Privacy Policy of www.centrozlom.com.pl

1. General Information

This Privacy Policy sets out the rules for processing and protecting personal data submitted by users of the website https://www.centrozlom.com.pl

The controller of personal data is:

Centrozłom Wrocław S.A.
ul. Robotnicza 16
53-608 Wrocław

Contact details:
tel.: +48 71 356 66 66
e-mail: centrala@centrozlom.com.pl

The Controller has appointed a Data Protection Officer:

Data Protection Officer:
Ewa Cecko
e-mail: iod@centrozlom.com.pl

The Controller takes particular care to protect the privacy of users and the security of processed personal data.

2. Terms of Use of the Website

This Privacy Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and applicable legal provisions.

By using the Website, the user accepts the provisions of this Privacy Policy.

The Website may be browsed without providing personal data. In such cases, technical data and cookies may be collected automatically, including in particular the IP address, device information, and user activity on the Website, which may constitute personal data within the meaning of the GDPR.

Detailed information on the processing of personal data and the use of cookies is provided in the following sections of this Policy.

3. Scope of Processed Data

The Controller may process the following personal data of users:

Automatically collected data:

  • IP address
  • technical data regarding the device and browser
  • statistical data relating to the use of the website

Data voluntarily provided by the user:

  • first and last name
  • e-mail address
  • phone number

These data may be provided in particular when contacting the Controller (e.g. via e-mail) or participating in recruitment processes.

In the case of a recruitment process (the “Careers” tab), the following data may additionally be collected:

  • data contained in a CV and cover letter,
  • professional experience and education,
  • other data provided by the candidate.

Providing data is voluntary, but may be necessary for the performance of certain services or processes.

4. Purposes and Legal Bases for Data Processing

Purpose of data processingLegal basis
Handling electronic correspondenceArt. 6(1)(f) GDPR (legitimate interest of the controller consisting in responding to an inquiry)
Handling enquiries for quotationsArt. 6(1)(f) GDPR (legitimate interest of the controller consisting in preparing an offer in response to an enquiry)
Fulfilment of legal obligationsArt. 6(1)(c) GDPR (legal obligation incumbent on the Controller under applicable law)
Conducting analytical and statistical activitiesArt. 6(1)(f) GDPR (legitimate interest of the controller consisting in analysing the manner in which the website is used, monitoring website traffic and creating statistics for the purpose of optimising the website, improving its functionality and tailoring content to users’ needs)
Ensuring website securityArt. 6(1)(f) GDPR (legitimate interest of the controller consisting in ensuring the ICT security of the website, protection against unauthorised access, prevention of abuse, detection of incidents, and ensuring the integrity and availability of data)
Sending commercial information by electronic means (e-mail, SMS)Art. 6(1)(a) GDPR (user’s consent, in connection with the provisions of the Act on the provision of electronic services and the Electronic Communications Law)
Conducting recruitment processesArt. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (steps taken prior to entering into a contract)

5. Recruitment

Via the “Careers” tab, the user may submit their application data.

These data are processed for the purpose of:

  • conducting the recruitment process,
  • contacting the candidate,
  • potential participation in future recruitment processes (if consent has been given).

Data are stored for the period necessary to carry out the given recruitment process and for up to 3 months following its conclusion, in order to secure potential claims.

If consent has been given to participate in future recruitment processes, data may be processed for a period of up to 12 months or until the consent is withdrawn — whichever occurs first.

6. Cookies

The Website uses cookies in order to ensure its proper functioning and for analytical and marketing purposes. Cookies are small text files saved on the user’s end device by the web browser. They contain, among other things, the name of the website, their storage time, and a unique identifier.

Cookies are used for the purpose of:

  • ensuring the proper functioning of the website
  • remembering user preferences
  • conducting statistical analyses
  • improving the functionality of the website
  • conducting marketing and remarketing activities (if the user gives consent).

Types of cookies:

  • necessary cookies – ensure the proper functioning of the website and are processed on the basis of the Controller’s legitimate interest,
  • analytical cookies – enable analysis of the manner in which the website is used (applied after the user gives consent),
  • marketing cookies – used for marketing purposes (applied after the user gives consent).

Upon the first visit, a cookie banner is displayed, in which the user may accept all cookies, reject non-essential cookies, or customise their preferences.

The user may change or withdraw their consent at any time via the cookie settings available on the Website, through the widget located in the bottom right corner of the page.

In addition, the user may manage cookies via their web browser settings, including restricting or completely disabling their storage. Please note, however, that restricting the use of cookies may affect the functioning of certain features of the Website.

Detailed information on the management of cookies is available in the settings of web browsers (e.g. Chrome, Firefox, Safari, Edge).

Full information on cookies is available in the Cookie Policy.

7. Analytical and Marketing Tools and Technical Data

The Website uses analytical tools to analyse website traffic and create statistics on the manner in which the Website is used. For this purpose, cookies are used, in particular the following tool:

– Google Analytics.

These tools use cookies to collect statistical data such as the number of visits, traffic sources, and the manner in which the Website is used. Analytical cookies are used only after the user has given consent. Data may be transferred to service providers, in particular Google LLC and Meta Platforms Inc. These entities may act as independent data controllers or data processors — depending on the nature of the service. Detailed information on data processing by these entities is available in their privacy policies. The Website may use a map embedding service, such as Google Maps, to display locations.

In connection with the use of services provided by entities based outside the European Economic Area (EEA), data may be transferred to third countries, in particular the United States, with appropriate safeguards as required by the GDPR.

When using the Website, technical data are automatically recorded in server logs, such as:

  • IP address
  • browser type
  • operating system
  • date and time of visit
  • referring page address

These data are used for the purposes of:

  • administration
  • statistics
  • ensuring the security of the Website

8. Sharing of Data

Personal data may be disclosed to persons authorised by the Company, to entities providing services to the Company, including technical and organisational services, IT services and hosting services, courier services, as well as to other entities/persons/authorities to the extent and on the terms set out by applicable law.

Where it is necessary to disclose personal data to third parties, we require them to maintain the confidentiality and security of the information and to use it solely for the purpose of providing us with the relevant service.

We have entered into appropriate data processing agreements with entities to whom we entrust personal data.

9. Retention Period

Data may be processed only to the extent necessary and for the period required to fulfil the purposes for which they were collected.

Data may be retained for as long as necessary to achieve the purpose for which they were provided, or for the period required by law, as well as to the extent necessary to protect the rights of the Controller or the user, in particular for the establishment, assertion, or defence of claims.

Where services are used or a contract is concluded, data may be retained for the period required by accounting and tax regulations, i.e. for 5 consecutive calendar years, counted from the end of the calendar year in which the contract was concluded or the transaction was made.

In the case of recruitment processes, application data and documents (including CVs, cover letters, and other submitted materials) are retained for the duration of the recruitment process and for 3 months following its conclusion for the purpose of pursuing potential claims, and — where separate consent has been given — also for the purposes of future recruitment processes, data may be processed for a period of up to 12 months or until the consent is withdrawn — whichever occurs first.

10. User Rights

The user decides on the scope and purpose of processing. At any time, the user has the right to:

  • access their data – The user has the right to obtain information as to whether the Controller is processing their personal data. If processing is confirmed, the user has the right to access their data and receive a copy thereof, as well as information relating to, among other things, the purposes of processing, categories of data, recipients of data, and the planned retention period.
  • rectification (correction) of data – The user has the right to request the correction of data that are inaccurate or outdated, as well as their supplementation if they are incomplete.
  • erasure of data (right to be forgotten) – The user has the right to request the erasure of their personal data if they are no longer necessary for the purposes for which they were collected, consent to their processing has been withdrawn, an effective objection to processing has been raised, or the data are being processed unlawfully. This right may be restricted where the processing of data is required by law or necessary for the establishment of claims.
  • restriction of processing – The user has the right to request the restriction of processing of their data, e.g. when they contest the accuracy of the data, when processing is unlawful but the user does not wish the data to be erased, or when the data are no longer needed by the Controller but are needed by the user for the establishment of claims.
  • objection to data processing – The user has the right to object at any time to the processing of personal data carried out on the basis of the Controller’s legitimate interest. Where an objection is raised, the data will no longer be processed unless the Controller demonstrates the existence of compelling legitimate grounds for processing.
  • data portability – The user has the right to receive their personal data in a structured, commonly used format and — where technically feasible — to request their transmission to another controller.
  • withdrawal of consent – Where processing of data is based on consent, the user has the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
  • lodging a complaint with a supervisory authority – The user has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their personal data infringes the provisions of the GDPR.

Upon receipt of a request, the Company will make every effort to process it as promptly as possible. However, not every request can always be fulfilled. For example, the right to erasure cannot be exercised if the obligation to retain data is based on a legal provision. The user will be informed of the outcome of their request in writing or by e-mail.

11. Data Security

The Controller applies appropriate technical and organisational measures aimed at ensuring the protection of processed personal data and their security, in particular against:

  • unauthorised access by third parties,
  • accidental loss, destruction, or modification of data,
  • unauthorised disclosure or processing of data,
  • damage to or loss of data integrity.

The implemented security measures include in particular access control to IT systems, the use of password protections, and regular software updates.

The Website uses the secure HTTPS data transmission protocol, which encrypts information transmitted between the user’s device and the Website, increasing the protection of data during transmission.

The Controller takes due care to ensure the continuity of data protection and to minimise the risk of unauthorised use of data.

12. Profiling of Personal Data

Personal data are not processed in an automated manner, including in the form of profiling.

13. Changes to the Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy at any time, with notification of such changes on this policy page. We recommend checking this page frequently and referring to the date of the last modification above.

14. Contact Regarding Personal Data

For matters concerning personal data, please contact the Controller:

Centrozłom Wrocław S.A.
ul. Robotnicza 16
53-608 Wrocław

e-mail: iod@centrozlom.com.pl
tel.: +48 71 356 66 66