Obligation of information

Having respect for everyone's fundamental right to privacy, the Controller pays great attention to ensuring the confidentiality and protection of the processed personal data and makes every effort to ensure that the processing of such data is carried out in accordance with the provisions of the law, as well as in compliance with the fundamental rights and freedoms of the data subjects. In view of the above and to ensure the proper processing of personal data in accordance with the provisions of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46/EC (OJ EU.L.2016.119.1) (hereinafter referred to as "DPA"), this information obligation clause, which contains important information about the processing of personal data is provided.

1) Who is the Controller

Depending on the relationship you have established, your personal data will be processed by the Company(s) operating as part of the Tubądzin Group:

  • Tubądzin Management Group Sp. z o.o. 95-035 Ozorków, Cedrowice Parcela 11, KRS: 0000286217, NIP: 732-20-83-952, REGON: 100383200
  • Ceramika Tubądzin II Spółka z o.o. 95-035 Ozorków, ul. Armii Krajowej 20, KRS: 0000207852, 732-18-13-880, REGON: 472196411
  • Ceramika Tubądzin III spółka z o.o. spółka komandytowa, 98-200 Sieradz, ul. Dworska 28, KRS 0000574739, NIP: 8272308466, REGON: 362457466
  • Ceramika Tubądzin spółka z o.o. 98-285 Wróblew, Tubądzin 31, NIP: 827-000-73-35, REGON: 005266429

2) Data Protection Officer

The Administrator has appointed a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR.

As part of his or her tasks, the Data Protection Officer shall ensure the protection of the rights and freedoms of persons whose personal data is being processed. These persons may address the Data Protection Officer on any issues related to the processing of personal data by the Administrator.

The Data Protection Officer verifies the correctness of personal data processed in the organisation. As part of his/her activities, he/she is also the contact point for any notifications related to potential irregularities in the processing of personal data. You can contact the Data Protection Officer if, in your opinion, there has been a violation of the protection of your personal data.

You can contact the DPO at the following e-mail address: iod@tubadzin.pl;

3) Information on the right to lodge a complaint

You are entitled to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection, if you consider that the processing of personal data violates the provisions of the GDPR. Detailed information is available at https://uodo.gov.pl/pl/83/155

4) Information on the rights of the data subject

Under the GDPR, every data subject has the right:

a) to access and obtain information about his/her personal data (Article 15 RODO);

b) to rectify personal data (Article 16 of the GDPR);

c) to delete personal data - the "right to be forgotten" (Article 17 of the GDPR);

d) to restrict processing (Article 18 of the GDPR);

e) to transfer personal data (Article 20 of the GDPR);

f) to object (Article 21 of the GDPR);

g) to withdraw consent (where consent is the legal basis for data processing, Article 7(3) of the GDPR) - withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of the consent given before its withdrawal;

The submitted request will be answered within 30 days from the date of receipt of the request to the Administrator's address indicated in this information clause. In case of doubts or questions, the Company will contact the applicant using the form specified in the application.


5) Information on data transmission

Your personal data shall be disclosed to other entities solely for the purposes of proper performance of the contract concluded with you, performance of the Administrators' legal obligations, protection of your rights in accordance with applicable regulations and performance of the Administrators' legitimate interest as defined by the regulations on personal data protection. We would also like to inform you that such entities will be obliged - by virtue of contracts concluded with the Administrators - to apply appropriate security, technical and organisational measures to duly protect your personal data. Personal data will also be transferred to entities which are entitled to obtain them on the basis of applicable laws. The Administrator may transfer personal data to a third country (outside the European Economic Area). The transfer of data outside the European Economic Area takes place only if the conditions specified in Chapter V of the GDPR are met, i.e.

  • cooperation with processors of personal data in states for which a relevant decision of the European Commission has been issued;
  • application of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the competent supervisory authority;
  • other safeguards that meet an adequate level of protection based on appropriate legal safeguards.

6) Information on profiling

Your data is not subject to automated decision-making, such as profiling.

7) Purpose and legal basis of personal data processing by the Administrator

  • Processing of personal data related to job applicants

    Your personal data will be processed for the purpose of the recruitment and, if you express the appropriate consent, also for future recruitment processes. The legal basis for data processing is:

a) the right to request data necessary to take action before entering into a contract to the extent indicated in Article 221 of the Labour Code (Article 6(1)(b) of the GDPR);

b) to the remaining extent, voluntary consent to the processing of personal data, which may be revoked at any time (Article 6(1)(a) of the GDPR);

c) in addition, your personal data will be processed in relation to requirements imposed on the Administrator by applicable law (Article 6(1)(c) of the GDPR),

d) data may also be processed for the purpose of establishing, investigating and securing potential claims and defending against such claims, associated with the implementation of the recruitment process - on the basis of Article 6(1)(f) of the GDPR.

  • Processing of personal data of the Contractor's employees or persons representing the Contractor in connection with activities aimed at concluding and performing contracts with the Contractors
  • The Administrator processes personal data of persons who are party to the contract for the purpose of signing and performing the contract (Article 6(1)(b) of the GDPR). The legal basis for the processing of data of persons who are not party to the contract, whose data are processed for the purpose of signing and performing the contract is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) - contact regarding the execution of the agreement. Data of the aforementioned persons may be processed for the potential assertion or repudiation of claims arising from the agreement (Article 6(1)(f) the GDPR).
  • Personal data of employees of the other Party may have been obtained by the Administrator from the contract or made available by a person who is a Party to the contract. In connection with the performance of the contract, the Administrator may process in particular the following personal data: name, surname, business e-mail address, business telephone number, place of employment, position.
  • The Administrator shall make every effort to ensure that personal data are processed adequately and as long as necessary for the purposes of which they had been collected. Considering this fact, the Administrator shall store personal data for a period no longer than necessary to achieve the purposes for which the data were collected or, if necessary, to comply with applicable law, in particular having regard to the period of performance of the contract and the claims' period of prescription.
  • The recipients of the personal data shall be entities that cooperate with the Administrator within the scope of the contracts, exclusively under relevant agreements on entrusting the processing of personal data and ensuring the application by the aforementioned entities of adequate technical and organizational measures to ensure the protection of data. The categories of such entities include:
  • entities that provide postal and courier services;
  • entities that provide support and maintenance of ICT systems;
  • advisory entities;
  • legal service providers.

Personal data may also be made available to entities authorized under applicable laws.

  • Processing of personal data of complainants.
  • Your personal data will be processed for the purpose of exercising your rights to investigate a complaint on the basis of Article 6(1)(b) and (c) of the GDPR - Act of 23 April 1964 Civil Code (Journal of Laws 2019.1145 t.j.).
  • Your personal data will be processed for the period necessary to investigate the complaint, for a period of 1 year - after the expiry of the warranty or settlement of the complaint, in accordance with Article 74 Paragraph 2 pt. 6 of the Act of 29 September 1994 on accounting (Journal of Laws 2019.351 t.j.). and after this period for the purposes and for the period and to the extent required by law or for securing possible claims until they expire.
  • The recipients of your personal data may be entities providing and supporting IT systems used by the Administrator, as well as entities that provide services related to the current activity of the Administrator - on the basis of agreements concluded for the entrustment of personal data processing and with the assurance of the aforementioned entities that apply adequate technical and organisational measures to ensure data protection, as well as public authorities authorised to access the data on the basis of applicable legal provisions.
  • Processing of personal data in relation to marketing activities.
  • The basis for the processing of personal data is the Administrator's legitimate interest - Article 6(1)(f) of the GDPR - marketing of own services, building a positive image of the Administrator and establishing new business contacts, however, in accordance with the provisions of the Act on Provision of Electronic Services and the Telecommunications Act, the Administrator needs additional consents to use the communication channels provided. If you have given your consent, the Administrator will be entitled to send marketing and commercial information by means of telecommunication end devices (telephone, e-mail). The data may also be processed for the purpose of establishing, investigating and securing possible claims and defending against such claims, related to marketing activities of the Administrator - on the basis of Article 6(1)(f) of the GDPR.
  • The purpose of data processing is indicated in each case as part of the clause related to the obligation to provide information. This may include building a positive image of the Administrator, servicing newsletters, social networks, organizing contests, events and trainings.
  • Providing personal data is voluntary, but necessary to receive marketing information from the Administrator. Failure to provide the data means that you will not receive marketing information from the Administrator.
  • The recipients of your personal data will be only the entities to which the Administrator is obliged to transfer the data on the basis of applicable legal provisions and the entities supporting the Administrator in the current activities related to the Administrator's marketing activities - only on the basis of a personal data entrustment agreement and on condition that the entities apply adequate technical and organisational measures which ensure data protection.
  • Personal data will be processed for the duration of the above-mentioned purposes with systematic monitoring of its continued relevance; until you object or revoke your consent, if any; and thereafter for the period necessary to safeguard any potential claims related to the processing the data.
  • Processing personal data for contact purposes - via contact forms and publicly available e-mail addresses
  • Your personal data shall be processed solely for the purpose of answering the question asked via the contact form - in order to pursue our legitimate interest in the form of ensuring communication with the website user and answering queries addressed to Tubądzin Management Group Sp. z o.o. - based on art. 6 (1) (f) of the GDRP. Data can also be processed to establish, pursue or defend against potential claims which could be related to the activities carried out by Tubądzin Management Group Sp. z o.o. and provision of services - in order to pursue our legally justified interest in the form of securing claims, i.e. on the basis of art. 6 (1)(f) of the GDPR.
  • The provision of personal data is voluntary, but necessary to receive a response to the questions asked through the channels indicated above.
  • The recipients of your personal data may be entities providing and supporting IT systems used by the Administrator, as well as entities that provide services related to the current activity of the Administrator - on the basis of agreements concluded for the entrustment of personal data processing and with the assurance of the aforementioned entities that apply adequate technical and organisational measures to ensure data protection, as well as public authorities authorised to access the data on the basis of applicable legal provisions.
  • Your personal data will be stored for the time necessary to answer the question asked by the available electronic means, and after this period for the purposes and to the extent required by law or for the establishment, defence or pursuit of possible claims..
  • Processing of personal data related to video surveillance
  • Your personal data will be processed in order to ensure the safety of the Administrator's employees, co-workers, customers and guests, to protect the Administrator's property and to maintain the confidentiality of information the disclosure of which could cause damage to the Administrator, which constitutes the Administrator's legitimate interest (Article 6(1)(f) of the GDPR). The processing of employee data is carried out pursuant to Article222 of the Act of 26 June 1974 Labour Code in conjunction with Article 5 and Article 6(1)(c) of the GDPR. The data are processed for the purpose of determining, investigating or defending against claims arising in connection with the implementation of the aforementioned purposes - which is a legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
  • Your personal data will be stored for a maximum of 90 days after the recording. In the case where the image recording constitutes evidence in a proceeding initiated pursuant to the law or the Administrator has justified reasons to believe that it may constitute evidence in the proceeding, the deadline is extended until the end of the proceeding.
  • The recipients of your personal data will be entities providing permanent physical protection services, cooperating with the Administrator on the basis of relevant agreements on the entrustment of personal data processing and ensuring the application by the aforementioned entities of adequate technical and organisational measures to ensure data protection; entities to which the Administrator is obliged to transfer data on the basis of applicable legal provisions.
  • Processing of personal data for the purpose of personal and material traffic control in the area of operations of entities from the Tubądzin Group
  • Personal traffic control is carried out on the basis of Article 6(1)(f) of the GDPR - the legitimate interest pursued by the Administrator, which is to ensure the security of persons and property on the Administrator's premises. Personal data may also be processed for the possible assertion or repudiation of claims (Article 6(1)(f) of the GDPR).
  • Your personal data will be stored for the time necessary to meet the objectives and thereafter for the time related to the expiry of mutual claims.
  • The recipients of your personal data may be entities providing and supporting IT systems used by the Administrator, as well as entities that provide services related to the current activity of the Administrator - on the basis of agreements concluded for the entrustment of personal data processing and with the assurance of the aforementioned entities that apply adequate technical and organisational measures to ensure data protection, as well as public authorities authorised to access the data on the basis of applicable legal provisions.
  • Processing of personal data for the purpose of handling the data subject's request (exercise of data subject's rights)
  • Your personal data will be processed for the purpose of processing your application, verifying the identity of the applicant and the possibility of fulfilling your request on the basis of Article 6(1)(c), (f) of the GDPR in conjunction with Articles 16-18 and 20-21 of the GDPR.
  • Your personal data will be stored for the period necessary to respond to the request addressed to the Administrator and to establish, defend or pursue possible claims.
  • Your personal data will not be transferred to other entities, with the exception of entities providing IT and recruitment services to the Administrator - on the basis of concluded agreements related to the entrustment of personal data processing and with the assurance of the application by the above-mentioned entities of adequate technical and organisational measures to ensure data protection, as well as to public authorities entitled to access the data on the basis of valid legal provisions