The security and confidentiality of the data we process are our top priorities. Please be assured that we, as a Company, make every effort to ensure that your data is adequately protected, in particular through the use of appropriate security measures, including physical, organisational and technical safeguards. Our services are designed and developed, taking into account aspects concerning the protection of your data and information security.
This policy is a basic obligation to provide information for our customers and interested parties about the purpose, scope, and categories of personal data that is processed, the period of processing of data and the rights of data subjects. We also strive to fulfil a dedicated obligation to provide you with information based on a specific activity, in particular during recruitment, employment and the establishment of business relationships.
If you visit our website, the personal data processing policy is available at: https://embatterysystems.com/privacy-policy/
Details of the data controller and data protection officer.
The controller of your personal data is: EMBS Sp. z o.o. with its registered office at ul. Alberta Einsteina 36, 44-109 Gliwice, REGON: 6482326274, NIP: 6482326274 (hereinafter the “Data Controller” or “EMBS”). As the Data Controller, we are responsible for ensuring the security of your personal data and their use in a manner compliant with the applicable laws, in particular those set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter “GDPR”).
If you have any questions, please send them to the postal address of our registered office or to the following e-mail address: rodo@embatterysystems.com.
The Data Controller has designated a Data Protection Officer. The Data Protection Officer is Mr Tomasz Banasik, who provides information about the processing of personal data by the Data Controller. You may contact the Data Protection Officer at: rodo@embatterysystems.com.
Categories of processed data, purpose, legal basis and period of processing.
Please be advised that in connection with our activities, we process your personal data as follows:
1. A natural person who runs a sole proprietorship and has concluded a contract with EMBS or steps have been taken towards the person prior to the conclusion of the contract, at the person’s request.
- Necessary to perform the contract concluded by the person with EMBS or to take steps, at the person’s request, prior to the conclusion of the contract, on the basis of (b) of Article 6(1) of the GDPR;
- Necessary to perform the legal obligations of EMBS, in particular those under tax laws and accounting laws based on point (c) of Article 6(1) of the GDPR;
- Purposes of the legitimate interests pursued by EMBS, in particular ensuring contact before the conclusion of and for the duration of the contract, and also the establishment, exercise or defence of legal claims based on point (f) of Article 6(1) of the GDPR;
- Data is processed per the requirements of the law, i.e. for the period of 5 years from the termination of cooperation for accounting and tax purposes.
2. A person authorised to represent, a contact person or another person from the entity which has concluded a contract with EMBS or another person participating in the performance of a contract with EMBS.
- Purposes of the legitimate interests pursued by EMBS, in particular ensuring contact with an entity which is a party to the contract concluded with EMBS, verification of whether a person contacting EMBS is authorised to act on behalf of that entity, proper performance of the contract concluded with EMBS and the establishment, exercise or defence of legal claims based on point (f) of Article 6(1) of the GDPR;
- Necessary to perform the legal obligations of EMBS, in particular those under tax laws and accounting laws based on point (c) of Article 6(1) of the GDPR;
- Data is processed for the duration of the contract and 5 years from its termination, for accounting and legal purposes.
3. A person applying for a job at EMBS / seeking cooperation with EMBS.
- Necessary to conduct the recruitment process on the basis of Article 22(1) of the Labour Code Act of 26 June 1974 (J.ofLaws of 2018, item 917 consolidated text, as amended) – where employed under an employment contract;
- Necessary to conduct the recruitment process and to take steps at the request of a data subject, before the conclusion of a contract based on point (b) of Article 6(1) of the GDPR – where employed under a civil law contract;
- Necessary to conduct future recruitment processes based on point (a) of Article 6(1) of the GDPR – where consent to the processing of personal data is freely given for necessary purposes of future recruitment processes;
- Data is stored until the end of the recruitment. Where consent is given to participation in future recruitment purposes – for the period of 1 year or until consent is withdrawn.
4. A person applying for internship at EMBS
- Necessary to conduct the recruitment process and to take steps at the request of a data subject, before the conclusion of a contract based on point (b) of Article 6(1) of the GDPR;
- Necessary to conduct future recruitment processes based on point (a) of Article 6(1) of the GDPR – where consent to the processing of personal data is freely given for necessary purposes of future recruitment processes;
- Data will be processed until the end of the recruitment process. Where consent is given to participation in future recruitment purposes – for a maximum period of 1 year or until consent is withdrawn.
- Data is processed for the duration of the internship and then for the period of 6 years from its end, for the purpose of exercise or defence of legal claims, pursuant to regulations concerning the claims limitation period.
5. Person employed at EMBS
- Necessary to conduct the hiring process based on Article 22(1) of the Labour Code Act of 26 June 1974 (J.ofLaws of 2018, item 917 consolidated text, as amended) – where employed under an employment contract;
- Necessary to conduct the hiring process and to take steps at the request of a data subject, before the conclusion of a contract based on point (b) of Article 6(1) of the GDPR – where employed under a civil law contract;
- Employees’ personnel files are processed for 10 years for employees hired after 01.01.2019 and 50 years for employees hired before that date. Documentation related to civil law contracts is processed for the period of 6 years.
6. Persons whose images have been captured by visual surveillance
- Purposes of the legitimate interests pursued by EMBS, in particular in connection with the need to ensure employees’ safety and property protection, based on point (f) of Article 6(1) of the GDPR;
- Visual surveillance records are stored for a maximum period of 3 months.
7. Persons who are senders or recipients of communications
- Purposes of the legitimate interests pursued by EMBS, in connection with the need to ensure proper circulation and supervision of communications, based on point (f) of Article 6(1) of the GDPR;
- Data is processed for a period of 5 years under the requirements of law.
8. Visitors to the registered office of EMBS / guests
- Purposes of the legitimate interests pursued by EMBS, in connection with the need to ensure safety, by keeping sign-in and out records, based on point (f) of Article 6(1) of the GDPR;
- The sign-in and out record is stored for 1 year after the visit date.
9. Employees of transport companies cooperating with EMBS
- Purposes of the legitimate interests pursued by EMBS, in connection with the need to ensure safety and manage the goods issue /acceptance process, based on point (f) of Article 6(1) of the GDPR;
- Data is processed for the duration of cooperation and 5 years from its end, as required by regulations.
10. The personal data of whistleblowers, people who report breaches of law, witnesses and also offenders is processed by EMBS to ensure compliance with law and protect whistleblowers.
- The processing of the personal data of whistleblowers is necessary to comply with the legal obligations of EMBS under the Act of 14 June 2024 on the protection of whistleblowers and Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law – point (c) of Article 6(1) of the GDPR;
- Where there is a need to ascertain the truth and reliability of a report and to follow up on the report, data may be processed based on the legitimate interests of the controller (point (f) of Article 6(1) of the GDPR);
- The processing of special categories of personal data such as information concerning health status may be based on point (g) of Article 9(2) of the GDPR in conjunction with Article 8 para. 4 of the Act on the protection of whistleblowers, to ensure reports are handled correctly;
- The personal data of whistleblowers is stored for a period required to handle a report and possibly follow up on the report, no longer, however, than for 3 years from the end of the calendar year in which the follow-up action or any proceedings initiated by such action is completed, unless otherwise provided by law.
Rights of persons whose data is processed.
At every stage of our data processing, you have (in principle) the right to:
- access your data, including obtaining information about the extent of the data we process and obtaining a copy of that data
- modification and rectification of your data, including, if there are no other legal contraindications, to restriction of the extent of processing
- erasure (“right to be forgotten”), if there are no legal contraindications
- not to be subject to automated decisions based on profiling
- object to improper processing of your personal data (including to withdraw your consent)
- transmit your data to another data controller, if data is processed in relation to consent given or to a concluded contract
- to lodge a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Authority (ul. Stawki 2, 00-193 Warszawa).
Exercise of rights of data subjects.
In order to ensure that your enquiries are handled correctly and that due care is taken when handling them, we have standardised a form through which you can request the exercise of your rights. You can obtain the request form from us when contacting us for the first time in relation to your request to exercise your right. We also accept requests other than those submitted on our form.
You may submit completed request forms in person, by mail to the provided address of the registered office of EMBS or by email to: rodo@embatterysystems.com, sending an electronically signed request or a scan of a manually signed document. Every request you submit is handled on a case-by-case basis and with the applicable legislation. The possibility of exercising a specific right may depend on the legal basis used for the specific purpose of processing your data and whether the processing is not dependent on the performance of a contract or service.
Your requests will be processed without undue delay, within a maximum of one month of receipt, however, it is possible that we may not be able to meet this deadline due to the nature of the request. In such a case you will be notified about the delay and its causes. Similarly, should such circumstances arise, we will inform you of the reasons for the refusal to accept and comply with your request.
Please be advised that the first request is carried out free of charge, however, in situations where your requests are unfounded or excessive, we reserve the right to charge a fee for providing information again. You will be informed immediately of the amount of the fee or any other reason for which we are unable to comply with your request.
In addition, to guarantee the security of the information provided, if we are unable to correctly identify you as the person authorised to receive the data, we reserve the right to change the manner in which the information is provided, of which you will be informed. If the right to data portability is exercised, the Data Controller will transfer the data directly to another Data Controller if technically feasible. The person requesting the exercise of this right will be informed of the decision as to whether the transfer is possible.
Entities personal data may be made available to.
We may make personal data available to the following parties where this is necessary to fulfil the purposes for which we collected it:
- Affiliated entities within the EMBS Group;
- External third parties, including law enforcement or other authorities, if required to comply with a legal or regulatory obligation.
We require all third parties to respect the security of personal data and treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only allow them to process personal data for specific purposes and in accordance with our instructions.
Processing by automated means and international data transfer.
Please by informed that the data we process is not subject to automated decision-making and profiling. Personal data is processed mainly in the European Economic Area (EEA). In a small number of cases, personal data may be transferred to and stored at destinations outside the EEA (e.g. the USA). It may also be processed by staff operating outside the EEA who work for one of our service providers. We will take reasonable steps to ensure that your personal data is secure and treated by this Privacy Notice and applicable data protection laws, including by entering into appropriate contractual terms with the party receiving the data from outside the EEA. If such data is transferred, we will inform you of this on a separate basis.
Where appropriate, we provide appropriate safeguards, such as:
- Standard contractual clauses approved by the European Commission: Used in contracts with data recipients outside the EEA to ensure an adequate level of data protection. For more information on standard contractual clauses, please visit the website of the European Commission – Standard Contractual Clauses.
- EU-US Data Privacy Framework: A mechanism, approved on 10 July 2023, replacing the previous system of EU-US Privacy Shield and introducing new binding safeguards, aimed at limiting access to data by US intelligence authorities and ensure that EU citizens may exercise their claims. For more details on the EU-US Data Privacy Framework, please visit the Data Privacy Framework website.
- Consent: Where required, we obtain your explicit consent to transfer your personal data outside the EEA.
You have the right to obtain a copy of the suitable safeguards used when transferring your data outside the EEA, by contacting us at the contact details provided in para. 1.
Contact details of job applicants.
In the process of applying for a position with our company, we collect, store and use the personal data of applicants, including information provided in a CV, application form or cover letter, information provided during interviews and assessments, records of qualifications, skills and training, references, copies of right-to-work documentation and records of pre-employment checks.
We use the recruitment information we collect to:
- assess skills, qualifications and suitability for the job/role;
- communicate with applicants about the recruitment process;
- decide whether to conclude a contract of employment (or other service) with the applicant;
- maintain records related to our hiring processes; and
- ensure compliance with legal or regulatory requirements.
Subject to local legislation, we may retain recruitment information for up to two years after we have communicated the decision to allocate a specific position to the applicant. We are entitled to keep the applicant’s personal data for the above-mentioned period in order to be able to prove, in the event of a legal claim, that we have not discriminated against applicants on unlawful grounds and that we have conducted the recruitment in a fair and transparent manner. If you would like your data to be stored for future recruitments as well, please add the following consent in your CV or a message sent to as: “I consent to the processing of my personal data as included in my CV by EMBS Sp. z o.o. in its future recruitment processes.”
Recruitment through external portals: You can also find our job listings on external recruitment portals such as pracuj.pl and LinkedIn. We encourage you to apply through those portals or send an up-to-date CV to the following email address: career@embatterysystems.com. Please write the name of the position you are interested in in the subject line of your message. We also encourage you to send in your applications, even if we are not currently advertising specific vacancies.
Method of data safeguarding.
To prevent unauthorised or unlawful access, accidental loss, damage or destruction of personal data, EMBS uses appropriate technological solutions and security measures under the requirements established by the GDPR and other generally applicable laws.
Access to personal data is given to EMBS and to persons authorised by EMBS who have undertaken to maintain the confidentiality of such personal data.
Lodging complaints/obtaining information regarding the processing of personal data.
Should you have any concerns/questions about the processing of your personal data or complaints in this regard that you wish to raise, please contact us directly so that we can answer your questions/complaints. The contact details of the Data Controller and the designated Data Protection Officer of EMBS, are provided in paragraph 1.
If you wish to make a formal report about any issues, you have the right to lodge a complaint with the Polish data protection authority:
President of the Personal Data Protection Authority (Polish: Prezes Urzędu Ochrony Danych Osobowych, President of UODO)
- Address: ul. Stawki 2, 00-193 Warszawa.
Miscellaneous.
This policy is periodically reviewed and updated to comply with applicable laws and regulations and meets the obligation under Articles 13-14 of the GDPR. Please be also advised that we endeavour to fulfil our obligations to provide information when collecting personal data concerning particular processing activity on a case-to-case basis.
From time to time, we may update this document in response to changing legal, regulatory or operational requirements. Updates will be published directly in this document and the date of the last change will be updated at the end of the information.
The last update was carried out on: 04.10.2024