This privacy policy specifies the way in which users’ data are processed and, at the same time, fulfils the informative purpose set out in Articles 13 and 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”). This policy applies only to MOSTOSTAL ZABRZE BIPROHUT S.A. websites and does not apply to any other websites that users may access through the links on the website.

The Personal Data Controller within the meaning of Article 4(7) and Article 24 of the GDPR is MOSTOSTAL ZABRZE BIPROHUT S.A. (the “Company”).

Contact details

Contact with the Personal Data Controller is available at the following address: MOSTOSTAL ZABRZE BIPROHUT S.A. ul. Dubois 16, 44-100 Gliwice, tel. +48 (32) 77 75 100, email: biprohut@mz.pl.

MOSTOSTAL ZABRZE BIPROHUT S.A. has appointed a Data Protection Officer, who can be contacted at the following email address: iodo@mz.pl.

Data processing

Processing of personal data is understood as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Purpose of the data processing

Data is processed in accordance with the provisions of the GDPR for clearly specified purposes and to the extent necessary to fulfil the purpose.

Data that can be voluntarily given by the user is only processed to the extent of the user’s consent and for the following purposes:

– informing about the Company’s content and services in response to a data subject’s request or enquiry,

– ordering and execution of the services provided by the Company,

– the performance of contracts to which the data subject is a party,

– implementation of legal requirements,

– meeting purposes of the legitimate interests pursued by the data controller or by a third party.

In addition, in certain cases, the IT systems may collect additional information about users and their activities for statistical purposes, to improve the quality of the website and to monitor abuse and malfunctions. By doing so, we collect data such as IP addresses, browser type, operating system, domain and website addresses used to access or leave the website, information on the sub-pages of this website visited by the user, the time the user accessed the website, the time the user spent on each sub-page, internal route analysis and other parameters relating to the user’s operating system and IT environment. We aim to collect, use and consolidate such information as far as possible on a fully anonymous basis.

We therefore inform you, as Data Subjects, that in accordance with Articles 13 and 14 of the GDPR, we will process the aforementioned data for the purposes referred to above manually in a traditional manner and by automated means using IT systems.

Data recipients

Data may be processed by employees and associates of MOSTOSTAL ZABRZE BIPROHUT S.A. as “persons in charge of processing” who, under direct authority from the Controller or Processor, are authorised to process personal data in accordance with Articles 4(10) and 29 of the GDPR. Data may also be processed by trusted entities providing technical and organisational services to the Company on the basis of concluded entrustment agreements or other legal instruments permitted by EU law. The controller may furthermore make the data available to other recipients only at the request of entities authorised to do so by law or when this is necessary to fulfil the demonstrated and legitimate purposes of the controller or the third party.

Consent to data processing

In cases where the processing of your data does not result from a legal obligation, is not related to a contract or service performed for you, or does not result from a legitimate interest pursued by MOSTOSTAL ZABRZE BIPROHUT S.A. or a third party, we request your consent to process your personal data for the purposes indicated. Whenever you have given your consent to the processing of your data for the indicated purposes, such consent may be withdrawn at any time.

Objection to data processing

In accordance with the provisions of Article 21 of the GDPR, the Data Subject has the right to object at any time to the processing of personal data concerning him or her for the indicated purposes. In such a situation, the personal data will no longer be processed for the purpose indicated in the objection. The objection is not possible, if the processing is based on a legal requirement or a legitimate interest pursued by the Controller or a third party.

Transfer of personal data to third countries

The data collected and processed may be transferred outside the European Economic Area to independent IT service providers or data storage services, including cloud storage. Data shall only be transferred in accordance with data protection legislation and on condition that appropriate safeguards are provided for the data and the means of transfer, for example, on the basis of a data transfer agreement based on contractual clauses adopted by the European Commission for the transfer of personal data from data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection legislation, or on the basis of agreements on the privacy protection (Privacy Shield) for the transfer of personal data from entities in the EU to entities in the United States or an equivalent agreement in other jurisdictions, or the transfer of data to a country for which the European Commission has decided that the legally prescribed level of data protection in that country is adequate, or where it is necessary to conclude or perform a contract with a third party and for the purposes of such a contract the transfer is in the interest of the data subject. In other cases, furthermore, the transfer is permissible if the data subject has given his or her consent.

Period of data processing

All personal data shall be collected lawfully, for the indicated purposes whilst respecting the necessity principles. Personal data will be kept in accordance with the principle of proportionality in such a way as to allow identification of the Data Subject and until the purposes of the processing have been fulfilled.

Rights of the Data Subject

Pursuant to Articles 13(2)(b) and 13(2)(d), Articles 14(2)(c) and 14(2)(e), Article 15, Article 18, Article 19 and Article 21 of the GDPR, the Data Subject has the right to request from the Company access, rectification, erasure or restriction of processing or to object to processing; has the right to data portability pursuant to Article 20 of the GDPR, has the right to lodge a complaint with a supervisory authority, the right to rectification, erasure or restriction of processing at the request of the Data Subject.

Cookie files

Cookie files are information packets sent by a web server (e.g. a website) to the user’s browser, which are automatically stored on the user’s computer and are then automatically sent back to the server each time the user opens the browser. The default settings of almost all web browsers automatically accept cookie files. This website does not use cookies to transmit personal data. The use of session cookies (which are not stored permanently on the user’s computer and are deleted every time the browser is closed) is limited solely to the transmission of session identification data necessary to ensure the safe and efficient use of the website. The session cookies used on this website avoid the necessity to use other IT technologies that could pose a potential threat to the user’s privacy while browsing the website, and do not allow the obtaining of the users’ personal data. The website also uses persistent cookies, which are stored on the hard drive of the computer until they expire or are cancelled by the user/visitor. Through the use of persistent cookies, users of the website (or other people using the same computer) are automatically recognised each time they access the website. The user can configure the browser to accept/reject all cookies or to have a message appear on the screen each time a cookie file is offered, allowing the user to decide whether to accept or reject it. At any time, by selecting the highest level of protection, the user can change the default settings and disable all cookies or partially or completely block them.

Links to independent websites

There may be dedicated links on this website through which it is possible to connect directly to other independent websites. The administrator of this website is not responsible for how independent websites manage the personal data and credentials provided by third parties.

Information clauses

  1. Information clause for employees, associates, contractors and potential contractors
  2. Information clause for natural persons who are party to a contract
  3. Information clause for employees, associates, contractors and potential contractors

Pursuant to Article 13(1) and (2) or Article 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 4.5.2016) – hereafter referred to as the GDPR – we inform you that:

Personal Data Controller

The controller of your data is MOSTOSTAL ZABRZE Biprohut S.A. with its registered seat and addresses at Gliwice, ulica Dubois 16.

Data Protection Officer

The Controller has appointed a Data Protection Officer, who can be contacted in writing at the following address: IOD Grupa Kapitałowa MOSTOSTAL ZABRZE ul. Dubois 16, 44-100 Gliwice (Poland) or by e-mail: iodo@mz.pl.

Purposes and grounds for the data processing

Your personal data will be processed for:

– fulfilment of legal obligations imposed on the Controller under applicable legislation, including those related to invoicing, bookkeeping and tax records, (Article 6(1)(c) of the GDPR),

– carrying out tender procedures and offering services, in relation to which the personal data obtained from the documentation received will be processed on the basis of the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR),

– pursuing claims or defending the Controller’s rights (Article 6(1)(f) of the GDPR), which is a legitimate interest,

– carrying out satisfaction surveys, preparing analyses regarding sales and the use of our products and services, collecting your opinions on our products and services – in order to improve our products and services and to obtain references from completed projects (Article 6(1)(f) of the GDPR).

Categories of processed data

We will process the following categories of your data: first and last name, work phone number, work email address, work position and other data provided to us for the purpose of fulfilling the contract by your employer.

Data recipients

The Controller shares your personal data with the following categories of recipients:

– to affiliated entities within the MOSTOSTAL ZABRZE Group, in accordance with the organisational chart made available at: www.mz.pl/en/group, on the basis of the appropriate entrustment agreements,

– to entities processing your personal data on the basis of a concluded entrustment agreements, such as external entities operating the IT systems, companies dealing with archiving of documents,

– to personal data controllers authorised by law and to other controllers who process personal data on their own behalf: including law firms, banks (payment of invoices), companies providing courier and postal services, contractors in the course of the Company’s operating activities (investors, subcontractors).

Transfer of data to third countries or international organisations

Subject to the next sentence, the Controller shall not transfer personal data outside the European Economic Area. In relation to the provision of services to the Controller regarding the operation of the IT system supporting the management of the Controller’s business, the Controller may share personal data stored in such IT system with a service provider established in Sri Lanka. In such case, the personal data shall be transferred applying the standard data protection contractual clauses adopted by the European Commission. You may request further information on the safeguards in place and you have the right to obtain a copy of your personal data.

Period of data processing

We shall process your personal data in the course of the pursuit of the contract and during the period of performance of the contract you or your company has concluded with us, as well as for the period of limitation of claims arising from the contract.

We shall retain your personal data contained in tax or accounting records until the expiration of data storage obligations under tax and accounting legislation.

Obligation to provide the data

The provision of data is voluntary, but necessary both to conclude a contract with the company you represent and to maintain business contacts, including responding to enquiries made by you. Failure to provide personal data may result in the inability to fulfil the provisions of the contract.

Your rights

You have the right to request access to your data, to receive a copy of your data and the right for the data rectification, erasure, restriction of their processing, and the right to data portability.

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

As we process your data on the basis of our legitimate interest, you have the right to object to the processing on the grounds relating to your particular situation.

  1. Information clause for natural persons who are party to a contract

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 4.5.2016) – hereafter referred to as the GDPR – we inform you that:

Personal Data Controller

The controller of your data is MOSTOSTAL ZABRZE Biprohut S.A. with its registered seat and addresses at Gliwice, ulica Dubois 16.

Data Protection Officer

The Controller has appointed a Data Protection Officer, who can be contacted in writing at the following address: IOD Grupa Kapitałowa MOSTOSTAL ZABRZE ul. Dubois 16, 44-100 Gliwice (Poland) or by e-mail: iodo@mz.pl.

Purposes and grounds for the data processing

Your personal data are processed for the following purposes:

– to perform the contract or take steps to enter into the contract (Article 6(1)(b) of the GDPR),

– to fulfil the Controller’s legal obligations under applicable legislation (Article 6(1)(c) of the GDPR),

– for internal administrative purposes and for pursuing claims or defending the Controller’s rights, which is a legitimate interest (Article 6(1)(f) of the GDPR).

Data recipients

The Controller transfers your personal data to the following categories of recipients:

– to affiliated entities within the MOSTOSTAL ZABRZE Group, in accordance with the organisational chart made available at: www.mz.pl/en/group,

– to entities processing your personal data on the basis of a concluded entrustment agreements, such as external entities operating the IT systems, companies dealing with archiving of documents,

– to personal data controllers authorised by law and to other controllers who process personal data on their own behalf.

Transfer of data to third countries or international organisations

Subject to the next sentence, the Controller shall not transfer personal data outside the European Economic Area. In relation to the provision of services to the Controller regarding the operation of the IT system supporting the management of the Controller’s business, the Controller may share personal data stored in such IT system with a service provider established in Sri Lanka. In such case, the personal data shall be transferred applying the standard data protection contractual clauses adopted by the European Commission. You may request further information on the safeguards in place and you have the right to obtain a copy of your personal data.

Period of data processing

We shall process your personal data in the course of the pursuit of the contract and during the period of performance of the contract, as well as for the period of limitation of claims arising from the contract.

We shall retain your personal data contained in tax or accounting records until the expiration of data storage obligations under tax and accounting legislation.

Obligation to provide the data

The provision of the data is voluntary, but necessary for the conclusion of the contract as well as for the maintenance of the business relationship, including responding to enquiries made by you. Failure to provide personal data may result in the inability to fulfil the provisions of the contract.

Your rights

You have the right to request access to your data, to receive a copy of your data and the right for the data rectification, erasure, restriction of their processing, and the right to data portability. You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the provisions of the GDPR. As we process your data on the basis of our legitimate interest, you have the right to object to the processing on the grounds relating to your particular situation.