Taking into account the security and confidentiality of your personal data, we would like to provide you with the information about the purposes, scope and categories of the processed data and about your rights in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), in force since 25 May 2018.
Information on the Data Controller
The Controller of your data is Mila Italian Style s.a. (hereinafter referred to as the Company) with its registered office in Piaseczno, ul. Julianowska 59a, 05-500 Piaseczno.
As the Controller, we are responsible for the security of your personal data.
The Controller can be contacted at the above-mentioned address and via e-mail email@example.com
Whose data we process – information about the purposes, legal basis and period of data processing
Personal data of our customers (conclusion and performance of a contract)
We process customer data in order to provide services on the basis of concluded contracts. They will be processed for the period necessary for the performance of a sales contract and the exercise and defence against claims arising therefrom (until the expiry of the limitation period) and, with regard to invoices and other accounting documents, as long as required by law. According to the current legislation – five full years.
Newsletter subscribers’ data
We process personal data through electronic communication channels for marketing purposes, on the basis of the data subject’s consent, in connection with our legitimate interest to inform about our activities. They will be processed until the consent is withdrawn or an objection is raised.
Personal data of customers and prospective customers (marketing activities without the use of electronic means of communication)
Personal data processed for marketing purposes without the use of electronic means of communication on the basis of our legitimate interest to inform about our activities. They will be processed until an objection to our marketing activities is raised.
Details of persons using the contact form on the company’s website
We process the data of persons interested in the offer in order to handle an enquiry made, on the basis of our legitimate interest. They will be processed for the period of validity of the prepared offer or until an objection to processing is raised, but no longer than 5 years after the last contact.
We process the data of natural persons and entrepreneurs (contractors) with whom contracts are concluded in order to perform these contracts and fulfil legal obligations (e.g. the Accounting Act). The legal basis for the processing of these data is the conclusion and performance of a contract and legal regulations. They will be processed for the duration of the contract and the exercise and defence against claims arising therefrom (until the expiry of the limitation period) and, with regard to invoices and other accounting documents, as long as required by law. According to the current legislation, for a period of 5 full years.
Data on job applicants
We process data in order to recruit employees, on the basis of consent, for the duration of the recruitment process.
Data on employees and contractors
We process data on employees and contractors for the purpose of employment on the basis of legal regulations (e.g. the Labour Code) or on the basis of a contract. The period for which personal data are stored is determined by law.
Data of persons in the monitoring area
We process data in order to protect persons and property on the basis of a legitimate interest. The Company stores these data for no longer than one month.
Other data entrusted to the Company for the purpose of performance of cooperation agreements
The Company may process personal data, of which it is not the controller, only on the basis of cooperation agreements and for the purposes and in the scopes specified in those agreements.
We may also process personal data in social media, such as Facebook fanpage, in particular by clicking the “Like” icon or posting a comment. We recommend that you read the Facebook regulations, as your profile activity is controlled by Facebook. We process personal data in social media for the purpose of communication, for the period necessary for this purpose.
Personal data may be transferred to the following categories of recipients: entities providing services for and on behalf of the Company (e.g. IT services, HR and payroll services) and entities entitled to receive them under the law.
Exercise of data subjects’ rights
Every person has the right to access his/her data, to obtain a copy of these data, to modify and correct his/her data, to delete his/her data unless the applicable legislation provides otherwise, to object not to be subject to automated decision-making based on profiling, to object to inappropriate processing of personal data (including withdrawal of consent), to transfer the data to another controller where the data are processed on the basis of consent or a contract.
The aforementioned rights can be exercised depending on the legal basis for data processing.
A request for exercising one’s rights may be submitted by mail to the address of the Controller’s registered office or to the e-mail address firstname.lastname@example.org
In order to efficiently exercise the aforementioned rights, please include the following categories of information in your request:
- the requester’s identification data (first name and surname, address, e-mail address, phone number),
- the reasons for the request,
- other additional information that will make it possible to identify the person in the data resources processed in the Company,
- the method for receiving data.
The data provided in the request will not be processed for any other purpose than the fulfilment of the request. In the absence of data in the Company’s resources, they will not be recorded.
Requests will be considered on a case-by-case basis, within 1 month of receipt. If for any reason this deadline cannot be met, you will be informed.
According to the GDPR, the first request is free of charge. Should your requests be unjustified or excessive, the Controller reserves the right to charge a fee.
According to the GDPR, you have the right to lodge a complaint with the President of the Personal Data Protection Office about improper processing of your data.
Information about cookies and other technologies
Cookies are IT data stored in users’ terminal equipment (e.g. computer, smartphone, tablet). This information does not contain any data about the identity of the users, but may nevertheless constitute personal data in combination with other information.
The Company uses temporary cookies, which are stored in the user’s terminal equipment until logging out, leaving the website or closing the web browser and permanent cookies, stored in the user’s terminal equipment for a period of time specified in the parameters of cookies or until they are deleted by the user.
The Company uses external cookies for advertising purposes and collecting statistical data for analytical purposes (Google Analytics). The statistics are created in a way that makes it impossible to identify the user.
The Company’s website may also display marketing information about products or services based on the legitimate interest of the controller. Such action does not violate the rights and freedoms of users, as it should be considered that they expect this type of content, and even this is the purpose of their visit to the Company’s website.