PRIVACY POLICY

Last updated January 31, 2022

Introduction

1. Kapstone Solutions Sp. z o. o. ul. Szymanowskiego 28, 59-900 Zgorzelec (hereinafter: KAPSTONE) makes every effort to protect personal data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable law and change, loss, damage or destruction and respect the privacy of each the person whose personal data is processed.

2. Personal data is processed by KAPSTONE in compliance with the requirements of generally applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation or GDPR, OJ L 119, 4.5.2016, p. 1- 88).

3. This Privacy Policy (hereinafter: Policy) sets out the rules for the processing and protection of personal data adopted by KAPSTONE. The Policy regulates:

a. the types of personal data KAPSTONE collects,
b. how this data is used,
c. the rights of persons whose data is processed by KAPSTONE,
d. categories of entities to whom the data is shared,
e. personal data protection and security measures,
f. the method of contact regarding the exercise of the rights of persons whose data is processed by KAPSTONE,
g. measures and methods used by KAPSTONE to protect personal data,
h. information on cookies .

I. Basic concepts

1. personal data – all information relating to an identified or identifiable natural person, e.g. name and surname, telephone number, address, ID card number. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors determining his physical, physiological, mental, economic, cultural or social characteristics. Information is not considered to enable the identification of a person if it would require excessive costs, time or activities;

2. data processing – any operations performed on personal data, such as collecting, recording, storing, developing, changing, sharing and deleting, especially those performed in IT systems;

3. breach of personal data protection – breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed;

4. User – a natural person whose personal data is processed by KAPSTONE.

II. KAPSTONE as the Personal Data Controller

Kapstone Solutions Sp. z o. o. ul. Szymanowskiego 28, 59-900 Zgorzelec (hereinafter: KAPSTONE), mobile phone: +48 690 590 143, e-mail: info@kapstone.solutions

III. KAPSTONE Collection of Personal Data

1. KAPSTONE obtains personal data primarily directly from Users. If the business contact details have not been collected directly from the data subject (e.g. by receiving by KAPSTONE a business card containing such data or from the employer of such a person), they may have been provided by the represented entity or obtained from publicly available sources, such as as public registers (e.g. the National Court Register).

2. KAPSTONE obtains personal data, in particular as regards:
● contact information (such as name, address of residence / stay / correspondence / business, e-mail and telephone number);
● business contact information (such as job title, department and institution name);
● needed to issue a VAT invoice (such as NIP, REGON);
● data relating to the User necessary for the performance of a contract with KAPSTONE and the fulfillment of legal obligations incumbent on KAPSTONE;
● the content provided (such as photos, articles and comments).

IV. How KAPSTONE processes personal data

1. KAPSTONE ensures control over the type and scope of personal data processed, the period and method of their processing, as well as the persons authorized to process them.

2. KAPSTONE makes every effort to protect the information and personal data it collects.

3. KAPSTONE provides adequate administrative, technical and physical protection of personal data against accidental, unlawful or unauthorized damage, loss, modification, access, disclosure or use.

4. KAPSTONE stores personal data only as long as it is necessary to achieve the purpose for which the personal data was collected, unless otherwise required by applicable law.

5. KAPSTONE takes measures to destroy or permanently disable identification of personal data, if required by applicable law or if the personal data is no longer needed to achieve the purpose for which it was collected.

6. KAPSTONE represents that:

● processes personal data in accordance with the law;
● collects personal data for specified, lawful purposes and does not subject it to further processing incompatible with these purposes;
● stores personal data in a form that allows the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing;
● processes personal data substantially correct and adequate in relation to the purposes for which they are processed.

7. Access to personal data is granted to: KAPSTONE, its employees authorized in writing, associates and persons providing services to it. Access to personal data by the above-mentioned persons is only possible for the purpose and to the extent specified by KAPSTONE.

8. KAPSTONE keeps records of persons authorized to process personal data. Persons authorized to process data are required to keep their personal data and the methods of securing it strictly confidential.

9. KAPSTONE and the persons authorized to process this data apply technical and organizational measures ensuring the protection of the personal data processed.

V. Purposes of processing personal data by KAPSTONE

1. The data collected by KAPSTONE may be used, inter alia, for the following purposes:

● the provision of services or the performance of contracts , in particular sales / delivery contracts, offered by KAPSTONE, their administration and communication by KAPSTONE; in the case of processing of personal data of a person on whose request steps have been taken to conclude a contract with KAPSTONE or to perform a contract concluded with it pursuant to art. 6 sec. 1 lit. b; where personal data are obtained for the purpose of executing a specific contract, KAPSTONE provides the data subject with details of the processing of their personal data at the time the contract is concluded;

● fulfillment of legal obligations incumbent on KAPSTONE, which result from the provisions governing the provision of services or KAPSTONE operations, as well as accounting and tax regulations (pursuant to Article 6 (1) (c) of the GDPR);

● conducting electronic and traditional correspondence; in the case of directing to KAPSTONE by e-mail or traditional correspondence not related to the services provided by KAPSTONE or another contract concluded with KAPSTONE, the personal data contained in this correspondence is processed only for the purpose of communication and resolving the matter to which the correspondence relates, which is a legitimate interest KAPSTONE (based on: Article 6 (1) (f) of the GDPR);

● conducting telephone contacts; when contacting KAPSTONE by telephone, in matters not related to the services provided by KAPSTONE or any other contract concluded with KAPSTONE, KAPSTONE may request personal data only if it is necessary to handle the case to which the telephone call relates, which is legally justified KAPSTONE interest (pursuant to Article 6 (1) (f) of the GDPR);

● monitoring: in the case of personal access to the KAPSTONE premises, KAPSTONE processes personal data in the form of an image in the form of video monitoring, which is a measure of increasing security KAPSTONE legitimate interest (pursuant to Article 6 (1) (f) of the GDPR);

● collecting personal data in connection with KAPSTONE activities: in connection with its activities, KAPSTONE may also obtain personal data for other purposes, e.g. establishing and maintaining business contacts, which in each case will be based on the legitimate interest of KAPSTONE (legal basis: art. paragraph 1 (f) of the GDPR).

● risk assessment and improvement of KAPSTONE operations (including the development of the services provided, communication management, analysis and improvement of its services), which is KAPSTONE legitimate interest pursuant to Art. 6 sec. 1 lit. f GDPR;

● to assess KAPSTONE interest in employment or use of its services and to contact you regarding employment or service opportunities by KAPSTONE, which is KAPSTONE legitimate interest pursuant to Art. 6 sec. 1 lit. f GDPR;

● recruitment: in order to fulfill legal obligations related to the recruitment process (based on: Article 6 (1) (c) of the GDPR); in order to recruit and conclude a contract with a candidate at his request (based on: Article 6 (1) (b) of the GDPR). As part of the recruitment processes, KAPSTONE expects to provide personal data (CV or curriculum vitae) only to the extent specified by law. If the candidate also provides other data not required by KAPSTONE in the recruitment advertisement, it is considered that he has consented to their processing (legal basis: Article 6 (1) (a), and such consent may be withdrawn by the candidate at any time, without affect the lawfulness of the processing carried out before its withdrawal. If the submitted applications contain information inadequate for the purpose of recruitment, they will not be used or taken into account in the recruitment process;

● as required by law or in connection with pending legal proceedings or in connection with a request from a public authority (eg. the Head of the Tax Office) to disclose information held by KAPSTONE, which is KAPSTONE legitimate interest within the meaning of Art. 6 sec. 1 lit. f GDPR, and in the event of a request from an authorized public authority, compliance with KAPSTONE legal obligation;

● ensuring compliance of the processing with the provisions of personal data protection and KAPSTONE's internal regulations in this regard, which is KAPSTONE legitimate interest within the meaning of Art. 6 sec. 1 lit. f GDPR.

2. Providing personal data is voluntary, but failure to provide it will make it impossible to achieve the objectives referred to above.

V. Period of storage of personal data by KAPSTONE

1. Personal data will be kept by KAPSTONE for the period necessary to achieve the above-mentioned purposes, but no longer than required by the provisions of generally applicable law. The period of storage of personal data by KAPSTONE depends on the basis and purpose for which it is processed. KAPSTONE always informs you about it before or during the collection of your personal data.

2. KAPSTONE indicates that personal data processed by KAPSTONE:

a) in order to conduct direct marketing, they will be stored until objection to the processing of this data is received.
b) on the basis of consent to the processing of this data, will be stored until its withdrawal.
c) With the use of cookies and similar technologies, they will be stored until these files are deleted using the browser or device / device settings and object to their processing by the User.
d) in order to fulfill the obligations resulting from the provisions of generally applicable law (e.g. to issue an invoice), they will be stored within the period required by these provisions, e.g. accounting and tax law.
e) in order to provide services, including sales, they will be stored until possible determination, defense or redress by KAPSTONE – in accordance with the generally applicable limitation periods.

VI. Sharing and entrusting the processing of personal data by KAPSTONE

1. KAPSTONE does not share, sell or disclose in any other way collected personal data, except for situations described in the Policy or when it results from generally applicable law.

2. KAPSTONE may entrust the processing of personal data to service providers acting on its behalf, in particular electronic, accounting, legal, courier and postal services related to the services provided by KAPSTONE.

3. KAPSTONE requires these service providers to comply with the law, with a high level of privacy protection and the security of personal data processed by them on behalf of KAPSTONE.

VII. Rights of persons whose data is processed by KAPSTONE

1. Within the limits of the law, the User has the right to access his personal data, in particular as a form of control of the processing of his personal data by KAPSTONE, in particular obtaining information about the purpose, scope and method of data processing.

2. Within the limits of the law, the User also has the right to change, supplement, rectify and update his personal data processed by KAPSTONE.

3. Within the limits of the law, the User also has the right to request the deletion of his personal data processed by KAPSTONE.

4. If the processing of personal data is based on the consent of the User, he has the right to withdraw consent to the processing of his personal data by reporting it to KAPSTONE in any way. In such situations, KAPSTONE will adapt to the decisions in relation to future activities, which means that the withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.

5. You have the right – in the cases provided for by law – to request KAPSTONE to restrict the processing of your personal data.

6. For reasons related to the particular situation of the User and within the limits of the law, the User has the right to object to the processing of his personal data by KAPSTONE based on the implementation of its legitimate interest.

7. Within the limits of the law, the User has the right to receive, in a structured, commonly used, machine- readable format, the personal data concerning him that has been provided by KAPSTONE, and the right to send this personal data to another controller without obstruction by KAPSTONE. However, KAPSTONE will only do so if such a message is technically possible. The right to transfer personal data applies only to data processed by KAPSTONE on the basis of a contract concluded with the User or on the basis of his consent.

8. The above rights may be exercised by sending an e-mail to the following address: info@kapstone.solutions.

9. If it is found that the processing of personal data by KAPSTONE violates the law, the User may submit a complaint to the supervisory body, in the case of the Republic of Poland – the President of the Personal Data Protection Office.

VIII. Cookies and analysis software

1. Using the website www.kapstone.solutions may require providing your data, such as information from cookies. By using the www.kapstone.solutions website, the User agrees to place the cookies described above on his computer or other device. The consent to the processing of “cookies” is voluntary. However, the user can always control the installed cookies. However, deleting or blocking cookies may affect the way you use the www.kapstone.solutions website , as some of its areas may become inaccessible.

2. The above control is carried out using the browser settings. Information on modifying browser settings, blocking and filtering cookies can be found at: aboutcookies.org;. Most often, the browser settings by default allow the placement of “cookies” on the end device. If the User does not agree to saving these files, it is necessary to change the web browser settings accordingly. It is possible to disable the saving of “cookies” for all connections from a given browser or for a specific website, and also to delete them. The method of managing “cookies” depends on the software used, therefore the detailed information on the possibilities and ways of handling them can be found in the settings of the web browser used by the User to connect to the www.kapstone.solutions website.

3. KAPSTONE, its service providers and business partners collect some information through automated means, such as cookies , while browsing the website www.kapstone.solutions. The information collected in this way may include: IP address, browser type, operating system, visited URLs, as well as information on activities performed on the website.

4. Cookies contain little information and are downloaded to a computer or other device by the server supporting the www.kapstone.solutions page . The web browser used by the User sends them back to the www.kapstone.solutions page each time the User uses it, thanks to which the server recognizes the User and remembers, for example, his preferences (visits or previous activities). However, cookies may collect information about the User (e.g. about the language, country and previously viewed pages) each time the www.kapstone.solutions website is visited . More information on cookies can be found at “aboutcookies.org”.

5. KAPSTONE uses persistent cookies only to test the functionality of the www.kapstone.solutions website, also after the end of the session by the User. In the case of session files, they are stored until the end of a given session.

6. KAPSTONE may use cookies used by Google Inc. 1600 Amphitheater Pkwy , Mountain View , CA 94043, United States as part of the services.

7. For your convenience and to provide additional information, the www.kapstone.solutions website may contain links to websites operated by entities independent of KAPSTONE, such as Facebook. They may have separate clauses or privacy policy. KAPSTONE encourages you to read their content. With respect to any sites linked from www.kapstone.solutions that are not owned or controlled by KAPSTONE, KAPSTONE accepts no responsibility for their content, your use of those sites or for their applicable privacy policy.

IX. Policy changes and updates

1. The policy may be modified periodically. The modifications are intended to reflect changes in KAPSTONE Personal Data Handling Practices and to strengthen KAPSTONE Personal Data Protection System.
2. Significant changes to the Policy will be signaled by clearly visible messages posted on the KAPSTONE website. At the top of the page with the content of the Policy, there will be information about the date of its latest update.

X. Contact

You may contact KAPSTONE at any time to inquire about whether and how KAPSTONE uses or intends to use your personal data, and if you have any questions or comments about the Policy. Contact details: Telephone +48 690 590 143, e-mail: info@kapstone.solutions