POLICY ON THE PROCESSING OF PERSONAL DATA

by

Spes3D sp. z o. o.
( hereinafter referred to as the Company)

for the needs of the https://spes3d.com/ website
( hereinafter referred to as the “Site” or the “Website”)

Introduction

The use of the Site may require the provision of personal data, this applies in particular to the use of contact forms or quotation functionality.

Therefore, we would like you to have the fullest possible knowledge of how and why we process your personal data and what rights you have in relation to this. All of the Company’s activities concerning personal data are aligned with the highest standards arising from both the law (in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC hereinafter referred to: “RODO”) as well as good market practices.

We invite you to read on!

1. Who is the administrator?

The Administrator of Users’ personal data is SPES3D SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław, Poland (ul. Bierutowska 57-59 51-317 Wrocław), entered in the Register of Entrepreneurs conducted by the District Court for Wrocław Fabryczna in Wrocław, VI Economic Department of the National Court Register under the number 0000858896, NIP 8952221451, REGON 386975780, share capital PLN 10,000.00

Company contact details:
telephone: +48 882 191 184
e-mail address: contact@spes3d.pl
address: 57-59 Bierutowska Street, 51-317 Wrocław, Poland

2. What personal data do we process?

In connection with the use of the Website and in the event of contact with the Company, we process only such personal data which you yourself disclose or which are disclosed to us by another administrator of your data and partly the data collected in cookies, in particular, such data may include:

• name;
• e-mail address
• contact telephone number
• job title,
• image.

For detailed information on cookies, which in some cases will constitute personal data (by default these cookies are not used to store personally identifiable information and their primary purpose is to adapt the functionality of the website and observe website traffic), please refer to the section of the website/functionality that allows you to consent or modify the settings for storing cookies, this is because we want to enable you to make an informed decision regarding the use of these types of cookies.

Please do not send us any special category data (as defined in Article 9(1) RODO), i.e. data such as health information, political opinions, religious beliefs, trade union membership, biometric data or genetic data, unless otherwise agreed with you individually by an authorised employee or associate of the Company.

3. For what purpose do we process your data?

To the extent related to your use of the Site or in connection with your attempt to contact the Company, we process your personal data for the purposes of:

• to ensure the proper functioning of the Site,
• to provide information and respond to requests made to the Company by you (e.g. concerning the Company’s services),
• to perform the services provided as part of the functionality of the Site (e.g. quotation, feedback contact in response to a form request),
• to carry out data protection measures requested by you or complaints relating to the Company’s services,
• the exercise of your legitimate interests or the performance of your obligations under generally applicable law.

4. What is the legal basis for data processing by the Company?

The legal basis for the data processed in connection with your use of the Site or in connection with your attempt to contact the Company is respectively:

• Article 6(1)(b) of the DPA; when the processing is necessary for the performance of the contract concluded with you (provision of the chosen service) or to take action at your request prior to the conclusion of the contract; e.g. the entry of data into customer service systems, the acceptance of an order and the preparation of sales documents,
• Article 6(1)(c) RODO; where the processing is necessary for the fulfilment of a legal obligation incumbent on the Company, for example, to comply with a request arising from the content of a complaint submitted,
• Article 6(1)(f) RODO; where processing is necessary for the fulfilment of so-called legitimate interests,
• Article 6(1)(a) RODO; when the processing of your data takes place on the basis of your consent (this may apply, for example, if you give a package of consents enabling so-called marketing activities or newsletter-type services to be performed for you).

5. Is the provision of data mandatory?

Disclosure of personal data to the Company is never mandatory, you have full discretion in this regard. However, please note that disclosure of personal data may be necessary in order to carry out activities such as:

1. the provision of services to you through the Site, e.g. the preparation of a quote,
2. contacting you back with information about the Company’s services or products, in the event of an enquiry,
3. to provide you with other answers or information (whether by telephone or e-mail),
4. handling complaints.

6. How long will we process personal data?

We will only process the personal data you have disclosed for the period of time necessary and legitimate to do so, i.e. we will stop processing the data when:

• the processing of the data you have disclosed through the Site is no longer necessary for the proper performance of contracts/provision of services,
• it ceases to be possible to establish, assert or defend claims relating to a contract concluded with you. In this case, the basis for determining the periods of processing shall be the periods of limitation of claims under the Civil Code, and shall be, respectively – unless a special provision provides otherwise: six years, and for claims for periodic performance and claims related to the conduct of business activity – three years;
• a legal obligation obliging us to process and collect personal data ceases to exist (e.g.: tax, accounting obligations);
• an objection to the processing of personal data is accepted – where the basis for processing was our legitimate interest,
• when you withdraw your consent to the processing of your data, insofar as the data is processed on the basis of this very consent.

7. What rights do you have in relation to the Company’s processing of your data?

(1) In relation to the processing of your personal data by the Company, you have the right to:

• request access to your data, including to receive a copy of it,
• request rectification of your data,
• request the erasure of your data (this right is also known as the “right to be forgotten”)
• lodge a complaint to the supervisory authority for the protection of personal data. This authority is the President of the Office for the Protection of Personal Data,
• request the restriction of data processing,
• to object to the processing when the legal basis for the processing is the legitimate interest of the Company (Article 6(1)(f) RODO),
• to data portability, insofar as the processing is automated and based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on contract pursuant to Article 6(1)(b) RODO,
• the withdrawal of consent, insofar as the data are processed on the basis of such consent. Please note, however, that the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

(2) To exercise the above rights, please contact us at the email address, telephone number or postal address indicated in paragraph 1 above.

(3) We would like to inform you that in the event of a request to perform one of the above-mentioned activities, we, as the Administrator, will make every effort to promptly and positively recognise the reported request. In accordance with the applicable regulations, we are entitled to comply with or refuse to comply with the request immediately, but no later than one month after receipt. If, however, due to the complexity of the request or the number of requests, we cannot comply with the request within one month, we will comply with the request within a further two months by informing you in advance, within one month of receipt of the request, of the intended extension of the deadline and the reasons for it.

8. Will your personal data be disclosed to other recipients?

1. All personal data may be disclosed to other entities providing services or other activities to the Company (directly or indirectly), but only if this is necessary to achieve the purposes referred to in paragraph 3 above.
2. In particular, the recipients may be employees, contractors or associates of the Company who are bound to the Company by other legal relations, or external service providers of such services as legal, accounting, financial, IT, programming, hosting and server space services, insofar as the processing of personal data by the aforementioned entities is necessary to achieve the purposes indicated above.
3. Your personal data may also be disclosed to entities entitled to obtain them under applicable law, such as law enforcement agencies.

9. Is the data disclosed used for profiling?

Please be informed that the personal data you have provided is not used for profiling or any other automated decision-making.

10. Are personal data transferred outside the European Economic Area?

Data may be transferred outside of the European Economic Area, but always in compliance with the requirements of the RODO, including through the use of solutions such as the transfer of data to countries covered by a positive decision of the European Commission or the use of so-called standard contractual clauses.

11. How do we secure your data?

Taking into account the state of the technology, the cost of implementation and the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and seriousness, as a Personal Data Controller the Company implements appropriate technical and organisational measures to ensure a degree of security appropriate to the risk, including but not limited to providing, as appropriate:

• pseudonymisation and encryption of personal data;
• the ability to continuously ensure the confidentiality, integrity, availability and resilience of the processing systems and services;
• the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident;
• regular testing, measuring and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.

12. Questions? Doubts?

If you have any ambiguities or doubts regarding either this document or the Company’s personal data processing rules, you are encouraged to contact us at: contact@spes3d.pl

13. Final Provisions

1. The information contained in this policy is subject to change, so the document itself will be updated from time to time, and the date of the last update is set out below.
2. To the extent not covered by this Policy, the relevant provisions of Polish law shall apply.
3. Date of last update: 1 February 2023.