Privacy policy - Mleczarnia Turek

General Information

This website operating under the domain https://www.mleczarniaturek.pl/polityka-plikow-cookies/ (hereinafter collectively referred to as the “Portal”) is operated by Mleczarnia “TUREK” Sp. z o.o., ul. Milewskiego 11, 62-700 Turek, KRS number 0000077631, NIP 6681719786, registered by the District Court in Poznań, 22nd Commercial Division of the National Court Register (hereinafter: the “Company”).

This Privacy Policy defines the rules regarding:

the processing of personal data by the Company,
the storage of user information on the Company’s server in the form of logs.

Through the Portal, personal data may be collected from users, among others, in the following ways:

through information voluntarily provided in forms (including contact forms),
through the recording of web server logs by the Company.

Rules for the Processing of Personal Data

Respecting the right to privacy of individuals whose data has been obtained by the Company in connection with its business activities, we inform you that such data is processed in accordance with national and European legal regulations and under conditions ensuring its security.

In order to ensure transparency of its data processing activities, the Company presents the principles of personal data protection established under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “GDPR”):

The data controller is Mleczarnia “TUREK” Sp. z o.o., ul. Milewskiego 11, 62-700 Turek.
The Controller has appointed a Data Protection Officer (DPO). The DPO is legal adviser Joanna Mikulczyńska and can be contacted via email: iod@turek.com.pl.
Within its business activities, the Controller processes personal data for the following purposes depending on the specific circumstances:

If you contact us

Handling correspondence and inquiries from contractors and non-contractors, including via email and website forms.

Legal basis and retention period:

Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Article 6(1)(f) GDPR – legitimate interest of the Controller consisting of responding to submissions and inquiries.

Personal data will be stored for the time necessary to prepare and provide a response to the message recipients, but no longer than 3 years.

If you are an employee, associate, or representative of our contractor or supplier and your data has been provided to us in connection with the performance of a contract.

Legal basis and retention period:

Article 6(1)(f) GDPR – legitimate interest of the Controller consisting of contract management.

The source of employees’ and associates’ data in this case is your employer.

Personal data will be stored for the duration of the contract and after its termination until the expiry of claims resulting from it, generally no longer than 5 years.

If you are a job applicant responding to a recruitment announcement

Legal basis and retention period:

Article 6(1)(b) GDPR – processing necessary to take steps prior to entering into a contract.
Article 6(1)(c) GDPR in connection with Article 221 §1 of the Polish Labour Code – fulfilment of the employer’s legal obligations.
Article 6(1)(a) and Article 9(2)(a) GDPR – your consent to process personal data beyond the scope specified in the Labour Code.
Article 6(1)(a) GDPR – your consent to process personal data for future recruitment processes.

Personal data will be stored for 7 days after completion of the recruitment process (defined as signing a contract with one of the candidates), unless consent for future recruitment is given, in which case the retention period will be 6 months from the date of consent.

More information can always be found in the content of the specific job advertisement.

If you visit our social media profiles

(e.g., Facebook, Instagram, LinkedIn) and interact with us, for example by sending messages or leaving comments.

Legal basis and retention period:

Article 6(1)(f) GDPR – legitimate interest consisting of communication with users of social media platforms.

Personal data will be stored for the time you follow our social media profiles, and in case of a question – for the time necessary to respond and thereafter until the expiry of potential claims.

If you have concluded a contract with us or are preparing to conclude one.

Legal basis and retention period:

Article 6(1)(b) GDPR – processing necessary for the performance of a contract or to take steps prior to entering into a contract.

Personal data will be stored for the duration of the contract and after its completion until the expiry of related claims, generally 3 years, up to a maximum of 6 years.

Maintaining tax or accounting records

Legal basis and retention period:

Article 6(1)(b) GDPR – processing necessary for contract performance.
Article 6(1)(c) GDPR in connection with legal acts including:
- the Tax Ordinance Act,
- the Corporate Income Tax Act,
- the Value Added Tax Act,
- the Accounting Act,
- the Act on Counteracting Money Laundering and Terrorism Financing.

Personal data will be processed for the duration of the contract and settlement after its completion, and for the period required by law (generally 5 years, until tax liabilities expire).

If you receive commercial information from us

including marketing communications.

Legal basis and retention period:

Article 6(1)(a) GDPR in connection with Article 398 PKE – your consent to receive commercial information, special offers, promotions, and newsletters regarding products and services of Mleczarnia “TUREK” Sp. z o.o. with its registered office in Turek.

Personal data will be stored until consent is withdrawn or the purpose ceases to exist.

If we conduct a dispute or enforce claims

Legal basis and retention period:

Article 6(1)(b) GDPR – processing necessary for contract performance.
Article 6(1)(f) GDPR – legitimate interest consisting of pursuing or defending against claims.

Personal data will be stored for the duration of proceedings until their final conclusion, and in the case of enforcement proceedings until the claims are fully satisfied.

Recipients of Personal Data

Recipients of your personal data (entities to which the Company may transfer personal data) may include:

public authorities or other entities authorized to access data under specific legal provisions,
the Polish Post and courier companies,
banks if settlements are required,
law firms,
entities providing services supporting the Controller’s operations, including IT service providers, auditors, accounting service providers, and marketing service providers – such entities process data based on a data processing agreement and only in accordance with the Controller’s instructions.

Data Subject Rights

Each person whose data is processed has the following rights where provided by law:

the right to access their data and obtain a copy,
the right to rectify (correct) their data,
the right to erasure of personal data,
the right to restrict processing,
the right to data portability,
the right to object,
the right to withdraw consent at any time (withdrawal does not affect processing before withdrawal).

Each person also has the right to lodge a complaint with the President of the Personal Data Protection Office. More information about filing a complaint can be found at:
https://uodo.gov.pl/pl/526/2464.

Transfer of Data Outside the European Economic Area

As a rule, the Controller does not transfer personal data outside the European Economic Area (EEA). However, when using certain tools (especially IT tools), some of your data may be transferred outside the EEA in specific situations, such as interactions with our profiles on Instagram or Facebook.

The level of data protection in those countries may be lower than in EEA countries. The legal instrument ensuring such transfers are standard contractual clauses adopted by the European Commission, available at http://eur-lex.europa.eu or obtainable by contacting the Controller.

Provision of Personal Data

Providing personal data is generally voluntary, but it is necessary to perform certain processing activities, such as receiving a response to a question submitted to the Controller or concluding and performing a contract with the Controller. Refusal to provide such data may result in the inability to perform the requested activity.

If data is processed based on a legal obligation, providing such data is mandatory. If data is processed based on consent, providing it is always voluntary.

Server Logs

Information about certain activities on the Portal is stored as logs on the Company’s server. Data collected in this way is used solely for administering the Portal.

The data collected in this manner does not allow the identification of specific individuals.

Viewed content is identified using URL addresses. Additionally, information about the user’s browser, IP address, and the date and time of access may also be recorded.

Grand Blue

Tartare

Chavroux

Le Rustique

Coeur De Lion

Saint Benoit

Saint Agur

Bresse Bleu

Rambol