Introduction
In Billennium S.A. (hereinafter “we”) we put great importance to the protection of personal data.
This policy is to inform persons whose data we process about how we collect and use their personal data, what legal basis we use and about the rights such persons have according to their data.
We declare transparency of the processing of personal data in our company.
Data controller
The data controller is Billennium Spółka Akcyjna with its registered office in Warsaw at Czackiego Street 15/17;
Our Data Protection Officer is Ewa Niesiołowska. In case of any questions regarding this document and our data processing activities, you can contact us via email at privacy@billennium.com or by mail at the Company’s address.
Billennium Spółka Akcyjna with its registered office in Warsaw (00-667 Warsaw) at ul. Czackiego 15/17, registered in the Register of Entrepreneurs of the National Court Register under KRS No. 0000769422 (District Court for capital city Warsaw in Warsaw, 13th Commercial Division of the National Court Register), with fully paid-up share capital of PLN 1,425,000.00
NIP: 525-22-59-585, REGON 015336777, DUNS 367459273
Purposes and legal basis for processing
Participants of the event organized by Billennium
Collection of personal data
We collect personal data directly from you via the form on the website or we can receive it from our partner when organizing the event together. Providing your data is necessary to participate in the event.
Purposes and legal basis for processing
Your personal data is processed for the following purposes:
- Organization of event.
We need your data to organize an event (to create a list of participants, prepare materials or ID cards, inform you about the event schedule and provide materials after its completion).
The legal basis is your consent expressed by registering for the event or if you are our business contact, our legitimate interest pursued by us to manage our relationships with clients. - Market analyses.
As part of our operations, we analyze the market, for example, market trends, relationship maps or sales opportunities. This activity is based on our legitimate interest pursued by us to expand our offer and client base. - Informing about Billennium and our services or products.
People participating in our events join the network of our business contacts. We can invite you to future events or provide information that we think may be interesting for you. The marketing of our services is our legitimate interest. Remember that you can always object to this processing or use your other rights.
Data retention
We store the data for the period necessary to achieve the objectives of their collection or until you request their removal or withdraw your consent.
Recipients of data
Your data can be shared with:
- employees of Billennium or companies related by capital or person in order to provide services and offer new services,
- our IT system suppliers, such as CRM, e-mail, website,
- other Billennium suppliers when sharing is necessary to achieve the purposes for which the data was collected.
We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.
Transfer of data to third countries
Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Business contact
By business contacts we mean different groups of people with whom we work. These can be potential or current clients, people who works for our clients etc.)
Collection of personal data
We collect data of our business contacts in various ways. They can be collected, for example, via:
- contact form on our website
- sharing with us by your employer
- retrieving a business email sent by you
- receiving a business card
- receiving your data in a document created during our cooperation (agreement, protocol etc.)
Purposes of processing
We process data of business contacts for the following purposes:
- Delivery of services.
If you are our client or you work for our client, the processing of your contact details may be necessary for the implementation of the contract which we are a part of. The delivery of services is our legitimate interest. - Client relationship management.
As part of our business, we create a database of business contacts to manage business relationships. In this processing activity, we rely on our legitimate interest. - Marketing activities.
We want to share knowledge and inform our partners about our offer, services and new technologies. For this purpose, we organize events for our partners and from time to time we can send by email information that we think might be interesting for them. Marketing activities are our legitimate interest. - Quality management of services.
The key to improving the quality of our services is feedback from our clients. As part of this operation, we can use your data to conduct satisfaction surveys to assess the quality of our services and to identify the needs of our clients. This is our legitimate interest. - Information security management.
Information protection is one of our priorities. Your data can be processed for this purpose, e.g. during the automatic scanning of incoming e-mails to detect malware. This is our legitimate interest. - Risk management.
As part of our operations, we produce documents and process clients’ data for purposes such as providing evidence of activities carried out. We keep contracts or acceptance protocols. This processing is our legitimate interest. - Compliance with applicable law.
We may also process your data in order to fulfill legal obligations, e.g., regarding accounting.
Data retention
Personal data will be kept for the period necessary for the purposes set out above (e.g., for the duration of our business relationship or for a period that requires documenting these relationships).
In case when the processing is to comply with the law, the processing time is determined in accordance with the requirements of the applicable regulations.
In the absence of specific legal, regulatory or contractual requirements, the baseline retention period for records and other documentary evidence created during the provision of services is 6 years.
Recipients of data
The personal data of business contacts can shared with:
- Employees of Billennium or companies related by capital or person in order to provide services and offer new services.
- IT systems providers we use such as CRM, e-mail, website.
- Other Billennium suppliers when sharing is necessary for processing purposes.
We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.
Data transfer to third countries
Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Newsletter subscribers
By Newsletter subscribers we mean persons who have subscribed to our Newsletter by registering on our website.
Collection of personal data
We collect subscriber data through a contact form on our website.
Purposes of processing
- Sending Newsletters
Your email address will be used to send Newsletters including their storage in the subscribers’ database. The legal basis is the consent of the subscriber. - Marketing activities
We want to share our knowledge and inform our partners about our offer, services and technological innovations. We do this by, among other things, organizing events to which we invite our partners and from time to time we send information that we think they may be interested in by email. Marketing activities are our legitimate interest.
Data retention
Personal data will be processed until you unsubscribe from the Newsletter or until the Newsletter is no longer issued.
Recipients of data
Personal data can be shared with:
- Employees of Billennium or companies related by capital or person in order for the purpose of managing Newsletter mailings
- IT systems providers we use such as CRM, e-mail, website.
- Other Billennium suppliers when sharing is necessary for processing purposes.
Data transfer to third countries
Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Information about the requirement to provide data
Providing personal data is voluntary, however, without providing such data it will not be possible to send the Newsletter.
Visitor to our facilities
We hereby inform about the processing of personal data registered using the CCTV system in our offices or in their close vicinity (Facilities).
Collection of personal data
The scope of monitoring at a specific Facility is described on the boards placed in the Facility.
We collect your data (your image) when you enter the area covered by monitoring. The image is recorded using CCTV cameras.
The purposes of processing
The purpose of monitoring is to ensure the security of people, information and property as well as to protect us against claims. The pursuit of these purposes is our legitimate interest.
Data retention
The recorded data are stored in a secure manner for a period not exceeding 3 months from the date of recording, unless they constitute evidence in proceedings conducted under the law or we receive a message that they can be evidence in proceedings. The deadline specified above is then extended until the final conclusion of the proceedings. After the periods referred to above, the data are deleted, unless separate provisions provide otherwise.
Recipients of data
Access to registered data is provided to authorized personnel of Billennium and/or employees of a security agency responsible for protection of the Facility acting as our processor.
In specific cases (e.g., suspicion of committing a crime), recordings may be made available to authorized state bodies, our insurer or a law firm.
Data transfer to third countries
Data are not transferred to third countries
Candidates for work
Collecting data
We can collect personal data in the recruitment process in several ways:
- The candidate responds to our job offer via web form
- The candidate sends us an email application
Providing your personal data is voluntary, but necessary to participate in the recruitment process.
Purposes of processing
Your personal data will be processed in order to conduct the current recruitment project.
If you apply for an employment contract, we process your data in the scope indicated in the labor law on a lawful basis, i.e., provisions of the Labor Code. Other provided data are processed basing on your consent, which can be revoked at any time.
If you apply for a position under a civil contract we process your data basing on your consent.
If you express a separate consent, we will process your personal data also for purposes related to further recruitments. As part of this processing, we will inform you about job offers in Billennium S.A. that may be interesting for you.
Data retention
If your application is successful your data is saved for the implementation of the employment or contractual relationship, complying with statutory regulations.
Application documents of unsuccessful candidates are deleted after maximum 6 months after the recruitment process is closed.
When you provide your consent to the use of personal data for the purposes of future recruitment, your data will be used for the next 24 months. Before the end of this period, we will ask for permission for further processing of your data.
Consent may be withdrawn at any time. We delete the data as soon as we receive your request.
Recipients of data
Your data can be made available to:
- Employees of Billennium or companies related by capital or person in order to perform the recruitment process
- IT systems suppliers we use such as e-mail, website, Traffit.com portal
- Other Billennium suppliers in the event that this transfer is necessary to achieve the purpose of processing
In specific cases, it can be required to share your data with the our client to allow him to assess your competencies. We will inform you before it happens so you can object.
We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.
Transfer to third countries
Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Suppliers (including subcontractors and people associated with our suppliers and subcontractors)
Collection of personal data
We collect and process personal data of our suppliers (including subcontractors and people associated with our suppliers and subcontractors) for the purposes described below. Personal data are usually business card details and will contain your name, employer name, telephone number, e-mail address and other company contact details as well as information about communication with us.
In some cases (body leasing providers) we also process data on professional experience, qualifications or education.
Purposes of processing
We use personal data for the following purposes:
- Receiving services.
We process personal data of our suppliers and their employees to the extent necessary to receive services. For example, when a provider provides us with outsourcing services, we will process personal data of people who provide us with services. Such data processing is our legitimate interest. - Services delivery to clients.
In case when a supplier is helping us to deliver services to our clients, we process personal data of the individuals involved in the services delivery to manage our relationship with the supplier and the respective individuals and to provide such services to our clients (for example, when our supplier is providing people to work with us as part of our team delivering services to our clients). This processing is our legitimate interest. - Management and development of the company and services.
We may process personal data to conduct our business, including managing the relationship with the supplier, identifying the needs of the supplier or client and improving the provision of services, as well as maintaining and using information systems. The need for efficient and responsible management in order to develop our business and services is our legitimate interest. - Security, quality and risk management activities.
We have security measures to protect our and our partners’ information (including personal information) that include the detection, investigation and resolution of security threats. Your data can be processed as part of the security monitoring that we perform; for example, automatic email scanning to identify malicious emails.We have policies and procedures for monitoring the quality of our services and risk management in relation to the delivery of services. We collect and hold personal data to comply with our procedures and regulations. The implementation of these tasks is our legitimate interest. - Compliance with applicable laws.
We may also process your data in order to fulfill legal obligations, e.g., regarding accounting.
Data retention
Personal data concerning suppliers are processed by us as long as it is necessary for the purpose for which they were collected (including in accordance with applicable regulations or regulations). After completing the purpose, the data is deleted in accordance with our data retention procedures. Personal data may be stored for a longer period if extended storage periods are required by law and for protection against claims.
Personal data will be kept for the period necessary for the purposes set out above.
In case when the processing is to comply with the law, the processing time is determined in accordance with the requirements of the applicable regulations.
In the absence of specific legal, regulatory or contractual requirements, the baseline retention period for records and other documentary evidence created during the provision of services is 6 years.
Recipients of data
The personal data of suppliers are made available:
- Employees of Billennium or companies related by capital or person in order to provide services and offer new services.
- IT systems providers we use such as CRM, e-mail, website.
- Other Billennium suppliers in the event that this transfer is necessary to achieve the purpose for which the data was collected.
If you are an employee of our body leasing service provider, your data may also be made available to our clients in order to enable the provision of services.
We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.
Transfer to third countries
Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Visitors to our website
Collection of personal data
Visitors to our websites usually have control over the personal information they provide. To a limited extent, we may collect personal data automatically via the cookies located on these websites. More information on this topic can be found below in the Cookies section.
From people visiting our websites, we can receive data via contact forms or register for an event organized by us. In such cases, the processing of their data is described in the Business contacts section.
Cookies
“Cookies” are small text files that are placed on the user’s computer when visiting websites to help provide s more personalized service. The use of cookies is currently the standard for most websites. If the user does not want to receive cookies, he can manage and control them in his browser.
Before registering on our site, you must accept the operation of cookies. If these files are deactivated, other website functions may not work properly. After completing the visit to the site, you can delete cookies from your “browsing history” (cache memory).
The purposes of processing
We collect data on websites for the following purposes:
- To monitor the use of the website,
- To administer and manage our website,
- To aggregate data for analysis and improvement of the website.
Ensuring optimal operation of our website is our legitimate interest. Another legal basis can be your consent when we have asked you for such consent.
Transfer to third countries
Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Recipients of data
The recipient of data can be our IT service providers, including hosting, traffic analysis tools, etc.
Data retention
The standard data retention period is 12 months.
Contacts via Inperly
Collection of personal data
When you contact us via Inperly, we register your IP address, date and time of connection and the Inperly channel you used. During the connection, we also process your image and voice, which we do not record.
Purposes of processing
- Handling of enquiries.
We process the personal data of those who contact us in order to respond to the enquiries they have made to us. This is our legitimate interest in providing proper service to customers, job applicants and others. - Ensuring the optimal operation of the Inperly service including:
- Monitoring the use of Inperly service,
- Administration and management of the Inperly service,
- Aggregate data for analysis and improvement of the Inperly service.
The need to maintain and improve the quality of services is our legitimate interest.
- Security, quality and risk and management activities.
We have security measures to protect our and our partners’ information (including personal information) that include the detection, investigation and resolution of security threats. Your data can be processed as part of the security monitoring that we perform; for example, automatic email scanning to identify malicious emails.We have policies and procedures for monitoring the quality of our services and risk management in relation to the delivery of services. We collect and hold personal data to comply with our procedures and regulations. The implementation of these tasks is our legitimate interest.
Data retention
Personal data concerning Inperly users are processed by us as long as it is necessary for the purpose for which they were collected (including in accordance with applicable regulations or regulations). After completing the purpose, the data is deleted in accordance with our data retention procedures. Personal data may be stored for a longer period if extended storage periods are required by law and for protection against claims.
Recipients of data
The personal data of Inperly users can shared with:
- Employees of Billennium or companies related by capital or person in order to provide services.
- IT systems providers we use.
- Other Billennium suppliers when sharing is necessary for processing purposes.
We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.
Data transfer to third countries
Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.
Other people contacting us
We collect personal information when a person contacts us through a question, complaint, comment or opinion (such as name, contact details and message content). In such cases, the person controls the scope of data provided to us, and we will only use this data to answer the query.
Your rights
You have the right to:
- information about the processing of your personal data;
- obtain access to the personal data we have held about you;
- ask for incorrect, inaccurate or incomplete personal data to be corrected;
- request that personal data be erased when it’s no longer needed or if processing it is unlawful;
- object to the processing of your personal data for marketing purposes or other activities based on legitimate interest;
- request the restriction of the processing of your personal data in specific cases;
- receive your personal data in a machine-readable format and send it to another controller (“data portability”);
If you wish to exercise any of these rights, please send an email to privacy@billennium.com – We will respond to your requests without undue delay and at the latest within 1 month.
You may be asked to provide information to confirm your identity in order to exercise your rights.
Complaints
We hope that it will not be necessary, but if you are not satisfied with the handling of your request you may lodge a complaint to the President of the Personal Data Office (to the address of the Personal Data Protection Office – Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00 – 193 Warsaw, Poland uodo.gov.pl)