Information obligation for contractors - IT Professionals

Dear Sirs/Madams, in connection with activities aimed at establishing commercial relations, we ask you to familiarize yourself with the below information concerning processing of your personal data by us.
*Pursuant to Article 13(1) of the GDPR – General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016*
a) controller provides their: identity and contact data as well as, if applicable, identity and contact data of their representative	Who are we? IT Professionals Sp. z o.o., National Register of Employment Agencies no.: 21150, with its registered seat in Warsaw (00-838) at ul. Prosta 51, will be the controller of your personal data and that means that we will decide about purposes and manners of their processing.
b) if applicable – contact data of personal data inspector	I have additional questions or I want to report my requests. Whom should I refer to? In the case of any questions connected with processing of your personal data by us, please contact us by sending e-mail to the following address: personaldata@itprofessionals.com.pl
c) aims of personal data processing and legal basis for processing d) if processing occurs based on Article 6(1)(f) – legitimate interests fulfilled by the controller or by a third party	What is the purpose of processing of my personal data and what is the basis? Your personal data will be processed in order and pursuant to: Article 6(1)(b) of the GDPR, i.e. the activities aimed at entering into an agreement/sales orders/purchase of goods and services; Article 6(1)(c) of the GDPR, as well as our obligations determined by the provisions of law (e.g. pursuant to: Article 74 of the Act of 29 September 1994 on Accounting; Article 32, Article 70 and Article 86 of the Act of 29 August 1997 – Tax Ordinance), i.e. archiving documentation, etc. Article 6(1)(f) of the GDPR, i.e. based on our legitimate interest which may be protection against possible claims as well as offering our services.
e) information on personal data recipients or categories of recipients if they exist	Who will have access to my data? Will my data be processed only in the area of the European Economic Community? • Entities providing information services, hosting services, legal services, including data protection, post office operators and couriers, consulting companies, accounting offices, banks and others which support the Controller in running of their activity. Your personal data will not be transmitted beyond the European Economic Area or to an international organization.
f) if applicable – information on the intention of transmitting personal data to a third country or international organization and on confirmation or lack of confirmation by the Commission of a relevant degree of protection, or in the event of transmission referred to in Article 46, Article 47 or Article 49(1), paragraph 2, a note on relevant or appropriate safeguards and information on the manner of obtaining copies of safeguards or on the place of their sharing
Pursuant to Article 13(2) of the GDPR
a) the period of time for which personal data will be stored and if it is not possible, criteria of determining such period	How long will my personal data be processed? Personal data provided by you will be processed for the period of 5 years due to tax provisions. Such period may be prolonged based on our justified claims.
b) information on the right to request from the Controller access to the personal data concerning the data subject, their rectification, deletion or limitation of processing or information on the right to raise objection to the processing, as well as the right to transmit data	What rights do I have? Clear and comprehensible communication with us as regards processing by us of your personal data, including detailed information on processing of your personal data at the stage of their collection along with providing their source pursuant to Article 12, 13 and 14 of the GDPR Access to personal data within the scope determined in Article 15 of the GDPR Requesting rectification of incorrect personal data or completion of incomplete personal data, including their update, pursuant to Article 16 of the GDPR Requesting deletion of the personal data processed by us according to the terms and conditions determined in Article 17 of the GDPR Limitation of personal data processing if: you question correctness of data and/or their processing is against the law but: you do not want them to be deleted and/or the Controller does not need those data anymore and/or you need those data to confirm, execute or defend legal claims and/or you have objected to data processing pursuant to Article 21 of the GDPR, in line with Article 18 of the GDPR Requesting obtaining personal data you have provided to us in a structured, commonly used and machine-readable format or handing them over to another data controller, i.e. execution of the right to transmit personal data pursuant to Article 20 of the GDPR(if we are technically able to do so) Raising objection at any time due to the reasons resulting from your special situation, in particular when such processing is to occur based on our legitimate interest (Article 6(1)(f) of the GDPR), in line with Article 21 of the GDPR You have the right to lodge, at any time, a complaint to the authority supervising data protection, i.e. in Poland to the President of the Personal Data Protection Office with its registered seat in Warsaw (00-193), ul. Stawki 2, if you decide that the manner in which we process your personal data infringes provisions of the GDPR, in line with Article 77 of the GDPR We inform that pursuant to Article 19 of the GDPR,you have the right to receive from the Controller information on deletion or rectification or limitation of processing of your personal data if you have applied for execution of such rights. I think my personal data are processed unjustifiably. What can I do? Firstly, please contact us as the personal data controller by sending e-mail to the address: personaldata@itprofessionals.com.pl. If despite explanations provided you still think that your personal data processed by us infringes the provisions of the Regulation of Personal Data Protection (GDPR), you will have the right to lodge a complaint to the Supervisory Authority, i.e. the Personal Data Protection Office with its registered seat in Warsaw at ul. Stawki 2, pursuant to Article 77 of the GDPR.
c) if processing occurs pursuant to Article 6(1)(a) or Article 9(2)(a) – information on the right to withdraw the consent at any time without influence on the compliance with the law of processing which occurred based on the consent before its withdrawal
d) information on the right to raise objection to the supervisory authority
e) information whether providing personal data is a statutory or contractual requirement or a condition for entering into an agreement and whether a data subject is obliged to provide them and what possible consequences of not providing the data are	Do I have to provide my data? Providing personal data is voluntary. However, not providing personal data will make it impossible for us to establish commercial relations.
f) information on automated decision-making including profiling referred to in Article 22(1) and (4) and – at least in such cases – crucial information on the principles of undertaking such decisions, as well as on the meaning and prospective consequences of such processing for the data subject	How do you process my personal data? Your personal data are not processed in an automated manner and we also do not use profiling.
Additional supplementary information pursuant to Article 14(1)(d) of the GDPR and Article 14(2)(f) of the GDPR
Your personal data will be processed in the data set: Customer/Service provider. The Controller could start processing your personal data based on the generally available documents such as: Central Register and Information on Economic Activity (CEIDG), National Court Register and other sources in which your personal data have been clearly made public by you, e.g. on your website, etc.