- Traction drives
- Auxiliary converters
- AC & DC power supply systems
Personal data protection as required by the General Data Protection Regulation (GDPR)
This information applies to the personal data collected by Medcom Sp. z o.o. as the personal data controller, the ways in which the data is used and the rights of natural persons related to collection and use of the data. Should you have any questions or comments, please contact us at firstname.lastname@example.org.
To operate its business activity, the Controller collects and uses information which identifies natural persons (also referred to as “the personal data”), which includes information about the customers of Medcom Sp. z o.o.
As we are committed to protect your personal data, we want to inform you how the Controller collects, uses and retains the personal data, what the legal basis for the processing is, and what your rights and our obligations are as regards the processing.
Scope of information
This is to inform you about the forms of use of the personal data (“processing”) in Poland, in respect of natural persons including:
Categories of personal data
Data provided by the Customers
Our cooperation with the Customer, which may in particular consist of supply of devices manufactured by Medcom Sp. z o. o., cooperation intended to sell and advertise such products and cooperation by intermediaries, may give rise to the processing of the following personal data of the Customer:
If a contract is to be concluded, provision of the data referred to above is voluntary, but necessary for the purpose of conclusion of the contract and its completion. Failure to provide the data may lead to incorrect cooperation or may prevent performance of the contract (e.g. if you do not provide your data, payment for an invoice may not be possible).
Data collected from other sources
We may obtain your personal data from publicly available sources such as business registers (business activity register - CEIDG, or the National Court Register - KRS) with the aim of verifying Customer-provided data. The scope of the processed data will then be limited to the data held in the relevant registers available to the public.
We can also collect your personal data from entities that employ you or which you represent. In this case, the scope of the processed data will include the information necessary to perform the contract between the Company and such an entity, e.g. information about termination of your employment with the entity, change of your contact data or change of your position.
We can also obtain your data from internal databases maintained by Medcom Sp. z o. o. This applies to data which enables us to contact individual Customers who have already purchased our devices - which includes requests for repairs.
Legal basis for personal data processing
We cannot process the personal data unless a valid legal basis exists. We therefore process the personal data only if:
The “legitimate interests” include:
Purposes and periods of data processing
The personal data is processed only for a specific purpose and to the extent necessary to accomplish the purpose and as long as it is necessary. Presented below are the purposes pursued by the Company in the processing of personal data and the periods for which the data is processed.
|Purpose of processing||
Period of processing
Fulfilment of contractual obligations.
Effective term of the contract between the Customer
and the Company.
Archiving data on the basis of
generally applicable provisions
of law, such as the Accounting Act
and the Tax Ordinance Act.
The period indicated in the relevant
provisions; generally - 5 years from the end
of the calendar year in which it took
place, e.g. invoice issuance.
Notwithstanding the above periods, your data may be processed by the Company for the purposes of establishment and exercise of claims by the Company as part of its business activity and defence of such claims for the appropriate periods of limitation of the claims, i.e. generally not longer than 6 years after the occurrence of the event resulting in the claim.
Personal data protection measures
All employees who have access to the personal data must respect the internal rules and processes related to the processing of personal data in order to protect it and ensure its confidentiality. They shall also be obliged to apply all technical and organisational measures implemented to protect the personal data.
We have implemented the appropriate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, inappropriate use, disclosure of, or access to personal data and any other illegal forms of processing. These protection measures have been implemented taking into account the state-of-the-art technology, the cost of implementation, the risks involved in the processing and the nature of the personal data, with particular emphasis on sensitive data.
Personal data transfer
Personal data transfer within Medcom Sp. z o.o.
We can transfer your personal data to our employees, in particular the sales department employees.
Personal data transfer outside Medcom Sp. z o.o.
The data may be transferred to recipients and other third parties in order to accomplish purposes necessary for the performance of tasks contracted by the Company if required by the law or if the Company has any other legal basis. The recipients or other third parties may include:
The processing of personal data takes place only insofar as it is necessary for the Company to operate. The Company controls the operation of such entities by means of the appropriate contractual clauses which protect your privacy.
Data transfer outside the European Economic Area
The personal data obtained by Medcom Sp. z o. o. is not processed in countries outside the European Economic Area.
Rights of the Customers and exercise of the rights
Each person has a right of access to his/her personal data processed by the Company. If you consider that any information concerning you is inaccurate or incomplete, please submit a request for its rectification. The company shall immediately rectify such information.
You have the right to withdraw your consent for the processing of your personal data if Medcom Sp. z o. o. has obtained such consent for processing (provided that the withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal).
The erasure of personal data shall be based on the provisions of the GDPR.
The restriction of personal data processing shall be based on the provisions of the GDPR.
On grounds relating to your particular situation, to processing of your personal data (including profiling) if such processing is carried out in order to pursue a public interest or legitimate interests of the Company or a third party.
This means the possibility to obtain personal data submitted to the company in a structured, commonly used and machine-readable format and to request such personal data to be transmitted to another controller of personal data, without any hindrance from the Company and subject to its own confidentiality obligations. The company shall verify your requests or objections in accordance with the applicable personal data protection legislation. However, please note that these rights are not of an absolute nature; there are exceptions to their application.
In response to your request, the company may ask for verification of your identity or provision of information that will help the Company understand the situation better. The Company shall make every effort to explain its decision if your requests are not satisfied.
Exercising your rights
To exercise the above rights, please send an email message to email@example.com, contact us by phone at tel.:+48 223144200 or by post at: ul. Jutrzenki 78A, PL 02-230 Warszawa with a note “Personal Data Protection”.
If you are not satisfied with the way the Company processes your personal data, please notify us thereof, and we shall investigate all inaccuracies. Please inform us of any doubts using the contact details provided above.
Should you have any objections to the Company’s response, you may lodge a complaint with the competent personal data protection authority, i.e. in Poland - the President of the Personal Data Protection Authority.
To keep the personal data up-to-date and accurate, we may periodically ask you to check and confirm your personal data we hold or to inform us of any changes regarding the personal data (such as a change of your email address). We encourage you to check on a regular basis the accuracy, currency and completeness of the personal data we process.