Protection of personal data

Privacy statement ET&S

As of 2024

We know that protecting your private sphere when using our website is an important concern. We take our duty to ensure that your data remains confidential very seriously, and we comply with the applicable provisions governing data protection law. We use suitable technology to conduct a dialogue with you and to safeguard your data.

Responsible

ERGO Technology & Services S.A.
Droszynskiego Str. 24
80-381 Gdansk
Poland

In the event of discrepancies and non-compliance, the provisions of this policy shall prevail over the provisions of ERGO Group AG’s privacy statement.

The following provisions governing our privacy policy apply to:

  1. users of the ERGO Technology & Services S.A. microsite placed on the ERGO Group website, as well as users of ERGO Technology & Services S.A. apps for mobile devices (hereinafter referred to as: website users).
  2. the ERGO Technology & Services S.A. contractors, including potential contractors (hereinafter referred to as: contractors) and representatives of the contractors, including their employees, members of the management board, commercial proxies and attorneys-in-fact (hereinafter referred to as: representatives of the contractors).
  3. correspondents, communicating by mail, including electronic mail, and using the forms available on the ERGO Technology & Services S.A. website (hereinafter: correspondents).

Information regarding processing of personal data of ERGO Technology & Services S.A. job applicants and persons recommending job applicants has been regulated in separate clauses displayed when providing data by these persons into dedicated online forms. ERGO Technology & Services S.A websites contains links to third-party websites (external links). These websites are subject to the liability of the respective operator. Should you discover that any link on our website links to content that violates governing law, please inform us at dpo.ets@ergo.com. We will then delete these links from our website without delay.

ERGO Technology & Services S.A. shall not accept any liability for ensuring that the information is up to date, accurate, complete and of high quality.

We would like to inform you here about the processing of your personal data when you use our websites and its apps, share your data with us during business contacts and about your rights under data protection law.

Who is responsible for processing the data and who is the Data Protection Officer?

Controller for the data processing is:

ERGO Technology & Services S.A.
ul. Droszyńskiego 24
80-381 Gdańsk
Poland

(hereinafter referred to as: „ET&S”)

You can contact our Data Protection Officer: Roger Kołomłocki by writing to the email address: dpo.ets@ergo.com or by writing to the above ET&S postal address and adding "For the attention of the Data Protection Officer".

What categories of data do we use and where do they come from?

As a matter of principle you can use our website anonymously. We do not save any personal data or data which can be related to a person using the website (such as IP addresses). When visiting our website we collect data (the date, time, pages visited, navigation, and software used) in an anonymised form so that the usage pattern can be analysed, also anonymously, by an external service provider. The data is anonymised before it is saved by the service provider. You will find further information about our website in Point 6.

ET&S may receive personal data directly from the contractors or representatives of the contractors (e.g. via e-mail correspondence, electronic contact forms, phone call, during business meetings, conferences) or from other persons or entities cooperating with ET&S for the purposes of business contacts, including in order to conclude and perform agreements with ET&S.

In the case of the contractors the data include mainly information connected with their business activities, and in particular full name, company name, business address, address of residence, mailing address, phone number, bank account number, numbers in relevant registers (Taxpayer ID Number (NIP), Statistical Number (REGON), and, whenever justified, personal ID number (PESEL), and ID card number (for identification purposes).

In the case of the representatives of the contractors the data include mainly contact details necessary to communicate with them for business purposes, and in particular: full name, e-mail address, phone number, and whenever justified, professional qualifications, personal ID number (PESEL), and ID Card number (for identification purposes).

What are the purposes for which data is processed?

If you provide us with your personal data in specific circumstances we treat this data in accordance with the provisions of the data protection legislation applicable at the company's head office.

If you send us an email or complete an online form on our website and send it to us we process the personal data indicated in the form (e.g. your name or email address) only for the purposes of our correspondence with you so we can send you the documents or information you requested, or for any other purposes you may have indicated on the form in question. We will process those data until the answer is given and the correspondence is completed, but in certain cases we may keep them until the period in which claims may be asserted against us expires.

In case of contractors and representatives of the contractors we also process provided personal data in order to:

  1. sign and perform the agreement concluded between ET&S and the contractor (hereinafter referred to as: the Agreement), i.e. to perform the obligations of the parties under the Agreement and to make settlements after its termination - for the duration of the Agreement and settlements after its termination,
  2. to verify professional qualifications of the representatives of the contractor in connection with the business negotiations held when deciding to cooperate or during the performance of the Agreement - for the duration of the negotiations or for the duration of the Agreement and settlements after its completion,
  3. to establish and maintain business relations and direct marketing, including to send, using electronic means of communication or in any other form, marketing and promotional content, i.e. trade offers, information about promotional campaigns organised by the ET&S and events related to its business activities - until the objection is submitted,
  4. perform the ET&S’s internal administrative purposes, including in particular the creation of statistics, reporting, and service development planning - for the time necessary to achieve these goals however, no longer than for the duration of the Agreement and settlements after its completion,
  5. perform legal duties by the ET&S, e.g. the storage of invoice and accounting documents, tax clearings - for the time specified by law,
  6. confirm the fulfilment of the obligations, establish, pursue or defend claims addressed against the ET&S - for the period of limitation of claims arising from the provisions,
  7. fulfill by the ET&S of its legal obligations under the provisions of law, i.e. if a specific request is made by government authorities, to the extent specified in the request - within the limits specified by the request and for the time specified in the regulations,
  8. performance by ET&S of tasks resulting from the controller's legitimate interest consisting, but not limited to, responding to correspondence addressed to ETS,
  9. monitor office spaces of the ET&S, to ensure the safety of persons staying there, protect the property of the ET&S, its employees and visitors, and to secure information which constitutes trade secrets of the ET&S - no longer than 3 months.

We will inform you in advance if we want to process your personal data for a purpose which is not indicated.

On what legal basis is your personal data processed?

We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), and all other relevant legislation on the processing of personal data if applicable.

The specific legal basis for processing the data depends on the context in which we receive the data and the purpose for which we receive it. In so far as is necessary, we will therefore inform you in the case of the relevant application.

The legal basis will be:

  1. the legitimate interests of the controller (article 6 paragraph 1 point (f) of GDPR) - in order to conduct the communication, sign and perform the agreement as regards representatives of contractor, verify professional qualifications of representatives of contractor, establish and maintain business relations, conduct direct marketing, perform internal administrative purposes, confirm the fulfilment of obligations, establish, pursue or defend claims addressed against the ET&S, or conduct video monitoring of office space.

    To carry out marketing activities via electronic means of communication (SMS, phone, e-mail) it may be necessary to additionally express consents under the provisions of the Telecommunications Law or the Act on the provision of electronic services.
  2. necessity of data processing for compliance with a legal obligation to which the ET&S is subject (article 6 paragraph 1 point (c) of GDPR) - in the case of performance of legal duties by the ET&S, e.g. the storage of invoice and accounting documents, tax clearings or fulfilment of its legal obligations under the provisions of law, i.e. responding to the requests made by government authorities.
  3. necessity of data processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6 paragraph 1 point (b) of GDPR) - in case of sign and perform the Agreement as regards contractors.

Who will obtain your data?

Within the controller (ET&S), the only persons and departments to receive the relevant data are the persons and departments responsible for the process in question; in this respect there is a clear allocation of duties and a clear authorisation concept. The data may also be passed to service-providers for the purposes specified above. The involvement of service providers is necessary, for example, as part of the administration and maintenance of IT systems, as well as for the purposes of providing courier, postal, marketing, archiving, auditing and legal services.

Personal data can also be sent to other recipients in so far as this is necessary for the performance of contractual or statutory obligations (e.g. sent to supervisory authorities).
This data can also be forwarded to Group companies e.g. as part of Group communications or Group management.

Is your data sent to a third country?

If personal data is sent to a service provider or Group company outside the European Economic Area (EEA), it is only sent if the EU Commission has confirmed that the country has an adequate level of data protection or if other adequate data protection guarantees (e.g. the agreement of EU standard contractual clauses) are in place. You can also request the information from the places or persons specified as contacts at the beginning of this section.

What measures do we take to protect your data?

We take appropriate and state of the art technical and organisational security precautions to protect data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. In the case of the dialogue forms available on our website, we use SSL (Secure Socket Layer) encryption to protect your details. This SSL connection protects your data against scrutiny by unauthorised persons. For the sake of your own security, please always use these dialogue forms. If you send data to us in unencrypted form as normal non-secure emails, it is possible for these emails to be viewed or amended by unauthorised persons during transmission.

What data protection rights do you have as a Data Subject?

You can request information from the above address about your personal data which has been saved. Under certain conditions you can also require that your data is corrected or deleted. You also have a right to restrict the processing of your data and a right to the disclosure in a structured, customary and machine-readable format of the data you supplied.

Right to object

If we process your data to protect our legitimate interests you may object to this processing for reasons which arise from your particular situation. We will then cease processing your personal data unless we can demonstrate compelling reasons worthy of protection for the processing which override your interests, rights and freedoms or if the processing is for the assertion, exercise or defence of legal claims.

You can object to processing for direct marketing purposes at any time.

If we process your data by reason of consent you have given, you may revoke this consent at any time with effect for the future.

Where can you file complaints?

You can file complaints either with the Data Protection Officer detailed above or with a data protection supervisory authority.
The data protection supervisory authority responsible for ET&S's head office in Poland is: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.

For how long is your data saved?

We delete your personal data as soon as it is no longer required for the purposes stated above, but in certain cases we may keep them for the retention period required by law or until the period in which claims may be asserted against us expires. This is done regularly as a result of statutory obligations to provide proof and also retention obligations which are legally defined.

Individual retention periods are specified for each of the processing purposes in the section above “What are the purposes for which data is processed?

Are you obliged to provide your data?

If you are just using our website you are under no obligation to provide personal data. However, there are some services for which we need your personal data e.g. to send you the information you request, for example newsletters or to include you in an application procedure. We cannot provide the services you request without this information. In each case we only collect the data we actually need.

Providing your personal data may be necessary to establish and maintain business relationships with ET&S as well as to conclude and perform the agreements with ET&S.

To what extent are decisions on particular cases or profiling activities automated?

If we use purely automatic processing method, including profiling, in a specific case to arrive at a decision, we will inform you as part of the procedure.

Amendment of this Privacy Statement
Enhancement of our website and changes in technology sometimes lead to changes in our Privacy Statement. When visiting our website please take note of the latest version of our Privacy Statement.

3.1 Use of cookies

Cookies are small files that are stored on your computer and control the display and operation of our website. These cookies are deleted when the dialogue is terminated; no evaluation of the user behaviour takes place.  We use cookies to ensure the best possible website performance. To improve the website further, we store cookies – which do not identify individual users – and analyse their data.
Statistical analyses of our website are carried out anonymously, meaning that they cannot be linked to the user as a person. We may request further voluntary information besides data required for the specific purpose of preparing an individual offer. The fields for this voluntary information are marked accordingly. Additional information helps us to get to know you better and advise you better, to improve our website and for advertising purposes.

Furthermore, cookies are used in conjunction with using the personal customer portal. Cookies do not contain any personal information. In order to be able to request log-in data for ET&S online or to register with ET&S, cookies have to be permitted for the ets.ergo.com website via your browser. The settings of cookies vary from browser to browser.

3.2 Using advertising analysis tools (Adobe Analytics)

We use Adobe Analytics software from Adobe Systems for marketing and optimisation purposes in order to make your visit to our websites or apps even more user friendly. Data on user behaviour, including origin and page impressions, is stored online and offline. Further data such as sex, year of birth or postcode are also collected anonymously, but cannot be traced to you as a person. It is not possible to collate the data with your personal data (i.e. name, address or insurance policy number). Furthermore, your IP address is not processed by Adobe Systems but is merely stored in an abbreviated form. Information collected is stored by Adobe Systems within the European Union.

For further details on data privacy at Adobe Systems as well as its data privacy statement, please visit Adobe website:
http://www.adobe.com/privacy.html

3.3 Transferring information and encryption

If you choose to send a message to ET&S by way of the contact form, the information is sent using an encryption technique known as SSL (secure socket layer) with a key length of at least 128 bit.

Our websites and our apps both use plug-ins of several social networks, including Facebook, Twitter, LinkedIn and others. The plug-ins are marked with a logo or with the add-on “social plug-in”.

If you access one of our website pages or apps containing such a plug-in, these plug-ins can create a direct link with the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another. Due to the incorporated plug-ins, the social networks will be informed that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account.

If you interact with the plug-ins, e.g. by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the guidelines of the relevant social network. For information on the purpose and scope of collecting this data and its subsequent processing and utilisation by the social network, as well as your rights in this regard and the settings available to protect your private sphere, please refer to the data privacy information available from the social network in question.

If you do not wish social networks to collect data about you via our website, you will need to log out of all social networks before visiting our website or using our app.

Information on data processing at Facebook, and on the profile of ET&S, can be found in the section ‘Facebook information clause’.

ET&S uses the e-mail address provided in order to send you a reply with the details requested. However, we only send personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the contents of your message relate to a contract, ET&S will archive the e-mail. The e-mail address will only be used to correspond with you and will not be forwarded to any third parties. You will not receive any unsolicited e-mails from us. If, however, you do receive an unsolicited e-mail which states that it has been sent by us, it has been sent fraudulently and should be deleted immediately.

Before sending ET&S an e-mail that has not been encrypted, please remember that its contents are not safeguarded against other people viewing them or using them fraudulently. Consequently, we would recommend that you send any message to ET&S using the contact form when dedicated form is provided on ET&S website.

Facebook information clause

For users and persons visiting the Facebook profile of Ergo Technology & Services S.A.

Dear Sir/Madam,
Due to the fact that from 25 May 2018 the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) have been applicable throughout the European Union, we would like to provide you with information about the processing of personal data by us, as well as about your rights with respect to this.

The data controller with respect to your personal data collected in connection with your activity on the Facebook profile of ERGO Technology & Services S.A. (hereinafter referred to as: “ET&S fan page” or “our fan page”) is ERGO Technology & Services S.A. with its registered office in Gdańs, ul. Droszyńskiego 24, 80-381 Gdańsk (hereinafter: “Controller” or “we”). In matters related to the processing of your personal data, please email the Data Protection Officer appointed by the Controller at: dpo.ets@ergo.com

We hereby wish to inform you that we process the personal data of persons who:

  • have subscribed to our fan page by clicking on the “Like” or “Follow” icon,
  • have posted a comment under any of the posts published on the ET&S fan page,
  • or have responded to its publication by clicking on one of the active icons under the post;
  • have contacted us in connection with the use of the ET&S fan page via Facebook's functionalities (chat, messenger);
  • have visited the ET&S fan page, regardless of whether the user has a Facebook account or not.

Your personal data processed by us are data which come directly from you. These include:

  • identification data (first name and last name) to the extent published by you on your own Facebook profile;
  • data published by you on our fan page;
  • anonymous information about visitors to our fan page for statistical purposes, available via the “Facebook Insights” function provided free of charge by Facebook under its non-negotiable Terms of Service. These data are collected through spying files, otherwise known as “cookies”, each of which contains a unique user code. The user code can be linked to the connection data of users registered on Facebook, and it is downloaded and processed when you open our fan page.

Your personal data are processed for the following purposes:

  • to operate a fan page of Ergo Technology & Services S.A. on Facebook social networking site, subject to the terms and conditions set out by Facebook Ireland Ltd., in order to inform users and visitors about our business and activities, promote our brand and events which we may organise and in which we may participate, promote our products and services, build and maintain an ATENA community, and communicate through the tools and functionalities available and offered on Facebook (comments, chat, messenger), which is our legitimate interest – for the duration of the legitimate interest or until an objection has been successfully submitted (basis: Article 6(1)(f) of GDPR);
  • for statistical and analytical purposes related to the functioning, popularity and use of the fan page, which is our legitimate interest – for the period of availability of those data on Facebook, which is 2 years (basis: Article 6(1)(f) of GDPR);
  • establishment, investigation or defence against claims, which is our legitimate interest – data will be processed for a period equal to the period of limitation for such claims (basis: Article 6(1)(f) of GDPR);
  • your personal data may be processed on the basis of your voluntary consent, to the extent and for the purpose indicated in the wording of the consent, throughout its duration until the consent is withdrawn (basis: Article 6(1)(a) of GDPR).

The Controller makes your personal data available to:

  • the owner of Facebook social media portal under its non-negotiable Terms of Service available at https://www.facebook.com/about/privacy;
  • employees and associates of the Controller, in particular entities which support the Controller in its activities, including IT, telecom, marketing, audit, legal and other service providers which process personal data on behalf of the Controller on the basis of a personal data processing contract signed with the Controller;
  • public authorities and entities performing public tasks, or acting on behalf of public authorities, to the extent and for the purposes resulting from the provisions of generally applicable law.

The Controller makes your personal data available to:

  • the owner of Facebook social media portal under its non-negotiable Terms of Service available at https://www.facebook.com/about/privacy;
  • employees and associates of the Controller, in particular entities which support the Controller in its activities, including IT, telecom, marketing, audit, legal and other service providers which process personal data on behalf of the Controller on the basis of a personal data processing contract signed with the Controller;
  • public authorities and entities performing public tasks, or acting on behalf of public authorities, to the extent and for the purposes resulting from the provisions of generally applicable law.

You have the right to obtain access to your personal data, the right to rectification and erasure, the right to restriction of processing, the right to data portability, and the right to object to the processing of your personal data (where the Controller processes data under Article 6(1)(f) of GDPR). If the processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing which took place on the basis of the consent before its withdrawal. To exercise those rights, please contact the Controller's Data Protection Officer. You also have the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-913 Warsaw, if you believe that the Controller violates your personal data protection rights.

We obtain your data from Facebook and directly from you – those data are provided by you voluntarily, although failure to provide them may result in inability to use our fan page or some of its functionalities.

The Controller will not make any decisions about you in an automated manner, including as a result of profiling, which produces legal effects concerning you or similarly significantly affecting you.