Data privacy

Privacy policy – general rules for the processing of personal data in METRO GLOBAL SOLUTION CENTER sp. z o.o.

Privacy principle – who is the data controller?

  1. The data controller is METRO GLOBAL SOLUTION CENTER spółka z ograniczoną odpowiedzialnością with registered office in Szczecin, at Brama Portowa 1 (70-225 Szczecin), entered into the Register of Entrepreneurs kept by District Court for Szczecin Centrum in Szczecin, XII Commercial Division of the National Court Register under number: 0000390325, holder of NIP [tax ID]: 7010305590 and REGON: 143007178, hereinafter: Data controller.
  2. In fulfilling the obligation referred to in Article 13(1) and (2) and 14(1) and (2) of the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as GDPR), acting as a personal data controller, we provide information required by the above mentioned regulations concerning the processing of your personal data.
  3. The Data controller has identified specific categories of data subjects and if it is justified, directs separate messages to them containing accurate information about the processing of personal data.
  4. The Data controller exercises due care in selecting and applying appropriate technical and organizational measures to safeguard the personal data which are being processed. Full access to databases is only granted to person duly authorized by the Data controller. In conclusion, The Data controller secures personal data against unauthorized disclosure, as well as against processing in breach of the applicable legal regulations.

How you can contact with the data controller, to get more information about processing of your personal data?

The Data controller has appointed an internal Data Protection Officer. In matters related to the processing of your personal data, and also in matters related to the implementation of an extensive catalogue of data subjects rights, you can contact the officer via e-mail, i.e.: data.protection@metro-services.pl.

Legal basis for personal data processing

Personal data are processed by the Data controller in compliance with legal regulations for the purposes of:

  1. providing answers to queries sent by potential contractors which are physical persons or other physical persons interested in cooperation with Data controller (legal base: Your consent – Article 6 (1)(a) of the GDPR or processing necessary in order to take steps at the request prior entering into a contract – Article 6 (1)(b) of the GDPR);
  2. performance of the contract with services provider or other kind of contractor who is the physical person (legal base: processing is necessary for the performance of a contract or/and in order to take steps at the request of the data subject prior to entering into a contract – Article 6 (1)(b) of the GDPR);
  3. compliance with a legal obligation to which the Data controller is subject, e.g. under tax or accounting regulations or handling personal data breaches (legal base: compliance with a legal obligation to which the Data controller I subject – Article 6 (1)(c) of the GDPR);
  4. personal data processing related to employees or representatives carrying out activities for services provider, clients or contractors that may appear during the implementation of contracts (legal base: processing is necessary for the purposes of the legitimate interests pursued by the Data controller – Article 6(1)(f) of the GDPR – the legitimate interest of the Data controller isindicate of the statutory activities);
  5. protection of the Data controller interests, pursue possible claims or defend against claims related to the performance (legal base: processing is necessary for the purposes of the legitimate interests pursued by the Data controller – Article 6(1)(f) of the GDPR – the legitimate interest of the Data controller is defend against claims or pursue of possible claims);
  6. ensuring the functionality and use of this website (legal base: Your consent – Article 6 (1)(a) of the GDPRor the implementation of the legitimate interests of the Data controller – Article 6(1)(f) of the GDPR – the legitimate interest of the Data controller is the implementation of the Data controller marketing activities and promotion of own services).

Source of personal data origin

The Data controller hereby informs that where personal data have not been obtained from the data subject, the source of personal data originate could be:

  1. The Data controller contractor (e.g. first of all your employer, principal or other type of contractor);
  2. publicly accessible sources (e.g. websites or database of business entities);
  3. other companies from the Metro Group (e.g. first of all Data controller client who are members of the Metro Group).

The scope of personal data processing

  1. The Data controller has implemented the principle of data minimization during processing activities. If the catalog of personal data is not explicitly specified by law or if you do not provide it in person, the Data controller limit will sit only to the necessary data.
  2. The data provide by data subjects should be complete, current and true.
  3. The implementation of the processing purposes described above, in majority of cases, does not require the processing of special categories of personal data, i.e. also data related to health status. Therefore, if you provide your data to the Data controller, do not transfer it in an excessive directory.
  4. The data subject or separate data controller should not provide the Data controller third party personal data. However, if such data is transferred, the transferring party shall each time declare that it has the appropriate authorization or confirmed existence of a legal basis that allows such data to be provided to the Data controller.
  5. Where personal data have not been obtained from the data subject, the scope of processed data is usually limited to: name and surname, basic contact and address data, data related to employer or cooperation relationship, business affiliation, or the type of business activity.

Who will be the recipient of your personal data?

  1. Personal data processed by the Data controller may be made available to entities authorized to receive them under applicable law, including relevant state authorities.
  2. In addition personal data may transferred to other recipients, such as, but not limited to::
    1. data processors, i.e.: an entity destroying documentation, entities providing consulting services, entities providing and operating our systems and IT infrastructure, entities providing administration support, translation offices and possible other subcontractors within Metro Group;
    2. separate data controllers, i.e.: auditors, lawyers and consulting entities, hotels, posts and couriers offices, entities providing services related to business trips and possible other recipients within Metro Group.
  3. Personal data may be transferred to third countries, i.e. outside the EEA. The Data controller does not plant to transfer personal data to international organizations. An adequate level of security of your personal data is ensured by the use ofstandard contractual clauses. Country to which data can be transferred, mainly to India and the USA.

Retention period of personal data

  1. Personal data will stored for no longer than is necessary for the purposes for which the personal data were submitted.
  2. If the data subject has consented to the use of their personal data, the data will be processed until the consent is withdrawn. However the Data controller hereby inform thatthere may be other legal basis justifying further processing of personal data.
  3. When the processing was carried out due to the necessity to fulfil the legal obligation imposed on the Data controller or , where the processing was carried out for a legitimate interest of the Data controller, personal data will be stored:
    1. during the period of the performance of a contract;
    2. during the period necessity to fulfil the legal obligation imposed on the Data controller – 5 years from the beginning of the year following the financial year in which the transaction was finally completed or settled;
    3. during the period necessary to pursue possible claims or defend against claims– 6 years of the basic period from the date on which the claim became due.

Your rights with regard to the processing of personal data

  1. You have the following rights in connection with the processing of your personal data:
    1. access to your personal data;
    2. rectification of your personal data;
    3. deletion of your personal data;
    4. limitation of processing of personal data;
    5. right to object to the processing;
    6. right to transfer data.
  2. You can handle extensive catalogue of your rights through the contact box, i.e.: data.protection@metro-services.pl.
  3. The Data controller hereby informs that you have also right to lodge a complaint with the Office for the Protection of Personal Data.

Provision of data

  1. If the obligation to provide personal data does not result directly from contractual provisions or a legal provision, providing personal data is a voluntary action, but necessary to use the Data controller services or to contact with the Data controller.
  2. The Privacy policy has described most of the information regarding to processing of personal data by the Data controller. If you need detailed information, you can contact with our Data Protection Officer using the following contact details: data.protection@metro-services.pl.

Information about personal data processing activities related to website  and cookie information

  1. In the event of using one of the links and redirecting to another website, the data controller of your personal data may also be another company from the METRO Group.
  2. For the proper operation of its website, the Data controller uses cookies, including in a manner tailored to individual needs. Some personal data is collected automatically by your end device, i.e. computer or telephone, when using the Internet. The information we record is primarily the IP address, date and time of visits, the type of web browser used, operating system and data on the history of visited pages. These measures are performed for data security and to optimize the content and offer as well as to improve the website. In practice, most of the processing activities performed are used to build analyzes, and the data processed by us remain anonymous.
  3. Using the website without changing the cookie settings means that they will be saved on your end device to the extent necessary for the proper functioning of the website. You can change your cookie settings at any time in your web browser or refuse to consent to any additional cookies in our cookie banner, such as e.g. analytical activities.
  4. Cookies, including session cookies, can also provide information about your end device and the version of the browser you use. These tasks are performed for the correct display of content on the Data controller’s website.
  5. Cookies are short text files. In no case do cookies allow the person visiting the website to be personally identified and no information is stored in them that could enable such identification. Some cookies are deleted immediately after the end of the browsing session. Other cookies will be stored on your device and allow us to recognize your device on your next visit.
  6. To learn more about cookies and other possible web tracking tools and the choices you have in this regard, please visit: http://youronlinechoices.eu/ (for users in the European Union). The following section takes a closer look at specific cookies.
  7. On our website we use Siteimprove Analytics, a web analysis service of i.e. Siteimprove GmbH with registered office in Berlin (Kurfürstendamm 56, 10707 Berlin). The Data controller uses Siteimproveto analyse website use by users in order to monitor the functionality of our website. For example, your anonymised IP address, your browser and operating system, the URL visited, page title, length of stay and other statistical data are temporarily collected, which are used exclusively for quality checks. Their evaluation helps us to continuously improve our services for you. For this service, Siteimprove uses Cookies. The data Siteimprove collects and processes from European customers is stored in the EU. The dedicated data centers are located in Germany and Denmark.
  8. We also work with the following external service providers, who use cookies themselves but do not receive any personal data from us:
    1. HR link – job portal;
    2. Taleo – job portal.

                     the above entities use cookies but do not receive personal data from us.

  9. Our website contains simple links to the following social media networks:
    1. Facebook (operated by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA);
    2. LinkedIn (operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland);
    3. YouTube (operated by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland - data of the mothers company of Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA).
  10. Please remember that the transfer of Personal Data to entities operating on behalf of Google is based on your consent. You can withdraw your consent at any time by removing the check mark. All further activities of Google are performed without the Data controller's participation. These activities take place at your own risk.
  11. Please be advised that, regardless of the playback of the videos published by us, a connection to the Google network "DoubleClick" is established each time our website is accessed, which may result in further data processing operations without our influence.
  12. The processing of personal data within the above-mentioned social media platforms takes place when you click on the interaction icon (eg. Facebook logo) or when you use the platforms in question. After clicking on the icon, the platform of the selected platform will open in a popup window.
  13. For more information on data processing and data protection on YouTube, see the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/.
  14. More information on cookies managed and set by Google can be found here: https://policies.google.com/technologies/cookies?hl=en&gl=de.
  15. At the same time, we point out that the providers of social media platforms have their own rules for the processing of cookies and the protection of privacy. You will find this information on the selected provider's platform in the privacy policy tabs or in the links provided by us.

 

Last amended: January 2022