- natural persons who are contracting parties to the Controller or who intend to cooperate with the Controller in connection with the conducted business activity;
- natural persons who are employees/co-workers of the contractors (irrespective of their legal form of employment/collaboration) and who have been appointed by such contractors as being responsible for cooperating with the Controller or responsible for establishing such cooperation,
– hereinafter jointly referred to as the “Representatives”.
This Policy applies to personal data collected by the Controller (or on its behalf) both from the employer/principal of the Representative and directly from the Representative (hereinafter: “Personal Data“).
The Personal Data of the Representatives collected by MLT are processed in accordance with the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000 as amended) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ EU.L.2016.119.1 (hereinafter: “GDPR“)
From the moment of obtaining the Personal Data, the Controller take up the function of the controller of Personal Data of Representatives within the meaning of the GDPR.
CATEGORIES OF THE PROCESSED PERSONAL DATA
The Controller may process the following data of the Representatives: name (names), surname, place of work, business position, contact details (correspondence address, telephone number, e-mail address, accounts on social network sites), business name, NIP (Tax Identification Number) number, REGON (Statistical Identification Number) number, bank account number.
MLT may also process other categories of the Personal Data insofar as this is necessary for the specific purpose of processing the Personal Data and is in compliance with the applicable data protection legislation.
PROCESSING OF THE SPECIFIC PERSONAL DATA
The Controller may process the Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data for the purpose of identifying a natural person and data concerning that person’s health, sexuality or sexual orientation, and data concerning criminal convictions and violations of the law or related security measures, only in the cases expressly indicated in Articles 9 and 10 of the GDPR or other specific legislation.
THE BASIS FOR PROCESSING THE PERSONAL DATA
MLT’s basis for processing the Personal Data is:
- the voluntarily expressed consent of the Representative;
- the performance of the contract concluded by the Representative and MLT or the intention to conclude a contract with MLT;
- the initiation by MLT, at the request of the Representative, of activities prior to the conclusion of a contract;
- The fulfilment of a legal obligation incumbent upon the Controller;
- when the processing of Personal Data is necessary to protect the vital interests of the Representative or another natural person;
- when such processing is necessary for the purposes of the legitimate interests pursued by MLT or by a third party, except where the interests or the fundamental rights and freedoms of the Representative which require protection of the Personal Data override those of MLT.
The Personal Data of the Representatives will be processed until the final termination of cooperation between the Controller and the contractor. Personal data may be deleted at an earlier date – in the event of receiving by the Controller an objection to the processing by a Representative, or in the event that the Controller will decide that personal data are no longer necessary to achieve the justified purpose (i.e. contact with the contractor).
The Personal Data will not be deleted by the Controller within the time limit resulting from the preceding point, if their retention will result from the binding provisions of law or will be necessary to make settlements or claims in connection with cooperation with a contractor or its Representative.
TRANSFER OF THE PERSONAL DATA TO THIRD PARTIES
The Personal Data may be provided to entities cooperating with the Controller on the basis of concluded agreements. In particular, the Personal Data may be made available to providers of services supporting the Controller‘s operations, such as: building managers of the buildings developed by MLT, providers of IT services (including operation and maintenance of IT systems, cloud services, data hosting), providers of e-mail services, providers of archiving and document destruction services, MLT financing entities, banks and payment operators, postal or courier operators, consulting companies with which the Controller cooperates. In addition, the Personal Data may be transferred to public authorities or entities (or those performing public tasks) entitled to obtain your personal data under applicable laws.
The Personal Data may also be transferred to other interested entities (also independent of the Controller), if the Representative made her/his Personal Data available in such a form that clearly shows that she/he wanted third parties to contact her/him in business matters.
As a general rule, your personal data will not be transferred outside the European Economic Area. However, due to the fact that we use external providers (in particular IT tools and services), your personal data may be transferred to third countries, i.e. located outside the European Economic Area. In such a situation, the Controller will provide a mechanism that, in accordance with European Union law, legalises the transfer and provides adequate guarantees for the protection of the Personal Data.
RIGHTS OF PERSONS WHOSE PERSONAL DATA ARE PROCESSED
In relation to the processing of the Personal Data by the Controller, the persons whose data is processed by the Controller have the following rights:
- to obtain information about the processing of his/her Personal Data, including categories of personal data processed, information from when their personal data are processed and possible recipients of his/her Personal Data;
- to have access his/her Personal Data;
- to rectify his/her Personal Data;
- to request the erasure of his/her Personal Data;
- to request restriction of processing of his/her Personal Data;
- to object to the processing of his/her Personal Data, provided that the processing is based on the legitimate interest of the Controller.
In order to exercise the rights indicated above, you may address your request to the Controller to the contact addresses indicated below.
In addition, individuals whose data is processed by the Controller have the right to lodge a complaint to the supervisory authority dealing with personal data protection (in Poland: President of the Office for Personal Data Protection, address: ul. Stawki 2, 00-193 Warsaw) or any other competent supervisory authority in particular in the country of their habitual residence, their place of work or the place where the alleged infringement was committed.
PROFILING AND AUTOMATED DECISIONS
The Personal Data of the Representatives will not be subject to profiling and no automated decisions will be taken against the data subjects.
Any requests, questions or demands related to the processing of the Personal Data should be addressed to firstname.lastname@example.org
Each of the MLT’s contractors is obliged to inform their Representatives about this Policy.
This Policy is fully applicable to any associated companies of the Controller that refer to this Policy.