Thank you for contacting us using contact form available at our website. Now, because we will process your personal data we need to provide you with certain information. This information is provided in compliance with the EU General Data Protection Regulation No. 2016/679 (the “GDPR”).
1. What information about you will we process?
We will process the following your personal data: name(s), business name, e-mail address, phone number, address, registration number, tax number, bank account number, or some of such information as the case may be.
2. Who is Data Controller of your personal data? All your personal data will be processed by LSC Communications Europe Sp. z o.o. as the Data Controller. Our address and other contact details are available at our web site: https://europe.lsccom.com/en/contact-us/. Our data protection dedicated e-mail address is: firstname.lastname@example.org.
3. How can you contact our Data Protection Officer?
We have appointed Data Protection Officer. You can contact her by sending letter to the address: ul. Obrońców Modlina 11, 30-733 Krakow, Poland (please add “attention to Data Protection Officer) or by sending e-mail to the e-mail address: email@example.com.
4. What will we do with your personal data?
Your personal data will be processed by us for the following purposes:
Contract negotiation purposes: to discuss and agree on any contract between you and us (e.g. purchase order for production of catalogue, brochure, etc.). (We can do so on the ground of Article 6.1 (b) of GDPR.)
Contract performance: to perform any of our contract (e.g. to send you advance copy or to issue invoice). For that purposes, we will upload and store your personal data in our financial and other contract performance dedicated IT Systems. (We can do so on the ground of Article 6.1 (b) of GDPR.)
Direct marketing purposes: to market our products and services directly to you. We would appreciate a possibility to cooperate with you in the future. We would also like to keep you informed as to our newly developed products and services. This constitutes our legitimate interest for processing your personal data. For this purposes, we will upload and store your personal data in our customers contacts dedicated IT System. Thanks to this we will have immediate access to your personal data and can contact you whenever it is necessary or desirable. (We can do so on the ground of Article 6.1 (f) of GDPR.)
Customers Satisfaction Assessment: to analyze if our products and services are satisfactory to you. This constitutes our legitimate interest for processing your personal data. (We can do so on the ground of Article 6.1 (f) of GDPR.)
Litigation: to claim our rights or defend against claims. This constitutes our legitimate interest for processing your personal data. (We can do so on the ground of Article 6.1 (f) of GDPR.)
5. Who will we share your personal data with?
We may well disclose your personal data to certain recipients, however, when and to the extent only it is necessitated by the purposes for which we process your personal data. Such recipients include: other companies form our group of companies (e.g. LSC Communication Poland Sp. z o.o.), our sub-suppliers, our IT Systems Related Services Suppliers (e.g. updates, maintenance, and errors reparations), accountants, carriers, couriers, postal operators.
6. We use Google Cloud services and other cloud computing based services. What does it mean for processing your personal data?
Please be informed that we use in our daily operation Google Cloud services (Gmail and Google Drive) and other cloud computing based services. Google owns and operates data centres around the world (e.g. USA, Chile, Taiwan, Singapore). It means that in each case we, for example, send you invoice using Gmail or store your personal data using Google Drive your personal data may be transferred outside the EU and EEA.
At the moment of preparation of this information (May 2018) there are no European Commission decisions determining adequacy of personal data protection levels in the above mentioned countries. However, Google has adopted G Suite and Google Cloud Platform model contract clauses. We opted in for Google Cloud Platform’s model contract clauses. Therefore, your personal data can be safely transferred to Google data centres outside the EU and the EEA. You may obtain copy of the above referred safeguards by downloading them from Google’s website: https://cloud.google.com/security/compliance/eu-mcc/.
More information about other cloud computing based services we use while processing your personal data and other situation when we may transfer your personal data outside the EU and the EEA you can find at our website (in GDPR dedicated section).
7. How long will we process your personal data?
All your personal data included or reflected in contracts, invoices or any other account records related to contracts will be kept by us for 5 years. Such period of time starts from the first day of the year following the year in which the contract was completed, expired, or terminated. After such period of time your personal data will be destroyed, except the matters to which they relate still remain active.
All your personal data that we need to market our products and services directly to you or to analyze your satisfaction with our products and services we will be kept as long as we are able to offer you any products or service which, in our opinion, may attract your interest.
8. Can you object to processing your personal data by us?
In each case we have a legitimate interest to process your personal data you have a right to object, at any time, to processing your personal data by us. However, you need to show that some special circumstances occurred on your side. We can also indicate any vital, legitimate ground to continue processing your personal data. You are not required to do so insofar we process your personal data for direct marketing purposes. You have a right to object, at any time and without any reason, to processing your personal data by us for direct marketing purposes.
You can exercise the above referred right by sending e-mail to our data protection dedicated e-mail address, stating that you object to processing your personal data by us. Then we must not process your personal data, unless DGPR states otherwise.
8. Do you have any other rights under GDPR?
You, as the Data Subject, have also other rights in connection with processing your personal data by us. You may:
Receive from us confirmation that we process your personal data, the requisite information related to such processing and have access to your personal data.
Receive from us a copy of your personal data which we process.
Request us to rectify your personal data without undue delay or you may have your incomplete personal data completed by sending us your personal data completed.
Have your personal data erased in the circumstances more fully described in the GDPR (e.g. if the purposes for which we process your personal have been achieved) (“Right to Be Forgotten”).
Request us to restrict processing your personal data (e.g. if we do not need your personal data for any longer, but you need your personal data to defend your rights). Then we may only store your personal data. Processing your personal data in any other way requires your consent if GDPR does not stipulate otherwise.
As far as we process your personal data for contract negotiation or performance purposes, request us to record your personal data in data file (e.g. in .docx format) in structured manner and send them to another data controller specified by you (“Right to Data Protability”).
Complain to the President of Personal Data Protection Office or any other proper supervisory authority if you consider we process your personal data illegally or otherwise in breach of GDPR.
9. Are you obligated to disclose your personal data to us?
You are not under any statutory or contractual obligation to disclose us your personal data.