Personal Data Protection Policy

 

Personal Data Protection Policy

This Personal Data Protection Policy informs you about what personal data we collect, for what purposes and how we use it, who we are, and what rights you have. This document serves to provide the information referred to in Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”, which has been in force since 25 May 2018. 

The information provided below is very important, so please read it carefully. 

 

Who is the Controller of Your Personal Data? 

The controller, i.e., the entity deciding how your personal data will be used, is PRT Radomsko Sp. z o.o., headquartered in Radomsko at ul. Geodetów 8, 97-500 Radomsko, registered in the National Court Register under KRS number 0000388561, NIP: 7722393283, REGON: 101098699, with a share capital of PLN 25,000,000.00 (hereinafter “We”). 

You can contact us: 

 

Data Protection Officer 

We have appointed a Data Protection Officer whom you can contact with any questions or requests regarding personal data matters. You can do so: 

  • By mail (with the note “Data Protection Officer”):
    PRT Radomsko Sp. z o.o.
    ul. Geodetów 8
    97-500 Radomsko
  • By email:office@petrecyclingteam.eu 
  • By phone: (44) 307 26 02

 

Purpose and Legal Basis for Processing Your Personal Data 

Your personal data, obtained when entering into a contract and during its duration, is used for the following purposes: 

1. Based on your consent (Art. 6(1)(a) GDPR), e.g.: 

  • Newsletter services 
  • Information about products, services, promotions 
  • Events and campaigns via mail, email, newsletter, phone, SMS

2. To conclude and perform a contract (Art. 6(1)(b) GDPR), e.g.: 

  • Purchase and sale transactions, including online store 
  • Handling complaints 
  • Providing warranties 
  • Product pricing 
  • Ensuring service quality 
  • Responding to contact form requests

3. To fulfill legal obligations (Art. 6(1)(c) GDPR), e.g.: 

  • Providing data upon request of courts or police 

4. For legitimate interests (Art. 6(1)(f) GDPR), e.g.: 

  • Payment services 
  • Handling contract-related inquiries 
  • Debt collection, legal proceedings 
  • Archiving 
  • Fraud detection and prevention 
  • Creditworthiness verification 

 

Is Providing Personal Data Necessary? 

Providing your personal data is entirely voluntary. However, we require data necessary to conclude and perform a contract. Without this data, we cannot enter into a contract or begin cooperation. If legal regulations (e.g., tax laws) require additional data, providing it is necessary to establish or maintain cooperation. Providing data for direct marketing is voluntary and not a condition for contract conclusion or performance. 

 

Who May Receive Your Data? 

We may share your personal data with: 

  • Our employees and collaborators who need access to fulfill obligations 
  • Entities processing data on our behalf, such as: 
    • Agents, advertising agencies, marketing partners 
    • IT system providers 
    • Subcontractors (e.g., customer service, correspondence handling) 
    • Advisors, consultants, auditors, legal, tax, accounting service providers 

Also with other data controllers processing data independently, such as: 

  • Agents and marketing partners (for remuneration settlement) 
  • Postal or courier services 
  • Debt purchasers (if invoices remain unpaid) 
  • Payment service providers (banks, payment institutions) 
  • Partners handling accounting, tax, legal matters 
  • Government authorities (courts, prosecutors, tax offices) 

 

Will Your Data Be Transferred Outside the EEA? 

Currently, we do not plan to transfer your data outside the European Economic Area (EEA). 

 

How Long Will We Store Your Data? 

  • Based on consent: until consent is withdrawn 
  • Contract-related transactions: for the duration of the transaction and up to 3.5 years after, or until legal finalization 
  • Legal obligations: for periods specified by law (e.g., tax regulations) 
  • Potential legal consequences: for the duration during which we may face penalties for non-compliance 

 

What Is Automated Decision-Making? 

Based on your consent, we may use your data for profiling. However, decisions will not be made automatically and will not have legal or similarly significant effects on you. 

Profiling involves processing your data (including automated methods) to assess certain aspects about you, especially to analyze or predict personal preferences and interests. 

What rights do you have? 

1. You have the following rights related to the processing of your personal data: 

  • Right of access to your personal data, including the right to obtain information about your personal data and a copy of it. 
  • Right to rectification of personal data if it is incorrect, and the right to complete incomplete data. 
  • Right to erasure of personal data. 
  • Right to restrict processing of personal data. 
  • Right to data portability. 
  • Right to lodge a complaint with the data protection authority, i.e., the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw), if you believe your data is being processed unlawfully. 
  • Right to withdraw consent at any time, without giving reasons and without affecting the legality of processing carried out based on consent before its withdrawal. 
  • Right to object to: a. The processing of your data for marketing purposes, including profiling (i.e., objecting to receiving information about our promotions, offers, products, services, campaigns, and events, including special offers). Once such an objection is made, we are no longer allowed to process your data for marketing purposes. b. The processing of your personal data for purposes arising from our legitimate interests – due to reasons related to your particular situation. 

2. You may exercise the rights listed in point 1 at any time by submitting an appropriate request. 

3. Requests described in point 1 can be submitted to our Data Protection Officer using the contact details provided. 

4. We are obliged to inform you about actions taken in response to your requests (point 1) without undue delay, and in any case within one month of receiving the request. If necessary, this period may be extended by two additional months due to the complexity or number of requests. Within one month of receiving your request, we must inform you of any extension and the reasons for it. 

5. If we do not take action in response to your requests (point 1), we will inform you promptly – no later than one month after receiving the request – of the reasons for not taking action and of your right to lodge a complaint with the President of the Personal Data Protection Office and to seek judicial remedy. 

6. If we have reasonable doubts about your identity in connection with a request, we may ask you to provide additional information necessary to confirm your identity. 

7. We will provide the information referred to in points 4–6 in writing, at our discretion: 

  • By registered mail to the postal address you provided, or 
  • Electronically to the email address you provided, except in cases where: a. You submit your request electronically and do not request information in another form – in this case, we will respond via email. b. You request information orally and your identity is confirmed by other means – in this case, we will provide the information orally. 

8. All communication and actions taken by us in connection with your requests (point 1) are free of charge. However, if your requests are clearly unfounded or excessive (e.g., due to their repetitive nature), we may: 

  • Charge a fee reflecting the administrative costs of providing information, communication, or taking requested actions, or 
  • Refuse to act on the request. 

9. We will inform every recipient to whom we disclosed your personal data about any rectification, completion, erasure, or restriction of processing resulting from your request. We will not be required to do so only if it proves impossible (e.g., the company has been dissolved) or requires disproportionate effort (e.g., data was disclosed many years ago and contact with the recipient cannot be re-established despite attempts). 

10. Upon your request, we will inform you about the recipients to whom we have provided information regarding the rectification, erasure, or restriction of processing of your personal data, as well as those we were unable to notify.