Privacy statement ET&S

The following provisions governing our privacy policy apply to:

1. users of the ERGO Technology & Services S.A. microsite placed on the ERGO Group website, as well as users of ERGO Technology & Services S.A. apps for mobile devices (hereinafter referred to as: website users).
2. the ERGO Technology & Services S.A. contractors, including potential contractors (hereinafter referred to as: contractors) and representatives of the contractors, including their employees, members of the management board, commercial proxies and attorneys-in-fact (hereinafter referred to as: representatives of the contractors).
3. correspondents, communicating by mail, including electronic mail, and using the forms available on the ERGO Technology & Services S.A. website (hereinafter: correspondents).

Information regarding processing of personal data of ERGO Technology & Services S.A. job applicants and persons recommending job applicants has been regulated in separate clauses displayed when providing data by these persons into dedicated online forms. ERGO Technology & Services S.A websites contains links to third-party websites (external links). These websites are subject to the liability of the respective operator. Should you discover that any link on our website links to content that violates governing law, please inform us at dpo.ets@ergo.com. We will then delete these links from our website without delay.

ERGO Technology & Services S.A. shall not accept any liability for ensuring that the information is up to date, accurate, complete and of high quality.

We would like to inform you here about the processing of your personal data when you use our websites and its apps, share your data with us during business contacts and about your rights under data protection law.

Who is responsible for processing the data and who is the Data Protection Officer?

Controller for the data processing is:

ERGO Technology & Services S.A.
ul. Droszyńskiego 24
80-381 Gdańsk
Poland

(hereinafter referred to as: „ET&S”)

You can contact our Data Protection Officer: Roger Kołomłocki by writing to the email address: dpo.ets@ergo.com or by writing to the above ET&S postal address and adding "For the attention of the Data Protection Officer".

What categories of data do we use and where do they come from?

As a matter of principle you can use our website anonymously. We do not save any personal data or data which can be related to a person using the website (such as IP addresses). When visiting our website we collect data (the date, time, pages visited, navigation, and software used) in an anonymised form so that the usage pattern can be analysed, also anonymously, by an external service provider. The data is anonymised before it is saved by the service provider. You will find further information about our website in Point 6.

ET&S may receive personal data directly from the contractors or representatives of the contractors (e.g. via e-mail correspondence, electronic contact forms, phone call, during business meetings, conferences) or from other persons or entities cooperating with ET&S for the purposes of business contacts, including in order to conclude and perform agreements with ET&S.

In the case of the contractors the data include mainly information connected with their business activities, and in particular full name, company name, business address, address of residence, mailing address, phone number, bank account number, numbers in relevant registers (Taxpayer ID Number (NIP), Statistical Number (REGON), and, whenever justified, personal ID number (PESEL), and ID card number (for identification purposes).

In the case of the representatives of the contractors the data include mainly contact details necessary to communicate with them for business purposes, and in particular: full name, e-mail address, phone number, and whenever justified, professional qualifications, personal ID number (PESEL), and ID Card number (for identification purposes).

What are the purposes for which data is processed?

If you provide us with your personal data in specific circumstances we treat this data in accordance with the provisions of the data protection legislation applicable at the company's head office.

If you send us an email or complete an online form on our website and send it to us we process the personal data indicated in the form (e.g. your name or email address) only for the purposes of our correspondence with you so we can send you the documents or information you requested, or for any other purposes you may have indicated on the form in question. We will process those data until the answer is given and the correspondence is completed, but in certain cases we may keep them until the period in which claims may be asserted against us expires.

In case of contractors and representatives of the contractors we also process provided personal data in order to:

1. sign and perform the agreement concluded between ET&S and the contractor (hereinafter referred to as: the Agreement), i.e. to perform the obligations of the parties under the Agreement and to make settlements after its termination - for the duration of the Agreement and settlements after its termination,
2. to verify professional qualifications of the representatives of the contractor in connection with the business negotiations held when deciding to cooperate or during the performance of the Agreement - for the duration of the negotiations or for the duration of the Agreement and settlements after its completion,
3. to establish and maintain business relations and direct marketing, including to send, using electronic means of communication or in any other form, marketing and promotional content, i.e. trade offers, information about promotional campaigns organised by the ET&S and events related to its business activities - until the objection is submitted,
4. perform the ET&S’s internal administrative purposes, including in particular the creation of statistics, reporting, and service development planning - for the time necessary to achieve these goals however, no longer than for the duration of the Agreement and settlements after its completion,
5. perform legal duties by the ET&S, e.g. the storage of invoice and accounting documents, tax clearings - for the time specified by law,
6. confirm the fulfilment of the obligations, establish, pursue or defend claims addressed against the ET&S - for the period of limitation of claims arising from the provisions,
7. fulfill by the ET&S of its legal obligations under the provisions of law, i.e. if a specific request is made by government authorities, to the extent specified in the request - within the limits specified by the request and for the time specified in the regulations,
8. performance by ET&S of tasks resulting from the controller's legitimate interest consisting, but not limited to, responding to correspondence addressed to ETS,
9. monitor office spaces of the ET&S, to ensure the safety of persons staying there, protect the property of the ET&S, its employees and visitors, and to secure information which constitutes trade secrets of the ET&S - no longer than 3 months.

We will inform you in advance if we want to process your personal data for a purpose which is not indicated.

On what legal basis is your personal data processed?

We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), and all other relevant legislation on the processing of personal data if applicable.

The specific legal basis for processing the data depends on the context in which we receive the data and the purpose for which we receive it. In so far as is necessary, we will therefore inform you in the case of the relevant application.

The legal basis will be:

1. the legitimate interests of the controller (article 6 paragraph 1 point (f) of GDPR) - in order to conduct the communication, sign and perform the agreement as regards representatives of contractor, verify professional qualifications of representatives of contractor, establish and maintain business relations, conduct direct marketing, perform internal administrative purposes, confirm the fulfilment of obligations, establish, pursue or defend claims addressed against the ET&S, or conduct video monitoring of office space.
   
   To carry out marketing activities via electronic means of communication (SMS, phone, e-mail) it may be necessary to additionally express consents under the provisions of the Telecommunications Law or the Act on the provision of electronic services.
2. necessity of data processing for compliance with a legal obligation to which the ET&S is subject (article 6 paragraph 1 point (c) of GDPR) - in the case of performance of legal duties by the ET&S, e.g. the storage of invoice and accounting documents, tax clearings or fulfilment of its legal obligations under the provisions of law, i.e. responding to the requests made by government authorities.
3. necessity of data processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6 paragraph 1 point (b) of GDPR) - in case of sign and perform the Agreement as regards contractors.

Who will obtain your data?

Within the controller (ET&S), the only persons and departments to receive the relevant data are the persons and departments responsible for the process in question; in this respect there is a clear allocation of duties and a clear authorisation concept. The data may also be passed to service-providers for the purposes specified above. The involvement of service providers is necessary, for example, as part of the administration and maintenance of IT systems, as well as for the purposes of providing courier, postal, marketing, archiving, auditing and legal services.

Personal data can also be sent to other recipients in so far as this is necessary for the performance of contractual or statutory obligations (e.g. sent to supervisory authorities).
This data can also be forwarded to Group companies e.g. as part of Group communications or Group management.

Is your data sent to a third country?

If personal data is sent to a service provider or Group company outside the European Economic Area (EEA), it is only sent if the EU Commission has confirmed that the country has an adequate level of data protection or if other adequate data protection guarantees (e.g. the agreement of EU standard contractual clauses) are in place. You can also request the information from the places or persons specified as contacts at the beginning of this section.

What measures do we take to protect your data?

We take appropriate and state of the art technical and organisational security precautions to protect data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. In the case of the dialogue forms available on our website, we use SSL (Secure Socket Layer) encryption to protect your details. This SSL connection protects your data against scrutiny by unauthorised persons. For the sake of your own security, please always use these dialogue forms. If you send data to us in unencrypted form as normal non-secure emails, it is possible for these emails to be viewed or amended by unauthorised persons during transmission.

What data protection rights do you have as a Data Subject?

You can request information from the above address about your personal data which has been saved. Under certain conditions you can also require that your data is corrected or deleted. You also have a right to restrict the processing of your data and a right to the disclosure in a structured, customary and machine-readable format of the data you supplied.

Right to object

If we process your data to protect our legitimate interests you may object to this processing for reasons which arise from your particular situation. We will then cease processing your personal data unless we can demonstrate compelling reasons worthy of protection for the processing which override your interests, rights and freedoms or if the processing is for the assertion, exercise or defence of legal claims.

You can object to processing for direct marketing purposes at any time.

If we process your data by reason of consent you have given, you may revoke this consent at any time with effect for the future.

Where can you file complaints?

You can file complaints either with the Data Protection Officer detailed above or with a data protection supervisory authority.
The data protection supervisory authority responsible for ET&S's head office in Poland is: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland.

For how long is your data saved?

We delete your personal data as soon as it is no longer required for the purposes stated above, but in certain cases we may keep them for the retention period required by law or until the period in which claims may be asserted against us expires. This is done regularly as a result of statutory obligations to provide proof and also retention obligations which are legally defined.

Individual retention periods are specified for each of the processing purposes in the section above “What are the purposes for which data is processed?

Are you obliged to provide your data?

If you are just using our website you are under no obligation to provide personal data. However, there are some services for which we need your personal data e.g. to send you the information you request, for example newsletters or to include you in an application procedure. We cannot provide the services you request without this information. In each case we only collect the data we actually need.

Providing your personal data may be necessary to establish and maintain business relationships with ET&S as well as to conclude and perform the agreements with ET&S.

To what extent are decisions on particular cases or profiling activities automated?

If we use purely automatic processing method, including profiling, in a specific case to arrive at a decision, we will inform you as part of the procedure.

Amendment of this Privacy Statement
Enhancement of our website and changes in technology sometimes lead to changes in our Privacy Statement. When visiting our website please take note of the latest version of our Privacy Statement.

3.1 Use of cookies

Cookies are small files that are stored on your computer and control the display and operation of our website. These cookies are deleted when the dialogue is terminated; no evaluation of the user behaviour takes place.  We use cookies to ensure the best possible website performance. To improve the website further, we store cookies – which do not identify individual users – and analyse their data.
Statistical analyses of our website are carried out anonymously, meaning that they cannot be linked to the user as a person. We may request further voluntary information besides data required for the specific purpose of preparing an individual offer. The fields for this voluntary information are marked accordingly. Additional information helps us to get to know you better and advise you better, to improve our website and for advertising purposes.

Furthermore, cookies are used in conjunction with using the personal customer portal. Cookies do not contain any personal information. In order to be able to request log-in data for ET&S online or to register with ET&S, cookies have to be permitted for the ets.ergo.com website via your browser. The settings of cookies vary from browser to browser.

3.2 Using advertising analysis tools (Adobe Analytics)

We use Adobe Analytics software from Adobe Systems for marketing and optimisation purposes in order to make your visit to our websites or apps even more user friendly. Data on user behaviour, including origin and page impressions, is stored online and offline. Further data such as sex, year of birth or postcode are also collected anonymously, but cannot be traced to you as a person. It is not possible to collate the data with your personal data (i.e. name, address or insurance policy number). Furthermore, your IP address is not processed by Adobe Systems but is merely stored in an abbreviated form. Information collected is stored by Adobe Systems within the European Union.

For further details on data privacy at Adobe Systems as well as its data privacy statement, please visit Adobe website:
http://www.adobe.com/privacy.html

3.3 Transferring information and encryption

If you choose to send a message to ET&S by way of the contact form, the information is sent using an encryption technique known as SSL (secure socket layer) with a key length of at least 128 bit.

Our websites and our apps both use plug-ins of several social networks, including Facebook, Twitter, LinkedIn and others. The plug-ins are marked with a logo or with the add-on “social plug-in”.

If you access one of our website pages or apps containing such a plug-in, these plug-ins can create a direct link with the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another. Due to the incorporated plug-ins, the social networks will be informed that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account.

If you interact with the plug-ins, e.g. by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the guidelines of the relevant social network. For information on the purpose and scope of collecting this data and its subsequent processing and utilisation by the social network, as well as your rights in this regard and the settings available to protect your private sphere, please refer to the data privacy information available from the social network in question.

If you do not wish social networks to collect data about you via our website, you will need to log out of all social networks before visiting our website or using our app.

Information on data processing at Facebook, and on the profile of ET&S, can be found in the section ‘Facebook information clause’.

ET&S uses the e-mail address provided in order to send you a reply with the details requested. However, we only send personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the contents of your message relate to a contract, ET&S will archive the e-mail. The e-mail address will only be used to correspond with you and will not be forwarded to any third parties. You will not receive any unsolicited e-mails from us. If, however, you do receive an unsolicited e-mail which states that it has been sent by us, it has been sent fraudulently and should be deleted immediately.

Before sending ET&S an e-mail that has not been encrypted, please remember that its contents are not safeguarded against other people viewing them or using them fraudulently. Consequently, we would recommend that you send any message to ET&S using the contact form when dedicated form is provided on ET&S website.