According to the GDPR we inform you that:
3. The legal bases for the processing are:
a) art. 6 (1)(b) of the GDPR - processing of personal data is necessary for the performance of the Contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into the Contract – for the purpose of performing the Contract,
b) art. 6 (1)(c) of the GDPR - processing is necessary for compliance with a legal obligation to which the Company is subject, i.a. keeping accounts and fulfilling accounting obligations, as well as examining the controller’s financial condition,
c) art. 6 (1)(f) of the GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller, where the legitimate interest of the controller is:
- conclusion and performance of the Contract, regarding persons designated to perform the Contract and persons representing the parties to the Contract, i.e. proxies,
- establishment, exercise or defence of legal claims,
- archiving documents (for the period resulting from legal provisions),
- processing personal data within the corporate group for internal administrative purposes, including keeping statistics and financial statements for Companies.
4. Personal data can be transmitted to external entities that support the controller, in particular: banks, courier and transport companies, external entities providing IT support, personal data protection, legal services, companies conducting internal controls/audits at the request of the controller, governmental authorities or other authorities on the basis of applicable law. In addition, the recipients of the personal data can be other Companies.
6. Providing personal data is necessary to conclude and perform the Contract, fulfil legal obligations, and perform tasks covered by the controller’s legitimate interest. Where personal data have not been obtained from the data subject, the data originate from the party that employs (or cooperates with) the data subject. In such situations, the controller processes the following data: name, surname, phone number, e-mail address, position, other contact details.
7. Personal data will be processed for the periods indicated below:
- for the duration of the cooperation within the Contract and after its completion for the duration of possible claims; in the case of intive GmbH, intive Automotive GmbH and intive S.A.U. - for 10 years.
- billing documents related to the transaction will be stored for 5 years counting from the end of the calendar year in which the tax payment deadline has passed; other accounting documents regulated by the provisions of the Tax Ordinance Act or the Accounting Act - for the periods indicated therein; with respect to intive GmbH, intive Automotive GmbH and intive S.A.U., accounting documents related to the transaction shall be kept for 10 years.
- the period of limitation for claims shall be 6 years for intive GmbH and intive Automotive GmbH and 6 years for claims for periodical services and claims related to the conduct of business activity for intive GmbH, intive Automotive GmbH and intive S.A.U.;
- with regard to recovery for the duration of the proceedings, until their final and binding conclusion and, in the case of enforcement proceedings, until the satisfaction of claims in those proceedings;
- in case where the basis for the processing of personal data is the legitimate interest pursued by the controller - until a reasoned objection or the time of expiry of the deadlines indicated above.
8. Personal data may be transferred to third countries pursuant to Article 45, art. 46, art. 49 par. 1 of the GDPR. In particular data may be transferred to the United States of America and Ukraine based on standard contractual clauses and additional guarantees and to the Republic of Argentina (according to the decision of European Commission this third country ensures an adequate level of protection). Information about the applied safeguards and a copy of the transferred data can be obtained at e-mail address of the data protection officer.
Personal data may also be transferred from Argentina to another country, i.e. a country belonging to the European Union, or the United States of America or Ukraine. Argentina considers the following countries as providing adequate data protection standards to ensure the free flow of data within them: EU Member States, EEA Member States, Switzerland, Guernsey, Isle of Man, Faeroe Islands, Canada (for the public sector only), Andorra, New Zealand, Uruguay and Israel (for automated processing only). For the transfer to the United States and Ukraine, it is carried out using appropriate safeguards, i.e. standard contractual clauses approved by the IAPP.
9. Personal data will not be used for automated decision making, including profiling, which is described in Art. 22(1,4) of the GDPR.