Information on the protection of personal data
INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o. are seriously concerned about the protection and safety of your personal data and take this issue into account in their whole business activity. We would like to present a review of our website services herein which are important in the light of provisions of law concerning the protection of personal data.
We explain as follows:
- What kind of data we collect when you are using our website services
- for what purposes INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o. process the data
- What are your rights in relation with the personal data processing
- How you can contact us in relation with the protection of the data
What is the information on the protection of personal data about?
This information on the protection of personal data concerns the INternet services provided by INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o. on the interseroh.pl as well as social media accounts on Facebook, Twitter, LinkedIn and Xing (hereinafter referred to as the “social media accounts”). The Internet services provided by Interseroh companies not mentioned above shall be the subject of information on the protection of personal data respectively as it may be seen on the specific websites.
1. Personal contact and control
In accordance with the Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 in relation to the protection of individuals with regard to the processing of their personal data and on the free movement of such data as well as the repeal of Directive 95/46/EC (Journal of EU Laws Of 2016, item 119, p. 1) (GDPR), co-controllers of personal data are INTERSEROH Organizacja Odzysku Opakowań S.A. with its seat in Warsaw at ul. Wiertnicza 165, 02-952 Warsaw entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register, under no. KRS 266658, Tax Identification Number NIP 5213409980, with a share capital of PLN 2,500,000 paid in whole as well as INTERSEROH Polska Sp. z o. o. with its seat in Warsaw at ul. Wiertnicza 165, 02-952 Warsaw entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIII Economic Division of the National Court Register, under no. KRS 459881, Tax Identification Number NIP 9512367010. In the case of use herein notions like “we”, “us” or “Interseroh”, it shall refer to INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o. only.
You may contact with the co-controller by writing to firstname.lastname@example.org or sending mail to the address: ul. Wiertnicza 165, 02-952 Warsaw.
INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o. concluded an appropriate agreement on the personal data co-controlling. We agreed that if you exercise the rights mentioned further herein, we will cooperate, however INTERSEROH Organizacja Odzysku Opakowań S.A. shall be liable for undertaking necessary actions, including correction of your personal data in case of any request for correction thereof. The above-mentioned agreements shall not influence on your rights towards any co-controller individually.
2. Data processing when visiting our website
2.1. Automatic collection of access data
You may visit our website without necessity for registering an user’s account and without provision of personal data in suitable contact forms. Therefore only access data will be collected which is sent automatically by a browser. It shall cover for example your Internet identification (e.g. IP address, session identifiers, device identifiers), information on the Internet browser used and operational systems, a website which directs you to our website (e.g. If you visit our website through any link), names of files required (i.e. Which texts, films, pictures etc. you were viewing during the visit on our websites), browser language settings, any reports on errors and access time. The data shall be processed to enable you visiting our website and use thereof comfortably as well as provide durable functionality and safety thereof. Access data shall be stored for a short time in log internal data files in order to gain statistical information on use of our websites. It allows us to optimize our website, taking into account usage patterns and technical resources and to remove failures and threats to the safety. Information stored in log files shall not allow to make direct conclusions about you - particularly we store IP addresses in a short and an anonymised form. Logs are stored for 30 days and archivised upon another anonymisation. The legal basis for personal data processing is Article 6 (1) (f) of GDPR (balance of interests based on legitimised interests).
2.2. Cookies files
We use own cookie files and cookie files of third parties on our websites. A cookie file is a normalised text file stored by a browser for a specific time. Cookie files enable local storage of information such as language settings and temporary identifiers which are sent by a browser back to the server sending cookie files during subsequent visits of the User. You may display and delete cookie files in the browser safety settings. You may adjust browser settings in our sole discretion, including for example objection to receive cookie files form third parties or all cookie files. It is worth mentioning that in such case you may be not able to use all functions of our websites.
Our own cookie files are to make visiting our webpages more friendly and secure for the user The legal basis for personal data processing is Article 6 (1) (f) of GDPR, i.e. Our legitimate interests consisting in delivery of safe and appropriate content to users of our websites. We use cookie files of third parties for Internet analyse and marketing purposes. more detailed information is placed in Section 2.5 and 2.6 hereof concerning the information on personal data.
2.3. Your messages and communication
We collect all information and data which you transfer to us through our websites. for example, you may send us messages and in some cases even files (e.g. Documents in PDF format) in various places on our websites by using functions lime contacts forms and contact functions. Any obligatory information for the functions are marked so. The information provided by you shall be used only for the purposes of processing your requests. We will delete the information gathered in this manner, provided that it shall be not required any more or we will limit thereof, if there is any statutory obligation concerning the retention of data.
Disclosure of your messages to other Interseroh companies or other third parties shall be performed only in the scope necessary for processing your request (for example, we will disclose your message to other Interseroh Group entity if the latter is responsible for considering your request). If you do not wish your message being disclosed to other company, it is possible to include such information directly in the message as an obvious preventive measure. We will transfer your messages to other company to make your identification impossible (e.g. first and last name, Client iD or contact details).
The legal basis for the processing of your data are Art. 6 (1) (b) of GDPR. In the scope in which you gave consent to disclose or process in another place the data transferred to us, Article 6 (1) (a) of GDPR shall apply.
2.4. Use of YouTube films
In some parts of our websites we sue YouTube films. YouTube is an open portal which enables free publication, streaming, ranking and commenting movies operated by Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA („YouTube"). YouTube films may be displayed directly on our websites. They are placed in YouTube's extended data protection mode, i.e. No data about you as an user shall not been sent to YouTube if you do not launch the films. The data shall be sent to YouTube, provided that you play films. We have no influence on the data transmission. If the personal data are sent to the United States it shall be protected through participation in the Privacy Shield Program established in accordance with the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield which Google and YouTube entered into.
The legal basis for the above-mentioned data processing in the scope in which we are a controller shall be Article 6 (1) (f) of GDPR (balance of interests resulting from our legitimate interest in turning video content on).
2.5. Analysis tools
2.5.1. Google Analytics
Our websites use Google Analytics, webpage analysis services made available by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”). Google Analytics use cookie files to collect access data while visiting our websites. The access data shall undergo anonymisation of user profiles and sent to Google server in the United States on our behalf. Firstly, your IP address shall be anonymised. Thus we do not know which user profiles are of a specific user. We may not identify you based on the data collected by Google nor we cannot state how you use our websites. In extraordinary cases when the personal data are transferred to the United States within Privacy Shield between the European Union and the United States, which Google attended to. So the data processing performed by Google Analytics shall be the subject of the decision of the European Commission on appropriate level of protection, i.e. The level of protection of personal data shall be deemed as appropriate, even if the processing shall take place in the Unites States by exception.
At any time you may object to the above-mentioned development and evaluation of anonymised user profiles by Google. In this case, you have various options as follows:
(1) You may set your browser to block cookie files from Google Analytics.
(2) You may adjust your Google advertisement settings.
(3) You may install the cancellation plug delivered by Google under the address of https://tools.google.com/dlpage/gaoptout?hl=de on your Firefox, Internet Explorer or Chrome browser (this option does not work on mobile devices).
You can set an “opt-out” cookie by clicking here: Disable Google Analytics
The legal basis for personal data processing is Article 6 (1) (f) of GDPR (balance of interests based on legitimised interests in assessment of general use patterns).
2.5.2. Google Tag Manager (markers)
Our websites uses Google Tag Manager, service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google”). Tag Manager serves to manage the website tags more effectively. The website tag is an alternative symbol which is stored in the source code of our website to, for example, seize settlement of the website components frequently used (e.g. Internet analysis code). Google Tag Manager works without using cookie files. Data shall be partially processed on the Google server in the United States. If the personal data are transferred to the United States, it shall be protected with Privacy Shield between the European Union and the United States, which Google attended to. The legal basis therefor is Article 6 (1) (f) of GDPR, i.e. Our legitimate interest in commercial activity on our website. More information available in the Information on Google Tag Manager.
2.6. Other tools provided by third parties
2.6.1. Google ReCAPTCHA
We have built boot identification function in, e.g. for enters in Internet forms (due to a necessity for preventing performance of some functions on the website by Internet robots, we use Google reCAPTCHA mechanism to verify whether user behaviour on our website does not contain any robot elements. In such situation we may disclose your address IP to Google LLC delivered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
2.6.2. Google Maps
3. Data processing while using our career website
You apply for jobs described in our offers published in our career portal. Selection of candidates for possible employment purposes is the aim of data collection. In order to receive and process an application, we collect the following data, particularly: first and last name, e-mail address, application documents (e.g. References, curriculum vitae (CV)), the reasonable time to start working and financial expectations. The legal basis for personal data processing in the scope of names, education, the course of current employment in case of response to a recruitment offer shall be Article 6 (1) (b) and Article 88 (1) of GDPR in relation with Article 221 (1) of the Labour Code of 26 June 1974 (i.e. Journal of Laws of 2018 item 917). The legal basis for data processing other than indicated above as well as data processing in future recruitment processes shall be Article 6 (1) (a) of GDPR, i.e. consent provided by you.
4. Data processing for social media accounts
Interseroh is represented in the following own social media accounts networks:
On these websites we inform about the latest news about Interseroh and about everything we do and we are glad that we can use convenient social networks to establish direct communication with members thereof.
It is worth remembering that we do not have a full influence on the data processing performed by social networks. Therefore we ask for verifying what kind of personal data and messages you are sending to us through social networks and if there any doubts, use another forms of contacting us that are available. We bear no responsibility for behaviour of these social networks operators or members, we are liable only for own actions and nonfeasance.
If you contact us through our social media accounts, we process information delivered us by specific social network (e.g. your full name, your profile picture and message content sent to us) in accordance with the aim and for purposes you sent it to us (e.g. service order, suggestions and remarks). We will delete the information gathered in this manner, provided that it shall be not required any more or we will limit thereof, if there is any statutory obligation concerning the retention of data. In case of public posts on our social media accounts, we make an individual decision, taking into account your and our interests, whether and when we can delete the above-mentioned post.
The legal basis for the above data processing shall be dependent on the purpose of sending the message. If the aim is to use our customer service or make an application for provisions from the Interseroh website, then the legal basis shall be Article 6 (1) (b) of GDPR. Otherwise, the legal basis for the data processing is Article 6 (1) (f) of GDPR (balance of interests based on legitimate interests in message sent processing). In the scope of the User’s consent to process the above data, the legal basis shall be Article 6 (1) (a) of GDPR.
5. Disclosure of personal data
We disclose your personal data, provided that:
- You have given explicit consent in accordance with Article 6 (1) (a) of GDPR.
- Disclosure is necessary in accordance with Article 6 (1) (f) of GDPR in order to file, execute or protect legal claims of Interseroh companies and there are no grounds for supposing that you have a significant interest not to make your personal data disclosed which is superior to our legitimate interest.
- We have a statutory obligation to disclose it in accordance with Article 6 (1) (c) of GDPR.
- Disclosure is authorised by law and is necessary under Article 6 (1) (b) of GDPR for the performance of a contract to which you are the data subject or in order to take steps at your request prior to entering into a contract
5.2. Disclosure of information to the external service provider for INTERSEROH Organizacja Odzysku Opakowań S.A. and INTERSEROH Polska Sp. z o. o.
A part of processing of personal data defined herein may be performed by external service providers on our behalf. Together with the service providers indicated herein, the above-mentioned may also include data centres which store our websites and data bases, IT service providers who maintain our systems or corporate consultants.
If we disclose data to our service providers, the providers may sue the data only to perform their tasks. The service providers are selected carefully and act at our request. They shall be obliged to follow our instructions, they have appropriate technical and organisation measure at their disposal to protect the rights of the data subjects as well as they are monitored regularly by us.
If, except for the above information on the personal data protection, we transfer your data to service providers outside the European Economic Area (EEA), we will inform you about this in a separate message, if necessary, as well as we will provide you with appropriate warranties the data transfer is based on. In case you want copies of warranties confirming appropriate level of data protection, please contact us (see Section 1 hereof).
6. The duration of data retention
we store data and use it as long as it is necessary to fulfill our contractual or statutory obligations or for the purpose of collection thereof, unless otherwise provided herein. Upon expiry of the statutory periods of limitation, we shall limit processing thereof, i.e. since then the data shall be used only to fulfill contractual obligations.
We shall delete your data immediately, unless we still need it to complete the statutory period of limitation for evidence purposes in civil claims or to keep to the statutory storage periods. The storage of data for accounting purposes may be necessary even later. We are obliged to do so to fulfill the statutory principles of documentation storage which may result from the Accounting Law, tax statute, Act on the management of packaging and packaging waste, Act on anti-money laundering activities and terrorism financing and other. The storage periods defined in the Acts shall be maximum up to 5 years from the end of the respective calendar year.
The legal basis for the protection of data for conformity with statutory obligations purposes in the scope of documentation and storage is Article 6 (1) (c) of GDPR.
7. The User’s Rights
If you want to exercise your rights defined below, you may contact us at any time (see Section 1 hereof):
- You may get access to the information on the processing of your personal data by us at any time. While delivering such information, we shall explain the data processing and introduce a review of data which was recorder in relation to you.
- If your data stored by us are incorrect or out of date, you have the right to request for correction thereof.
- You may also request removal of the data. If, under extraordinary circumstance the removal is impossible due to legal issues, the data shall be blocked so it shall be made available only for legal purposes.
- Additionally, you may also limit processing of your data, e.g. If you think that the recorded data are incorrect.
- You have the right to transfer data, i.e. at your request we must send you a digital copy of your personal data provided by you.
- You have also the right to lodge a complaint to the data protection authority. The data protection authority shall be the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl.
8. Right to withdraw and object
If you want to exercise your right to withdraw your consent or object, it is sufficiently to send a notification without any formal requirements to addresses defined in Section 1.
The withdrawal of consent
In accordance with Article 7 (3) of GDPR, you have the right to withdraw statement including consent transferred to us at any time. It shall cause that we will not be able to continue processing of personal data based on such consent in the future. The withdrawal shall not influence on the conformity with the processing law which has been made in accordance with the consent before the withdrawal.
Objection to the processing of personal data
In accordance with Article 21 of GDPR, you have the right to object, on grounds relating to his or her particular situation or personal data are processed for direct marketing purposes, unless we process your personal data base don legitimate interest in accordance with Article 6 (1) (f) of GDPR. In the latter case you have general right to object which shall be performed, although no justification is provided
9. Data safety
We maintain technical measures appropriate for data safety warranty in our online services, particularly in order to protect your personal data against risks related to data transmission and unauthorised access of third parties. The measures undergo corrections to reflect the latest technologies. We use TLS (Transport Layer Security) which encodes the information provided to secure personal data.
10. Amendments to the Information on data protection
From time to time we will update this information on the protection of personal data, for example to modify our website or keep to statutory or official provisions that are amended.