1. General provisions
a. users of website imm.com.pl (hereinafter referred to as „Users”),
b. natural persons who are contracting parties of the Controller or who plan to enter into cooperation with the Controller within the frames of the conducted business activity (hereinafter referred to as “Representatives”),
c. natural persons who are employees of Contracting Parties (regardless of the form of employment), who are appointed by the Contractor as responsible for cooperation with the Controller or for initiating such a cooperation (hereinafter referred to as “Representatives”).
1.2. This Policy fulfils the obligation resulting from the Article 13 and Article 14 of Regulation by the European Parliament and the Council of the EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.
2. Personal Data of Contractors and Representatives
2.1. From the moment of obtaining personal data of Contracting Parties (who are natural persons) and Representatives, the Controller assumes the role of their personal data controller as provided by GDPR.
2.2. The Controller is allowed to process the following personal data of Contracting Parties and Representatives: name, surname, place of work, job title, e-mail address, contact data (address for correspondence, phone number, e-mail address, social media accounts). Moreover, the Controller is allowed to process personal data of Contractors like PESEL, NIP and REGON numbers, address of a company’s registered office – for the purpose of identification of the Contracting Party as a party to the agreement and for the purpose of fulfilling obligations resulting from accounting provisions.
2.3. A legitimate interest of the Controller serves as the basis for the processing of personal data of Representatives – a possibility of establishing and continuing a cooperation or a contact with the Contracting Party or executing the agreement with the Contracting Party or taking actions requested by the Contracting Party before concluding the agreement.
2.4. Personal Data of Representatives and Contracting Parties will be processed until the moment of a definite termination of cooperation between the Controller and the Contracting Parties. Personal Data may be erased on a prior date – shall the Controller receive the objecting to the processing of personal data and also if the Controller decided that the data are not needed anymore for achieving a justified objective.
2.5. Personal Data shall not be erased by the Controller within the period of time resulting from the prior point 2.4 if their retention results from binding regulations by law or if it is indispensable for accounting purposes or raising claims with regard to cooperation with the Contracting Party or their Representatives. The Controller notifies the obligation of keeping the accounting books (which may contain personal data of Contractors and Representatives) for 5 years, pursuant to the Article 74 of the accounting law.
2.6. The Controller is allowed to disclose Personal Data to entities providing services to the Controller (e.g. entities that provide IT, courier, human resources, accounting services and also services for Contracting Parties), provided that the Controller discloses data in the form which explicitly suggests that it is only for business contact purposes with third parties.
2.7. Every Representative and Contracting Party shall have the right to:
• Access the information on the processing of their personal data, this including categories of the processed personal data or recipients of personal data,
• Request the rectification of inaccurate personal data or completion of the incomplete personal data,
• Request the erasure or restricting the processing of personal data – where the request is granted provided that legal grounds for such a request are fulfilled,
• Raise a justified objection – in the case of the processing of personal data pursuant to the legitimate interest of the Controller (Article 6 item 1 point f) GDPR),
• Move personal data – by receiving the data from the Controller in a format allowing for their providing to a selected third party,
• Lodge a complaint with the supervisory authority President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa – where it is found that the processing of personal data is violating the law.
2.8. Every Contracting Party of the Controller is obliged to inform their Representatives of the contents of this Policy.
3. Data of Users contacting the Controller on the website imm.com.pl
3.1. The website imm.com.pl (hereinafter referred to as the „Website”) provides the opportunity to contact the Controller with the use of contact e-mail addresses and forms placed on the Website, also for the purpose of submitting complaints pursuant to the Website Terms and Conditions.
3.2. Shall personal data be disclosed within the frames of a message sent to the Controller, the Controller assumes the role of the Controller of such personal data.
3.3. Personal data are processed in relation with a message sent by the User in the form of an email address or a contact form available on the Website.
3.4. The processing of personal data shall only be applicable to personal data which the User discloses in the sent message. The message shall not include personal data which are not indispensable for handling the User’s request.
3.5. Personal data of the User shall be erased at the latest within 12 months since acknowledging that the request has been handled, unless other circumstances of the processing occur, for example a legal obligation of the Controller or the future agreement with the Controller, pursuant to the provisions as stipulated in item 2.5 of this Policy.
3.6. The User shall have the right to apply for erasure of their personal data from the correspondence with the Controller anytime by sending an email to the address email@example.com.
3.7. The processing of personal data is performed on the grounds of activities taken prior to concluding the agreement with the Controller within the frames of a service or a product in which the User is interested – Article 6 item 1 point b) GDPR.
3.8. Shall the purpose of the processing of personal data change during the correspondence, the Controller is obliged to inform You of this fact.
3.9. Data of the Users may be disclosed to entities defined in the item 2.6 of this Policy.
3.10. The Users have the rights resulting from item 2.7 of this Policy.
4. Personal data used for the purpose of the MediaContact database
4.1. The Controller enables to register in the MediaContact database with the use of the Website.
4.2. Rules of the MediaContact database operations are provided in the Website Terms and Conditions.
4.3. The MediaContact database sign-up form allows for providing contact data, preferred topics (of emails to be sent) and preferred form of contact.
4.4. For the purpose of sending emails to the MediaContact database, the Controller performs the profiling of Users – this is aimed to send messages only to Users who have declared interest in a specific thematic category. The choice of the category of recipients of the message is made by IMM on the basis of the criteria provided by a client interested in the delivery of messages.
4.5. By selecting the option „follow up” in course of registration in the MediaContact database, the User signals that they are interested in receiving an additional phone call after the message has been sent.
4.6. Messages sent to recipients registered in the MediaContact database may include a request of the acknowledgment of receipt.
4.7. By filling in the section „additional information”, the User may provide additional information about their professional activity or other possible forms of contact.
4.8. Data of Users may be disclosed to entities pursuant to the item 2.6 of this Policy.
4.9. Clients interested in sending messages to the MediaContact database may receive access to the following categories of personal data of Users subscribed to the database: name, surname, place of work, job title, e-mail address, phone number, website, Facebook account, Twitter account, blog, the range of topics, preferred form of contact, preferred time of receiving the messages, information for PR team, telephonic follow-up (yes/no), request for the acknowledgement of receipt (yes/no), remarks.
4.10. Users have the rights resulting from the item 2.7 of this Policy.
4.11. Data of Users registered in the MediaContact database shall be erased within 7 days since receiving by the Controller a request for erasure from the database, in compliance with the Website Terms and Conditions. The Controller is also allowed to erase the User’s data from the MediaContact database independently (upon his own discretion), and he will inform the User of this fact by sending a message to the email address as indicated in the form.
5. Personal data used for the purpose of providing other services and functionalities available on the Website
5.1. The Website allows you to signup for the IMM trainings, in compliance with rules provided in the Website Terms and Conditions. The data entered to the training sign-up form are used exclusively for the purpose of communication between the User and the Controller with regards to the training and adjusting the contents of the Training to the characteristics of the User or the branch of industry which he represents. Personal data collected with the use of a training sign-up form shall be erased within the period of 1 year or until withdrawal of consent, except for situations in which personal data must be stored for a longer period of time due to legal regulations.
5.2. The Website allows the User to download a free of charge e-book titled „Media360”. To download the e-book requires providing an email address. The email address will be used exclusively for the purpose of sending the e-book and will be erased within the period of 1 year.
5.3. The Website enables you to submit an inquiry or a request for evaluation of services provided by IMM. Data provided in the inquiry form or request for evaluation are used exclusively for the purpose of replying to the User’s email. The item 3 of this Policy is applied to the above data.
5.4. The Website enables you to sign-up for a free newsletter in compliance with the Website Terms and Conditions. In order to download the newsletter, providing an email address is required. Email address of the User shall be erased from the IMM database within 7 days at the latest since the reception by IMM of the information about resignation from the newsletter, pursuant to the Website Terms and Conditions.
5.5. The Website has the functionality of an account for using the following functionalities and services – Internet monitoring, social media monitoring, press monitoring, radio monitoring, television monitoring, admonit advertisements monitoring, Automatic Monitoring of the Internet (ami), Media contact DataBase, Press Office, Reports and Analyses. The account is kept in compliance with the Website Terms and Conditions. Data related with the account shall be erased within 7 days since erasing the account (in compliance with the Website Terms and Conditions), unless the Controller will be authorised or obliged for keeping the data pursuant to the item 2.5 of this Policy.
5.6. Data of Users of functionalities indicated in the beforementioned item may be disclosed to entities sas stipulated in item 2.6 of this Policy.
5.7. Users of functionalities indicated above shall have the rights resulting from item 2.7 of this Policy.