Privacy Policy

 Andrychów, 10th June 2019

 

Dear Sir/Madam,

With consideration to the entry into force of the provisions of Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR”), and in particular Article 13 GDPR, we kindly inform you of the following.

 

PRIVACY POLICY

1. The controller of personal data collected via the Website www.donedeliveries.com (hereinafter referred to as "the Website"), the entity deciding how your personal data will be used, is DONE Deliveries Spółka z ograniczoną odpowiedzialnością sp.k., ul. Batorego 35, 34-120 Andrychów (hereinafter referred to as: "the Controller" or "the Moderator").

The data controller is responsible for the security of transferred personal data and its processing in accordance with the law.

Contact with the Controller is possible via the e-mail address: IOD@donedeliveris.com.

In matters related to the protection of personal data, please contact our Data Protection Officer: IOD@donedeliveris.com

2. Personal data is processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “GDPR”) and other currently applicable (i.e. throughout the entire period of processing of certain data) provisions of the Personal Data Protection Act.

3. In each event the purpose and scope of data processed by the Controller shall result from a concluded agreement, the consent of the Website’s user or provisions of law, and are further specified as a result of actions taken by the user.

 

CONTACT FORM

4. The Controller processes personal data in order to contact the user and answer questions asked via the contact form available on the website www.donedeliveries.com/eng/contact, including the preparation of an offer (legal basis - Article 6(1)(f) GDPR “legitimate interest”).

5. The transfer of the data indicated in the contact form is voluntary, but necessary to contact the user in order to respond to queries. The consequence of not providing the required personal data is the impossibility of contact with the user.

6. The Controller has the right to process personal data for the period necessary to achieve the purpose indicated in Section 4 above, i.e. until the moment a response is sent to the user’s query.

7. Employing all guarantees of data security, the Controller may transfer the user’s personal data – in addition to persons authorized by the Controller – to other entities, including:

  1. entities that process data on behalf of the Controller, e.g. technical service providers and entities providing consultancy services;
  2. other controllers, to the extent necessary to respond to questions posed.

8. The Controller will not transfer the user’s personal data to states outside the European Economic Area (to countries other than European Union Member States, Iceland, Norway and Liechtenstein).

9. In connection with the processing of personal data by the Controller, the User is entitled to:

  1. the right to access personal data,
  2. the right to rectify personal data,
  3. the right to delete personal data (the right to be forgotten),
  4. the right to limit the processing of personal data,
  5. the right to object to the processing of data, in a situation where the basis of the processing is the legitimate interest of the Controller,
  6. the right to lodge a complaint to the President of the Office for Personal Data Protection with its registered office in Warsaw at ul. Stawki 2, when the user feels that the processing of personal data violates the provisions of GDPR.

10. To exercise these rights, it is necessary to contact the Controller via the e-mail address IOD@donedeliveris.com

 

NEWSLETTER

11. The Controller processes personal data in order to provide marketing information to persons interested in the offer via the newsletter (legal basis - Article 6(1)(f) GDPR).

12. The transfer of personal data is voluntary but necessary to receive marketing information. The consequence of not providing the required personal data is the inability to send newsletters to the user.

13. The user using the newsletter may at any time and without providing a reason refuse to receive it, in particular by clicking on the deactivation link in every e-mail sent to the user or by writing to the following address: IOD@donedeliveris.com

14. The Controller has the right to process personal data until the user withdraws his consent.

15. The Controller may transfer the user’s personal data - in addition to persons authorized by the Controller - to other entities, including:

  1. entities that process data on behalf of the Controller, e.g. technical service providers and entities providing consultancy services;
  2. other controllers to the extent necessary for the implementation of legal services and requirements, based on concluded agreements.

16. The Controller will not transfer personal data of the user to countries outside the European Economic Area (to countries other than European Union Member States, Iceland, Norway and Liechtenstein).

17. In connection with the processing of personal data by the Controller, the User is entitled to:

  1. the right to access personal data,
  2. the right to rectify personal data,
  3. the right to delete personal data (the right to be forgotten),
  4. the right to limit the processing of personal data,
  5. the right to transfer data to another Controller (data portability),
  6. the right to resign from the newsletter,
  7. the right to object to the processing of data, in a situation where the basis of the processing is the legitimate interest of the Controller,
  8. the right to lodge a complaint to the President of the Office for Personal Data Protection when the user feels that the processing of personal data violates the provisions of GDPR.

18. To exercise these rights, it is necessary to contact the Controller via the e-mail address IOD@donedeliveris.com


BLOG

19. The Controller processes personal data in order to enable the user to exchange information, including adding comments on the Controller's blog, as well as to answer the user's questions (legal basis - Article 6(1)(a) GDPR) - "consent".

20. The transfer of personal data is voluntary but necessary to use the blog. The consequence of not providing the required personal data is the inability to add comments to the Controller’s blog.

21. The user may at any time and without giving a reason withdraw consent to processing of personal data, which will be understood as ceasing to use the blog.

22. The Controller has the right to process personal data until the user withdraws his consent.

23. The Controller may transfer the user’s personal data - in addition to persons authorized by the Controller - to other entities, including:

  1. entities that process data on behalf of the Controller, e.g. technical service providers and entities providing consultancy services;
  2. other controllers to the extent necessary for the implementation of legal services and requirements, based on concluded agreements.

24. The Controller will not transfer personal data of the user to countries outside the European Economic Area (to countries other than European Union Member States, Iceland, Norway and Liechtenstein).

25. In connection with the processing of personal data by the Controller, the User is entitled to:

  1. the right to access personal data,
  2. the right to rectify personal data,
  3. the right to delete personal data (the right to be forgotten),
  4. the right to limit the processing of personal data,
  5. the right to transfer data to another Controller (data portability),
  6. the right to withdraw consent in the event that the Controller processes the user’s personal data based on consent, at any time and in any manner, without affecting the legality of processing done on the basis of consent before its withdrawal,
  7. the right to lodge a complaint to the President of the Office for Personal Data Protection when the user feels that the processing of personal data violates the provisions of GDPR.

26. To exercise these rights, it is necessary to contact the Controller via the e-mail address IOD@donedeliveris.com


ELECTRONIC SERVICES (E-LEARNING)

27. The Controller processes personal data for the following purposes:

  1. Conclusion of an agreement for the provision of electronic services (in accordance with the Electronic Services Provision Act of 18 July 2002), including user registration on the e-platform learning (legal basis - Article 6(1)(b) RODO) - "performance of an agreement".
  2. Claims arising from an agreement (legal basis - Article 6(1)(f) RODO) - "legitimate interest". Deadlines for pursuing claims under agreements are specified in detail in the Civil Code.
  3. Sending marketing information (e.g. a newsletter), in the case of consent to the use of data for this purpose (legal basis - Article 6(1)(a) and (f) RODO).
  4. Direct marketing (legal basis - Article 6(1)(f) RODO) - "legitimate interest".

28. The provision of personal data is voluntary, but is necessary for the conclusion of an agreement, including for registration on the e-learning platform.

29. The Controller may process personal data for the purpose of sending commercial information (to an e-mail address) and for direct marketing purposes (using a telephone number) on the basis of separate consents, pursuant to the Telecommunications Act and the provisions of the Provision of Electronic Services Act.

30. The Controller has the right to process personal data for a period necessary to implement the objectives set out in Section 27 above. Depending on the legal basis, this will be:

  1. the time necessary to implement the agreement,
  2. the duration of performance of legal obligations and the period for which the law mandates the storage of data, e.g. tax regulations,
  3. the time after which claims arising from the agreement expire,
  4. the time up to the moment of objection,
  5. the time until consent is withdrawn.

31. Employing all guarantees of data security, the Controller may transfer the user’s personal data – in addition to persons authorized by the Controller – to other entities, including:

  1. entities that process data on behalf of the Controller, e.g. technical service providers and entities providing consultancy services;
  2. other controllers, to the extent necessary to respond to questions posed.

32. The Controller will not transfer personal data of the user to countries outside the European Economic Area (to countries other than European Union Member States, Iceland, Norway and Liechtenstein).

  1. the right to access personal data,
  2. the right to rectify personal data,
  3. the right to delete personal data (the right to be forgotten),
  4. the right to limit the processing of personal data,
  5. the right to transfer data to another Controller (data portability),
  6. the right to withdraw consent in the event that the Controller processes the user’s personal data based on consent, at any time and in any manner, without affecting the legality of processing done on the basis of consent before its withdrawal,
  7. the right to object to the processing of personal data when the ground for processing is the legally justified interest of the Controller,
  8. the right to lodge a complaint to the President of the Office for Personal Data Protection when the user feels that the processing of personal data violates the provisions of GDPR.

34. To exercise these rights, it is necessary to contact the Controller via the e-mail address IOD@donedeliveris.com


SOCIAL MEDIA AND LINKS TO THIRD PARTY WEBSITES

35. Our website contains links (so-called plugins) to other websites. Thanks to this, you can visit our profile in social media such as Facebook, Twiter, Linkedin. In this regard, the social network is their co-controller. However, data is processed in connection with our profile, including for the purpose of promoting our company. Legal basis: Article 6(1)(f) of the RODO, i.e. "legitimate interest".

36. The scope of personal data processing, specific purposes and rights and obligations of persons visiting a social networking site (i.e. co-controller) result directly from the rules of the social networking site, so we encourage you to familiarize yourself with its content.


RECORDING OF PHONE CALLS

Please be informed that telephone calls made by our Company will be recorded. Therefore, we would like to inform you that:

37. The controller of your data is DONE Deliveries sp. z o.o. sp. k. with its seat in Andrychów at ul. Batorego 35.  Our contact details: compliance@donedeliveries.com Data Protection Officer’s contact details: iod@donedeliveries.com.

38. Personal data collected using the telephone call recording system will be used in order to review the quality of the services we provide, on the basis of legitimate interest and pursuant to Article 6(1)(f) of the GDPR.

On the same legal basis, personal data may also be processed in order to establish or pursue claims or to defend against claims, namely with reference to their statute of limitations.

39. Provision of data in connection with telephone call recording is voluntary and thus failure to provide them does not produce adverse legal effects. However, depending on the service type that your call concerns, providing data may legally be obligatory, thus their provision may be necessary. Failure to provide data may make rendering such a service impossible.

40. Records from telephone call recording systems will be stored no longer than three months from the date of recording. If a recording serves as proof in court or administrative proceedings, this term will be prolonged until the final conclusion of the proceedings. After the ends of these terms, recordings containing personal data will be destroyed.

41. You may apply to us:

a. for access to personal data,
b.for rectification of incorrect data,
c.to object against personal data use,
d.to delete or limit processing of personal data, in accordance with the principles established in the GDPR.

You have the right to lodge a complaint with the President of the Personal Data Protection Office in Warsaw.

42. We may also transfer your data to cooperating entities, e.g., technical, IT and repair service providers, as well as our advisors, while maintaining all possible guarantees regarding data security.


INFORMATION ON DATA PROCESSING IN THE RECRUITMENT PROCESS 

The controller of your data is DONE! Deliveries spółka z ograniczoną odpowiedzialnością sp.k. with its registered seat in Andrychów, ul. Batorego 35 (hereinafter: we).

You can contact us in the following ways:
•by e-mail: hr@donedeliveries.com 
•by phone: +48 730 570 805

43. Data Protection Officer
We have appointed a data protection officer. This is the person whom you may contact concerning matters related to our use of the personal data that you give us and your exercise of rights connected to this. You can contact the officer as follows:
•by e-mail: iod@donedeliveries.com

44.Purposes and legal basis of processing
a.We will use your data in order to:          
  • assess your qualifications for working in the position you applied for;
  • assess your skills and abilities needed for working in the position you applied for;
  • select the right person to work with us.
b.We will use your data pursuant to:
  • Labour law regulations determining what data we can obtain from a candidate.
  • Your consents to data processing given in your CV and cover letter, if you are providing us with data other than those determined in labour law regulations.
  • Our legitimate interest – with respect to data collected during the job interview and the results of qualification tests, where conducted. It is in our legitimate interest to check your skills and abilities – we need to do this in order to check whether you are the right person for the position we are recruiting for.
  • Providing personal data is necessary for the purposes indicated above, and when consent is obtained it is voluntary.
45.Personal data retention period
We will retain your personal data until recruitment has ended, unless you have consented for the purposes of other recruitment processes, in which case they will be retained until you withdraw your consent; however, this shall not affect the period before withdrawal. 

46.Data recipients
We will provide your personal data to entities that help us carry out the abovementioned objectives (e.g. recruitment websites) and if necessary, to authorised state bodies.  

47.Your rights connected to personal data processing and automated decision-making
Because we use your personal data, you have the right to:
a.revoke consent to data processing,
b.access, rectify, delete, restrict, transfer personal data * in accordance with the GDPR,
c.object to the processing of your data due to your particular situation – in cases where we handle your data based on our legitimate interests, 
d.lodge a complaint with the President of the Personal Data Protection Office in Warsaw.

To exercise the rights listed in points a-c, please contact the HR Department or DPO.

We assure you that we take all possible efforts to implement physical, technical and organisational means of personal data protection against accidental or intentional destruction, accidental loss, change, unauthorised disclosure, use or access, in accordance with all current provisions.


CONCLUDING PROVISIONS

48. The Controller protects personal data processed by him in accordance with generally applicable provisions on the protection of personal data and information security.

49. This privacy policy is for information purposes and concerns only the Website www.donedeliveries.com. The Website may contain links to other websites. The Controller suggests that each user, after opening other websites, should read the privacy policy in effect there.

50. The Controller reserves the right to make changes to this privacy policy in conjunction with technological developments, changes to generally applicable provisions of law, including in the scope of personal data protection, and in conjunction with development of the Website.

 

COOKIES

51. The Administrator collects information obtained automatically - system logs (so-called event logs), containing in particular public IP addresses and MAC identifiers of users visiting the Website and using the services provided as part of the Website. System logs are used by the Administrator for statistical purposes. Collective summaries in the form of statistics do not contain any features that identify users visiting the Website.

52. The administrator, pursuant to the provisions of Art. 173-174 of the Telecommunications Act of 16 July 2004, informs about the use of cookies, which are used to collect information on the use of the Website by users www.donedeliveries.com (hereinafter: "the Website").

53. The Website uses cookies - text files stored in the user's end device and applied in the use of the Website’s pages. We use these types of cookies:

  • Session cookies stored on the end device until the end of the browser session. The information stored in them is removed from the device's memory at the end of the session.
  • Persistent cookies stored on the end device for the time specified in their parameters, or until they are deleted. Ending the session does not delete them.
  • Own cookies (deployed by the Administrator) are used for:
    a/ authentication and maintaining a website session (you do not have to log in to a website after moving on to its next page - this is how the so-called Necessary cookies work)
    b/ optimizing and improving the efficiency of the services provided - so-called Performance cookies that enable the collection of data on the use of websites
    c/ increasing the functionality and reliability of the Website and access to its full functionality, as well as the correct configuration of selected functions - the so-called Functional cookies that remember the settings you have chosen and personalize the interface, e.g. in terms of the selected language, font size, website appearance, etc.
    d/ ensuring the security of a website, e.g. detection of fraud in the authentication process on the Website
  • External cookies (deployed by the Administrator's Partners) for:
    a/ collecting general, anonymous statistical data through available analytical tools (e.g. files used by Google Analytics - privacy policy www.google.com/intl/en/policies)
    b/ for advertising purposes, they are used to match the content of advertisements to interests determined based on the most frequently searched content, as well as to control the number of advertisements displayed
    c/ in order to present multimedia information published on external websites such as www.youtube.com - privacy policy - www.google.pl/intl/en/policies/privacy/ 

54. The purpose of using cookies by the Website is:

  • creating analyses, reports and statistics on the way users use the Website,
  • adjusting the content of the Website to the user's preferences and optimizing the use of the Website,
  • presentation of advertisements taking into account user preferences.

55. Only anonymous statistical data about users are collected using cookie technology. Information obtained through cookies is not assigned to a specific person and does not allow identification of individuals.

56. When visiting the Website, at least one cookie file is sent to the user's end device in order to uniquely identify the browser. Information sent by the user's browser is automatically registered by the Website.

57. The Administrator may share data related to cookies to external entities, including entities that process data on behalf of the Administrator, e.g. technical service providers and entities providing consultancy services.

58. Cookies may also be deployed and used by advertisers and partners cooperating with the Administrator.

59. The Website may contain buttons, tools or content that directs to other companies' services, among others: plug-ins of social networks (e.g. Facebook, Twitter, LinkedIn). Using these applications may result in sending information about users to the indicated external entities.

60. Cookies, information stored by them and access to this information do not change the configuration of the end device or software installed on this device.

61. The user may change the settings or disable cookies at any time in their browser, but this may result in improper functioning of the Website.

62. If the user does not change the default settings of the browser concerning cookies, these files will be placed on the end device and will be used in accordance with the rules set by the browser provider.

63. Information on the management of cookies in individual browsers - including in particular instructions on blocking the receipt of cookies - can be found on webpages dedicated to each browser:

Chrome
Firefox
Internet Explorer
Opera
Safari

64. Users who decide after reading the information available on the Website that they do not want cookies to be stored in their device's web browser should remove them from their browser after completing their visit to the Website.


Remember that you also have:

Right to file a complaint to the appropriate supervisory authority that deals with the protection of personal data in your country.  In Poland, it is the President of the Office for Personal Data Protection, ul. Stawki 2, Warsaw.

You have the right to withdraw your consent to the processing of your personal data when we have received it from you, at any time, without affecting the period before its withdrawal.

We promise to make all efforts to provide means of physical, technical, and organizational protection of personal data against their accidental or deliberate destruction, loss, alteration, unauthorized disclosure, use, or access, in accordance with all relevant legal regulations.