This Privacy Policy complies with the provisions arising from Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter referred to as the GDPR.

Data Controller

The Data Controller is:
ESPES Sp. z o.o.
Opacz Kolonia, ul. Ewy 4
05-816 Michałowice
(Pruszków County, Mazowieckie Voivodeship)
E-mail: espes@espes.pl
Phone: +48 22 753 04 41

Data Protection Officer

For all matters related to the processing of personal data and the exercise of rights associated with such processing, you may contact:
Data Protection Officer: Marcin Wasążnik – kontakt@bezpieczna-strefa.pl

What Data Do We Process?

We process data that you voluntarily provide while using our website, in particular:

• Contact (including personal) data provided by you by sending e-mails to the addresses listed on our website,
• Contact data voluntarily provided through contact forms on our website,
• Personal data voluntarily provided in recruitment documents (CV, résumé, cover letter) sent to the e-mail addresses listed on our website, by traditional mail, or delivered in person to our office.

We also process non-personal data for statistical purposes or to improve and facilitate the use of our website:

• Data generated during browsing of our website in the form of cookies,
• Server logs (e.g. IP address, domain).

Purpose of Processing Personal Data

The personal data you voluntarily provide through e-mail addresses or contact forms on our website are processed for the following purposes:

• Responding to business inquiries,
• Establishing business cooperation – including the sending of commercial offers (upon your request),
• Execution of order-related processes,
• Handling of complaints,
• In the case of job offers – carrying out ongoing recruitment processes.

Legal Basis for Data Processing

E-mail and traditional correspondence

• For data provided through contact forms – your consent (Article 6(1)(a) GDPR),
• Necessity of data for the provision of a service (e.g. response to an inquiry, issuance of an invoice, order processing) – (Article 6(1)(b) GDPR),
• Other purposes – legitimate interests pursued by the Data Controller – (Article 6(1)(f) GDPR).

Recruitment

• To fulfill legal obligations related to employment processes, in particular the Labor Code – legal obligation of the Data Controller (Article 6(1)(c) GDPR in connection with the Labor Code),
• For future recruitment processes – based on consent (Article 6(1)(a) GDPR).

Processing of Non-Personal Data (Cookies, Server Logs)

Non-personal data such as cookies or server logs are processed for the purposes of:

• Improving and optimizing website performance,
• Statistical purposes – monitoring website traffic and administering the website,
• Ensuring the security and proper functioning of the website.

Is Providing Personal Data Mandatory?

Providing personal data is not mandatory. You provide your data voluntarily in specific cases – for example, if you wish to contact us via a contact form or e-mail address provided on our website.

Disclosure of Data to Other Entities

In certain cases, we may share your personal data with third parties. Where justified, the recipients of your data may include:

• Our authorized employees and collaborators who have access to personal data in order to perform their duties (e.g. HR staff, sales staff, customer service employees, couriers),
• Other recipients of data – subcontractors, courier companies,
• Public authorities, in connection with proceedings conducted by them.

Data Retention Period

The retention period depends on the purpose of data processing and may also result from applicable laws where they constitute the basis for processing.
Your personal data will be stored for a period ranging from 30 days to 5 years, depending on the use of marketing opportunities and data analysis necessary for business operations.
If processing is based on your consent, the data will be processed until the consent is withdrawn.

User Rights

You have the following rights regarding the processing of your personal data by our company:

• The right to access your personal data, including obtaining a copy,
• The right to rectification, erasure, or restriction of processing,
• The right to lodge a complaint with a supervisory authority,
• The right to object to further data processing.

If your data are processed based on consent, you also have the following rights:

• The right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

If your data are processed based on consent or as part of a provided service (where the data are necessary for the service), you may also exercise:

• The right to data portability.

To exercise any of these rights, please contact the Data Controller or the designated Data Protection Officer.

How to Withdraw Consent for Data Processing?

To withdraw any consent granted to our company for the processing of personal data, simply send an e-mail or a written letter to the contact details provided above.
You may express your intention to withdraw consent in any form, provided it reaches us in written form.