BAMET | Privacy Policy

In this Privacy Policy, we wish to clearly, concisely, and transparently inform you about the collection, use, processing, and storage of personal data. Pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (GDPR), we hereby inform you that:
‍

The Controller of your personal data is:
‍
BAMET Paweł Babraj, with its registered office at Krakowska Street 74, 32-089 Wielka Wieś, entered into the Central Register and Information on Economic Activity, NIP: 9451520580, REGON: 350743000.

Hereinafter referred to as “the Controller” or “BAMET.”

Purposes, legal bases, and scope of data processing by BAMET

Processing of your personal data may include the following activities:

Provision of services.
Data verification.
Management of systems and services.
Record keeping and documentation.
Pursuing claims arising from the Controller’s business activity.
Safeguarding information in case of legal necessity to demonstrate facts.
Fulfilment of tax obligations, including accounting.
Provision of marketing services.
Ensuring the highest quality of provided services.
Conducting video surveillance, audio monitoring, and GPS tracking.

The specific purpose, legal basis, retention period, and scope of processed personal data depend on the actions taken by you in relation to the services or activities listed below.

‍

Purpose of data processing

Legal basis and data retention period

Recruitment

Art. 6(1)(a) GDPR – Consent
Data are stored for a period of 2 years.

Conclusion of a contract

Art. 6(1)(b) GDPR – Contract
‍Data necessary to conclude the contract are stored until the contract is performed and for 5 years from the issuance of the financial document.

Settlements / accounting

Art. 6(1)(c) GDPR – Legal obligation
Data relating to financial settlements are stored in accordance with the Act of 11 March 2004 on VAT, for 5 years from the issuance of the financial document.

Marketing, fanpage

Art. 6(1)(f) GDPR – Legitimate interest
‍Data are stored until an objection is raised.

Correspondence

Art. 6(1)(f) GDPR – Legitimate interest
‍Data originating from correspondence are stored for 2 years.

Assertion of claims

Art. 6(1)(f) GDPR – Legitimate interest
‍Data are stored until the expiry of rights or claims related to the performance of the contract.

Monitoring (video, audio, GPS)

Art. 6(1)(f) GDPR – Legitimate interestMonitoring data are processed to protect persons and property and to safeguard rights and claims. Retention periods:
Video monitoring: 30 days | Audio monitoring: up to 60 days | GPS data: 2 years

After the specified periods, data are permanently deleted or anonymized.

Applicable legal regulations

Act of 18 July 2002 on the Provision of Electronic Services;
Accounting Act of 29 September 1994;
Civil Code of 23 April 1964;
VAT Act of 11 March 2004;
Telecommunications Law of 16 July 2004;
Consumer Rights Act of 30 May 2014;
Personal Data Protection Act of 10 May 2018;
Regulation (EU) 2016/679 (GDPR) of 27 April 2016;
and detailed regulations arising from the above acts.

Data recipients

Entities cooperating to ensure the continuity of services.
Providers of technical and organizational solutions (IT, courier, postal, equipment, etc.).
Providers of legal and advisory services.
Persons authorized by you in exercising your rights.
Service providers within IT systems: Gmail, SAP, Meta.

In certain situations, your personal data may be transferred outside the European Economic Area, in which case you will be informed in advance.

Your personal data are not subject to profiling or automated decision-making.

Data subject rights

You have the right to request from the Controller: access to your personal data, rectification, erasure, or restriction of processing, the right to object to processing, data portability, and the right to withdraw your consent at any time.

You have the right to lodge a complaint with the supervisory authority.

Providing personal data is obligatory under the law; refusal may result in the inability to provide services. In all other cases, providing data is voluntary.

Data Protection Officer

A Data Protection Officer has been appointed. For matters related to data protection and exercising your rights, please contact: dorota.gross@bamet.pl

Controller’s statement

BAMET declares and ensures that the organizational and technical measures applied to secure data processing comply with GDPR requirements, particularly Article 32.

To exercise your rights or obtain further information on data protection, please contact the Data Protection Officer.

Detailed information is available at BAMET’s registered office.
‍

Wielka Wieś, 01 December 2022