(for individuals initiating contact by letter, telephone, or e-mail, including those receiving marketing information from Mostostal S.A.)

Pursuant to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 119/1 of 04.05.2016), hereinafter referred to as the “GDPR”, please be informed that:

1. The controller of your personal data is Mostostal S.A., with its registered office in Warsaw ul. Wybrzeże Gdyńskie 6b, 01-531 Warsaw (hereinafter: the “Controller”). The Controller can be contacted by traditional mail at the address of its registered office or by e-mail at: rodo@mostostal-sa.pl.
2. The Controller has appointed a Data Protection Officer who can be contacted regarding matters related to the protection of personal data and the exercise of related rights. For this purpose, you can contact us by e-mail at: rodo@mostostal-sa.pl or by traditional mail at the address indicated in item 1 above.
3. Your personal data may be processed for the following purposes and on the following legal bases:
   
   1. to conduct correspondence, including ongoing communication regarding inquiries addressed to the Controller, which constitutes the pursuit of the Controller’s legitimate interest – legal basis for the processing: Article 6(1)(f) of the GDPR,
   2. to conduct marketing activities, in particular statistical analyses and internal statistics aimed at improving and planning activities (e.g. territorial scope), which constitutes the pursuit of the Controller’s legitimate interest – legal basis for the processing: Article 6(1)(f) of the GDPR,
   3. to conduct direct marketing activities by sending commercial information by electronic means, if you have given separate consent to receive such information at the e-mail address you specified – legal basis for the processing: Article 6(1)(a) of the GDPR,
   4. to conduct direct marketing activities via telecommunications terminal equipment (e.g. telephone) and automatic calling systems, if you have given separate consent to receive such information at the telephone number you provided – legal basis for the processing: Article 6(1)(a) of the GDPR,
   5. to store data for archiving purposes, which includes demonstrating compliance with legal obligations resting on the Controller and defending against potential claims, and also to pursue claims or defend against claims, which constitutes the pursuit of the Controller’s legitimate interest – legal basis for the processing: Article 6(1)(f) of the GDPR.
4. The recipients of your personal data may include providers of technical, IT, and organizational services, mail service providers, legal service providers, persons and entities requesting the transfer of personal data from the Controller.
5. The Controller does not transfer personal data to third countries outside the European Economic Area.
6. Your personal data will be processed by the Controller, depending on the purpose of processing:
   
   1. for direct marketing activities, which involve the sending of commercial information by electronic means, and marketing communication via telecommunications terminal equipment (e.g. a telephone) and automatic calling systems, if such activities undertaken by the Controller result from the consent you have given – for the duration of such activities undertaken by the Controller, or until you withdraw your consent to pursue this purpose, or until the data becomes outdated,
   2. for correspondence and for conducting other direct marketing activities – for the duration of such activities undertaken by the Controller or until you object to the processing of your data, or until the data becomes outdated;
   3. for other marketing activities – for the duration of such activities undertaken by the Controller or until you object to processing due to reasons related to your particular situation, or until the data becomes outdated,
   4. in order to pursue claims or defend against them – for the period of limitation of claims as provided for in the Civil Code,
   5. for the period necessary for the Controller to demonstrate compliance with its legal obligations before public administration authorities, including the personal data protection supervisory authority,
   6. for archiving purposes when it concerns the history of correspondence and responses to inquiries – no longer than during the limitation period for claims under the Civil Code and for the period necessary for the Controller to demonstrate compliance with its legal obligations before public administration authorities.
7. You have the right to request that the Controller provides access to your data, the right to rectify, erase them, restrict their processing, and and right to data portability, on the terms and conditions and in the cases provided for in the GDPR.
8. Where the legal basis for processing of personal data is the Controller’s pursuit of its legitimate interest (as described above), you have the right, on the terms and conditions and in the cases provided for in the GDPR), at any time, to submit to the Controller an objection to the processing of your data for reasons related to your particular situation, and in the case of data processing for direct marketing purposes, you have the right to submit an objection to such processing to the
   Controller at any time.
9. In the event that data are processed on the basis of consent then, on the conditions and in the cases provided for in the GDPR, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing performed before its withdrawal, under the terms conditions provided for in the GDPR.
10. You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office, if you believe that the processing of your personal data by the Controller violates the provisions of the GDPR.
11. The provision of personal data is voluntary but necessary for the purposes specified above.