Dear website users,

pursuant to Art. 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016  on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, I provide the following details regarding the processing of your personal data.

  • Controller

Graphene Ideas Sp. z o. o. with the registered office in Warsaw, in Strąkowa Street 15a, 01-100 Warsaw, e-mail: contact@grapheneideas.com

  • Categories of personal data

The controller processes the following categories of personal data in particular:

  • First name and last name;
  • Position or function;
  • Telephone numbers, e-mail addresses and other contact details.
  • Source of personal data

If the personal data have not been provided personally by you, directly to the controller, the controller might have obtained them from publicly-accessible sources, from your employer, co-worker or contractor.

  • Purpose and legal basis of processing

Your personal data will be processed for the following purposes:

  • Performance of contracts concluded between you and the controller (Art. 6 para. 1 lit. b of the GDPR);
  • Financial-accounting purposes, in particular, issuing invoices, keeping the accounts and tax settlements (Art. 6 lit. c of the GDPR);
  • Purposes of the legitimate interests of the controller (Art. 6 lit. f of the GDPR), including:
    • Evidential purposes, particularly connected with the consideration of complaints and claims and for the purposes of proceedings conducted based on the provisions of law;
    • Establishment, exercise or defence of legal claims;
    • Direct marketing, acquiring contracts and agreements;
    • Fulfilling obligations to the contractors of the controller;
    • Archiving, statistical and analytical purposes, including quality assessment, optimisation and surveying customer satisfaction.
  • Personal data recipients

With regard to the above-mentioned purposes, the following parties might be the recipients of your personal data:

  • Entities providing the controller with services which require personal data processing, for example, IT service providers, accountants, law firms;
  • Tax offices;
  • Banks;
  • Insurers;
  • Organisers of tenders and other proceedings, by which the controller seeks to award contracts;
  • Entities for which the controller performs contracts and agreements;
  • Entities and authorities entitled to demand the provision of data under the national law, such as bailiffs or judicial authorities.
  • Data retention period

Your personal data will be processed for as long, as their legal and factual bases exist, particularly until the expiry of limitation period for civil law claims or the period, during which we are required by law to store data, or the period during which the administrator may face the legal consequences of failure to perform or improper performance of our obligations, or during the proceedings in connection with the above.

A part of the data may be stored for a longer period for archiving, analytical or statistical purposes.

  • Rights of the data subject

You have the right to demand from the controller the access to your personal data, to rectify, erase, restrict and object to the processing, as well as to transfer the data.

If the processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a or para. 9 lit. a of the GDPR), you have the right to withdraw it at any time, which will not affect the legality of the processing carried out following the consent, prior to its withdrawal.

The scope of your rights and cases, when you will be entitled to exercise them are set out by legal provisions, especially Art. 15 and the following articles of the GDPR. For each case, the controller will consider the validity of your application or objection and respond to it according to the provisions.

Moreover, you are entitled to lodge a complaint to the President of the Personal Data Protection Office, if you believe that our processing of your data violates the provisions in force.

Obligation to provide personal data

Your provision of the personal data is non-obligatory but it is required to contact you, extend an offer or conclude an agreement with the controller and perform it. Failure to provide your personal data will result in the controller not being able to contact you to, for example, extend an offer, conclude an agreement with the controller or perform it.