Privacy policy
This privacy policy contains the information required by law regarding the processing of personal data processed by HRK S.A. with headquarters in Warsaw (00-095), Plac Bankowy 2 (hereinafter referred to as HRK).
I. Preliminary information and concepts used by us
In order to make the Privacy Policy clear, in places where it was only possible, we have departed from the use of formal, legal vocabulary. Therefore, when we write “You” we mean data subject and/or the service user.
II. Data controller and contact information
As mentioned above, the data controller of your personal data is HRK.
In case you have any questions about this privacy policy or regarding the processing of your personal data, please contact us at:
HRK S.A.
pl. bankowy 2
00-095 Warsaw
Email: iod@hrk.pl
III. Legal basis and purposes of processing activities
Legal bases for each processing activity might be different, depending on the purpose of processing personal data. That is why they are specified in the relevant sections. Below, in the form of a table, we present for what purpose, on what basis, and for how long we process your personal data.
Processing activity | Legal basis | Purpose of the processing | Retention period |
Representatives and individuals associated with our clients or suppliers | art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by HRK | Enabling the provision of professional services to clients;
Ordering and receiving services from Suppliers;
Clients and Suppliers relationship management;
Exercising legal claims in particular by documenting completed services. | Until the end of cooperation with HRK and for the period indicated by statutory provisions of law as long as you or us may pursue legal claims towards each other. |
Clients, Suppliers and Subcontractors who are natural persons | art. 6 sec. 1 let. b) of the GDPR –
the performance of a contract or to take steps at the request of the data subject prior to entering into a contract | Establishing cooperation with a Client, Supplier or Subcontractor;
Ordering and receiving services from Suppliers and Subcontractors. | Until the end of cooperation with HRK and for the period indicated by statutory provisions of law and as long as you or us may pursue legal claims towards each other. |
art. 6 sec. 1 let. c) of the GDPR – compliance with a legal obligation to which HRK is subject such as:
Goods and Services Tax Act, Personal Income Tax Act or Corporate Income Tax Act | Fulfilling HRK’s tax obligations. | ||
art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by HRK | Enabling the provision of professional services to clients;
Ordering and receiving services from Suppliers;
Clients and Suppliers relationship management;
Exercising legal claims in particular by documenting completed services. | ||
Job candidates | art. 6 sec. 1 let. a) of the GDPR – consent | Entry to the HRK candidate database. | Until you withdraw the consent. |
Our website | art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by HRK | Monitoring and enforcing compliance with our terms and conditions for use of our website;
Aggregating data for website analytics and improvements;
Providing information about HRK’s business, services and events, and other information which may be of interest to you i.e. answering to your inquiries. | Until the deletion of cookies files in accordance with information in Cookie section
Regarding business inquiries – 3 years from the time of last correspondence |
Commercial communication | art. 6 sec. 1 let. f) of the GDPR – legitimate interests pursued by HRK | Direct marketing of the products and services provided by HRK;
Sending commercial information by electronic means, in particular newsletters;
Conducting direct marketing activities via a telecommunication device (mobile);
Commercial information will be sent only to persons who gave consent to receive commercial information from HRK, pursuant to Art. 10 (2) of the Act of July 18, 2002 on the provision of electronic services.
Direct marketing via a telecommunication device (mobile) will be conducted only in relation to people who have consented to this form of marketing, in accordance with Art. 172 (1) of the Act of July 16, 2004 – Telecommunications Law. | Until you resign from receiving commercial information or withdraw your consent to use a telecommunication device for marketing purposes, or until you will raise the right to object to the processing of personal data for marketing purposes. |
IV. Do you have to provide your details?
Providing personal data is mandatory – in the scope of processing purposes pursued within the legal obligation. For the rest of the processing personal data, its provision is voluntary. However, necessary to provide services to you.
V. Who can we pass your data to?
Your personal data will not be disclosed to third parties except:
- Trusted partners and/ or service providers who process personal data on a HRK’s behalf. Service providers may include providers of IT services, including identity management, website hosting and management, data analysis, data back-up, security and storage services in so far as it refers to processing activities;
- Governmental or regulatory authorities, courts and law enforcement authorities or agencies as required by and/or in accordance with applicable law or regulation.
Your personal data may be transferred to countries outside the European Economic Area (EEA) – third countries, based on art. 45 sec. 1 of the GDPR – European Commission’s adequacy decision (applies for countries, which were subject of decision) or art. 46 sec. 2 let. c) of the GDPR – standard data protection clauses adopted by the European Commission.
VI. What are your rights?
The General Data Protection Regulation (GDPR) grants you a number of rights regarding the processing of your personal data. These include:
- the right to access your data, including obtaining a copy of the data;
- the right to request rectification of data;
- the right to erasure of data (in cases provided for in the GDPR);
- the right to restriction of processing of your personal data;
- the right to withdraw consent – to the extent that your data is processed based on your consent. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal;
- the right to data portability;
- the right to lodge a complaint with the supervisory authority – President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
To exercise your rights, please contact us at the following email address: iod@hrk.pl.
VII. Cookie information
Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The use of cookies is now standard for most websites. If you are uncomfortable with the use of cookies, you can manage and control them through your browser (see below), including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. Please note that removing or blocking cookies can impact your user experience and some functionality may no longer be available.
Most browsers allow you to view, manage, delete and block cookies for a website. Be aware that if you delete all cookies then any preferences you have set will be lost, including the ability to opt-out from cookies as this function itself requires placement of an opt out cookie on your device. Guidance on how to control cookies for common browsers is linked below.
The following table explains the way in which we use cookies on this website
Name | Purpose | Type | Duration | Entity responsible |
PHPSESSID | Stores the session identifier. | necessary | Until end of session | HRK |
_ga | This cookie is set to allow HRK to track individual visitors and their use of the site. It is set when you first visit the site and updated on subsequent visits. HRK does not use Google Analytics to collect personal information, other than IP address, from our visitors. | performance | 2 years | Google Inc. |
_gat | ||||
_gid | Used to distinguish users. | performance | 24 hours | Google Inc. |