§ 1. Personal data controller
The controller of the personal data of the Customers (Buyers) is Szczecińska Energetyka Cieplna Sp. z o.o. (hereinafter referred to as SEC), ul. Zbożowa 4, 70 653 Szczecin, entered under the No. KRS 131910, NIP 851 010 94 44, www.sec.com.pl, bok@sec.com.pl, tel. +48 91 450 99 99 You can contact the personal data protection inspector of Szczecińska Energetyka Cieplna Sp. z o.o. by writing at the postal or e-mail address iod@sec.com.pl, with a note “Personal data inspector”.
§ 2. The purpose of and legal basis for personal data processing
Personal data of Customers shall be processed on the basis of legal provisions, especially Art. 6 para 1, a-f of GDPR, concluded agreements and the consent given for the following purposes:
- to conclude and perform an agreement on using our services on the basis of the Customers’ interest in our services,
- marketing and promotion of the services offered by SEC,
- to measure customers’ satisfaction and the quality of our services, which is our legitimate interest,
- to recover debts, which is our legitimate interest,
- possible litigious proceedings, including establishment, exercise of and defence against claims, which is our legitimate interest,
- archiving (providing evidence) to secure information if a legal need arises to ascertain facts, which is our legitimate interest,
- to fulfil our legal obligations, e.g. obligation to issue an invoice or other documents required by law,
- to fulfil our legal obligations resulting from the EU or Polish law (e.g. towards the President of the Energy Regulatory Office or tax administration), because in this case data processing is necessary to meet legal requirements that we are subject to.
In other cases, Customers’ personal data are processed exclusively on the basis of a prior consent, to the extent and for the purpose specified in the consent.
§ 3. Categories of data that are processed
In order to provide you with our services, we process the following data: data necessary to conclude, perform and terminate agreements made with SEC, such as, among others, KRS number, REGON number, NIP number, registered office address, representation, contact data, data about the property that the agreement covers, image recordings – data recorded in SEC’s registered office related to securing the property, audio data – data related to recording talks of SEC employees with customers calling SEC. Detailed and full information on personal data protection is provided to Customers when the agreement is concluded or in a reply from the Personal Data Inspector.
§ 4. Data recipients
Personal data can be transferred to the entities which need it to perform the agreement, such as for example entities from our capital group, entities providing IT services for the seller, as well as services related to the recovery of debt resulting from the agreement or to the issuance and delivery of invoices. To the extent that they perform their tasks, state bodies shall also be recipients of Customers’ personal data.
§ 5. Transfer of data to third countries of international organisations
Personal data of Customers shall not be transferred to third countries or international organisations.
§ 6. Personal data storage period
(period for which personal data will be stored, and if not possible, criteria for setting the period)
Personal data of Customers will be processed for the period necessary to achieve the processing purposes specified in point 2., i.e.
- with regard to the performance of the agreement made by the Customers – during the term of the agreement, and afterwards, for the period required by law or to secure possible claims; if Customers had given consent for the data to be processed after the agreement termination for archiving purposes, until the consent is withdrawn,
- with regard to marketing and promotional purposes of the services offered – for the period until Customers withdraw their consent for data processing,
- with regard to customer satisfaction and quality measurement – for the term of the agreement,
- with regard to debt recovery – for 5 years after the end of the agreement,
- with regard to litigious proceedings – for 10 years from the day of issuance of a final ruling terminating the proceeding.
§ 7. Rights related to personal data
Customers have a right of access to the content of their data, as well as the right to rectification, to erasure, to restriction of processing, to data portability, to object to personal data processing, and to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Customers have a right to lodge a complaint with a supervisory authority competent in personal data protection, if they decide that personal data protection breached GDPR. Data controller has a right to refuse to erase the Customer’s data, if data storage is necessary for the exercise of legal claims or if it is required by law.
§ 8. Information on the requirement/freedom to transfer data
The Customer transfers the data freely, but if the data required for the performance of the agreement is not transferred, it will not be possible to conclude and perform the agreement.
§ 9. Automatic processing and profiling
Personal data of Customers shall not be processed in an automatic way, including profiling.