pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (General Data Protection Regulation), so-called GDPR.
This Policy applies to the principles for personal data processing used by the related companies that belong to the BURY Group, i.e.: BURY Ltd. based in Mielec, 4 Wojska Polskiego Street, 39-300 Mielec, BURY GmbH & Co KG, 1-7 Robert-Koch-Street, 32584 Löhne, Germany; BURY-Tlaxcala S. DE R.L. DE C.V., 104 Avenida Virgen de la Caridad Huamantla, Tlaxcala CP. 90500 (hereinafter: The „Companies”) - as independent administrators of personal data, manners and purposes in which data is processed, as well as the rights of natural persons associated with the collection and use of such data.
In connection with the conducted business activity, the Companies collect and process personal data in accordance with the relevant provisions, in particular in accordance with the GDPR regulations.
Each of the Companies ensures the transparency of data processing, in particular one always informs about the processing of data at the time of their collection, including about the purpose and legal basis of processing.
The companies ensure that the data is collected only to the extent necessary for the indicated purpose and processed only for as long as it is necessary.
While processing data, the Companies ensure their security and confidentiality as well as access to information about processing to the data subjects.
In order to ensure the integrity and confidentiality of data, the Companies have implemented procedures allowing access to personal data only to authorized persons and only to the extent that it is necessary due to the duties they perform. In addition, the companies undertake all necessary measures to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data at the request of the Company.
The controller of Your personal data is:
(hereinafter referred to collectively as „Controller”, „Company” or „we”)
As part of this Policy, we would like to inform You about:
all forms of the use of information identifying natural persons, hereinafter "personal data" ("processing") in relation to natural persons who are:
a) customers, including potential customers of the Company,
b) partners, associates, employees, statutory representatives, proxies or representatives of these customers, and
c)other persons whose data we process for purposes of performing the contract between the customers and the Company, including for the purpose of issuing or processing invoices
(collectively referred to in this Policy as "Country" or "Customers").
as well as:
Data provided by Customers
In connection with the cooperation between You and the Company, as well as cooperation through intermediaries, including related entities within the BURY Group, we may process personal details you provide, such as:
a) name and surname, company, address of business activity and mailing addresses,
b) numbers held in the relevant registers (e.g. TIN or REGON numbers),
c) PESEL number,
d) contact details, such as e-mail address or telephone or fax number,
e) position occupied by You within Your organization,
f) Bank account number.
In the case of concluding a contract directly between You and the Company, the provision of the data specified above is voluntary, but necessary for the purpose of concluding the contract and cooperation between the Customer and the Company. In the event that You do not enter into a contract directly with the Company, the provision of personal data may be Your official duty.
The consequence of failure to provide data is the inability to implement cooperation between the Company and the Customer.
Data collected from other sources
We may obtain Your personal data from publicly available sources, such as business registers CEIDG or KRS, REGON register in order to verify information provided by Customers. The scope of data processed will in this case be limited to data available to the public in the relevant registers.
We can also collect Your personal data from the entities in which You are employed or which You represent. In this case, the scope of data processed shall include information necessary for the performance of the contract between the Company and such entity, e.g. information about changing contact details or changing the official position.
We can also obtain Your data from the internal databases maintained by our related companies within the capital group. This applies to data which enable contact with a specific Customer who was the recipient or supplier of products of one of the entities related to the Company.
We may process personal data if we have an important legal basis. Therefore, we process personal data only if:
a) processing is necessary to fulfill contractual obligations towards You, if you are the Party to an agreement concluded with the Company or You place orders for products or services of the Company, or you fulfill the Company orders for Your products or services;
b) processing is necessary in order to fulfill our legal obligations, e.g. the obligation to issue an invoice or other document required by law, or explicitly we are obliged to do so by law;
c) processing is necessary for the legitimate interests of the Company or a third party and does not unduly affect Your interests or fundamental rights and freedoms, e.g. for the purpose of:
Personal data is processed only for a specific purpose and to the extent necessary to achieve it and for as long as it is necessary.
Your personal data will be kept for the duration of the contract concluded with the Company, and after the termination of the contract - for the period necessary to safeguard potential claims, and fulfill the obligations under the law, and in the case of withdrawal of consent to the processing of personal data or submission of objection - until the withdrawal of consent or the submission objection accordingly. For situation where the processing of personal data is carried out on the basis of legal provisions, data shall be stored for a period resulting from specific provisions, e.g. for 5 years from the end of the calendar year in which the tax payment deadline has expired.
Transmission of personal data within a group of entities related to the Company
We may transfer personal data to our employees and associates, as well as to other entities associated with the Company. This refers to the following situations:
Transmission of personal data to other recipients
Data may be transferred to recipients and other third parties in connection with the implementation of the objectives listed above, to the extent that they are necessary for them to perform its tasks by the Company, if required by law or if the Company has a different legal basis. The recipients or other third parties may be deemed to be:
Transmission of data outside the European Economic Area
Your personal data may be subject to cross-border transmission to countries outside the European Economic Area ("EEA") and countries where there are no provisions specifying the special protection of personal data. The company has taken steps to ensure that all personal data are adequately protected and that the transmission of personal data outside the EEA is lawful.
In the event of transmission of personal data outside the EEA to a country which, according to the European Commission, does not ensure an adequate level of personal data protection, the transmission shall take place on the basis of a contract that takes into account EU requirements for the transmission of personal data outside the EEA, such as standard contract clauses approved by the Commission European.
You are entitled to:
The above rights are not absolute; regulations provide for exceptions to their application.
To use the above rights, please send an e-mail or contact the Company by correspondence to the appropriate addresses of the Administrator indicated above in the section "PERSONAL DATA ADMINISTRATOR".
This Policy has been updated on May 25, 2018 and may be subject to further changes. If it is required by law, we shall inform You of any significant changes via our website or other customarily used channels of communication with Customers.