Information on the Processing of Personal Data
1. Data Controller
The controller of your personal data is Biprotech Spółka z ograniczoną odpowiedzialnością, with its registered office in Kraków, ul. Kamińskiego 47, 30–644 Kraków, entered into the Register of Entrepreneurs of the National Court Register (KRS) maintained by the District Court for Kraków–Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under KRS number: 0000213773, with a share capital of PLN 800,000.00.
2. Purposes and Legal Bases for Processing
Your personal data will be processed for the following purposes:
a. presentation of an offer,
b. conclusion and performance of a contract,
c. establishing and pursuing potential claims arising from non-performance or improper performance of the contract,
d. maintaining contract documentation,
e. accounting, financial and administrative handling of the contract,
f. verification of submitted offers and requests to participate in proceedings,
g. communication with subcontractors and suppliers,
h. obtaining offers from subcontractors and suppliers,
i. verification of the contractor’s capacity and experience,
j. verification of contractors in public registers,
k. verification of the validity and scope of authorisation of representatives.
3. Scope of Processed Data
The Controller will process the following data provided by you:
a. basic identification data, i.e. name and surname, company name, registered office address,
b. electronic identification data, i.e. email address,
c. financial identification data, i.e. tax identification number (NIP), bank account number,
d. correspondence data, i.e. correspondence address, email address.
4. Recipients of Personal Data
Pursuant to applicable law, your personal data may be disclosed to the following entities authorised to access it:
a. subcontractors, i.e. entities providing services to the Controller, such as accounting, legal, insurance and courier companies, suppliers, etc.,
b. local authorities, higher education institutions, Polish and foreign enterprises, suppliers, national and international organisations,
c. public authorities, where required by applicable law.
5. Transfer of Data to Third Countries or International Organisations
We do not transfer your personal data outside the European Union.
6. Data Retention Period
Personal data collected for the purpose of concluding a contract will be stored for the duration of contract negotiations and until the expiry of the limitation period for potential claims arising from the contract.
Data included in tax or accounting documentation will be retained until the expiry of statutory retention obligations resulting from applicable provisions of law.
7. Data Subject Rights
In accordance with the GDPR, you have the right to:
a. access your data (Article 15 GDPR),
b. request rectification of your data (Article 16 GDPR),
c. request erasure of your data (Article 17 GDPR),
d. request restriction of processing of your data (Article 18 GDPR),
e. withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal, where processing is based on consent (Article 13(2)(c) GDPR),
f. data portability (Article 20 GDPR),
g. object to the processing of your data (Article 21 GDPR),
h. lodge a complaint with a supervisory authority competent for personal data protection.
These rights may be exercised, and inquiries regarding data processing may be directed via email: office@biprotech.com, or by telephone: +48 12 260 37 40.
8. Requirement to Provide Data
Providing your personal data is a contractual requirement. Failure to provide the data shall constitute grounds for refusal to conclude a contract.
9. Personal Data Security Measures
The Controller processes personal data in accordance with security requirements provided for under applicable law. The Controller applies technical and organisational measures ensuring protection of personal data appropriate to the risks and categories of data, in particular to prevent unauthorised access, unlawful processing, alteration, loss, damage or destruction.
10. Amendments to the Policy
In the event of changes to the wording or interpretation of the GDPR provisions, or changes to other legal regulations related to the GDPR or personal data protection, the Controller may amend or supplement this Privacy Policy.
