Personal Data Controller (Administrator / STM)

 

STM Cyber ​​Sp. z o. o. with its registered office in Warsaw (02-092), Żwirki i Wigury Street 16a

e-mail: [email protected]

 

 

Purpose, legal basis, and period of personal data processing

 

We process your data for the following purposes:

- to carry out direct marketing activities – based on the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR), and solely based on your prior consent to receive commercial information and marketing content via a given communication channel, expressed in accordance with Article 398, sections 1 and 2 of the Act of 12 July 2024 – Electronic Communications Law,

- to pursue claims, defend against your claims, and exercise your rights – based on the legitimate interest of the Controller (Article 6, paragraph 1, letter f of the GDPR).

 

If we collect and process your data for other purposes, in such a case, we will inform you of such purposes and the legal basis for processing when we request your data or in the documents we provide to you.

 

Categories and source of personal data (data collected directly/indirectly from data subjects)

 

If we collect your personal data directly from you, we inform you that providing this data is voluntary; however, refusing to provide it may prevent us from fulfilling a given activity, such as a contract.

 

If we did not collect your personal data directly from you (e.g., if you are an employee/representative of a given entity), we inform you that we obtained your data from the other party to the contract. Your ordinary data will be processed, including contact details, as indicated, for example, in the contract summary.

 

Recipients of Personal Data

 

Your personal data may be transferred to:

1) authorized individuals from the Controller's team (employees/associates),

2) partners collaborating with us, including: IT services, public or commercial (depending on our selection) e-Delivery services, accounting systems, services supporting marketing activities, analytical services, courier services, and personal and property protection services;

 

3) public authorities (e.g., courts) or private bodies, including entities with which correspondence is conducted using the e-Delivery service, if required by law or necessary to pursue/defend claims;

 

4) our professional advisors, including tax, accounting, and legal advisors.

 

Data Subject Rights

 

In connection with our processing of your personal data, you have the following rights:

1) the right to access your personal data, including obtaining a copy thereof;

2) the right to rectify inaccurate personal data, including the completion of incomplete data;

3) the right to erase your personal data (the right to be forgotten) to the extent that processing is not necessary for the establishment, exercise, or defense of legal claims;

4) the right to restrict the processing of your personal data;

5) the right to transfer your data to another controller (if this right applies).

​

​

Objection to the processing of personal data

​

In addition to the rights indicated above, you have the right to object at any time to our processing of your personal data under Article 6(1)(f) of the GDPR, including profiling, for reasons relating to your particular situation (unless we demonstrate compelling legitimate grounds for further processing of your personal data, which override your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending legal claims). Your objection is effective from the moment it is raised. You may also object if we process your personal data for direct marketing purposes based on our legitimate interests, including profiling (if applicable) (Article 6(1)(f) of the GDPR). Your objection is binding on us from that moment on – from that moment on, we no longer have legal grounds to process your personal data for this purpose. To exercise your right to object, please contact us.

​

Data Transfer Outside the EEA

 

If there is a justified need for us as the Controller to transfer your personal data to a third country, i.e., outside the European Economic Area (EEA), including our use of tools from entities based outside the EEA or where they may store data outside the EEA, this will always be done in accordance with the principles and mechanisms arising from Articles 44-49 of the GDPR. This transfer may take place to countries that have been recognized by the European Commission as ensuring an adequate level of data protection, or in the absence of such a decision, it is secured by standard clauses approved by the European Commission, or by ensuring another mechanism legalizing the transfer and ensuring data protection in accordance with applicable law. Detailed information on data transfer outside the EEA and the safeguards applied in such cases can be obtained by contacting our Data Protection Officer or us.

​

 

Complaint

 

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the law. A complaint can be filed, for example, with the supervisory authority responsible for your place of residence, place of work, or place of commission of a possible infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

 

Legal basis

 

Article 13/14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).