1.Fenbro sp. z o. o. based in Warsaw, ul. Al. Jerozolimskie 181B, 02-222 Warszawa, entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000947765, NIP: 7011070120, REGON: 521057577 – is the Administrator of Personal Data (hereinafter referred to as the Administrator) of competition participants, hereinafter collectively referred to as Participants.
2. Participants’ personal data is processed by the Administrator for the purpose of implementing the competition. Providing personal data is voluntary, but necessary to participate in the competition.
3. The Administrator processes personal data for the period necessary to achieve the purposes listed in point. 2 above. Personal data may be processed for a period longer than that indicated in the preceding sentence, if such a right or obligation imposed on the Administrator results from specific legal provisions or from the legitimate interest of the Administrator referred to in point. 5 lit. c below (i.e. for the period of limitation of claims or completion of relevant proceedings, if they were initiated within the limitation period).
4. The source of the processed personal data is the Participants.
5. The legal basis for the processing of Participants’ personal data is:
a) art. 6 section 1 letter a GDPR, i.e. consent to participate in the competition, or
b) art. 6 section 1 letter c GDPR, i.e. necessity to fulfil the legal obligations of the Administrator, or
c) art. 6 section 1 letter f GDPR, i.e. the legitimate interest of the Administrator, which is to establish, pursue or defend claims until they expire or until the appropriate proceedings are completed, if they were initiated during this period.
6. The Administrator uses tools from Google Ireland Ltd (Gmail, Google Workspace). As a rule, data processed as part of the use of these tools is processed on servers located within the EEA. However, the entity providing these tools may be obliged to transfer data to third parties if such an obligation is imposed on it by law or if the transfer is necessary due to the characteristics of the services provided (SaaS, hosting, etc.). The transfer of personal data to the United States is based on the Decision of the European Commission of July 10, 2023 on ensuring an adequate level of protection by the EU-US Data Protection Framework (Article 45(1) of the GDPR). The entity importing personal data, i.e. Google LLC, meets the decision criteria and participates in the Data Protection Framework program (https://www.dataprivacyframework.gov/s/participant-search). The above processing concerns e-mail communication. In the remaining scope, the Participants’ personal data are not transferred to a third country or international organisation within the meaning of the provisions of the GDPR.
7. The Administrator does not disclose personal data to third parties without the consent of the data subject. Data may be made available without the consent of the data subject only to entities authorised to process personal data under applicable law (e.g. law enforcement authorities, ZUS or Tax Office). The Administrator makes personal data of Participants available in particular to: payment operators, companies providing postal and courier services and tax authorities.
8. Personal data may be entrusted for processing to entities processing data for the Administrator. The Administrator entrusts the personal data of Participants:
a) IT companies providing hosting services, operating Internet domains and operating the Administrator’s computer systems,
b) companies providing other services that are necessary for the Administrator’s ongoing operations.
9. Participants’ personal data are not subject to profiling.
10. Pursuant to the provisions of the GDPR, Participants have the right to:
a) be informed about the processing of personal data,
b) access their personal data,
c) correct, supplement, update and rectify personal data,
d) delete their data (right to be forgotten),
e) restrict data processing,
f) transfer data,
g) object to the processing of personal data,
h) in the case of the legal basis in the form of consent – the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,
i) not be the subject to profiling,
j) submit a complaint to the supervisory authority (i.e. the President of the Personal Data Protection Office), taking into account the rules for using and exercising these rights arising from the provisions of the GDPR.
11. All inquiries, requests and complaints regarding the processing of personal data by the Administrator should be sent to the email address: [email protected] or in writing to the following address: Fenbro sp. z o.o., ul. Al. Jerozolimskie 181B, 02-222 Warsaw.
12. The content of the Notification should clearly indicate:
a) data of the person or persons concerned by the Notification,
b) the event that is the reason for the Notification,
c) the demands and the legal basis for these demands,
d) the expected way of resolving the matter.
