Privacy Policy

Privacy policy, i.e. principles of personal data processing in NVS Group Sp. z o.o. sp. K.

Introductory information

Respecting the right to privacy of data subjects, NVS Group Sp. z o.o. sp. K. ensures compliance of the personal data processing process with applicable law. Below are the principles of personal data processing at NVS Group Sp. z o.o. sp. K. with its registered office in Warsaw at al. Jana Pawła II 27 00-867 KRS: 0000424667, NIP: 5272679942, REGON: 146176384

Data Administrator

The administrator, i.e. the entity deciding on the purposes and means of processing personal data depending on the entity with which you or your (or your/your employer) have business relations is NVS Group Sp. z o.o. sp. K.
Personal data in connection with the business profile of NVS Group Sp. z o.o. sp. K. may be made available to other recipients, i.e.:

  • entities conducting postal or courier activities;
  • banks in the event of the need to conduct settlements;
  • state authorities or other entities authorized under the provisions of law;
  • entities supporting us in our business activities on our behalf, in particular: suppliers of external systems supporting our activities, entities auditing our activities, entities providing security services.

 

Obtaining information about the processing of personal data

NVS Group Sp. z o.o. sp. K. has appointed a person responsible for data protection, who can be contacted at the following e-mail address: a.skonieczna@nvsgroup.pl


You can also contact the administrator of your data directly:

NVS Group Sp. z o.o. sp. K.
Al. Jana Pawła II 27,
00-867 Warszawa,
KRS: 0000424667,
NIP: 5272679942,
REGON: 146176384

ata acquisition and the purpose of their processing

NVS Group Sp. z o.o. sp. K. always processes your data legally and safely.


Purpose of processing
Legal basis and data storage period
Legitimate purpose, if any
Conclusion and performance of a contract with a client or contractor
art. 6 sec. 1 letter b and letter f GDPR
For the duration of the contract and after its termination until the expiry of the deadlines for claims arising therefrom.
In connection with actions taken to conclude a contract or its implementation, the Administrator contacts employees/associates of clients and contractors for legitimate purposes.
Handling of complaints and claims
art. 6 sec. 1 letter b and letter f GDPR
For 1 year after the warranty period has expired or the complaint has been settled.
In connection with considering complaints, the Administrator contacts the clients’ employees/co-workers for legitimate purposes.
Pursuing or defending against legal claims
art. 6 sec. 1 letter f GDPR
For the duration of the proceedings concerning the claims pursued, i.e. until their final conclusion, and in the case of enforcement proceedings until the final satisfaction of the claims pursued.
In connection with the pursuit of claims or defense against legal claims, the Administrator may process the data of employees/co-workers of clients or contractors for a legitimate purpose.

Archiving documents, i.e. contracts and settlement documents
Art. 6 sec. 1 let. c GDPR
For the periods specified by law, and if they are not specified for specific documents, for the time when their storage is within the legitimate purpose of the administrator regulated by the time of possible claims.

Keeping statistics
Art. 6 sec. 1 lit. f GDPR
For the time we have another, additional legal basis for processing. We do not store personal data solely for statistical purposes.
Having information about the statistics of activities conducted by the Administrator allows for the improvement of the conducted activities.
Conducting marketing activities for your own products and services without using electronic means of communication
Art. 6 sec. 1 letter f GDPR
Until you file an objection, i.e. show us in any way that you do not want to remain in contact with us and receive information about the activities we undertake.
Conducting marketing activities to promote the business.
Conducting marketing activities for your own products and services using electronic means of communication
Art. 6 sec. 1 letter f of the GDPR, whereby these activities, due to other applicable regulations, in particular the Telecommunications Law and the Act on the provision of services by electronic means, are conducted solely on the basis of consents held. Until you file an objection or withdraw your consent, i.e. show us in any way that you do not want to remain in contact with us and receive information about the activities we undertake.
Conducting marketing activities to promote the business using e-mail addresses and telephone numbers.

If the time limits for pursuing potential claims are shorter than the periods for storing settlement documents for tax purposes, we will store these documents for the time necessary for tax and settlement purposes, i.e. for 5 years from the end of the year in which the tax obligation was updated.

If the time limits for pursuing potential claims are shorter than the periods for storing settlement documents for tax purposes, we will store these documents for the time necessary for tax and settlement purposes, i.e. for 5 years from the end of the year in which the tax obligation was updated.

If we process data using electronic means of communication for marketing purposes, the specific legal bases for processing are:

  • Art. 10 of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2017, item 1219, as amended) if you agree to receive information by e-mail;
  • Art. 172 of the Act of 16 July 2004 – Telecommunications Law (Journal of Laws of 2017, item 1907, as amended) if you agree to receive information using a telephone number;

Rights regarding processed data and voluntary provision of data

The person whose data is processed by the administrator has the right to request access to the data, rectification, i.e. correction, deletion or restriction of processing and to object to processing, as well as the right to transfer the data. More information on the rights of data subjects is available in Articles 12-23 of the General Data Protection Regulation (GDPR), the text of which can be found at: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
In addition, the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office, more information at: https://uodo.gov.pl/pl/p/skargi
Providing data is necessary to conclude contracts and settle the conducted business and in situations provided for by law. In the remaining scope, providing data is voluntary.

Transfer of data to third countries

The data will be processed within the European Economic Area, which means that as a rule we do not transfer data to third countries. There may be situations where basic business data of an employee/associate of NVS Group Sp. z o.o. sp. K. (such as: name and surname, position, business telephone number and e-mail address) may be transferred to third countries. The necessity of transferring data to third countries is conditioned by the performance of the contract between NVS Group Sp. z o.o. sp. K. and the employee/associate whose personal data are transferred. Transferring the personal data of an employee/associate to a third country applies to those persons who will perform activities for a client or potential client from a third country.

Processing of personal data in an automated manner

Personal data will not be processed in an automated manner (including profiling) in such a way that as a result of such automated processing any decisions could be made, other legal effects would be caused or it would have a significant impact on our clients, contractors and their employees.

As part of the activities we perform, we use cookies in such a way that we observe and analyze traffic on our websites.