Information on data protection
The Interzero Group companies, viz: Interzero Organizacja Odzysku Opakowań S.A., Interzero Polska Sp. z o.o., Interzero Advisory Spółka z o.o., as well as Interzero Organizacja Odzysku Opakowań and Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A. take the protection and security of your data very seriously and take this into account in all their business activities. In this data protection notice, we would like to provide an overview of the aspects of our online services that are relevant to data protection legislation.
In the following paragraphs we will explain:
- What data we collect when you use our online services.
- For what purposes the companies: Interzero Organizacja Odzysku Opakowań S.A., Interzero Polska Sp. z o.o., Interzero Advisory Spółka z o.o., as well as Interzero Organizacja Odzysku Opakowań and Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A. process the data.
- What rights and possibilities you have in relation to the processing of your data.
- How you can contact us about data protection.
What does this data protection notice cover?
This data protection notice applies to the online services provided by Interzero Organizacja Odzysku Opakowań S.A., Interzero Polska Sp. z o.o., Interzero Advisory Spółka z o.o. as well as Interzero Organizacja Odzysku Opakowań and Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A..
on the interzero.co.uk domain and on the social media accounts operated by Interzero on the portals Facebook, Twitter, LinkedIn i Xing (hereinafter referred to as "social media accounts"). The online services of Interzero companies other than those mentioned above are subject to individual data protection notices, which can be viewed on the websites in question.
1. The controllers of your data and how to contact them
In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU. L. 2016, No. 119, p. 1) (RODO), the joint data controllers are:
- Interzero Organizacja Odzysku Opakowań S.A. with its registered office in Warsaw, 165 Wiertnicza St., 02-952 Warsaw, entered in the register of entrepreneurs by the District Court for the capital city of Warsaw in Warsaw, 13th Economic Division of the National Court Register, under the KRS number 0000266658, share capital: PLN 2,500,000.00, paid in full, NIP 5213409980, REGON 140718909, BDO 000000172;
- Interzero Advisory Spółka z o.o. with its registered office in Warsaw, 165 Wiertnicza St., 02-952 Warsaw, entered in the register of entrepreneurs by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under the KRS number 0000676980, share capital: PLN 100,000.00, paid in full, NIP 1132335293, REGON 017443900, BDO 000518378;
- Interzero Polska Sp. z o.o. with registered office in Warsaw, 165 Wiertnicza St., 02-952 Warsaw, entered in the register of entrepreneurs by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under the KRS number 0000459881, share capital: 105,000.00 PLN, paid in full, NIP 9512367010, REGON 146653200, BDO 000009153;
- Interzero Organizacja Odzysku Opakowań i Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A. with registered office in Kraków, ul. Mogilska 65, 31-545 Kraków, entered into the register of entrepreneurs by the District Court for the capital city of Warsaw in Warsaw, 13th Economic Division of the National Court Register, under the KRS number 0000925732, share capital: PLN 5,000,000.00, paid in full, NIP 9512530326, REGON 520530764, BDO 000552505.
Where the words "we", "us" or "Interzero" are used herein, this shall mean exclusively Interzero Organizacja Odzysku Opakowań S.A. and Interzero Polska Sp. z o.o., Interzero Advisory Spółka z o.o. as well as Interzero Organizacja Odzysku Opakowań and Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A..
We would like to inform you that the Joint Administrators have appointed a Data Protection Officer - Ms Agnieszka Radtke.
For all data protection issues, you can contact the DPO by writing toiod@interzero.plor by traditional post to ul. Wiertnicza 165, 02-952 Warsaw.
Interzero Organizacja Odzysku Opakowań S.A., Interzero Polska Sp. z o. o., Interzero Advisory Spółka z o.o. as well as Interzero Organizacja Odzysku Opakowań and Interzero Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A. have concluded an appropriate agreement on the co-management of your personal data. We have agreed that we will co-operate in the case of your exercise of the rights referred to below, but that Interzero Organizacja Odzysku Opakowań S.A. will be responsible for taking the necessary measures, e.g. will be responsible for correcting your personal data in the event of a request for rectification. The above arrangements do not affect the fact that you can exercise your rights vis-à-vis each of the joint controllers separately.
2. Processing of data when visiting our website
2.1 Automatic collection of access data
You can visit our website without registering a user account and without entering personal data in the corresponding contact forms. Only access data that is automatically transmitted by your browser will then be collected. This includes, for example, your internet identification (e.g. IP address, session IDs, device IDs), information about the browser and operating system you are using, the page from which you visit our website (e.g. if you visited one of our websites via a link), the names of the files you requested (i.e. which texts, videos, images, etc. you viewed on our websites), your browser language settings, any error reports and access times. This data must be processed in order to enable you to visit our website and use it conveniently and to ensure its permanent functionality and security. Access data will also be stored on a short-term basis in internal log files in order to obtain statistical information on the use of our websites. This allows us to continuously optimise our website, taking into account the usage patterns and technical resources of users, and to correct failures and security risks. The information stored in the log files does not allow direct conclusions to be drawn about you - in particular, we only store IP addresses in an abbreviated, anonymised form. The logs are stored for 30 days and archived after further anonymisation. The legal basis for such data processing is Article 6(1)(f) RODO (necessary for the purposes of the legitimate interests pursued by the controller).
2.2 Cookies
We use our own cookies and third-party cookies on our websites. A cookie is a standardised text file stored by your browser for a specific period of time. Cookies make it possible to store information locally, such as language settings and temporary identifiers, which your browser sends back to the server that sent the cookies on your next visit to the website. In your browser's security settings, you can view and delete the cookies you use. You can adjust your browser settings at your own discretion and thus, for example, refuse to accept cookies from third parties or all cookies. Please note that in this case, you may not be able to use all the functions of our websites.
Our own cookies are used to make visiting our websites more user-friendly and secure. The legal basis for the processing in this case is Article 6(1)(f) RODO, i.e. our legitimate interest in providing safe and relevant content to users of our websites. We use third-party cookies for web analytics and marketing purposes. Please see sections 2.5 and 2.6 of this Data Protection Notice for more detailed information.
2.3 Your messages and communication
We collect all information and all data that you provide to us via our websites. For example, you can send us messages and, in some cases, files (e.g. PDF documents) at various points on our websites using functions such as the contact form or the contact function. Any information that is mandatory for these functions is marked as such. The information you provide will only be used by us to process your request.
We will delete the data collected in this way when its retention is no longer required, or restrict its processing if there are statutory retention obligations.
Disclosure of your message to another Interzero company or to an external third party will only be made to the extent that this is necessary to fulfil your request (e.g., we disclose your message to another Interzero Group company if the latter is responsible for processing your request). In the event that you do not wish your message to be disclosed to another company, it is possible to include such information - of course also as a precautionary measure - directly in the message. We will pass on your message to another company without any information that could identify you (e.g. name, customer number or contact details).
The legal basis for the processing of the data contained in the contact form is Article 6(1)(f) RODO.
To the extent that you have consented to the disclosure or processing elsewhere of data that you have provided to us, e.g. newsletter subscriptions, the legal basis will be Article 6(1)(a) of the DPA.
In the case of our customers and contractors who are natural persons, your personal data will be processed for purposes related to the performance of the contract to which you are a party on the basis of Article 6(1)(b) RODO. In addition, where the processing of your data is necessary for the performance of legal obligations incumbent on the controller (including those arising from tax legislation) on the basis of Article 6(1)(c) of the RODO. Your personal data may also be processed for the purpose of asserting potential claims on the basis of Article 6(1)(f) RODO, i.e. the processing is necessary for the fulfilment of the controller's legitimate interest, which is the assertion and enforcement of vested claims.
While we provide all Interzero information material - brochures, certificates, reports and magazines - we do not collect any personal data on this occasion.
2.4 Use of YouTube videos
We use YouTube videos on parts of our websites. YouTube is an open Internet service that allows you to upload, stream, rate and comment on videos for free operated by Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube videos can be played directly on our websites. They are embedded in "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube when you do not play the videos. Data will only be transmitted to YouTube when you play the videos. We have no influence over such data transmission. If personal data is transferred to the United States, it is protected on the basis of participation in the Privacy Shield programme established under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection afforded by the EU-US Privacy Shieldwhich Google and YouTube have joined.
When you visit a website with YouTube videos on it, YouTube and Google thus obtain access data and information that you have visited a page on our website in question. This will happen regardless of whether you are logged in to YouTube or Google. In the event that you are logged into Google, your data will be associated directly with your Google account. In the event that you do not want them to be associated with your YouTube profile, you must log out before playing the video. YouTube and Google may use your access data to create user profiles for marketing purposes, marketing research and to design their own websites based on your needs. You have the right to object to the creation of such user profiles. In this case, you should send your objection directly to YouTube. For more information, please see Google's privacy principleswhich also apply to YouTube.
The legal basis for the above data processing insofar as we are the controller is Article 6(1)(f) RODO (necessary for the purposes of the legitimate interests pursued by the controller).
2.5 Analytical tools
2.5.1. Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies to collect access data when you visit our websites. Such access data will be incorporated into pseudonymised user profiles on our behalf and sent to a Google server in the USA. Prior to this, your IP address will be anonymised. Therefore, we do not know which user profiles belong to a particular user. We cannot identify you from the data collected by Google, nor can we tell you how you use our websites. In exceptional cases, where personal data is transferred to the United States, it is protected under the Privacy Shield between the European Union and the United States, which Google has joined. In this way, the data processing carried out by Google Analytics is subject to the European Commission's adequacy decision, i.e. the level of data protection is deemed adequate, even if the processing takes place in the United States under an exception.
Google will use the information obtained through cookies to evaluate the use of our websites, to compile reports on this activity on the website and to provide further services related to the use of the website and the Internet. You can find more information about this at Google Analytics privacy policy.
You can object at any time to the above-mentioned processing and evaluation of pseudonymised user profiles by Google. To do so, you have various options available to you:
(1) You can set your browser to block cookies from Google Analytics.
(2) You may adjust your Google Ads settings.
(3) You can install the opt-out plug-in provided by Google at https://tools.google.com/dlpage/gaoptout?hl=de in Firefox, Internet Explorer or Chrome (this option does not work on mobile devices).
2.5.2. Google Tag Manager
Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The Tag Manager is used to manage website tags more efficiently. A website tag is a surrogate symbol that is stored in the source code of our website to, for example, capture the embedding of frequently used website elements (e.g., web analytics service code). Google Tag Manager works without the use of cookies. The data will be processed partly on a Google server in the United States. If personal data is transferred to the United States, it is protected under the Privacy Shield between the European Union and the United States, which Google has joined. The legal basis is Article 6(1)(f) RODO, i.e. our legitimate interest in the commercial operation of our website. For more information, please see Google's information on Tag Manager.
2.6 Other tools provided by third parties
2.6.1. Google ReCAPTCHA
We have built in a function to identify bots, e.g. for entries in web forms (Due to the need to prevent web robots from performing certain functions on our website, we use the Google reCAPTCHA mechanism to examine whether the behaviour of users of our website bears the hallmarks of robotic behaviour. If this is the case, we may disclose your IP address to Google LLC), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy principles: https://www.google.com/policies/privacy/, resignation: https://adssettings.google.com/authenticated
2.6.2. Google Maps
Due to our legitimate interest pursuant to Article 6(1)(f) RODO in effectively shaping our website offering, we use the Google Maps web service plug-in on our website. The operator of Google Maps is Google Inc. with its registered office in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. Google is certified by Privacy Shield and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). When you use Google Maps on our website, information about your use of the website and your IP address are transmitted to and stored on a Google server in the USA. By deactivating Javascript in your browser, you will prevent Google Maps from performing its functions. However, you will then also not be able to use the maps displayed on our website. By using our website, you declare your consent to the described registration and processing of information by Google Inc. Further information on the data protection provisions and the terms of use of Google Maps can be obtained here: https://www.google.com/intl/de_de/help/terms_maps.html.
2.6.3. MyFonts
Our website also uses external fonts provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA (hereinafter "MyFonts"). These fonts are placed by establishing a connection to the MyFonts server. In order to deliver the font files to your browser, your IP address is transmitted at least to the MyFonts server when you visit our website. Further information (e.g. the name of the website visited, the date and time of the request, the type of browser used) may also be transmitted to MyFonts. To prevent MyFonts from executing JavaScript codes, you can deactivate JavaScript in your browser or install a JavaScript blocking program (e.g. www.noscript.net, www.ghoserty.com). For more information on data privacy, please visit the MyFonts website by clicking the link below: https://www.myfonts.com/info/legal/#Privacy. The legal basis for the processing of this data is Article 6(1)(f) of the RODO (balance of interests arising from our legitimate interest in assessing general usage).
3. data processing during the use of our career portal
You can apply for the positions described in our job vacancies on the careers portal. The purpose of data collection is to select candidates for potential employment. In order to receive and process your application, we collect the following data, in particular: name, e-mail address, application documents (e.g. references, professional CV (curriculum vitae)), earliest date when you can start work and financial expectations. The legal basis for the processing of personal data in terms of first name, surname, education, previous employment history in the event of a response to a recruitment advertisement posted by us is Article 6(1)(c) RODO in connection with Article 221 § 1 of the Act of 26 June 1974 of the Labour Code (i.e. Journal of Laws 2018, item 917). The legal basis for the processing of data other than those indicated above and the processing of data for future recruitment is Article 6(1)(a) RODO, i.e. the consent you have given.
4 Data processing for social media accounts
Interzero is represented on the following networks of its own social media accounts:
On these pages we keep you up to date with the latest news from Interzero and all that we do, and we are happy to use the facilities provided by social networks to communicate directly with their members.
However, please note that we do not have full control over the processing of your data by social networks. Therefore, please check carefully what personal data and what messages you send to us via social networks and, if in doubt, use the other means of contacting us that we provide. We are not responsible for the conduct of the operators of these social networks and their other members, we are only responsible for our own acts or omissions.
When you communicate with us via our social media accounts, we process the information provided to us for this purpose by the respective social network (e.g. your name, your profile page and the content of the messages you have sent to us) in accordance with the purpose for which you sent it (e.g. service requests, suggestions and criticism). We will delete the data collected in this way when storing it is no longer necessary, or we will restrict its processing if there are statutory retention obligations. In the case of public posts on our social media accounts, we decide on a case-by-case basis, weighing your interests and ours, whether and when we can delete said posts.
The legal basis for the above data processing depends on the purpose of sending the message. If the purpose is to make use of our customer service or to request a service from Interzero, the legal basis will be Article 6(1)(b) RODO. Otherwise, the legal basis will be Article 6(1)(f) RODO (necessary for the purposes of the legitimate interests pursued by the controller). To the extent that the User has consented to the processing of the above data, the legal basis will be Article 6(1)(a) RODO.
5 Disclosure of data
5.1 Principles
We only disclose your data if:
- You have given your express consent to do so in accordance with Article 6(1)(a) of the RODO
- The disclosure is necessary on the basis of Article 6(1)(f) of the DPA in order to bring, exercise or defend the Interzero Companies' legal claims and there is no reason to believe that you have a compelling interest in your data not being disclosed that overrides our legitimate interest,
- We have a statutory duty to disclose pursuant to Article 6(1)(c) of the DPA,
- Disclosure is permitted by law and is necessary under Article 6(1)(b) of the RODO in order to perform a contract to which you are a party or to take action at your request before entering into a contract
5.2 Disclosure of information to external service providers Interzero Organizacja Odzysku Opakowań S.A. and Interzero Polska Sp. z o.o., Interzero Advisory Spółka z o.o., as well as Interzero Organizacja Odzysku Opakowań and Organizacja Odzysku Sprzętu Elektrycznego i Elektronicznego S.A.
Some of the data processing specified in this Data Protection Notice may be carried out on our behalf by external service providers. Together with the service providers mentioned in this data protection notice, these may include, in particular, data centres that store our websites and databases, IT service providers that maintain our systems and corporate consultants.
Where we disclose data to our service providers, these service providers may only use the data to perform their tasks. Such service providers are carefully selected and act on our instructions. They are contractually obliged to comply with our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are regularly monitored by us.
Should we, in addition to the above data protection notice, transfer your data to a service provider located in a country outside the European Economic Area (EEA), we will inform you separately of this fact when necessary and provide you with the specific guarantees on which this transfer is based. Should you wish to receive copies of the warranties attesting to an adequate level of data protection, please kindly contact us (see section 1).
6 Storage period
Unless otherwise stipulated in this data protection notice, we store data and use them only for as long as necessary to fulfil our contractual or statutory obligations or for the purpose for which the data was collected. After the expiry of the statutory limitation period, we will restrict their processing, i.e. from that point onwards, the data will only be used to fulfil statutory obligations.
We will delete your data immediately, unless we still need it until the end of the statutory limitation period for evidential purposes, in civil claims or to comply with statutory retention periods. Even later, we may need to retain your data for accounting purposes. We are obliged to do so in order to comply with statutory record retention rules that may arise from the Accounting Act, the Tax Ordinance, the Packaging and Packaging Waste Management Act, the Anti-Money Laundering and Countering the Financing of Terrorism Act and others. The retention periods set out in these laws are up to a maximum of six years counting from the end of the relevant calendar year.
The legal basis for such data protection for the purposes of compliance with statutory documentation and storage obligations is Article 6(1)(c) of the DPA.
7 User rights
(1) Every person whose data is processed has the right:
a. to access - to obtain confirmation from the controller as to whether or not his or her personal data are being processed. If data about a person is being processed, he or she is entitled to have access to it and to be provided with the following information: the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data have been or will be stored or the criteria for determining them, the data subject's right to request rectification, erasure or restriction of the processing of personal data and to object to such processing (Article 15 RODO);
b. to receive a copy of the data - obtain a copy of the data undergoing processing, with the first copy being free of charge and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15(3) RODO);
c. to be corrected - request the rectification of personal data concerning him/her which is inaccurate or the completion of incomplete data (Article 16 RODO);
d. to delete data - request the erasure of her personal data where the controller no longer has a legal basis for the processing or the data are no longer necessary for the purposes of the processing (Article 17 RODO);
e. to restrict processing - request the restriction of the processing of personal data (Article 18 RODO) when:
-
-
- the data subject questions the accuracy of the personal data, for a period allowing the controller to verify the accuracy of the data;
- the processing is unlawful and the data subject objects to the erasure by requesting a restriction of use;
- the controller no longer needs the data, but they are needed by the data subject to establish, assert or defend a claim;
- the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject's objection.
-
f. to data portability - to receive in a structured, commonly used machine-readable format the personal data concerning him or her which he or she has provided to the controller, and to request that these data be sent to another controller if the data are processed on the basis of the data subject's consent or a contract with him or her and if the data are processed by automated means (Article 20 RODO);
g. to the objection - object to the processing of his or her personal data for the legitimate purposes of the controller on grounds relating to his or her particular situation, including profiling. The controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller will be obliged to cease processing for these purposes (Article 21 RODO).
(2) In order to exercise the aforementioned rights, the data subject should contact, using the contact details provided, the controller and inform him/her of which right and to what extent he/she wishes to exercise it.
(3) The data subject has the right to lodge a complaint if he or she believes that his or her personal data is being processed incorrectly.
(4) The supervisory authority to which a complaint may be lodged is the President of the Office for the Protection of Personal Data (OPAP).
Withdrawal of consent In accordance with Article 7(3) of the RODO, you have the right at any time to withdraw any |
Objection to the processing of personal data Insofar as we process your data on the basis of legitimate interest in accordance with Article 6(1)(f) RODO, you have the right in accordance with Article 21 RODO to object to the processing of your data if this is justified by your particular situation, or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented even if no reasons are given. |
9 Data security
We maintain technical measures suitable for guaranteeing data security in our online services, in particular to protect your data from the dangers of data transmission and from unauthorised access by third parties. These measures are constantly adjusted to reflect the latest state of technology. In order to protect the personal data you provide on our website, we use TLS (Transport Layer Security), which encrypts the information you enter.
10. Amendments to this Data Protection Notice
We will update this Data Protection Notice from time to time, for example if we modify our website or if statutory or official regulations change.