REGULATIONS FOR THE PROCESSING OF PERSONAL DATA

Pursuant to art. 13 sec. 1 and sec. 2 and art. 14 sec. 1 and sec. 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/56 / EC (hereinafter: "GDPR" ) used from May 25, 2018, we would like to inform you about the method and purpose for which we process personal data (hereinafter referred to as "data"), as well as about your rights related to data protection. 

I.

The data administrator is Hotchilisex Sp. z o. o. (hereinafter referred to as the "Company"), which can be contacted: in writing, by sending correspondence to the following address: Hotchilisex Sp. z o. o. ul., Al. Grunwaldzka No. 56 lok. 113, 80-241 Gdańsk, by phone: (+48) 665 88 92 88, by e-mail, at the following address: info@hotchilisex.com and as otherwise indicated on the website www.hotchilisex.com. The company has appointed a data protection officer who can be contacted in writing by sending correspondence to the following address: Hotchilisex Sp. z o. o. Al. Grunwaldzka No. 56, apartment 113, 80-241 Gdańsk, with a note: "Data Protection Officer'' and by e-mail to the following address: iod@hotchilisex.com.

II.

We process data in accordance with the provisions of the GDPR and Polish data protection regulations. We do this by fulfilling the obligations arising from the contract and we take steps at the request of the data subject before concluding the contract (Article 6 (1) (b) of the GDPR), legal obligations (Article 6 (1) (c) of the GDPR), tasks serving public interest (Article 6 (1) (e) of the GDPR). The data is processed only for the purpose of performing the activities, concluding or performing the contract, in connection with which they were transferred to the Company, for the purpose of performing the contract, cooperation or other commercial contract. The data is processed in order to carry out the Company's activities and perform its duties in accordance with tax legislation. In addition, we process data for purposes resulting from the legitimate interests pursued by the Company or a third party (Article 6 (1) (f) of the GDPR). We process data on the basis of granted consent (Article 6 (1) (a) of the GDPR). The consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of data processing by the Company: until consent is withdrawn or in circumstances in which the Company processes data on a basis other than consent.

III.

The data may be made available to other recipients in order to perform the contract, in order to fulfill the legal obligation imposed on the Company, based on the consent granted or for purposes resulting from the legitimate interests of the administrator or a third party. Recipients may include, in particular: authorized employees of the Company and other persons acting under the authority of the Company, institutions authorized to receive data on the basis of relevant legal provisions, entities from the NED Business Sp. z o. o. with its seat in Gdańsk. The data is also transferred to entities processing data on behalf of the Company and persons acting under their authority, where such entities process data on the basis of a contract with the Company and only in accordance with the Company's instructions and subject to professional secrecy (i.e. special obligations to protect information resulting from relevant provisions of law). laws). 

IV.

The data may be transferred to recipients in countries outside the European Union ("third countries"): if it is necessary to perform the contract concluded with the Company or to take steps before concluding such a contract in order to conclude it, as part of the Company's use of IT infrastructure ( computing cloud, electronic mail). If the processing involves the transfer of data outside the European Union, such transfer will take place using Standard Contractual Clauses or the Privacy Shield regulations approved by the European Commission, in order to ensure an adequate level of personal data protection required by law. In other situations, the data may be transferred to third countries in the cases specified in the GDPR. A copy of the data transferred to a third country can be obtained after submitting such a request to the data protection officer. The data will be transferred to a third country pursuant to art. 49 sec. 1 letter a and art. 49 sec. 1 letter b of the GDPR. 

V.

The data will be processed for the period necessary to achieve the purposes of processing indicated in point II, i.e .: in terms of the implementation of the contract concluded with the Company - until its completion, and after that time for the period required by law or for the implementation of any claims; with regard to the fulfillment of legal obligations incumbent on the Company in connection with the conduct of business and the implementation of concluded contracts - until these obligations are fulfilled by the Company; in the scope of processing carried out solely on the basis of consent - until the immediate deletion of data based on the submitted request; until fulfillment of the legitimate interests of the Company constituting the basis for this processing or until an objection to such processing is raised, unless there are legitimate grounds for further data processing. 

VI.

Anyone whose data is processed by the Company has the right to request access to their data, as well as request their rectification, limitation of their processing or their removal; withdraw at any time prior consent to the processing of data to the extent to which this consent relates, with the proviso that the withdrawal of consent will not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal; request the transfer of data provided to the Company, processed in order to conclude and perform the contract or processed on the basis of consent. The right does not apply to data that constitute the Company's business secret; submit a complaint to the supervisory body, which in the Republic of Poland is the President of the Personal Data Protection Office, if it is found that the processing of data violates the provisions, including the GDPR. In addition, you can object at any time to the processing of data by the Company: for reasons related to a special situation when the Company processes data for purposes resulting from legitimate interests (Article 21 (1) of the GDPR). 

VII.

To the extent that data is processed in order to perform the requested activities or to conclude and perform a contract with the Company, providing data is a condition for the performance of the requested activities or the conclusion of this contract. Providing data is voluntary, but it is necessary to perform the requested activities or to conclude and perform a contract with the Company.