According to Art.14 par. 1 & 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as GDPR (Official Journal of the European Union L 119/1), we announce that:

  1. The controller of your personal data is: Nordes Sp. z o.o., addres: ul. Pełczynska 113, 51-180 Wrocław, entered into the National Court Register for Wroclaw–Fabryczna, Economic Department VI at number KRS: 0000394159, NIP: 899-272-70-04 REGON 021678355, Registered Capital 50.000,00 PLN (hereinafter referred to as : Nordes” , „Controller”).
  2. If you have any questions regarding the method and scope of processing your personal data when it comes to Nordes, as well as your rights, you can contact us at:
  3. The Controller processes the following categories of your personal data:
    • name, surname,
    • address for correspondence,
    • e-mail adress,
    • telephone number, fax number,
    • NIP, REGON and KRS numbers
    • bank account number,
    • information about payments and debt,
    • the names of the candidate’s parents,
    • date of birth,
    • education and previous employment/experience.
  4. Your personal data is processed for the following purposes:
    • direct marketing,
    • implementation of contracts concluded with Nordes
    • performance of legal obligations binding on Nordes (in particular: recruitment and employment of employees, customer service – issuing and storing invoices / sales documents and other accounting documents, handling complaints)
    • establishment, exercise or defence of legal claims ,
    • verification of payment credibility
  5. The basis for the processing of your personal data is (respectively):
    • Legitimate interests pursued by Nordes consisting of running a business and expanding market for offered goods – art. 6, par. 1, pt. F of GDPR,
    • performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract – art. 6 par. 1 pt. B of GDPR,;
    • compliance with a legal obligation to which the Nordes is subject; – art. 6 par. 1 pt. C of GDPR,
  6. Your personal data will be stored for the period necessary to perform the Controller’s tasks and fulfill the archiving obligation which follows the law, including the accounting regulations. In the case of claims, your personal data will be processed until the expiration time regulated by the Civil Code. After the expiration time, your data will be deleted or anonymized.
  7. The recipients of your personal data may be / will be: authorized Controller’s employees, postal companies, courier / transport companies, companies providing IT support for the Controller, business partners of the Controller, companies providing consulting services.
  8. You have the right to:
    • access personal data, including the right to obtain a copy of this data;
    • request correction (amend) of personal data – if the data is incorrect or incomplete;
    • request the deletion of personal data (the so-called right to be forgotten), in case of when:
      • data are no longer necessary for the purposes for which they were collected or otherwise processed,
      • the data subject has objected processing of personal data,
      • the data subject has withdrawn his consent to processing of personal data, which is the basis for data processing, and there is no other legal ground for this,
      • personal data are processed unlawfully,
      • personal data must be removed in order to fulfill the legal obligation;
    • request a restriction to the processing of personal data – if:
      • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
      • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead ,
      • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
      • the data subject has objected to processing ,pending the verification whether the legitimate grounds of the Controller override those of the data subject
    • data portability – in the case where the following conditions are jointly met:
      • data processing is based on an agreement concluded with the data subject or consent expressed by that person
      • the processing is carried out by automated means ;
    • object to data processing
  9. Providing personal data is voluntary, but necessary for the conclusion of the contract. You are obliged to provide them and the consequence of not providing personal data, will be the inability to conclude or perform the contract.
  10. Data will be paper and software processed
  11. You have the right to complain to the supervisory authority (President of the Personal Data Protection Office).
  12. Your data will not be processed automatically once subjected to profiling.
  13. The source of your personal data origin are:
    • business partners of the Controller,
    • contact form on the Controller’s website.