, or to take steps prior to the conclusion of such a contract in order to conclude it, within the framework of the Company's use of IT infrastructure (cloud storage, email). Where the processing involves the transfer of data outside the European Union, such transfer will take place using the Standard Contractual Clauses or Privacy Shield regulations approved by the European Commission, in order to ensure an adequate level of personal data protection as required by law. In other situations, your data may be transferred to third countries in the cases indicated in the GDPR. You may obtain a copy of data transferred to a third country by making such a request to the Data Protection Officer.The transfer of data to a third country may also take place with your consent. Accordingly, your data will be transferred to a third country on the basis of Article 49(1)(a) and Article 49(1)(b) GDPR.
Data may be transferred to recipients in countries outside the European Union ("third countries"): if this is necessary for the performance of a contract concluded between you and the Company or to take steps before concluding such a contract for the purpose of concluding such a contract, as part of the Company's use of IT infrastructure (cloud storage, email). You also consent to the transfer of personal data to Mihi's product and service providers such as GLS, InPost, et al.
5. How long will your data be processed (stored)?
Your data will be processed for the period necessary to fulfil the purposes of the processing indicated in pt. 2, that is. : in respect of fulfilling the contract concluded with the Company - until its fulfilment, and after that time for the period required by the law or for the fulfilment of potential claims, in respect of fulfilling the legal obligations incumbent upon the Company in connection with the conduct of its business activities and the fulfilment of the contracts concluded - until such obligations are fulfilled by the Company, with regard to the processing carried out solely on the basis of consent, until the immediate erasure of the data, carried out on the basis of your request, until the fulfilment of the Company's legitimate interests forming the basis for such processing or until you object to such processing, unless there are legitimate grounds for further processing.
6. What rights do you have to ensure that your data is properly protected?
You have the right: to request access to your data, as well as to request the rectification, restriction or erasure of your data, to withdraw, at any time, the consent you have previously given for the processing of your data to the extent to which such consent relates, with the proviso that the withdrawal of your consent shall not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal, to request the portability of the data you have provided to the Company that are processed for the purpose of concluding and performing a contract or that are processed on the basis of consent.Portability consists of your receipt of your data from the Company in a structured, commonly used machine-readable format and the right to send it to another Data Controller insofar as this is technically possible.The permission does not apply to data that is a business secret of the Company, to file a complaint with the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if you consider that the processing of your data violates the law, including the GDPR.In addition, you have the right to object at any time to the Company's processing of your data: for reasons related to your particular situation, where the Company processes data for purposes arising from legitimate interests (Article 21(1) GDPR), for direct marketing purposes, including profiling for marketing purposes, to the extent that the processing is related to direct marketing (Article 21(2) GDPR). In order to fulfil your right, the Company may request additional information necessary to confirm your identity.
7. Do you have an obligation to provide data?
To the extent that the processing of your data takes place in order to perform the requested activities or to conclude and perform a contract with the Company, the provision of your data is a condition for the performance of the requested activities or the conclusion of this contract. The providing of the data is voluntary, but it is necessary in order to perform the activities requested or to conclude and perform a contract with the Company. In order for us to be able to fulfil these activities or obligations, the regulations require that you provide us with the necessary information or documentation and notify us immediately of any changes. If you do not provide the Company with the necessary information or documentation, the Company will not be able to carry out the requested activities or conclude and perform contracts and carry out service.
8. Where do we get your data from and what are the categories of data?
Most of the data processed by the Company comes directly from the interested party, in particular the customer, the employee.
9. What level of automated decision-making, including profiling, do we use?
The processing of your data may be carried out by automated means, which may involve automated decision-making. Verification is carried out on the basis of a defined set of rules and algorithms according to a testing process, if any, described and approved by the Company.