Privacy policy
Privacy information clause on the processing of personal data
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter as: GDPR, Neon Shake LLC, based in Wrocław, Poland provides you with the following information, which concerns the collection of data in connection with the initiation of contact, in order to establish business cooperation or to make use of the services or products offered by the Administrator.
1. Personal data administrator
The personal data administrator is Neon Shake LLC with registered office in Wrocław (address: ul. Gabrieli Zapolskiej 1/301, 50-032 Wrocław, entered the Register of Entrepreneurs of the National Court Register under KRS no. 0001140186).
In matters related to the protection of personal data, the data subject may contact the Administrator by submitting a letter to the Administrator’s secretariat or sending it by registered mail to the address of the Administrator’s registered office:
Neon Shake sp. z o.o. Gabrieli Zapolskiej 1/301, 50-032 Wrocław with the annotation RODO, as well as by e-mail to: [email protected].
2. Purpose and basis of processing of personal data
The personal data provided to the Administrator will be processed for the following purposes:
- For the purposes carried out within the so-called legitimate interest of the Administrator in relation to responding or providing information to the contact initiated by you by telephone, letter, e-mail or through communication channels.
- In social media (chats, messengers, etc.).
The basis for the processing of your data is, in this case, your consent resulting from the initiation of the contact (Article 6(1)(a) of the DPA), and once the contact has ended, it is the legitimate purpose of the Administrator – the archive of the correspondence for the purpose of proving its course in the future and until the statute of limitations for possible claims (Article 6(1)(f) RODO)
- In pursuit of the so-called legitimate interest of the Administrator in connection with the Administrator’s initiation of contact with you, either as a business entity or as a representative of a business (e.g., an employee), for the purpose of establishing business cooperation, your data is most often obtained as follows:
- We have acquired them from publicly available registers of entrepreneurs (e.g., National Court Register, Central Register and Information on Economic Activity, National Business Registry Number, etc.) and publicly accessible sources (advertisements, informational brochures, etc.), including from the Internet (your company’s website, LinkedIn, social media, etc.).
- We have received them directly from your employer or from a colleague, who has assured us that we can contact you.
- We have received them from you, for example, on a business card, through email, during written correspondence, through communication channels on social media (chats, messengers, etc.), or during a phone conversation.
The legal basis for processing data in this case is the legitimate interest of the Administrator, which is understood as the pursuit of a business goal related to the presentation and sale of its own services or products through initiating contact with you (Article 6(1)(f) of the GDPR). Additionally, your consent for the Administrator to initiate contact, for example, by providing a business card, posting a publicly available announcement, or providing contact details for correspondence (Article 6(1)(a) of the GDPR) is considered. After the contact is concluded, the legally justified purpose of the Administrator is archival of correspondence for the purpose of documenting its course in the future and until the expiration of any potential claims (Article 6(1)(f) of the GDPR).
- In order to perform and based on the agreement concluded with you (legal basis under Article 6(1)(b) of the GDPR)
- For archival (evidential) purposes to secure information in case of legal necessity to demonstrate facts, which is our legitimate interest (legal basis under Article 6(1)(f) of the GDPR)
- For the potential establishment, investigation, or defence against claims, which is our legitimate interest (legal basis under Article 6(1)(f) of the GDPR).
3. Categories of processed personal data by the administrator
The administrator will process the following categories of data that you provide to us in connection with contact or contract conclusion, or that the administrator has obtained from publicly available sources:
- Basic identification data, such as:
- Name (names) and surname,
- Pseudonym (e.g., used in your social media),
- Correspondence address or other contact details, including phone number or email address,
- Company under which you conduct business or under which your employer operates (client, etc.),
- Position held or professional title.
- Data regarding possessed professional qualifications,
- Image, if publicly shared by you (e.g., on social media) or in email correspondence (e.g., in the signature),
- Identification data assigned by public authorities,
- Financial identifying data,
- Contracts and settlements.
4. Recipients of personal data and their transfer
The recipients of your personal data may exclusively include:
- Relevant state authorities acting on the basis of universally applicable legal provisions,
- Entities processing personal data on behalf of the Administrator in connection with providing services necessary for the Administrator’s operations, such as IT service providers (hosting providers for the Administrator’s website and mail servers, a company providing email marketing software, entities providing tools to enhance communication with subscribers, etc.), postal operators, courier services, entities providing accounting and legal services, owners of social media platforms (if you contact through these channels). Such entities process data based on an agreement with the Administrator and solely in accordance with the Administrator’s instructions.
Your personal data may be transferred to third countries in the context of the information technology infrastructure used by the Administrator. In cases of such transfers, appropriate provisions on the protection of personal data are applied (e.g., adherence to the so-called Privacy Shield list), and the possibility of obtaining copies of the data transferred to third countries is ensured.
5. Retention period and processing method of your personal data
Personal data will be processed by the Administrator – depending on the purpose and basis of processing – until:
- The business purpose ceases or until you object to the processing of your personal data for contact purposes,
- Expiry of claims related to initiated contact and correspondence,
- Expiry of claims related to the concluded agreement with you.
Your data will also be processed in an automated manner, as the Administrator will use computer programs in the data processing.
However, within the scope of the mentioned data processing, the Administrator will not employ methods involving automated decision-making, including profiling.
6. Rights of individuals whose personal data is processed
In regard with the processing of personal data provided by you, the individual to whom the data pertains has the right to:
- Access their data and obtain a copy of it,
- Correct (amend) their data,
- Request the deletion of voluntarily provided data,
- Request the limitation of data processing,
- Object to the processing of data,
- Data portability, including the right to receive the personal data provided to the Administrator in a structured, commonly used, machine-readable format (such as CSV), and the right to instruct the Administrator to transmit this data directly to another entity specified by you,
- Withdraw consent to the processing of personal data voluntarily provided at any time. The withdrawal of consent will not affect the lawfulness of processing based on your consent before its withdrawal.
Additionally, the individual whose data is concerned has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing of their personal data violates the provisions of the GDPR.
7. Information on the requirement to provide data
Your provision of personal data – depending on the purpose and basis of processing – is:
- voluntary,
- a condition for the conclusion of a contract,
- a statutory requirement.