General information obligation

Rules for the processing of Personal Data
by Action S.A.
General information obligation

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

1. Data of the Controller:
We hereby inform you that the Controller of your Personal Data (in particular: first name, surname, phone number, e-mail, company name, hereinafter: “Personal Data”) is Action S.A., contact information: ul. Dawidowska 10, Zamienie, 05-500 Piaseczno. E-mail contact of the Personal Data Protection Officer: iod@action.pl
2. Legal basis for the processing:
If you are a natural person or a natural person running a business activity Your Personal Data is processed for the purpose of negotiating and performing contracts between you and the Data Controller (i.e. on the basis of Article 6(1)(b) of the GDPR - processing is necessary for the performance of the above-mentioned purpose) and to comply with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR)
If you are an employee of the Controller’s contractor Your Personal Data is processed for the purpose of conducing a business activity, negotiating and performing contracts between your employer/customer and the Data Controller (i.e. on the basis of Article 6(l)(f) of the GDPR - processing is necessary for the purposes of the legitimate interests pursued by the Controller) and to comply with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR)
If you have given your consent to the processing of your Personal Data In the case of you having given your consent to the processing of your Personal Data, the legal basis for the processing is your consent.
Providing this data is voluntary, but necessary for the provision of the service.
Giving your consent is voluntary and it may be withdrawn by you at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal (i.e. on the basis of Article 6(1)(a) of the GDPR - the basis for processing is the consent given).
3. Duration of data retention:
Your Personal Data will be retained for a period necessary for the purposes indicated above or until the moment of your withdrawal of consent, prolonged by the period resulting from the relevant provisions of law (periods of limitation of claims and periods of data retention resulting from different provisions).
4. Data category:
The data processed belongs to the common Personal Data category.
5. Source of data:
The processed data has been or will be obtained directly from you or a person from the organisation within which you are employed.
6. Data recipients:
The recipients of your Personal Data may be the contractors of the Controller, whose services are used by the Controller.
7. Transfer to a third country:
The Controller will not transfer your Personal Data to third countries (countries outside the EEA) unless you have previously given your consent to do so.
8. Rights:
You have the right to:
  1. demand access to your Personal Data at any time;
  2. immediately rectify any of your Personal Data which is incorrect and complete any of your Personal Data which is incomplete;
  3. immediately erase your Personal Data;
  4. restrict the processing if:
    1. you question the correctness of your Personal Data,
    2. the processing is unlawful, but you object to the erasure of your Personal Data,
    3. the Data Controller no longer needs your Personal Data for the purposes of processing, but you need it to investigate, enforce or defend legal claims,
    4. you have objected to the processing - until the moment of determination of whether the grounds of the controller take precedence over the grounds of the objection,
  5. object to the processing of your Personal Data on the basis of Article 6(1)(f) of the GDPR, in particular to the processing of Personal Data for the needs of direct marketing;
  6. data portability, including to:
    1. receive (in a structured, commonly-used, machine-readable format) data, which you provided to the Controller and transfer it to another controller;
    2. demand your data to be sent by the Controller directly to another controller, if technically possible; as long as the processing of your Personal Data takes place in an automated manner and on the basis of Article 6(1)(b) of the GDPR;
  7. lodge a complaint with the President of the Personal Data Protection Office, if you consider that the processing of your Personal Data is in breach of the provisions of the GDPR or the Polish Act of 10 May 2018 on the protection of Personal Data.

Our brands