#

Privacy policy

Data Privacy Notice

We inform you that the data controller is Inter Parts sp. z o.o. s.k.a. with its registered office in Stawiguda, KRS: 0000413681, correspondence address: ul. Jarzębinowa 4, 11-034 Stawiguda. Below is information on the principles of personal data processing in our company. To ensure the exercise of your rights, please read this Privacy Policy.

What is Personal Data?

Personal data refers to information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, based on identifying information such as name, identification number, location data, online identifier, or one or more factors specific to the physical, genetic, mental, economic, cultural, or social identity of that natural person.

Who Are We in GDPR?

Are we a data controller?

A data controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Basic Responsibilities of the Data Controller:

  • Implement appropriate technical and organizational measures to ensure that only personal data necessary for each specific purpose of the processing is processed.
  • Ensure the security of personal data processing through pseudonymization and encryption of personal data, continuous assurance of confidentiality, integrity, availability, and resilience of processing systems and services, the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident, regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.
  • Record processing activities of personal data.
  • Cooperate with the supervisory authority.
  • Report personal data breaches to the supervisory authority.
  • Notify the data subject of the breach unless appropriate technical and organizational protection measures have been implemented to eliminate the likelihood of a high risk of rights and freedoms being violated, or if the individuals whose data has been breached have been informed through a public communication or another effective way.
  • Appoint a Data Protection Officer in cases provided for by GDPR.

What Data Do We Process?

In our company, we have the following departments: finance, sales, HR, accounting, management office/secretariat, complaints, transport/logistics.

Each department processes specific personal data as follows:

Sales Department processes the following personal data:

  • Company name
  • First and last name
  • Residential address
  • Business address
  • Tax identification number (NIP)
  • REGON
  • Email address
  • Phone number

HR Department processes the following personal data:

  • Personal data of employees: name and surname, PESEL, residential address, date of birth
  • Data of job applicants: name and surname, residential address, date and place of birth
  • Data for ZUS, US, GUS
  • Data from employment contracts: name and surname, date of birth, residential address, terms of work and pay, date of contract, job position.
  • Payroll data: name and surname, salary components
  • Company data: name, registered address, NIP, REGON

Accounting Department processes the following personal data:

  • Company name
  • First and last name
  • Residential address
  • Business address
  • Tax identification number (NIP)
  • REGON
  • Email address
  • Phone number

Management Office/Secretariat processes the following personal data:

  • Company data: first and last name, residential address
  • Data of job applicants
  • Employee data resulting from incoming correspondence from, e.g., a bailiff, containing personal data.
  • Contract data with contractors, including content
  • Contractor data from invoices
  • Data from official letters incoming and outgoing from the company

Complaints Department processes the following personal data:

  • Company name
  • First and last name
  • Residential address
  • Business address
  • Tax identification number (NIP)
  • REGON
  • Email address
  • Phone number

Transport/Logistics Department processes the following personal data:

  • Name of the transport company
  • First and last name of the transport company owner
  • First and last name of the employed driver
  • Business address
  • Tax identification number (NIP)
  • REGON
  • Email address of the transport company
  • Email address of the employed driver
  • Phone number of the transport company owner
  • Phone number of the employed driver
  • Transport contract data - working conditions and pay (salary)
  • Personal data of IP employees: first and last name, PESEL, residential address, date of birth, ID number, driver's license number, date of issue of ID and driver's license.

How Do We Process Personal Data?

Sales Department processes personal data as follows:

  • Sending emails, telephone conversations, in paper form
  • Issuing e-invoices, sent electronically as a PDF file, based on written consent
  • Issuing invoices and credit notes
  • Sending correspondence to customers by email and traditional mail (post)
  • Contacting customers via telephone, GG, Skype
  • Preparing sales summaries, sales rankings
  • Copying, scanning documents for emailing and archiving
  • Contacting other departments
  • Processing data in programs like Falcon, Excel, Web Terminal by creating contractor files, entering data, issuing invoices in Falcon, Web Terminal, creating Excel tables for sales reports
  • Receiving and transferring documents between company branches
  • Changing personal data in the trading program based on email, written, and oral (telephone conversation) requests to keep current and updated data
  • Verifying contractors on the Ministry of Finance, GUS, KRS, CIDG websites to check their correctness and activity
  • Segmenting contractors according to established criteria

HR Department processes personal data as follows:

  • Electronically sending accounting documentation to ZUS, US, GUS for Employees and Employers (name and surname, PESEL, residential address, phone, email, ZUS contributions, salary data)
  • Sending and receiving documentation in paper form - bailiff's seizures, work certificates, contract terminations, PITs (name and surname, residential address, PESEL, contact phone, email)
  • Sending and receiving documentation by email - personal data for branch employees' contracts, referrals for medical exams, employee leave (name and surname, residential address, PESEL, contact phone, email)
  • Storing employee documentation in paper and electronic form, employee records of current and former employees, as well as potential ones: (name and surname, residential address, PESEL, contact phone, email, children's and spouse's data, gender, country of origin)
  • Receiving paper invoices from the Occupational Medicine Plant: initial, periodic, and control medical certificates of Employees (name and surname, position, work ability)

Accounting Department processes personal data as follows:

  • Sending emails, telephone conversations, in paper form;
  • Issuing e-invoices,
  • Issuing accounting documents (invoices, duplicates, correction notes, internal invoices, receipts to invoices, accounting notes);
  • Issuing and sending balance confirmations by mail and email;
  • Sending correspondence to customers by email and traditional mail (post);
  • Contacting customers via telephone;
  • Generating summaries to verify and control the correctness of invoice data;
  • Preparing daily summaries of issued invoices and storing them in paper form in a binder;
  • Copying, scanning documents for emailing and storing in a binder;
  • Contacting other departments;
  • Processing data in programs like Symfonia, Falcon, Excel by creating contractor files, entering data, booking documents, issuing invoices in Falcon, creating Excel tables for accounting purposes;
  • Saving gathered data on information carriers to have a backup copy;
  • Preparing tax declarations;
  • Receiving and transferring documents between company branches;
  • Archiving accounting documents;
  • Issuing invoices based on contracts;
  • Destroying accounting documents using dedicated devices - shredder;
  • Changing personal data in the accounting and trading program based on email, written, and oral (telephone conversation) requests to keep current and updated data;
  • Ordering an external entity to destroy (recycle) stored accounting documents after the legally specified time has passed;
  • Copying, scanning bank statements;
  • Transferring accounting documents between departments for description, signature, payment, and booking;
  • Verifying contractors on the Ministry of Finance, GUS, KRS, CIDG websites to check their correctness and activity.

Management Office/Secretariat processes personal data as follows:

  • Recording incoming and outgoing correspondence in a logbook and further transferring it to employees and branches
  • Sending and receiving correspondence via email (letters, contracts, land registry numbers, name and surname, contact phone, email address)
  • Sharing contracts with employees

Complaints Department processes personal data as follows:

  • Sending emails, telephone conversations, in paper form
  • Issuing and sending credit notes in paper and electronic PDF form
  • Sending correspondence to customers by email and traditional mail (post)
  • Contacting customers via telephone, GG, Skype
  • Preparing summaries of reported goods complaints
  • Copying, scanning documents for emailing and storing in a binder
  • Contacting other departments
  • Processing data in programs like Falcon, Excel, Word by creating complaint reports, issuing accounting notes, credit notes in Falcon, filling in reports and tables for IP suppliers.
  • Receiving and transferring documents between company branches

Transport/Logistics Department processes personal data as follows:

  • Creating transport contracts and annexes in written form
  • Contacting transport companies and their employees via telephone and email
  • Sending correspondence via email and traditional paper mail (post)
  • Issuing and sending invoices in electronic (email) and traditional (post) form
  • Preparing sales summaries, sales rankings
  • Copying, scanning documents for archiving
  • Contacting other departments
  • Processing data in programs like Falcon, Excel, Web Terminal by creating contractor files, entering data, issuing invoices in Falcon, Web Terminal, creating Excel tables for sales reports
  • Receiving and transferring documents between company branches and departments
  • Verifying transport companies on the Ministry of Finance, GUS, KRS, CIDG websites to check their correctness and activity
  • Supervising and controlling vehicle movements using GPS devices.
  • Assigning vehicles to employees for use.
  • Handling vehicle compensation claims
  • Handling traffic violation cases
  • Based on actually performed data processing activities, we have created a Register of Data Processing Activities.

On What Basis Do We Process Personal Data?

Most data is processed based on consent to process data received from data subjects.

In other cases, data processing is based on an explicit provision of the law or the right to realize or protect legitimate economic interests.

What is Our Purpose for Processing Personal Data?

Personal data is processed to conclude and perform contracts, fulfill the legitimate interests of the controller, and meet legal obligations of the controller.

What Documents Do We Use for Data Protection?

The primary document for data protection is this document containing the main principles of the Data Protection Policy. Additionally, we use various procedures in accordance with legal requirements to protect the personal data entrusted to us and minimize the risk of unauthorized access and disclosure of user data.

The Data Protection Policy is determined by the Management Board of Inter Parts sp. z o.o. S.K.A. in consultation with the management of the various company departments. To ensure transparency, this Policy describing personal data processing principles has been published on our main website. Every customer can review it and provide feedback through the Data Protection Officer. This is a very important person, and we describe more about them below.

Moreover, to maintain consistency in procedures, we also apply internal company regulations and several clauses in contracts with contractors.

What Rights Do Data Subjects Have?

All data subjects whose data we process have specific rights. These can be exercised, particularly through the data controller or the data protection officer. These rights include:

  • The right to access their personal data, i.e., the right to obtain confirmation of whether the controller is processing data and information about such processing.
  • The right to rectify data if the data processed by the controller is incorrect or incomplete.
  • The right to request the deletion of data from the controller.
  • The right to request the controller to restrict data processing.
  • The right to data portability, i.e., the right to receive the personal data provided to the controller and send it to another controller.
  • The right to object to data processing based on the legitimate interest of the controller or to processing for direct marketing purposes.
  • The right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
  • The right to obtain human intervention from the controller, express their position, and contest a decision based on automated data processing.

Additionally, in case of suspected data processing violations, data subjects have the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another EU member state where the data subject has their habitual residence, place of work, or where the alleged infringement of GDPR occurred.

Our Company's Organizational Structure in the Data Protection Policy

In our company, we know who has the right to process personal data and take special care of their protection. For this purpose, we have created an organizational chart, which we cannot publish here.

Data Protection Officer

The Data Protection Officer is an employee of the Controller or a person performing the tasks of the Officer based on separate agreements, having qualifications and expertise in personal data processing. The Officer is responsible for informing the controller, the data processor, or their employees about obligations related to personal data processing and advising on this matter, monitoring compliance with data protection regulations, providing recommendations on data protection impact assessments and monitoring its performance, cooperating with the supervisory authority, and being the contact person for the supervisory authority concerning data protection control.

You can contact the Data Protection Officer via email: rodo@interparts.pl