Privacy policy
AA HERKULES Sp. z o.o.

Table of contents

Who is the controller of my data?
Where does the Administrator obtain my personal data from?
Contractors and Suppliers.
Employees and job applicants.
Authority representatives.
Data on the case file.
For what purpose the Administrator processes my data?
Doing business.
Employment relationship handling.
Recruitment.
Establishing contact.
Investigation and defense of claims.
Marketing goals.
On what basis the Administrator processes my personal data?
Doing business.
Running a website.
Cookies.
Employment relationship handling.
Recruitment.
Get in touch.
Investigation and defense of claims.
Marketing goals.
How long does the Administrator keep my personal data?
Who is the recipient of my personal data processed by the Administrator ?.
How is my personal data processed and protected?
Rules for the processing of personal data.
Personal data security.
What rights do I have in relation to the processing of my personal data?
Rights related to the processing of personal data.
Right to object.
Right to lodge a complaint.

Below we present information on the rules and methods of processing your personal data in connection with our business. In the Policy you will find the most important information on how AA HERKULES Sp. z o.o. based in Katowice deals with your personal data.

Who is my data controller?

The administrator of your personal data is the company AA HERKULES Sp. z o.o. with headquarters in ul. Ks. Mjra Karola Woźniaka 18, 40-389 Katowice, entered into the Register of Entrepreneurs by the District Court Katowice – Wschód in Katowice, 8th Commercial Division of the National Court Register under the KRS number: 0000956457, REGON: 52147118200000, NIP: 9542837756.

In matters relating to the protection of your personal data, you can always contact us by e-mail at wsparcie@aaherkules.pl, or by post to the address of our registered office, with the note “Personal data”.

Where does the Administrator obtain my personal data from?

We obtain your personal data mainly from you. You provide us with your details to contact us by sending us an e-mail, filling out the contact form, and even by providing us with your business card. We also obtain your data in connection with our business activities and the implementation of transactions in the scope of our services.

Contractors and Suppliers

If you are our client, contractor or supplier, you run a sole proprietorship or represent a company or organizational unit, we obtain your personal data mainly from you. You provide us with your data to contact us in matters relating to the terms of cooperation by sending us an e-mail or by completing the contact form. We also obtain your data in connection with our business activities as part of the performance of the contract for the provision of services or taking appropriate actions before concluding the contract.

If you are an employee of a company or organizational unit, and the Administrator processes your personal data, although you have never provided it directly to us – it happens that your data may be provided to us by third parties, at your request or in connection with your official duties. Your data may be provided to us by your employer to enable us to contact you in relation to you
with the cooperation we undertake with the entity in which you are employed.

Employees and job applicants

If you are our employee or associate, we obtain your personal data mainly from you. You provide us with your personal data for purposes necessary from the employment perspective – when concluding an employment contract, civil law contract, or completing a personal questionnaire. As your employer or principal, we must process your personal data in order to be able to contact you and properly settle all matters related to your employment, including for tax or social security purposes. It happens that some of your personal data will be provided to us by third parties, e.g. state authorities that will contact us as your employer or cooperating entity.

In some cases, we also process your personal data shared on social media (on the LinkedIn or Facebook platform). Then we act to verify the information provided in the course of recruitment or employment and to secure the legitimate economic interest of the Administrator, depending on the nature of the position held.

We have also introduced monitoring of electronic communication in the workplace (web browsers, internal messengers and company e-mail). It turned out to be necessary to ensure work organization enabling full use of working time and proper use of the provided work tools, as well as securing the network and data of other employees and clients against unauthorized access or data leakage.

Monitoring of business e-mail does not violate the secrecy of correspondence and your other personal rights.

If you are just taking steps to establish cooperation with us and want to send us your CV or cover letter, we obtain your personal data from you in order to be able to contact you and include you in the recruitment process. It happens that we use the help of external entities – dedicated portals dealing with recruitment (e.g. www.pracuj.pl), or the help of entities dealing with employee recruitment. In this case, your personal data is provided to us by these entities, upon your consent and request.

Authority representatives

The application of the applicable legal provisions may sometimes require correspondence with representatives of public administration bodies and public institutions. Data of persons whose data are included in the letters provided to us on behalf of the body or institution are provided to us by the persons who wrote the letter or who signed it. Then we can process your data based on the contact you have made with us.

Data on file

As part of legal and organizational services, personal data of natural persons are processed in connection with inspections or court proceedings carried out by employees. We obtain data from the case files, among others by providing us with pleadings and out-of-process pleadings and reviewing case files kept in common courts and administrative courts as well as before public administration bodies. Data in case files may also be obtained during control proceedings conducted by public authorities.

The application of the applicable legal provisions may sometimes require correspondence with representatives of public administration bodies and public institutions. The data contained in the letters provided to us on behalf of the body or institution are provided to us by the persons who prepared the letter or who signed it. We can process such data on the basis of the contact made with us.

For what purpose the Administrator processes my data?

Doing business

If we have obtained your personal data in connection with your business activity, your personal data will be used for the purposes of the contract in the performance of the contract for the provision of services or by taking appropriate steps before concluding the above-mentioned contracts. This includes, in particular, receiving contact details from you, allowing us to establish and maintain contact with you in the course of cooperation.

We also use your address and registration data to deliver services to the place indicated by you, issue sales documents or settle our cooperation. We also need your personal data if you wish to exercise your rights in relation to our cooperation – where applicable – protection of rights or redress.

If you are our client, contractor or supplier, you run a sole proprietorship or represent a company or organizational unit that is our client, contractor or supplier – we also process your personal data for tax, legal and accounting purposes. We need them in order to disclose the relevant data on the contract or invoice, as well as – to use them in keeping our tax records. However, the processing of your personal data will always be related to our business activities.

If you are our client, contractor or supplier, you run a sole proprietorship or represent a company or organizational unit that is our client, contractor or supplier, your personal data will be needed in particular in order to establish and maintain contact with the entity in which you work – again, only for purposes related to our business activities.

Your personal data, which we use for purposes related to economic cooperation, will not be used by us for other purposes without your consent. The exception to this is the use of your data for marketing purposes, based on our legitimate interest. We want to maintain a relationship with you, so we want to be able to keep you informed about our new offers and promotions. If this does not suit you – you can object at any time, on the terms described below in the Policy.

Handling the employment relationship

If you are our employee or associate, we use your personal data for purposes related to your employment, including recording working time or supporting employee qualifications as part of training. As your employer or cooperating entity, we must fulfill a number of obligations – both in terms of the proper arrangement of our cooperation and in HR and payroll matters. As employers, we also have certain rights – we use your personal data, for example, to be able to contact you or control the effects of your work.

We also need your personal data to provide you with access to employee benefits and rights as well as benefits and support in the event of your illness or maternity, as well as in the event of an accident at work. Again, the purpose of processing your personal data is the proper handling of the employment or cooperation relationship between us and the protection of your vital interests.

It may happen that we will also use your personal data to provide information about you to third parties, e.g. to the bank where you are applying for a loan, to the insurer, or to a public authority that will ask us an inquiry. In these situations, your personal data will be disclosed for your benefit, at your request or in connection with our legal obligations.

Your personal data, which we use for purposes related to the employment relationship or order, will not be used by us for other purposes without your consent. In particular, we will not process your data for marketing purposes without your express consent.

Recruitment

If you apply for employment with us, we use your personal data only for the purpose of conducting the recruitment process. We use your data to get acquainted with your education and professional experience, assess your suitability for work with us and determine the fulfillment of the criteria we require for employment, and finally – to contact you and invite you to an interview.

If, after the recruitment, we decide to hire you, the personal data provided during the recruitment may be used for the purposes of future employment – so that you do not have to provide them again. Most often, the personal data provided by you in your CV and in the cover letter are stored in your employee file.

Your personal data, which we use for recruitment purposes, will not be used by us for marketing purposes without your consent.

Getting in touch

If you send us an e-mail or otherwise contact us, we use your personal data to correspond with you and answer your questions, in accordance with the content of your inquiry or message.

If you contact us for commercial purposes (e.g. to use our services), your personal data may then be used to send you a commercial offer – but only to the extent that you request it and in relation to your inquiry.

Notwithstanding the foregoing, even if we establish communication for commercial purposes, we will not use your personal data for marketing purposes without your consent in relation to offers other than the one you expressly requested when making contact.

Investigation and defense of claims

It happens that we will have to use your personal data to assert or defend our rights, including in court. We hope that this will not happen, but if any dispute arises between us – we may have to use your personal data in the course of court, arbitration or mediation proceedings.

In this case, we will use your personal data only to the extent necessary and in connection with the ongoing talks or proceedings. It may happen that we will use your personal data to call you as a witness in the case, or – if you are our contractor or supplier – in connection with the fact that you will be a party to the case.

Your personal data, which we use for purposes related to the investigation or defense of claims, will not be used by us for other purposes without your consent. In particular, we will not process your data for marketing purposes without your express consent.

Marketing goals

We process your personal data in connection with the functioning of our marketing base for our marketing purposes, i.e. as part of promoting our product and service offer. As part of our marketing, we want to be able to present you our new range of products or services, as well as new commercial or business solutions used in our business.

For marketing purposes, we process your personal data with reference to the so-called legitimate interest of the personal data administrator (art. 6 ust. 1 lit. f RODO). Permanent information about our activities is necessary and desirable for us to maintain our customer network. Thus, we have a legitimate interest in maintaining our marketing base and sending information to customers. Providing and processing your personal data in this regard is completely voluntary and does not result from a legal obligation. You have the right to object to the processing of your data in this regard at any time.

On what basis does the Administrator process my personal data?

The administrator ensures that your personal data will be processed only in accordance with the law. This means that we will always process your personal data on a specific basis that we will be able to demonstrate. The basis for the processing of personal data may differ depending on the purpose for which we process personal data.

Doing business

If we have obtained your personal data in connection with your business activity, we process your data first in order to fulfill the cooperation agreement that binds us, and secondly also to enable you to exercise your rights related to our cooperation – there, where applicable, protection of rights or redress.

The basis for processing here will therefore be the necessity to use your personal data in order to carry out the delivery of goods or services. If a party to the Agreement is an entity other than you (e.g. we have obtained your data from your employer, or you act as a representative of a company or organizational unit in communication), the basis for the processing of your personal data will be the use of your data for purposes arising from legitimate interests pursued by us and this entity (third party), e.g. to ensure the correct delivery or service.

Running the website

Cookies

Data on your use of the website, which we obtain via the so-called We process cookies on the basis of your consent, expressed in accordance with art. 173 of the Telecommunications Law.

Cookie files (so-called “cookies”) are IT data, in particular text files, which are stored on the Website User’s end device (computers or mobile devices connected to the Internet) and are intended for using the Website’s pages. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.

A banner is displayed on our website asking for permission to place cookies on the user’s computer. If they are not monitored for marketing purposes. The second type of cookie, also known as user opt-out, activities performed through the user’s computer or internet-connected device, session cookies, may be required to support the selected feature. These types of cookies are not blocked if the user refuses to allow them to be placed on the computer. The user’s choice will be saved in the cookie for a period of 90 days. If the user wants to change the previously selected option, he should delete the cookies from his internet browser.

Despite the fact that most web browsers automatically allow cookies to be placed on the computer, the user may refuse to do so by making changes to the browser settings (in most cases, this option is found in the Tools or the Browser Preferences menu). The user can also delete cookies from his device at any time. In this case, please note that if you do not consent to the placing of cookies, you will not be able to fully use all the features of our website.

The cookies we use are primarily used to optimize the use of our website, to create statistics of visits and to maintain the user’s session.

The processing of your personal data in this regard is based on our legitimate interest, i.e. on the basis referred to in art. 6 sec. 1 lit. f GDPR and on the basis of your consent, expressed by you by accepting the collection and use of cookies in the online form.

Handling the employment relationship

All personal data processed by the Administrator in connection with already established cooperation on the basis of an employment contract or a mandate contract are used in order to properly fulfill the role of the employer. The use of this data is necessary for us to fulfill the obligations imposed on us under the provisions of Polish law governing a given form of employment or cooperation, as well as to enable us to exercise our rights as an employer.

Sometimes, your sensitive (health) data will also be used as necessary to fulfill obligations imposed on the basis of social security regulations or provisions on preventive healthcare or occupational medicine.

The basis for the processing of your personal data is the necessity of their use for the proper performance of the employment contract that connects you with us, as well as the fulfillment of the legal obligation incumbent on us under the provisions of labor law or civil law. In terms of your health data, the basis for processing is the necessity to use them to fulfill the obligations and exercise specific rights by the controller or the data subject in the field of labor law, social security and social protection, as well as for the purposes of preventive healthcare or occupational medicine, to assessment of the employee’s ability to work, medical diagnosis, health care or social security.

Recruitment

In the recruitment processes, we try to obtain your consent to the processing of personal data for the purposes of recruitment in every possible case, asking you to include the appropriate consent in your CV or cover letter provided to us. This allows you to avoid doubts as to whether we have the right to use all personal data disclosed by you in the documents sent or in the course of the recruitment process.

However, even if you do not consent to the processing of your personal data for recruitment purposes (e.g. you send us your CV without the necessary consent), we will still be able to process your personal data to the extent necessary for the recruitment process.

The basis for the processing of your personal data will therefore be your consent, and in the absence of it – the necessity to use your data to undertake recruitment activities aimed at concluding an employment contract or a mandate contract (i.e. to take action in accordance with your request, before concluding the Agreement).

If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time, which, however, will not make the processing of personal data lawful during the period in which your consent was in force.

Your consent in this regard is voluntary, but necessary for the recruitment process. Without consent to the processing of your data in this regard, we will not be able to contact you and carry out the recruitment process.

Contact Us

If you contact us, for example via e-mail, the processing of your personal data is necessary for us to take action at your request, in accordance with the content of your inquiry or message.

In this case, the basis for the processing of your personal data will be your consent or the necessity to use your personal data to take action in accordance with your request, before concluding the Agreement. If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time, which, however, will not make the processing of personal data lawful during the period in which your consent was valid.

Your consent in this regard is voluntary, but necessary to make contact. Without consent to the processing of your data in this regard, we will not be able to contact you.

Investigation and defense of claims

If we use your data in connection with the investigation or defense of claims, the basis for the processing of your personal data will be the legitimate legal interest of the Administrator as the administrator of personal data. The use of your data will be necessary to protect our interests, e.g. in the field of debt collection, defense against unjustified allegations, etc.

Marketing goals

We will process your personal data for marketing purposes with reference to the so-called legitimate interest of the personal data administrator (art. 6 ust. 1 lit. f RODO), authorizing us to send you commercial and marketing messages. As part of our marketing, we take care to present you with up-to-date information about our new range of products or services, as well as new commercial or business solutions used in our business.

Providing and processing your personal data in this regard is completely voluntary and does not result from a legal obligation. You have the right to object to the processing of your data in this regard at any time.

How long does the Administrator keep my personal data

The period for which we process your personal data depends on the purpose of processing. And so accordingly:

• if you are our client, contractor or supplier, or you act on their behalf – we process your personal data for the duration of the contract or the period of cooperation. After this period, we will process your data for purposes related to the accountability of our activities within the scope of personal data protection, as well as for the period of limitation of claims related to cooperation under applicable law, but not longer than for a period of three (3) years from the date of issuance of the final decisions to discontinue the proceedings due to the recovery of the entire amount due;
• if you are our employee or contractor – we process your personal data throughout the entire period of cooperation or employment, as well as for the period required by law regarding the storage or archiving of documents and information regarding employment, but not longer than for a period of ten (10) years from the termination of the employment relationship – Art. 125a paragraph. 4a of the Act of 17 December 1998 on pensions and disability pensions from the Social Insurance Fund (Journal of Laws of 2020, item 53). In the event of legal proceedings before a court or public authority, the documents may be stored throughout the proceedings until the final conclusion of the proceedings, but no longer than for a period of three (3) years from the date of the final termination of the enforcement proceedings in the event of recovery of the entire amount due. We process data related to the performance of OHS activities and training courses organized for employees for the duration of the contract;
• if you disclose your personal data to us in connection with the recruitment process – we will store your personal data for the duration of the recruitment process, and if we are not recruiting – for a period of three (3) months from the date of receipt Your CV or cover letter. Storing your personal data for this period will allow us to contact you if we start employment activities at a later date;
• if you communicate with us – we keep your personal data for the entire period of communication and correspondence, and when dealing with the matter or providing you with a complete answer – we store this data for a period not longer than five (5) years from the end of communication, to enable you, if necessary, to return to previous discussions and issues, and to account for our activities in the field of personal data protection;
• the data obtained about the way you use our website – will be used by us for the entire period of cooperation and for a period of five (5) years from the last time you visited our website;
• personal data used by us for marketing purposes – will be processed by us for the entire period when you are our client and thereafter for a period of five (5) years from the time when you stopped using our offer and not you have purchased our products.

The administrator deletes personal data no later than one year (1) from the end of the data processing period.
The administrator deletes personal data no later than one year (1) from the end of the data processing period.

Who is the recipient of my personal data processed by the Administrator?

We make sure that your personal data is transferred only to those persons who must have access to it for the proper fulfillment of our cooperation, or in connection with our legal obligations. Your personal data will be shared:

• the Administrator’s employees and associates involved in handling the cooperation or issue – in any case, however, we will make sure that these persons are authorized to process your personal data and undertake to maintain confidentiality in this regard;
• entities associated with the Administrator and members of the AA HERKULES Capital Group – only to the extent necessary resulting from the need for proper communication of the organization (if you are our employee or associate) or it is necessary to ensure the correct implementation of mutual obligations (regarding . customers, contractors or suppliers);
• entities providing IT and hosting services to the Administrator – we also process your personal data in electronic form, which means that entities that support us from the IT side, as well as hosting service providers will have access to them on the servers on which we store our data, including e-mail;
• shipping or transport companies – to deliver goods or other things (e.g. documents) to the address you provided when purchasing or in the course of cooperation;
• entities providing the Administrator with legal, tax, accounting and HR and payroll services – to the extent that disclosure of your data is necessary to ensure the correctness of tax settlements, in terms of human resources and payroll, or in connection with the pending proceedings. In the same scope, access to your personal data will be granted to entities providing legal services to us, involved e.g. in issuing opinions on documents on which your personal data is contained;

( settlements with the Tax Office and the Social Insurance Institution, etc.).

Under no circumstances will the Administrator make your data available to third parties for commercial purposes. We do not sell yours, so you do not have to worry that they will go to anyone you did not want to share your data with.

How is my personal data processed and protected?

Rules for the processing of personal data

We make every effort to ensure that your personal data is processed in accordance with applicable law and with respect to the principles of their processing indicated in the GDPR. The basic principles and standards for the processing of personal data in our company are set out in the detailed Personal Data Protection Policy, which is obligatory for every employee and associate of ours. Thanks to this, we make sure that all persons involved in our business are aware of the importance of ensuring the proper processing of your personal data.

The basic principles that guide us in the processing of your personal data are:

• the principle of compliance of the processing of personal data with the law, fairly and transparently – we strive to ensure that the processing of your personal data by us always takes place on a legally permissible basis, and the processing of your personal data, as well as the purposes processing is clear and understandable to you;
• the principle of data minimization – we make every effort to process only those personal data that are adequate, relevant and limited to what is necessary for the purposes for which they are processed. We provide your personal data only to recipients for whom it is necessary to achieve the purpose for which we process your data. We provide these recipients only with the scope of your data that is necessary for this purpose;
• the principle of limiting the purpose of processing – we collect your data only for specific, explicit and legitimate purposes and we do not further process them in a manner inconsistent with these purposes. We try to provide you with appropriate and precise information as to why and for what purposes we will process your data;
• principle of correctness – we make sure that the data processed by us is always truthful, correct, and if necessary – updated, so that there are no mistakes, distortions or other irregularities. If you find that in some area your personal data has not been updated by us or is incorrect, please contact us at wsparcie@aaherkules.pl;
• principle of limiting the duration of data storage – we will process and store your personal data only for the period necessary to achieve the purpose for which we process your data. As soon as we no longer need your data in any way – we will delete all your data from our databases and systems;
• principle of integrity and confidentiality – we apply the necessary measures to protect the confidentiality and integrity of your personal data. Our priority is to ensure full security and protection of your personal data by using up-to-date and appropriate security measures;
• principle of accountability – in the field of personal data protection, we not only comply with the rules and conditions for their processing, but also make every effort to be able to demonstrate compliance with these standards and compliance with the provisions at all times. The rules for the processing of your personal data are written down as part of the procedures, so that in the event of your inquiry, we can provide you with full and reliable information on what activities we have performed on your data.

Security of personal data

As mentioned above, we use appropriate technical and organizational measures to ensure the full security of your personal data against their (culpable or accidental) destruction, loss, modification, unauthorized disclosure or unauthorized access.

These measures include technical safeguards (proper protection of the premises and systems in which we process your personal data; safeguards that prevent third parties from reading the content of documents containing personal data, creating backups, etc.) and the rules and procedures that we require from all our employees and associates.

Together, the measures used allow us to properly protect your personal data against loss or disclosure. In addition, we are constantly improving them, along with the changing environment and technological progress.

What rights do I have in relation to the processing of my personal data?

In connection with the processing of your personal data by us, you have a number of rights that you can exercise at any time. The use of these rights is free of charge, and the Administrator makes every effort to ensure that it is also easy to implement.

Rights related to the processing of personal data

In relation to the processing of personal data by us, you have the following rights:

• the right to access your personal data – you can ask us at any time for information as to whether and to what extent we process your personal data and to obtain information on the principles of processing your personal data;
• right to correct data – you can ask us at any time to correct or update your data, if you learn or believe that your data is incorrect or out of date. For the avoidance of doubt, we may ask you to provide information allowing us to identify you and confirm the change or update of the data;
• the right to limit processing – if you decide that we process too wide a catalog of your personal data for a specific process, you have the right to request that we limit this scope of processing. As long as your request does not contradict the requirements imposed on us by applicable law, or it is not necessary for the performance of the contract, we will limit the processing of your personal data to the minimum necessary or stop further processing;
• the right to delete data (the right to be forgotten) – if you believe that we process your personal data without a legal basis, or we process it, although we no longer need it for the purposes for which we collected it – you have the right to request that we delete your personal data of our databases and systems. We will comply with your request, unless there is another legitimate interest in the processing of your personal data, or an obligation to further process your personal data. In each case, we will try to fulfill your request to the fullest extent possible, and if this is not possible – we will try to modify it in such a way that it can no longer be assigned to you (under the so-called pseudonymization);
• the right to transfer data – in those cases where we process your personal data on the basis of consent or in connection with the performance of the Agreement, and the data processing is carried out in an automated manner (e.g. in an IT system) , at your request, we will export the data that we process to a separate file in a popular format to enable transfer to another data controller.

The rights referred to above may be exercised by reporting them to our e-mail address: wsparcie@aaherkules.pl and by letter to the address AA HERKULES Sp. z o.o., ul. Ks. Mjra Karola Woźniaka 18, 40-389 Katowice, with the note “Personal data”. We also invite you to contact us at this address in all situations,
in which you will have concerns, questions or doubts as to how we process your personal data.

Right to object

We would like to inform you separately that you have the right to object to the processing of your data . If you find that in a situation of processing your personal data based on the public interest or the legal interest of the Administrator or any third party – we process your data too broadly (in an inadequate manner) – you may request the restriction of the processing of your data. You have the same right if at any time you decide that you do not want us to process your data directly for marketing purposes. After the objection is raised – we will no longer process your data in this regard and for this purpose, unless it is necessary due to the existence of some valid legitimate grounds for the processing of your data, overriding your interests, rights and freedoms; or to establish, exercise or defend our claims.

The rights referred to above may be exercised by reporting them to our e-mail address: wsparcie@aaherkules.pl and by post to the address AA HERKULES Sp. z o.o., ul. Ks. Mjra Karola Woźniaka 18, 40-389 Katowice, with the note “Personal data”. We also invite you to contact us at this address in all situations in which you will have concerns, questions or doubts as to how your personal data is processed by the Administrator.

You can exercise your right to object by submitting a request to our e-mail address: wsparcie@aaherkules.pl and by post to the address AA HERKULES Sp. z o.o., ul. Ks. Mjra Karola Woźniaka 18, 40-389 Katowice, with the note “Personal data”.

Right to file a complaint

If you believe that we have violated the rules for the processing of your personal data in any way, you have the right to lodge a complaint directly with the supervisory authority, which is the President of the Office for Personal Data Protection.

As part of exercising this right, you should provide a full description of the situation and indicate what action you consider to be violating your rights or freedoms. The complaint should be submitted directly to the supervisory authority.