GDPR

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”, we hereby comply with the information obligation regarding the processing of personal data.

  • Data Controller

The administrator of the personal data collected from you is: Empire Nord Groupe Sp. z o.o. registered in the District Court in Bielsko-Biała, VIII Commercial Division of the National Court Register under the number 0000470493, NIP 9372666970, REGON 243319012.

  • Categories and purposes of processed personal data

As part of the services we provide, we may process your personal data as our Clients (Clients conducting various forms of business) and personal data of our Suppliers, i.e. entities cooperating with us (providing us with specific services, e.g. transport). We may obtain personal data both directly from you and from other sources such as public registers, as well as through various communication channels such as: e-mail, phone call, contact form available on our websites.

We may process the following categories of personal data, namely in particular: registration data of the conducted business (NIP number, REGON number, name of the business, address of the business activity), name, surname, contact details such as e-mail, telephone number. In the case of Suppliers, we will process registration data of the conducted business activity such as NIP number, REGON number, address of the conducted business, name of the business, name and surname, contact details such as e-mail, telephone number, position/function performed.

The processing of personal data is necessary to achieve the purposes of processing, such as the execution of an order or taking steps prior to the execution of an order. The legal basis for the processing of personal data is Article 6(1)(b) and (f) of the GDPR, i.e. when: the processing is necessary for the performance of a contract to which the data subject is a party or to take steps prior to entering into a contract; processing is necessary for the purposes of the legitimate interests of the data controller or a third party.

We may also process personal data of contact persons, as well as persons authorized to represent the Customer/Supplier. These data may be processed for the purpose of concluding and performing the contract on the basis of the legitimate interest pursued by the Administrator in accordance with Article 6(1)(f) of the GDPR. For the above-mentioned purposes, we may process in particular such data as: name, surname, e-mail, telephone number, function performed, data resulting from the power of attorney document. This data is provided by the Customer/Supplier each time. 

Pursuant to Article 21 of the GDPR, if the processing of personal data is based on the premise of a legitimate interest pursued by the Controller, the data subject has the right to object to such processing at any time – for reasons related to his or her particular situation.

If the legal basis for the processing is Article 6(1)(b) and (f) of the GDPR, the provision of personal data is necessary to achieve the purposes of processing referred to above. Failure to provide personal data may result in the inability to provide services, including the obligations incumbent on the Administrator. In the remaining scope (if the legal basis for data processing is a voluntary consent), the provision of personal data is voluntary.

  • Sharing of personal data

We may share your personal data for legitimate purposes:

  1. cooperating entities, if the provision is necessary for the proper performance of the contract (e.g. transport companies, entities providing services in the field of transport exchange), 
  2. other entities if we are obliged to do so under applicable law, 
  3. service providers who process data exclusively on our instructions and are contractually obliged to protect the data entrusted to them.

The recipients of your personal data may therefore be such entities as: entities cooperating with us on a B2B basis, website providers, e-mail hosting providers, IT service providers, entities dealing with the secure destruction of documents and data carriers after their expiry of usefulness, entities conducting postal or courier activities, legal, tax and accounting offices, entities dealing with debt collection.

  • Retention period

We process your personal data during the execution of the order and after completion, within the period necessary provided for by law, as well as due to formal and legal obligations incumbent on us or the legitimate interest pursued by the data administrator (tax obligations; pursuing or defending against claims).

  • Your rights under the GDPR

Each person whose personal data is processed has the right to request:

  1. access to the content of their data (the person to whom the processing relates may find out what data the Controller processes, how and for what purpose);
  2. rectify their data (the data subject may request the correction of incorrect data or the completion of missing data);
  3. delete their data (if one of the prerequisites under Article 17(1) of the GDPR applies; the prerequisites for complying with the request to delete data are provided for in Article 17(3) of the GDPR);
  4. restriction of processing (the data subject may submit a request for restriction of processing. If the request is justified, the Administrator may process the data in the scope of storage while being in accordance with Article 18(2) of the GDPR);
  5. the right to data portability (the right that can be exercised at the time when the legal basis for the processing is the consent of the person to whom the processing relates or the performance of the contract and the processing takes place under conditions of complete automation);
  6. the right to object (after receiving such a request, the Administrator ceases to process the personal data to which the objection has been expressed, unless it demonstrates the existence of important legitimate grounds for processing, overriding the interests of the applicant, rights and freedoms or grounds for establishing, investigating or defending against claims);
  7. the right to withdraw consent at any time without affecting the lawfulness of the processing (if the processing is based on the consent given), which was made on the basis of consent before its withdrawal.

Persons to whom the processing relates may exercise the above-mentioned rights by submitting a request via the contact details of the rodo@empire-ng.pl. Without undue delay – and in any case within one month from the date of receipt of the request – the Controller shall provide the data subject with information on the actions taken in connection with the exercise of the above-mentioned rights. If necessary, this period can be extended by a further two months due to the complexity of the request or the number of requests. Within one month of receipt of the request, the Controller shall inform the data subject of such an extension of the deadline, stating the reasons for the delay. If the data subject has submitted his/her request electronically, the information will also be transmitted electronically if possible, unless the data subject requests otherwise.

Each person whose personal data is processed has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, if they believe that the processing of their personal data violates the law.

  • Automated decision-making/profiling

Personal data will not be processed in a way that would result in automated decision-making, including profiling. This means that we do not use IT systems that collect information about you and at the same time independently and automatically make decisions that could have legal effects on you or similarly significantly affect you.

  • Data transfers to third countries

Personal data will not be transferred to third countries/international organizations.