Data privacy

Privacy policy - general principles of data processing and privacy protection in Metro Services PL sp. z o.o.

Preliminary information - who is the administrator of your personal data?

  1. The administrator of your personal data is Metro Services PL limited liability company with its registered office in Szczecin at 67 Ku Słońcu Street (71-041 Szczecin), entered into the Register of Entrepreneurs of the National Court Register by the District Court of Szczecin Centrum in Szczecin, XII Commercial Department of the National Court Register under KRS number: 0000390325, holding Tax Identification Number (NIP): 7010305590 and REGON number: 143007178, hereinafter referred to as: Administrator.
  2. The controller shall address this information to natural persons for the purposes of carrying out the obligations laid down in Article 13(1) and (2) and Article 14(1) and (2) of the General Data Protection Regulation of 27 April 2016, hereinafter referred to as 'the Regulation': RODO.
  3. The controller has identified specific categories of data subjects and, if justified, addresses separate messages to them containing precise information about the processing of personal data.
  4. The controller has carefully selected and applies technical and organisational measures to ensure the protection of personal data being processed. Personal data are protected against possible access by unauthorized persons as well as against their processing in violation of applicable law.

How can you contact the Administrator's representative for more information about the processing of your personal data?

  1. The controller has appointed an internal data protection officer, who can be contacted by e-mail: data.protoection@metro-services.pl.
  2. If you are unsure about the identity of the personal data controller and the processing of your data also concerns the activities of other companies in the Metro Group, you can also address any questions you may have to your e-mail address: nelli.luezinger@metro.de.

The basis for authorising Metro Services PL to process personal data

Your personal data is processed by the Administrator in accordance with the specified basis and for clearly stated purposes:

  1. answering the questions asked in connection with the contact made by potential contractors who are natural persons or other natural persons interested in the Administrator's activities (basis of processing: your consent, i.e. Article 6(1)(a) of the RODO or action taken by the Administrator at your request before concluding the contract, i.e. Article 6(1)(b) of the RODO);
  2. performance of the contract with a service provider or any other type of contractor being a natural person (basis of processing: the need for processing for the purposes of contract performance and/or action taken by the Administrator at your request prior to the conclusion of the contract, i.e. Article 6(1)(b) of the RODO);
  3. fulfilling the legal obligations incumbent on the controller, i.e., i.e. accounting and tax obligations, or the implementation of an extensive catalogue of rights of data subjects, as well as the handling of incidents related to the processing of personal data (basis of processing: fulfilling the legal obligations incumbent on the controller, i.e., Article 6(1)(c) of the RODO);
  4. processing of personal data of employees or representatives carrying out activities for the benefit of suppliers, customers and other contractors, which may occur during the performance of the concluded contracts (basis of processing: realization of legally justified interests of the controller, i.e. Article 6(1)(f) of the RODO - realization of the controller's statutory activity is indicated as a legally justified interest);
  5. protection of the controller's interests, asserting or securing the controller's own claims, if any, and protection against possible claims of other entities (basis of processing: realization of the controller's legitimate interests, i.e. Article 6(1)(f) of the RODO - the realization of the controller's statutory activities and protection against claims and safeguarding own claims shall be considered a legitimate interest).

Sources of your personal data processed by the Administrator

The administrator points out that if you have not directly provided him/her with your personal data, the source of their acquisition may be primarily:

  1. Administrator's contractor (i.e. primarily your employer, principal or other type of contractor);
  2. a source of information available to the public (i.e. mainly websites or databases of economic operators);
  3. another company from the METRO group (i.e. mainly Administrator's clients being companies associated within the METRO group).

What scope of your personal data is processed?

  1. In the course of processing activities, the Administrator applies the principle of data minimization. If the catalogue of data is not explicitly defined by the law or if you do not provide it personally, the Administrator shall limit it to the necessary data.
  2. You are obliged to indicate complete, current and true data.
  3. The realization of the purposes of processing described above, in the vast majority of cases, does not require processing of special categories of personal data, i.e. also data concerning health condition. Therefore, if you provide your data to the Administrator, do not provide them in an excessive directory.
  4. The data subject or another controller should not transfer the data of third parties to the Controller. However, if such data are transferred, the transferor each time declares that he or she has appropriate authorisation or has confirmed the existence of a basis which enables such transfer to the Administrator.
  5. If the controller processes personal data of natural persons obtained from another source, the scope of the data processed is generally limited to: name and surname, basic contact and address data, as well as indications concerning business affiliation or type of business activity.

Who is the recipient of your personal data?

  1. The personal data processed by the Administrator may be made available to entities entitled to receive them under the applicable law, including competent state authorities.
  2. Moreover, personal data processed by the Administrator, depending on the purpose of processing, may be made available:
    1. processing entities, such as: entities providing document archiving and destruction services, external consulting entities, entities providing IT services to the Administrator, couriers, translation agencies and possible other subcontractors associated within the METRO group;
    2. recipients who are separate personal data controllers, such as: an entity providing audit services, post offices, law firms, hotels, entities involved in business trips and companies associated within the METRO group.
  3. Personal data may be transferred outside the EEA, i.e. to third countries. The controller does not provide for a transfers to international organisations. Such a transfer is usually secured by standard contractual clauses and sometimes also by a declaration of participation in the Privacy Shield scheme. The countries to which data transfers can be made are primarily India and the US.

How long does the Administrator process your personal data?

  1. The essential criterion that determines the period of time for which your personal data is kept is the time necessary to achieve the purpose of processing.
  2. If processing is based on your consent, you can withdraw your consent at any time. However, the Administrator indicates that in the case of such an action, there may be other circumstances justifying further processing of personal data.
  3. When processing takes place due to the need to fulfil a legal obligation incumbent on the Administrator, or in connection with the performance of a contract or for the purposes of the Administrator's legitimate interest, the periods and criteria determining the time of storage may be dictated, among others, by:
    1. the period of performance of a given contractual relationship;
    2. obligation to keep accounting records - 5 years from the beginning of the year following the financial year in which the transaction was finally completed or settled;
    3. the need for security or subsequent redress - a basic period of 6 years from the date on which the claim has become due.

What rights do you have in connection with the processing of personal data by the Administrator?

  1. Depending on the processing activity, the catalogue of rights that you may be entitled to is set out below:
    1. the right of access to data;
    2. the right to rectify data;
    3. the right to delete data;
    4. the right to restrict processing;
    5. the right to data portability;
    6. the right to object.
  2. The exercise of rights may be carried out by sending an appropriate request to the following e-mail address data.protection@metro-services.pl.
  3. The administrator informs that you also have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.

Do you have to give us your personal information?

  1. If the obligation to provide personal data does not result directly from the contractual provisions or from a legal provision, providing personal data is a voluntary action, but necessary to use the Administrator's services or to contact the Administrator.
  2. This document presents, collectively, most of the information concerning the processing of personal data. For details of specific processing operations, please contact the Data Protection Officer using your e-mail address: data.protection@metro-services.pl

Information on the processing of personal data closely related to the operation of this website

  1. In connection with the operation of this website, METRO AG with its headquarters in Germany (Metro-Straße 1, 40235 Düesseldorf) may also be the controller of your personal data.
  2. Some personal data is collected automatically via your terminal device, i.e. computer or phone, when you use the Internet. The information we record is mainly your IP address, date and time of your visit, type of Internet browser, operating system and history of pages you visit. These activities are carried out for the purpose of data security and to optimise the content and offerings as well as to improve the website. In practice, most of the processing activities are used to build analyses and the data we process remains anonymous.

Information about Cookies

  1. For the proper operation of its website, the Administrator uses cookies, including in a manner tailored to individual needs.
  2. Using the website without changing the settings for cookies means that they will be stored on your terminal device. You can change your cookie settings at any time in your web browser or refuse the consent of our cookie banner.
  3. Cookies, including session cookies, may also provide information about your terminal device and the version of browser you are using. These tasks are performed for the correct display of content within the Administrator's website.
  4. Cookies are short text files. Under no circumstances do cookies make it possible to personally identify a visitor to the website and no information is stored in them that might enable such identification. Some cookies are deleted immediately after a browsing session. Other cookies will be stored on your device and will allow us to recognize your device on your next visit.
  5. More information about Cookies can be found on websites such as http://youronlinechoices.eu/ or https://wszystkoociasteczkach.pl/.
  6. In connection with the operation of this website, we use Siteimprove Analytics, i.e. a website analysis service provided by Siteimprove GmbH with its registered office in Germany (Kurfürstendamm 56, 10707 Berlin). On the basis of this service we monitor the functionality of the website and provide our visitors with the most useful tool. Siteimprove collects anonymised IP addresses, information about the browser and system used, information about your visit to the site and other statistical data used exclusively for quality control purposes. The data collected by Siteimprove for European customers is not stored outside the European Union (dedicated data centres are located in Germany and Denmark).
  7. Other third party suppliers with whom we may cooperate for the operation of this website are:
    1. HRLink – job portal;
    2. Taleo – job portal;
    3. Pindom Monitoring – monitoring the functionality of our website;
    4. Investis – displaying stock market quotation and thumbnail chart (for METRO group);
    5. SOLR – full text search technology on our website;

      the above entities use Cookies, but do not receive personal data from us.

  8. Our website also contains references to social networking sites, such as:
    1. Facebook (managed by: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA);
    2. LinkedIn (managed by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

The transfer of personal data to these social media platforms only takes place if you click on the interaction icon (e.g. Facebook logo). After clicking on the icon, the platform of the selected platform will open in the popup window.

At the same time, we point out that providers of social media platforms have their own rules on the processing of Cookies and privacy protection. You will find this information on the platform of the selected provider in the privacy policy tabs.


METRO SERVICES PL

Date of last update: 14 January 2019.