DATA TO WHICH THIS INFORMATION APPLIES
This information about the processing of personal data by the Comarch Group companies applies to data
processed in connection with the operation of websites/accounts on social networks: Facebook, Instagram, LinkedIn, Youtube, Twitter, Tiktok, Spotify.
DATA CONTROLLER, DATA CONTROLLER’S REPRESENTATIVE
The controller of your personal data in connection with the operation of pages/accounts in social media is a company from the Comarch Capital Group that runs a profile/account on a given social network.
For an up-to-date list of the Comarch Group companies and theirs contact details, go to:
https://www.comarch.com/company/capital-group/ and https://www.comarch.com/contact/worldwideoffices/
Pursuant to Article 27 of GDPR, the Comarch Group companies established outside the EU have designated Comarch S.A., with its registered office at Al. Jana Pawła II 39, 31-864 Kraków, as their representative.
CONTACT DETAILS FOR MATTERS RELATED TO PERSONAL DATA, DATA PROTECTION OFFICERS
In matters related to the processing of your data by the Controller, you can contact the Data Protection Officer appointed by the Controller or, if the Data Protection Officer has not been appointed, to the following address: iod@comarch.pl.
| Company | Contact Details |
| Comarch S.A. | Data Protection Officer:
|
| Comarch Polska S.A. | Data Protection Officer:
|
| CA Consulting S.A. | Data Protection Officer:
|
| Comarch Healthcare S.A. | Data Protection Officer:
|
| Comarch AG | Data Protection Officer: datenschutzbeauftragter@comarch.de |
| Comarch S.A.S. | Data Protection Officer: dpo@comarch.fr |
| Comarch Healthcare S.A.S. | Data Protection Officer: dpo@comarch.fr |
| Comarch Finance Connect Sp. z o. o. | Data Protection Officer:
|
| Other Comarch Group Companies | Any inquiries or requests related to the processing of personal data by other Comarch Group Companies should be send to the address:
|
SCOPE OF DATA
Your personal data is processed if you follow, subscribe to or comment on our pages/accounts on social networks or send us messages within a given portal. The Controller may receive data directly from you orfrom third parties by tagging you in the comments.
The scope of data that we process depends on which portals you use and your privacy settings in these portals, e.g. whether your profile is private or public.
In connection with the above, the Controller may process, among others, your name, surname, username, email address, profile photo (avatar), content of entries and comments shared by you. For LinkedIn, this may also include information about you education and work experience.
LEGAL BASIS, PURPOSE AND PERIOD OF DATA PROCESSING
Personal data as part of the operation of social networking sites by Comarch Group companies are processed for the purposes specified below.
I.
PURPOSE: operating and managing the website/account,
LEGAL BASIS: Article 6.1. f) of GDPR PROCESSING PERIOD: until your objection submitted under Article 21 of GDPR is granted or the purpose of the processing ceases to exist
Your personal data are processed for this purpose to enable us to effectively manage the website/account, including providing information about our activities, ensuring security and user conduct in accordance with the regulations and rules applicable on individual social networking sites where we have our profiles/accounts, including by moderating or deleting comments.
II.
PURPOSE: conducting communication within the website/account,
LEGAL BASIS: Article 6.1. f) of GDPR
PROCESSING PERIOD: until your objection submitted under Article 21 of GDPR is granted or the purpose of the processing ceases to exist
Your personal data are processed for the purpose of communication within the website/account, in particular responses to reactions, comments and private messages.
III.
PURPOSE: statistical,
LEGAL BASIS: Article 6.1.f) of GDPR
PROCESSING PERIOD: until your objection submitted under Article 21 of GDPR is granted or the purpose of the processing ceases to exist
Your personal data are processed for statistical purposes carried out through tools provided by the portal. Data processed for statistical purposes may include information on how many people have viewed our posts, what reach our posts have, and geographical data.
IV.
PURPOSE: marketing and promotion of products and services,
LEGAL BASIS: Article 6.1. f) of GDPR
PROCESSING PERIOD: until your objection submitted under Article 21 of GDPR is granted or the purpose of the processing ceases to exist
We process your personal data for the above purposes on the basis of art. 6.1. f) of GDPR, i.e. the legitimate interest of the data controller, which consists in ensuring the continuity of business communication, marketing and promotion of own products and services, taking care of the brand image, informing about organized events and ongoing communication with users of the website/account. As part of this purpose, we can for example provide you with information regarding the offer of our new product.
V.
PURPOSE: exercise or defence of legal claims,
LEGAL BASIS: Article 6.1. f) of GDPR
PROCESSING PERIOD: the period of statutory period of limitation of claims
Your data may be processed for the purpose of pursuing possible claims or defending against claims.
In such a case, the data processing will be undertaken in order to pursue the legitimate interest of the
administrator, which is the protection of rights, confirmation of the fulfilment of obligations.
In the case of pursuing claims or defending against claims, for the period of limitation of claims resulting from the regulations, and in the case of communication, for the period necessary to answer your questions
VI.
PURPOSE: organization of competitions,
LEGAL BASIS: Article 6.1. a) of GDPR
PROCESSING PERIOD: until the consent is withdrawn
In the event of participation in a competition organized by the Controller, your personal data will be processed for the purpose of conducting the competition, including selecting the winner and announcing the results, in accordance with the competition regulations.
For this purpose, the Controller will process your personal data on the basis of your consent, i.e. on the basis of Article 6.1. a) of the GDPR.
Your consent is voluntary and may be withdrawn at any time. Withdrawal of your consent will not affect the lawfulness of data processing before its withdrawal. Withdrawal of consent will prevent you from participating in the competition, as providing this personal data is required to participate in the competition.
VII.
PURPOSE: fulfilment of the legal obligation to prepare and retain documents after the competition,
LEGAL BASIS: Article 6.1. c) of GDPR
PROCESSING PERIOD: the retention period for documents confirming the conclusion and performance
of contracts, arising from the controller’s national laws.
If you win the competition and receive a prize, your personal data will be processed in order to comply with the legal obligation to prepare and store documentation on the basis of Article 6.1. c) of the GDPR, i.e. a legal obligation to which the controller is subject.
JOINT CONTROLLERS
In connection with the profiles held in social media, in accordance with Article 26 of the General Data Protection Regulation (GDPR) in the scope of data processing for statistical and advertising purposes:
RIGHTS OF DATA SUBJECT
Under the provisions of GDPR, you have the following rights as the data subject:
1/ right of access to data;
2/ right to rectification of data;
3/ right to erasure of data (‘right to be forgotten’);
4/ right to restriction of data processing;
5/ right to data portability;
6/ right to object (where the controller’s legitimate interest is the basis for data processing);
7/ right to withdraw consent (where consent is the basis for data processing).
The exercise of these rights is subject to the conditions set out in GDPR. If your request is rejected, you will receive a reply with relevant reason for such decision.
In order to exercise your rights, please contact us as directed in the CONTACT DETAILS FOR MATTERS RELATED TO PERSONAL DATA section.
Please note that:
the right to erasure of data and the right to restriction of data processing will only apply in cases specifically mentioned in GDPR;
the right to data portability will only apply if the legal basis for processing is your consent or the performance of a contract;
the controller may refuse to erase your data despite receiving such a request if one of the exceptions listed in GDPR applies, for instance if the processing is required for compliance with a legal obligation or for the establishment, exercise or defence of legal claims;
in some cases, the controller may refuse to grant your objection to the processing of data based on the
controller’s legitimate interest, where there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where there are grounds for the establishment, exercise or defence of legal claims;
however, this right is not available to the controller when data is processed for direct marketing purposes (e.g. commercial communications).
You have the right to lodge a complaint with the competent supervisory authority. A list of supervisory
authorities in EU Member States is available at http://ec.europa.eu/newsroom/article29/itemdetail.cfm?item_id=612080.
RECIPIENTS, DATA TRANSFERS TO THIRD COUNTRIES
Within the scope of the implementation of the above-mentioned purposes, personal data may be made available to suppliers, service providers and partners with whom the Controller cooperates to the extent necessary to achieve the above-mentioned purposes. Personal data may be made available to other companies from the Comarch group.
Therefore, we inform you that personal data may be transferred to a country outside the EU. If personal data is transferred to a third country in respect of which no adequacy decision regarding the level of data protection has been issued by the European Commission, the Comarch Group companies will provide appropriate safeguards via standard data protection clauses adopted by the European Commission or the supervisory authority (in accordance with Article 46.2 c) and d) of GDPR).
Should you have any questions on the processing of your data and how to obtain a copy of standard data
protection clauses, please contact us as directed in the CONTACT DETAILS FOR MATTERS RELATED TO PERSONAL DATA section.
In addition, the data is made available to entities running social networking sites on the terms set out in their privacy policies, i.e.:
LEGAL NOTE
This Information about the processing of personal data by the Comarch Group companies is of a purely
informational nature and is disclosed to meet the obligations arising under the General Data Protection
Regulation (GDPR). This Information is copyright protected work and as such is legally protected. This document
may only be used for its intended purpose and must not be reproduced or used in whole or in part for any other
purposes.