Personal data are processed in accordance with the applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR
The personal data controller is Toruńskie Zakłady Materiałów Opatrunkowych S.A., ul. Żółkiewskiego 20/26, 87-100 Toruń. When it comes to the personal data of the controller’s customers/partners, the personal data of the controller’s employees or candidates applying for employment at the controller’s (based on an employment agreement or a different agreement), personal data controllers (joint controllers) can also be entities subordinate in relation to Toruńskie Zakłady Materiałów Opatrunkowych S.A. comprising the TZMO Group. The current list of entities can be found at www.tzmo-global.com/RODO
For matters relating to personal data processing and exercising rights associated with personal data processing, you can contact the Data Protection Officer. Mr Jan Stemposz, Toruńskie Zakłady Materiałów Opatrunkowych S.A. ul. Żółkiewskiego 20/26, 87-100 Toruń, e-mail address: iod@tzmo.com.pl.
The Data Controller processes personal data especially: - based on Article 6(1)(a) GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes; particularly, maintaining contact with the data subject; sharing or delivering (also via e-mail) commercial information, other information or product samples; organising, conducting and documenting events, including contests, promotions and other marketing campaigns; - based on Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; particularly, to exercise all the rights and obligations arising from agreements concluded by the Controller; - based on Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation to which the Controller is subject, particularly the Controller's rights and obligations arising from the applicable law, especially within the area of tax law, labour law and social security regulations; - based on Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller – especially when it comes to asserting claims.
The recipients of the personal data are persons employed by the Controller (based on an employment agreement or a different agreement) and trusted entities working with the Controller – within the scope necessary to achieve the purposes of the processing; the personal data can also be made available to public authorities and other entities entitled to it based on legal regulations upon their request.
The Controller does not intend to transfer the personal data to any third country or international organisations.
The personal data are stored: - for data processed based on Article 6(1)(a) GDPR – until the processing purposes indicated in the consent granted are achieved; - for data processed based on Article 6(1)(b) GDPR – until all the obligations related to the agreement performance are fulfilled by the parties to the agreement and then until the expiry or limitation period of any claims associated with the agreement lapses; - for data processed base on Article 6(1)(c) GDPR – until the legal obligation to which the Controller is subject is fulfilled, especially the obligation of storing the documentation; - for data processed based on Article 6(1)(f) GDPR – until the processing purposes are achieved, especially until the claim is satisfied, expired or statute-barred.
The data subject has the right to demand access to their personal data from the Controller, while in cases specified in GDPR, they can also demand that their data are rectified, erased or their processing is limited; the data subject also has the right to data portability.
The data subject has the right to lodge a complaint with a supervisory authority for personal data protection if they think that the processing of their data violates GDPR.
For personal data processed based on Article 6(1)(a) GDPR, the data subject has the right to withdraw their consent to data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The consent can be withdrawn, for example, by sending a withdrawal statement via electronic mail to the following e-mail address: iod@tzmo.com.pl
For personal data processed based on Article 6(1)(a) GDPR, providing personal data is not a statutory or contractual requirement and is voluntary; however, a refusal to provide personal data can make it impossible or difficult to achieve the processing purposes, especially it can lead to: no contact with the Controller; impossibility to share or deliver commercial information, other information or product samples; impossibility to take part in events, including contests, promotions and other marketing activities. In the remaining cases, providing personal data can be a statutory or contractual obligation if a legal regulation or a contractual provision so states.
In relation to the processing of personal data by the Controller, no automated decision-making, including profiling, takes place.