Introduction

In Billennium S.A. (hereinafter "we") we put great importance to the protection of personal data.

This policy is to inform persons whose data we process about how we collect and use their personal data, what legal basis we use and about the rights such persons have according to their data.

We declare transparency of the processing of personal data in our company.


Data Controller

The data controller is Billennium Spółka Akcyjna with its registered office in Warsaw at Mangalia Street 2A;

Our Data Protection Officer is Andrzej Składanek. In case of any questions regarding this document and our data processing activities, you can contact us via email at dane.osobowe@billennium.com or by mail at the Company's address.


To learn more, please choose the section that is relevant to your relationship with us.

Participants of the event organized by Billennium

Collection of personal data

We collect personal data directly from you via the form on the website or we can receive it from our partner when organizing the event together. Providing your data is necessary to participate in the event.

Purposes and legal basis for processing

Your personal data is processed for the following purposes:

  1. Organization of event

    We need your data to organize an event (to create a list of participants, prepare materials or ID cards, inform you about the event schedule and provide materials after its completion).

    The legal basis is your consent expressed by registering for the event or if you are our business contact, our legitimate interest pursued by us to manage our relationships with clients.
  2. Market analyses

    As part of our operations, we analyze the market, for example, market trends, relationship maps or sales opportunities. This activity is based on our legitimate interest pursued by us to expand our offer and client base.
  3. Informing about Billennium and our services or products

    People participating in our events join the network of our business contacts. We can invite you to future events or provide information that we think may be interesting for you. The marketing of our services is our legitimate interest. Remember that you can always object to this processing or use your other rights.

Data retention

We store the data for the period necessary to achieve the objectives of their collection or until you request their removal or withdraw your consent.

Recipients of data

Your data can be shared with:

  1. employees of Billennium or companies related by capital or person in order to provide services and offer new services,
  2. our IT system suppliers, such as CRM, e-mail, website,
  3. other Billennium suppliers when sharing is necessary to achieve the purposes for which the data was collected.

We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.

Transfer of data to third countries

Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.

Business contact

By business contacts we mean different groups of people with whom we work. These can be potential or current clients, people who works for our clients etc.)

Collection of personal data

We collect data of our business contacts in various ways. They can be collected, for example, via:

  • contact form on our website
  • sharing with us by your employer
  • retrieving a business email sent by you
  • receiving a business card
  • receiving your data in a document created during our cooperation (agreement, protocol etc.)

Purposes of processing

We process data of business contacts for the following purposes:

  1. Delivery of services

    If you are our client or you work for our client, the processing of your contact details may be necessary for the implementation of the contract which we are a part of. The delivery of services is our legitimate interest.
  2. Client relationship management.

    As part of our business, we create a database of business contacts to manage business relationships. In this processing activity, we rely on our legitimate interest.
  3. Marketing activities

    We want to share knowledge and inform our partners about our offer, services and new technologies. For this purpose, we organize events for our partners and from time to time we can send by email information that we think might be interesting for them. Marketing activities are our legitimate interest.
  4. Quality management of services.

    The key to improving the quality of our services is feedback from our clients. As part of this operation, we can use your data to conduct satisfaction surveys to assess the quality of our services and to identify the needs of our clients. This is our legitimate interest.
  5. Information security management.

    Information protection is one of our priorities. Your data can be processed for this purpose, e.g. during the automatic scanning of incoming e-mails to detect malware. This is our legitimate interest.
  6. Risk management.

    As part of our operations, we produce documents and process clients’ data for purposes such as providing evidence of activities carried out. We keep contracts or acceptance protocols. This processing is our legitimate interest.
  7. Compliance with applicable law.

    We may also process your data in order to fulfill legal obligations, e.g., regarding accounting.

Data retention

Personal data will be kept for the period necessary for the purposes set out above (e.g., for the duration of our business relationship or for a period that requires documenting these relationships).

In case when the processing is to comply with the law, the processing time is determined in accordance with the requirements of the applicable regulations.

In the absence of specific legal, regulatory or contractual requirements, the baseline retention period for records and other documentary evidence created during the provision of services is 6 years.

Recipients of data

The personal data of business contacts can shared with:

  • Employees of Billennium or companies related by capital or person in order to provide services and offer new services.
  • IT systems providers we use such as CRM, e-mail, website.
  • Other Billennium suppliers when sharing is necessary for processing purposes.

We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.

Data transfer to third countries

Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.

Visitor to our facilities

We hereby inform about the processing of personal data registered using the CCTV system in our offices or in their close vicinity (Facilities).

Collection of personal data

The scope of monitoring at a specific Facility is described on the boards placed in the Facility.

We collect your data (your image) when you enter the area covered by monitoring. The image is recorded using CCTV cameras.

The purposes of processing

The purpose of monitoring is to ensure the security of people, information and property as well as to protect us against claims. The pursuit of these purposes is our legitimate interest.

Data retention

The recorded data are stored in a secure manner for a period not exceeding 3 months from the date of recording, unless they constitute evidence in proceedings conducted under the law or we receive a message that they can be evidence in proceedings. The deadline specified above is then extended until the final conclusion of the proceedings. After the periods referred to above, the data are deleted, unless separate provisions provide otherwise.

Recipients of data

Access to registered data is provided to authorized personnel of Billennium and/or employees of a security agency responsible for protection of the Facility acting as our processor.

In specific cases (e.g., suspicion of committing a crime), recordings may be made available to authorized state bodies, our insurer or a law firm.

Data transfer to third countries

Data are not transferred to third countries

Candidates for work

Collecting data

We can collect personal data in the recruitment process in several ways:

  • The candidate responds to our job offer via web form
  • The candidate sends us an email application

Providing your personal data is voluntary, but necessary to participate in the recruitment process.

Purposes of processing

Your personal data will be processed in order to conduct the current recruitment project.

If you apply for an employment contract, we process your data in the scope indicated in the labor law on a lawful basis, i.e., provisions of the Labor Code. Other provided data are processed basing on your consent, which can be revoked at any time.

If you apply for a position under a civil contract we process your data basing on your consent.

If you express a separate consent, we will process your personal data also for purposes related to further recruitments. As part of this processing, we will inform you about job offers in Billennium S.A. that may be interesting for you.

Data retention

If your application is successful your data is saved for the implementation of the employment or contractual relationship, complying with statutory regulations.

Application documents of unsuccessful candidates are deleted after maximum 6 months after the recruitment process is closed.

When you provide your consent to the use of personal data for the purposes of future recruitment, your data will be used for the next 24 months. Before the end of this period, we will ask for permission for further processing of your data.

Consent may be withdrawn at any time. We delete the data as soon as we receive your request.

Recipients of data

Your data can be made available to:

  • Employees of Billennium or companies related by capital or person in order to perform the recruitment process
  • IT systems suppliers we use such as e-mail, website, Traffit.com portal
  • Other Billennium suppliers in the event that this transfer is necessary to achieve the purpose of processing

In specific cases, it can be required to share your data with the our client to allow him to assess your competencies. We will inform you before it happens so you can object.

We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.

Transfer to third countries

Data may be transferred to third countries. When we transfer data to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.

Suppliers (including subcontractors and people associated with our suppliers and subcontractors)

Collection of personal data

We collect and process personal data of our suppliers (including subcontractors and people associated with our suppliers and subcontractors) for the purposes described below. Personal data are usually business card details and will contain your name, employer name, telephone number, e-mail address and other company contact details as well as information about communication with us.

In some cases (body leasing providers) we also process data on professional experience, qualifications or education.

Purposes of processing

We use personal data for the following purposes:

  • Receiving services

    We process personal data of our suppliers and their employees to the extent necessary to receive services. For example, when a provider provides us with outsourcing services, we will process personal data of people who provide us with services. Such data processing is our legitimate interest.
  • Services delivery to clients

    In case when a supplier is helping us to deliver services to our clients, we process personal data of the individuals involved in the services delivery to manage our relationship with the supplier and the respective individuals and to provide such services to our clients (for example, when our supplier is providing people to work with us as part of our team delivering services to our clients). This processing is our legitimate interest.
  • Management and development of the company and services

    We may process personal data to conduct our business, including managing the relationship with the supplier, identifying the needs of the supplier or client and improving the provision of services, as well as maintaining and using information systems. The need for efficient and responsible management in order to develop our business and services is our legitimate interest.
  • Security, quality and risk management activities

    We have security measures to protect our and our partners’ information (including personal information) that include the detection, investigation and resolution of security threats. Your data can be processed as part of the security monitoring that we perform; for example, automatic email scanning to identify malicious emails.

    We have policies and procedures for monitoring the quality of our services and risk management in relation to the delivery of services. We collect and hold personal data to comply with our procedures and regulations. The implementation of these tasks is our legitimate interest.
  • Compliance with applicable laws.

    We may also process your data in order to fulfill legal obligations, e.g., regarding accounting.

Data retention

Personal data concerning suppliers are processed by us as long as it is necessary for the purpose for which they were collected (including in accordance with applicable regulations or regulations). After completing the purpose, the data is deleted in accordance with our data retention procedures. Personal data may be stored for a longer period if extended storage periods are required by law and for protection against claims.

Personal data will be kept for the period necessary for the purposes set out above.

In case when the processing is to comply with the law, the processing time is determined in accordance with the requirements of the applicable regulations.

In the absence of specific legal, regulatory or contractual requirements, the baseline retention period for records and other documentary evidence created during the provision of services is 6 years.

Recipients of data

The personal data of suppliers are made available:

  • Employees of Billennium or companies related by capital or person in order to provide services and offer new services.
  • IT systems providers we use such as CRM, e-mail, website.
  • Other Billennium suppliers in the event that this transfer is necessary to achieve the purpose for which the data was collected.

If you are an employee of our body leasing service provider, your data may also be made available to our clients in order to enable the provision of services.

We only share your personal data to others when we are permitted by law and we always use proper safeguards to protect your data and to comply with our security standards.

Transfer to third countries

Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.

Visitors to our website

Collection of personal data

Visitors to our websites usually have control over the personal information they provide. To a limited extent, we may collect personal data automatically via the cookies located on these websites. More information on this topic can be found below in the Cookies section.

From people visiting our websites, we can receive data via contact forms or register for an event organized by us. In such cases, the processing of their data is described in the Business contacts section.

Cookies

"Cookies" are small text files that are placed on the user's computer when visiting websites to help provide s more personalized service. The use of cookies is currently the standard for most websites. If the user does not want to receive cookies, he can manage and control them in his browser.

Before registering on our site, you must accept the operation of cookies. If these files are deactivated, other website functions may not work properly. After completing the visit to the site, you can delete cookies from your "browsing history" (cache memory).

The purposes of processing

We collect data on websites for the following purposes:

  • To monitor the use of the website,
  • To administer and manage our website,
  • To aggregate data for analysis and improvement of the website.

Ensuring optimal operation of our website is our legitimate interest. Another legal basis can be your consent when we have asked you for such consent.

Transfer to third countries

Data may be transferred to third countries. When we transfer data to the country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be made under an agreement based on standard contractual clauses approved by the European Commission.

Recipients of data

The recipient of data can be our IT service providers, including hosting, traffic analysis tools, etc.

Data retention

The standard data retention period is 12 months.

Other people contacting us

We collect personal information when a person contacts us through a question, complaint, comment or opinion (such as name, contact details and message content). In such cases, the person controls the scope of data provided to us, and we will only use this data to answer the query.


Your rights

You have the right to:

  • information about the processing of your personal data;
  • obtain access to the personal data we have held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or other activities based on legitimate interest;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (“data portability”);

If you wish to exercise any of these rights, please send an email to daneosobowe@billennium.pl. We will respond to your requests without undue delay and at the latest within 1 month. 

You may be asked to provide information to confirm your identity in order to exercise your rights.


Complaints

We hope that it will not be necessary, but if you are not satisfied with the handling of your request you may lodge a complaint to the President of the Personal Data Office (to the address of the Personal Data Protection Office – Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00 - 193 Warsaw, Poland uodo.gov.pl)