Privacy statement ET&S

The following provisions governing our privacy policy apply to:

1. users of the ERGO Technology & Services S.A. microsite placed on the ERGO Group website, as well as users of ERGO Technology & Services S.A. apps for mobile devices (hereinafter referred to as: website users).
2. the ERGO Technology & Services S.A. contractors, including potential contractors (hereinafter referred to as: contractors) and representatives of the contractors, including their employees, members of the management board, commercial proxies and attorneys-in-fact (hereinafter referred to as: representatives of the contractors).
3. correspondents, communicating by mail, including electronic mail, and using the forms available on the ERGO Technology & Services S.A. website (hereinafter: correspondents).

Information regarding processing of personal data of ERGO Technology & Services S.A. job applicants and persons recommending job applicants has been regulated in separate clauses displayed when providing data by these persons into dedicated online forms. ERGO Technology & Services S.A websites contains links to third-party websites (external links). These websites are subject to the liability of the respective operator. Should you discover that any link on our website links to content that violates governing law, please inform us at dpo.ets@ergo.com. We will then delete these links from our website without delay.

ERGO Technology & Services S.A. shall not accept any liability for ensuring that the information is up to date, accurate, complete and of high quality.

We would like to inform you here about the processing of your personal data when you use our websites and its apps, share your data with us during business contacts and about your rights under data protection law.

Who is responsible for processing the data and who is the Data Protection Officer?

Controller for the data processing is:

ERGO Technology & Services S.A.
ul. Droszyńskiego 24
80-381 Gdańsk
Poland

(hereinafter referred to as: „ET&S”)

You can contact our Data Protection Officer: Roger Kołomłocki by writing to the email address: dpo.ets@ergo.com or by writing to the above ET&S postal address and adding "For the attention of the Data Protection Officer".

What categories of data do we use and where do they come from?

As a matter of principle, you can use our website anonymously. We do not store any personal data or data that can be associated with the person using the website (such as IP addresses). When you visit our website, we collect data (date, time, visited pages, navigation, and used software) in an anonymous form so that the usage can be analyzed, also anonymously, by an external service provider. The data is anonymized before being stored by the service provider. More information about our website can be found in section 6.

ET&S may receive personal data directly from contractors or potential contractors (e.g., email correspondence, electronic contact forms, phone calls, during meetings, conferences) or from other individuals or entities cooperating with ET&S to establish business contacts, including entering into and performing contracts with ET&S.

In the case of contractors, the data mainly includes information related to their business activities, in particular, first and last name, company name, residential address, correspondence address, phone number, bank account number, numbers in the relevant registers (NIP), statistical number (REGON), and, in justified cases, identification number (PESEL) and identity card number (for identification purposes).

In the case of representatives of contractors, the data mainly includes contact details necessary for communicating with them for business purposes, in particular: first and last name, email address, phone number, and, in justified cases, professional qualifications, identification number (PESEL), and identity card number (for identification purposes).

What are the purposes for which data is processed?

If you provide us with your personal data in specific circumstances we treat this data in accordance with the provisions of the data protection legislation applicable at the company's head office.

If you send us an email or complete an online form on our website and send it to us we process the personal data indicated in the form (e.g. your name or email address) only for the purposes of our correspondence with you so we can send you the documents or information you requested, or for any other purposes you may have indicated on the form in question. We will process those data until the answer is given and the correspondence is completed, but in certain cases we may keep them until the period in which claims may be asserted against us expires.

In case of contractors and representatives of the contractors we also process provided personal data in order to:

1. concluding and performing the contract between ET&S and the contractor (hereinafter referred to as the "Contract"), i.e., fulfilling the obligations of the parties arising from the Contract and settling accounts after its termination - for the duration of the Contract and the settlements after its termination,
2. verifying the professional qualifications of the representatives of contractors in connection with business negotiations conducted when making decisions about cooperation or during the performance of the Contract - for the duration of the negotiations or for the duration of the Contract and the arrangements after its termination,
3. establishing and maintaining business relationships and direct marketing, including sending, through electronic means of communication or in another form, marketing and promotional content, i.e., commercial offers, information about promotional campaigns organized by ET&S, and events related to its business activities - until an objection is raised,
4. achieving internal administrative goals of ET&S, including, in particular, creating statistics, reporting, and planning the development of services - for the time necessary to achieve these goals, but no longer than for the duration of the contract and the settlements after its termination,
5. fulfilling legal obligations by ET&S, e.g., storing invoices and accounting documents, tax settlements - for the period specified by law,
6. confirming the fulfillment of obligations, establishing, pursuing, or defending claims against ET&S - for the period of limitation of claims arising from the regulations,
7. fulfilling legal obligations of ET&S arising from legal provisions, i.e., in the case of a specific request made by government authorities, within the scope specified in the request - within the limits specified in the request and for the period specified in the regulation,
8. performing tasks by ET&S resulting from the legally justified interest of the data controller, including responding to correspondence directed to ET&S,
9. monitoring the office areas of ET&S, ensuring the safety of persons present there, protecting the property of ET&S, its employees, and guests, and securing information that constitutes trade secrets of ET&S - for no longer than 3 months.

If we would like to process your personal data for a purpose that has not been indicated, we will inform you about it in advance.

On what legal basis is your personal data processed?

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and, where applicable, all other regulations concerning the processing of personal data.

The specific legal basis for data processing depends on the context in which we receive the data and the purpose for which we receive it. If necessary, we will inform you of this in the case of a relevant inquiry.

The legal basis will be:

1. the legitimate interest of the data controller (Article 6(1)(f) GDPR) - for the purpose of conducting communication, concluding and performing contracts concerning representatives of contractors, verifying the professional qualifications of representatives of contractors, establishing and maintaining business relationships, conducting direct marketing, fulfilling internal administrative purposes, confirming the fulfillment of obligations, establishing, pursuing, or defending claims against ET&S, or conducting video monitoring of office space.
   
   For the purpose of conducting marketing activities through electronic means of communication (SMS, phone, email), it may also be necessary to express consent under the provisions of the Telecommunications Law or the electronic services.
2. he necessity of processing data to fulfill a legal obligation to which ET&S is subject (Article 6(1)(c) GDPR) - in the case of fulfilling legal obligations by ET&S, e.g., storing invoices and accounting documents, tax settlements, or fulfilling legal obligations arising from legal provisions, i.e., responding to requests made by government institutions.
3. the necessity of processing data to perform a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) GDPR) - in the case of signing and performing a contract concerning contractor.

Who will obtain your data?

Within the data controller (ET&S), the only individuals and entities that receive the relevant data are those responsible for the respective process; in this regard, there is a clear division of responsibilities and transparent rules for granting authorizations. This data may also be shared with service providers for the purposes specified above. The involvement of service providers is necessary, for example, for the administration and maintenance of IT systems as well as for the provision of courier, postal, marketing, archiving, auditing, and legal services.

Personal data may also be transferred to other recipients to the extent necessary to fulfill contractual or statutory obligations (e.g., transferring data to supervisory authorities).

This data can also be forwarded to Group companies e.g. as part of Group communications or Group management.

Is your data sent to a third country?

If personal data is transferred to a service provider or group company outside the European Economic Area (EEA), it is sent only if the European Commission has confirmed that the country provides an adequate level of data protection or if there are other appropriate guarantees for data protection (e.g., EU standard contractual clauses). This information can also be obtained from the places or persons designated as contact persons at the beginning of this section.

What measures do we take to protect your data?

We take appropriate and state-of-the-art technical and organizational measures to protect the data against accidental or intentional manipulation, loss, destruction, or unauthorized access. For the contact forms available on our website, we use SSL encryption (Secure Socket Layer) to protect your data. This SSL connection protects your data from unauthorized access. For your own safety, always use these contact forms. If you send us data in unencrypted form as regular unsecured emails, it is possible that these emails may be viewed or altered by unauthorized persons during transmission.

What data protection rights do you have as a Data Subject?

You can request information about the stored personal data at the address provided above. Under certain conditions, you may also request the correction or deletion of your data. You also have the right to restrict the processing of your data and the right to disclose your data in a structured, commonly used, and machine-readable format.

Right to object

If we process your data to protect our legitimate interests, you may object to this processing for reasons arising from your particular situation. In such a case, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.

You may object to the processing for direct marketing purposes at any time.

If we process your data based on your consent, you may withdraw that consent at any time..

Where can you file complaints?

You can file complaints either with the Data Protection Officer detailed above or with a data protection supervisory authority.
The data protection supervisory authority responsible for ET&S's head office in Poland is: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.

For how long is your data saved?

We will delete your personal data as soon as it is no longer needed for the purposes mentioned above, but in some cases, we may retain it for the period required by law or until the period during which claims can be made against us expires. This is done regularly in connection with the legal obligation to provide proof, as well as the obligation to retain data, which is legally regulated.

The specific retention periods for data are defined for each of the processing purposes in the section above "What are the purposes of data processing?

Are you obliged to provide your data?

If you are currently using our website, you are not obliged to provide personal data. However, there are certain services for which we need your personal data, for example, to send you information that you request, such as newsletters, or to include you in the application procedure. We cannot provide the requested services without this information. In any case, we only collect the data that we actually need.

Providing personal data may be necessary to establish and maintain business relationships with ET&S, as well as to conclude and perform a contract with ET&S.

To what extent are decisions on particular cases or profiling activities automated?

If we use a purely automated method of processing in a specific case, including profiling, we will inform you about it in the procedure.

Changes to this Privacy Policy, modifications to our website, and changes in technology may sometimes lead to changes in the provisions regarding the protection of personal data and privacy. When visiting our website, we ask you to familiarize yourself with the latest version of the Privacy Statement.

3.1 Use of cookies

Cookies are small files that are stored on your computer and control the display and operation of our website. These cookies are deleted when the dialogue is terminated; no evaluation of the user behaviour takes place.  We use cookies to ensure the best possible website performance. To improve the website further, we store cookies – which do not identify individual users – and analyse their data.
Statistical analyses of our website are carried out anonymously, meaning that they cannot be linked to the user as a person. We may request further voluntary information besides data required for the specific purpose of preparing an individual offer. The fields for this voluntary information are marked accordingly. Additional information helps us to get to know you better and advise you better, to improve our website and for advertising purposes.

Furthermore, cookies are used in conjunction with using the personal customer portal. Cookies do not contain any personal information. In order to be able to request log-in data for ET&S online or to register with ET&S, cookies have to be permitted for the ets.ergo.com website via your browser. The settings of cookies vary from browser to browser.

3.2 Using advertising analysis tools (Adobe Analytics)

We use Adobe Analytics software from Adobe Systems for marketing and optimisation purposes in order to make your visit to our websites or apps even more user friendly. Data on user behaviour, including origin and page impressions, is stored online and offline. Further data such as sex, year of birth or postcode are also collected anonymously, but cannot be traced to you as a person. It is not possible to collate the data with your personal data (i.e. name, address or insurance policy number). Furthermore, your IP address is not processed by Adobe Systems but is merely stored in an abbreviated form. Information collected is stored by Adobe Systems within the European Union.

For further details on data privacy at Adobe Systems as well as its data privacy statement, please visit Adobe website:
http://www.adobe.com/privacy.html

3.3 Transferring information and encryption

If you choose to send a message to ET&S by way of the contact form, the information is sent using an encryption technique known as SSL (secure socket layer) with a key length of at least 128 bit.

Our websites and our apps both use plug-ins of several social networks, including Facebook, Twitter, LinkedIn and others. The plug-ins are marked with a logo or with the add-on “social plug-in”.

If you access one of our website pages or apps containing such a plug-in, these plug-ins can create a direct link with the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another. Due to the incorporated plug-ins, the social networks will be informed that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account.

If you interact with the plug-ins, e.g. by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the guidelines of the relevant social network. For information on the purpose and scope of collecting this data and its subsequent processing and utilisation by the social network, as well as your rights in this regard and the settings available to protect your private sphere, please refer to the data privacy information available from the social network in question.

If you do not wish social networks to collect data about you via our website, you will need to log out of all social networks before visiting our website or using our app.

Information on data processing at Facebook, and on the profile of ET&S, can be found in the section ‘Facebook information clause’.

ET&S uses the e-mail address provided in order to send you a reply with the details requested. However, we only send personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the contents of your message relate to a contract, ET&S will archive the e-mail. The e-mail address will only be used to correspond with you and will not be forwarded to any third parties. You will not receive any unsolicited e-mails from us. If, however, you do receive an unsolicited e-mail which states that it has been sent by us, it has been sent fraudulently and should be deleted immediately.

Before sending ET&S an e-mail that has not been encrypted, please remember that its contents are not safeguarded against other people viewing them or using them fraudulently. Consequently, we would recommend that you send any message to ET&S using the contact form when dedicated form is provided on ET&S website.