Notedeco - adhesive note pads
Back
|
  1. Homepage
  2. Privacy policy

PRIVACY AND PERSONAL DATA PROTECTION POLICY

The purpose of the provisions of this document is to regulate the rules for the processing of personal data, so that they fully comply with the provisions of the DPA.

DEFINITIONS:

  1. Controller - means the natural or legal person, public authority, entity or other body which alone or jointly with others determines the purposes and means of the processing of personal data; in the case of this Privacy Policy, the Controller is understood to mean 
    the Company;
  2. Personal data - information about an identified or identifiable natural person ("data subject"); an identifiable natural person 
    is a person who can be identified, directly or indirectly, in particular 
    on the basis of an identifier such as a first andname, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural 
    or social identity of a natural person; for the purposes of this Privacy Policy, personal data are understood to be ordinary data: name, surname, telephone number, e-mail address and order processing address;
  3. Data integrity - the property of ensuring that personal data has not been altered
    or destroyed in an unauthorised manner;
  4. Processor - a natural or legal person, public authority, entity or any other body that processes Personal Data on behalf of the Controller; in the case of this Protection Policy, the following shall be understood as the Processor: entities with which the Company 
    cooperates in the area of legal services, accounting and IT services, 
    and also entities to which the Company is obliged to transfer Personal Data in order to fulfil its obligations under the law, such as: Tax Office, ZUS;
  5. Processing - an operation or set of operations performed on personal data 
    or sets of personal data in an automated or non-automated manner, such as collecting, recording, organising, ordering, storing, adapting 
    or modifying, downloading, viewing, using, disclosing by sending, distributing or otherwise making available, matching 
    or combining, limiting, deleting or destroying;
  6. PUODO - the President of the Office for the Protection of Personal Data, the supervisory authority within the meaning of the RODO;
  7. Data Confidentiality - the property of ensuring that data is not made available to unauthorised parties;
  8. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 
    27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
  9. MSWiA - Regulation of the Minister of Internal Affairs and Administration of 
    29 April 2004 on documentation of personal data processing and technical and organisational conditions to be met by devices and IT systems used for personal data processing (Journal of Laws 2004 No. 100 item 1024 
    as amended);
  10. Company - the company under the firm NOTEDECO Spółka z ograniczoną odpowiedzialnością Sp. k. 
    with its registered office in Poznań, ul. Żniwna 9, 61-663 Poznań, entered in the Register of Entrepreneurs of the National Court Register on the basis of an entry made by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register, 
    under KRS no.: 0000493093, with NIP no.: 9721127416, REGON no.: 300232617, represented by the general partner - a company under the business name 
    NOTEDECO Sp. z o.o. with its registered office in Poznań, ul. Żniwna 9, 61-663 Poznań, entered in the Register of Entrepreneurs of the National Court Register on the basis of an entry made by 
    District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Economic Division of the National Court Register, under KRS no.: 0000483597, holding NIP no.: 7822565387, REGON no.: 302570258;
  11. IT system - a set of cooperating devices, programs, information processing procedures and software tools used for data processing;
  12. UODO - the Office for the Protection of Personal Data.

 

NOTEDECO, as the controller of personal data

  1. The controller of the personal data is the company under the name NOTEDECO Spółka z ograniczoną odpowiedzialnością Sp. k. (hereinafter also: "NOTEDECO"), which can be contacted by the Customer by emailing 
    at the following address: rodo@notesy.pl.
  2. The legal basis for the processing of the Customer's personal data is the Contract between 
    him and NOTEDECO. The provision of personal data for the conclusion and execution of the Contract, 
    including the execution of the Order by NOTEDECO, is voluntary, but failure to do so will make the conclusion and execution of the Contract impossible. If required by law, NOTEDECO may require the Customer to provide other necessary data. Apart from these cases, the provision of data by the Customer is voluntary.
  3. The Customer's personal data will only be processed for the following purposes and legal bases:
    1. related to the conclusion and execution of the Agreement and the execution of the Order, as well as 
      their settlement (including the issuance of invoices and accounting documents) and the processing of complaints and requests and answering the Customer's questions (pursuant to Article 6(1)(b), (c) or (f) RODO);
    2. fulfilment of NOTEDECO's legal obligations under the law 
      on accounting of 29 September 1994, Journal of Laws of 2018, item 395 as amended 
      in particular Article 74z (pursuant to Article 6(1)(c) RODO);
    3. the possible establishment, investigation, enforcement or defence of claims being the exercise of NOTEDECO's legitimate interest in this (pursuant to Article 6(1)(f) RODO);
    4. statistical, ensuring IT security, financial analysis of NOTEDECO, being the realisation of its legitimate interest in doing so (pursuant to Article 6(1)(f) RODO);
    5. storing data for archiving purposes and ensuring accountability (pursuant to Article 6(1)(f) RODO);
    6. if the Customer gives his/her consent, NOTEDECO processes his/her data for the purpose of storing data in cookies (pursuant to Article 6(1)(a) RODO).
  4. NOTEDECO processes the following personal data obtained from the Customer: identification data (such as first and last name), address data, contact data (e.g. e-mail address, telephone number), data in the form of a bank account number.
  5. The Customer's data may come from publicly available sources, in particular 
    databases and registers: Central Register and Information on Economic Activity (CEIDG), National Court Register (KRS), REGON (information refers to personal data obtained otherwise than from the data subject).
  6. NOTEDECO processes the Customer's personal data on the basis of and in compliance with the requirements of the
  7. NOTEDECO ensures the use of appropriate technical and organisational measures to ensure the security of the processed personal data, in particular to prevent access to it by unauthorised third parties, or its processing 
    in violation of generally applicable law, preventing the loss of personal data, its damage or destruction.
  8. The Customer's personal data will be stored for the period:
    1. the duration of the Contract concluded with NOTEDECO, and after its termination, in connection 
      with NOTEDECO's legal obligation under generally applicable law (including the retention of accounting evidence);
    2. necessary for NOTEDECO's assertion of claims in connection with its business or defence against claims made against NOTEDECO, 
      on the basis of generally applicable law, taking into account the periods of limitation of claims provided for by generally applicable law.
  9. When processing the Customer's personal data, NOTEDECO transfers the Customer's data to processors on behalf of NOTEDECO participating in the performance of its activities and supporting the provision of services, i.e. subcontractors, manufacturers of the goods covered by the Order, entities providing payment, consulting, auditing, legal, tax, accounting assistance, IT and hosting companies, advertising or marketing agencies who will process the data only 
    to the extent referred to in paragraph 4 above and for the purposes specified by NOTEDECO, 
    referred to in paragraph 3 above.
  10. NOTEDECO currently has no plans to transfer the Customer's personal data to a third country or to international organisations (i.e. outside the EEA).
  11. Based on the Customer's data, NOTEDECO will not make automated decisions towards the Customer, including decisions resulting from profiling.
  12. A Customer who has provided NOTEDECO with his/her personal data is entitled to:
    1. The right to access their data and to receive a copy of their data;
    2. The right to rectify (amend) their data;
    3. The right to delete the data (the so-called right to be forgotten);
    4. The right to restrict the processing of your personal data;
    5. The right to have your data transferred to another controller;
    6. The right to object to the processing of your data, including profiling, and for direct marketing purposes;
    7. The right to withdraw consent where NOTEDECO processes the Customer's data on the basis of consent, at any time and in any manner, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal;
    8. The right to lodge a complaint with the President of the Office for Personal Data Protection when the Customer considers that the processing of personal data violates the provisions of the RODO.
  13. The Customer, in order to exercise his/her rights referred to in paragraph 12 above, may make a request to NOTEDECO by sending it to the following e-mail address 
    : rodo@notesy.pl

Whereby, in order to ensure that you are entitled to make the request, NOTEDECO may ask you to provide additional information allowing it to authenticate the Customer.

 

NOTEDECO, as the entity to which the Collaborating Entity has entrusted the processing of its customers' personal data

  1. Personal data will be processed by NOTEDECO for the duration of the contract 
    (including the provision of Services) and thereafter deleted or returned to the Collaborating Entity within the period specified by the Collaborating Entity, unless 
    an obligation for a longer retention period arises from the provisions of Polish law 
    or European Union law with which NOTEDECO is obliged to comply 
    (art. 28(3)(g) RODO).
  2. The nature and purpose of the processing derive from the agreement between NOTEDECO and the Collaborating Entity, in particular, the purpose of NOTEDECO's processing of the data entrusted to it is primarily for the performance of the Agreement between it and the Collaborating Entity, 
    and especially for the correct performance of the Services offered by NOTEDECO.
  3. NOTEDECO processes personal data only on the documented instructions of the Collaborating Entity given in connection with the agreement between NOTEDECO and the Collaborating Entity, unless such obligation is imposed by Polish or EU law. The Collaborating Entity must be entitled to process the data to the extent it has entrusted NOTEDECO with it.
  4. The processing of personal data entrusted to NOTEDECO will only include data that will be collected by the Collaborating Entity and provided to NOTEDECO, 
    the name of the natural person and contact details in the form of telephone number and email address.
  5. Throughout the term of the contract, NOTEDECO will take and implement appropriate technical and organisational security measures to safeguard the entrusted data against breaches, in particular the security guarantees set out in the information and documents provided to the Collaborating Entity (both parties should retain this evidence for the purposes of meeting the accountability requirement). For the avoidance of doubt, the implementation of the security requirements indicated above does not relieve the Collaborating Entity of the obligation to make its own assessment and decide what additional measures adequately provide a level of security appropriate 
    to the risk factors identified.
  6. NOTEDECO has implemented measures to limit access to data to only those employees/co-workers who need access to such data, 
    in order to be able to perform their assigned business tasks, in accordance with the principle of limited access and the principle of least privilege. In addition, NOTEDECO will ensure 
    that those authorised to process the data commit to secrecy.
  7. NOTEDECO may request the Collaborating Entity's consent 
    to entrust data processing to another sub-processor. The consent given may be general or specific.
  8. If the Collaborating Entity gives general consent, entrusting data processing to another sub-processor requires prior notification to the Collaborating Entity in order to allow it to object. The Cooperating Entity may raise a documented objection to the entrustment of data to a specific sub-processor for legitimate reasons. If an objection is raised, NOTEDECO will not be entitled to entrust the data to the objected entity. NOTEDECO will raise doubts about the legitimacy of the objection and possible negative consequences with the Collaborating Entity in time to ensure the continuity of the processing. NOTEDECO's ongoing cooperation with the entity subcontracted to process personal data allows NOTEDECO to ensure the security of the processing of the data subcontracted by the Collaborating Entity. Whereby, when NOTEDECO uses the services of another processor, it imposes 
    on that processor the same data protection obligations as those imposed on NOTEDECO by the Collaborating Entity, in particular the obligation to provide sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing corresponds (Article 32 RODO), manifested in particular in (Article 28(3)(c) RODO):
    1. pseudonymisation and deletion of personal data when the period 
      of their processing has expired;
    2. ensuring the confidentiality, integrity, availability and resilience of the NOTEDECO system, 
      through which the data are processed;
    3. ensuring that data availability and access can be restored immediately after a technical or physical incident;
    4. applying regular verification of the effectiveness of the safeguards and systems that ensure data security.

NOTEDECO is responsible to the Collaborating Entity for the fulfilment of the data protection obligations of the sub-processor.

  1. Personal data entrusted to NOTEDECO will not be transferred outside the European Economic Area.
  2. NOTEDECO enables the Collaborating Entities to exercise the rights of individuals under the RODO.
  3. In addition, NOTEDECO will, as far as possible, provide assistance to the Collaborating Entity
    Collaborating Entity through appropriate te http:// chical and organisational measures to comply with the
    its obligation to respond to the data subject's requests for the exercise of the rights set out in Chapter III of the RODO (Article 28(3)(e) of the RODO). NOTEDECO, taking into account the nature of the processing and the information available to it, shall ensure cooperation
    with the Collaborating Entity in the exercise by the Collaborating Entity of its obligations in the area of personal data protection as referred to in Articles 32 to 36 RODO.
  4. In the event that NOTEDECO has doubts as to the lawfulness 
    (in particular the RODO) of the Cooperating Entity's instructions or instructions, NOTEDECO shall immediately inform the Cooperating Entity of the doubt identified.
  5. The Collaborating Entity shall cooperate with NOTEDECO in the execution of the 
    agreement and the correct provision of the Services, provide NOTEDECO with explanations in case of doubts 
    as to the legality of the Collaborating Entity's instructions, as well as comply 
    in a timely manner with its specific obligations under the agreement or under Polish and EU law.
  6. NOTEDECO:
    1. shall notify the Collaborating Entity of any suspected breach of personal data protection as soon as it becomes aware of such information;
    2. provides the Collaborating Entity with all information necessary 
      to demonstrate the Collaborating Entity's compliance with the provisions of the RODO;
    3. enable the Cooperating Entity or an authorised auditor to carry out audits or inspections;
    4. cooperate with the Cooperating Entity or the auditor in carrying out audits or inspections (Article 28(3)(h) RODO).

Downloadable documents:

GDPR

INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA

Why choose us?

Exceptional quality!

Exceptional quality!

Our notebooks are made from the highest quality materials to ensure durability and reliability in every product.

Proven technologies

Proven technologies

We use modern, proven technologies that ensure excellent adhesion and ease of use for our notepads.

Advertising impulse

Advertising impulse

Adhesive notepads are an effective marketing trigger, helping your brand gain greater visibility and customer trust.

Short lead time

Short lead time

Thanks to an optimized production process, we ensure a short order fulfillment time, adapting to the needs of our customers.