This document governs the rules for the processing of your personal data by the Joint Controllers that make up the ASTOR Group under the joint sales and marketing system, hereinafter referred to as the "ASTOR Group joint sales and marketing system".
Terms used in this document have the meanings set forth below:
a. personal data - means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person shall mean one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
b. ASTOR Group – means collectively the ASTOR Group entities which form an enterprise group within the meaning of recital 37 and Article 4(19) of the GDPR, details of which can be found at the following link: www.astor.com.pl/astor-firmy; ASTOR Group has common procedures for the protection of personal data and acts as an enterprise group, however, personal data flows between individual entities only occur in accordance with the provisions of the GDPR;
c. third country - means a country which does not belong to the European Economic Area (EEA);
d. processor - means a natural or legal person, public authority, entity or any other body which processes personal data on behalf of the controller;
e. processing - means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
f. GDPR - means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
g. ASTOR Internet Services - shall mean the group of interlinked ASTOR websites under the domain astor.com.pl and astor24.pl, including in particular: www.astor.com.pl/konto, www.astor.com.pl/wsparcie, www.astor.com.pl/sklep, www.astor.com.pl, having functionalities and features specified in the ASTOR Internet Services Rules and the ASTOR Internet Store Rules available at the following link: www.astor.com.pl/regulaminy;
h. Technical Support Service - means the pre-sale technical support services provided by the Joint Controllers, as well as services provided in accordance with the Technical Support Regulations, which can be found at the following link: www.astor.com.pl/regulamin-pomocy-technicznej-astor;
i. Joint Controllers - controllers jointly determine the purposes and means of processing personal data, within the meaning of Article 26(1) of the GDPR.
Your personal data is processed by the following Joint Controllers:
a. ASTOR spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków, ul. Smoleńsk 29 (31-112 Kraków), entered into the Register of Entrepreneurs of the District Court for Kraków-Śródmieście in Kraków, 11th Economic Division of the National Court Register under KRS no.: 0000120940, NIP: 6760105127, share capital: 1.164.930,00 PLN;
b. ASTOR Mission Critical limited liability company with registered office in Łany, ul. Wesoła 11 (55-002 Kamieniec Wrocławski), entered in the Register of Entrepreneurs of the District Court for Wrocław - Fabryczna in Wrocław, 9th Commercial Division of the National Court Register under KRS no.: 0000677289, NIP: 8961564392, share capital: 20.000,00 PLN;
c. Improvement Factory spółka z ograniczoną odpowiedzialnością with its registered seat in Gdańsk, ul. Kręta 1 (80-217 Gdańsk), entered into the Register of Entrepreneurs at the District Court Gdańsk - North in Gdańsk, 7th Commercial Division of the National Court Register under KRS no.: 0000193996, NIP: 5842399554, share capital: 75.000,00 PLN;
d. Profesal spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, ul. Smoleńsk 29 (31-112 Kraków), entered into the Register of Entrepreneurs of the District Court for Kraków-Śródmieście in Kraków, 11th Economic Department of the National Court Register under KRS no.: 0000233498, NIP: 1181783554, initial capital: 100.000,00 PLN;
e. ASTOR Wrocław spółka z ograniczoną odpowiedzialnością with its registered seat in Krakow, ul. Smoleńsk 29 (31-112 Krakow), entered into the Register of Entrepreneurs of the District Court for Krakow - Śródmieście in Krakow, 11th Economic Division of the National Court Register under KRS no.: 0000257364, NIP: 8992569479, share capital: 50.400,00 PLN;
f. Dynamotion spółka z ograniczoną odpowiedzialnością with its registered office in Krakow, ul. Feliksa Wrobela 5 (30-798 Krakow), entered into the Register of Entrepreneurs of the District Court for Krakow - Śródmieście in Krakow, 11th Commercial Division of the National Court Register under KRS no.: 0000884080, NIP: 6762555219, share capital: 364.600,00 PLN;
g. ASTOR Technology Park spółka z ograniczoną odpowiedzialnością with its registered seat in Krakow, ul. Smoleńsk 29 (31-112 Krakow), entered into the Register of Entrepreneurs of the District Court for Krakow - Śródmieście in Krakow, 11th Economic Division of the National Court Register under KRS no: 0000714920, NIP: 6762543937, share capital: 7.840.000,00 PLN.
In order to ensure the effective exercise of your rights, the Joint Controllers establish a contact point, for which ASTOR spółka z ograniczoną odpowiedzialnością is responsible. The contact point is available to you through:
a. e-mail: daneosobowe@astor.com.pl,
b. by post: ASTOR sp. z o.o., ul. Smolensk 29, 31-112 Kraków.
In all matters relating to the protection of personal data, you may contact the indicated contact point or directly with each of the Joint Controllers.
The Joint Controllers process personal data in order to conduct its business, the core of which is the sale of products, services and solutions in the area of state-of-the-art IT systems technology for industry, automation and industrial robotics.
Personal data are processed in particular for the following purposes:
a. making pre-sales contact with suppliers/contractors to pass on business information,
b. making contact for marketing and promotional purposes,
c. concluding and performing the contract with the suppliers and contractors,
d. the provision of Technical Support Services,
e. the provision of warranty and after-warranty service,
f. the provision of training,
g. the provision of other services to contractors,
h. ensure use of ASTOR Websites,
i. organisation of conferences, webinars and meetings,
j. delivery of newsletters (e.g. Automation Guide Newsletter, Business and Production Newsletter).
The main purpose of processing your data is to implement the cooperation of the Joint Controllers within the Astor Group joint sales and marketing system, including the processing of personal data in particular due to the fulfillment of contractual obligations, the need to fulfill legal and tax obligations and marketing of products and services offered by the Joint Controllers.
The Joint Controllers process your personal data on the following legal basis:
a. Article 6(1)(a) of the GDPR - where you have given your consent to the processing of your personal data to enable contact, the sending of commercial information and marketing content,
b. Article 6(1)(b) of the GDPR - where the processing of personal data is necessary for the conclusion and performance of a contract,
c. Article 6(1)(c) of the GDPR - where processing of personal data is necessary to fulfil a legal obligation of the Joint Controllers (in particular reporting and tax obligations),
d. Article 6(1)(f) of the GDPR - if processing of personal data is necessary for purposes stemming from legitimate interests pursued by the Joint Controllers, in particular establishing, asserting or defending against claims in connection with contract performance, direct marketing, as well as for statistical and archiving purposes, handling complaints, claims and requests, handling requests and queries addressed to the Joint Controllers, analysing, organising and improving services provided.
The recipients of your personal data will be Joint Controllers employees and co-workers who need to have access to it as part of their duties, entities with the help of which the Joint Controllers performs the contracts as well as entities belonging to the ASTOR Group, to the extent that these entities have a legitimate interest in the processing of personal data within the group of companies for internal administrative purposes (in particular personal data of contractors or employees).
Your personal data may also be forwarded to other entities to achieve the purposes of the Joint Controllers, to the extent it is necessary to perform the commissioned tasks or if required by law. The recipients of your data in this regard may be in particular:
a. entities processing personal data at the request of the Joint Controllers (IT system providers, document archiving, consulting, accounting, legal, IT service providers, courier or mail service providers, transport and forwarding companies).
b. National public administrations, authorities of other EU Member States, courts.
c. Manufacturers and suppliers of products and services offered by the Joint Controllers (if the product or service includes, among others, the provision of service performed directly by the manufacturer as a subcontractor of the Joint Controllers, the provision of service performed directly by the manufacturer as a party to a warranty agreement granted to the contractor (manufacturer's warranty), the provision of necessary licences by the manufacturer directly to the contractor).
Personal data will not be transferred to third countries, i.e. outside the European Economic Area (EEA).
1. As a data subject, you have the following rights:
a. access - to obtain confirmation from the Joint Controllers as to whether its personal data are being processed. If data about a person are processed, he/she is entitled to access them and obtain following information: about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are stored or the criteria for its determination, the right to request rectification, erasure or restriction of the processing of personal data of the data subject and to object to such processing (Article 15 of the GDPR);
b. to obtain a copy of the data - to obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies the Joint Controllers may charge a reasonable fee based on administrative costs (Article 15(3) of the GDPR);
c. to rectification - to request the rectification of personal data concerning him/her that is inaccurate or the completion of incomplete data (Article 16 of the GDPR);
d. to erasure - to request the erasure of his/her personal data, if the Joint Controllers no longer have a legal basis for processing the data or the data are no longer necessary for the purposes of the processing (Article 17 of the GDPR);
e. to restrict processing - to request restriction of processing of personal data (Article 18 of the GDPR), when:
f. to data portability - to receive in a structured, commonly used machine-readable format the personal data concerning him/her which he/she has provided to the Joint Controllers, and to request that these data be sent to another personal data controller, if the data are processed on the basis of the data subject's consent or a contract concluded with him/her and if the data are processed by automated means (Article 20 of the GDPR);
g. to object - to object to the processing of his/her personal data for the legitimate purposes of the Joint Controllers on grounds relating to his/her particular situation, including profiling. The Joint Controllers shall then assess the existence of valid legitimate grounds for processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the Joint Controllers, the Joint Controllers shall be obliged to cease processing the data for these purposes (Article 21 of the GDPR);
h. if you have given your consent to the processing of your personal data, you have the right to withdraw it at any time, provided that the withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal. You can revoke your consent at any time by sending an email to: daneosobowe@astor.com.pl. Withdrawing consent to processing personal data to participate in marketing activities will prevent the Joint Controllers from providing related services, in particular sending commercial and marketing information.
2. In order to exercise the above-mentioned rights, you should contact the designated point of contact or the selected Joint Controller directly, and inform it of which right and to what extent you wish to exercise it.
3. You have the right to lodge a complaint to the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its seat in Warsaw, ul. Stawki 2, 00-193, which can be contacted as follows:
a. by post: ul. Stawki 2, 00-193 Warszawa;
b. via the electronic mailbox accessible at https://www.uodo.gov.pl/pl/p/kontakt.
4. Your personal data may be processed by means of IT systems and relevant software while your personal data will not be subject to automated decision-making or profiling as referred to in Article 22(1) and (4) of the GDPR.
Cooperation between you and the Joint Controllers in connection with sales and marketing activities carried out by Joint Controllers entities, involves the processing of the following categories of data in particular:
a. name, company, business and correspondence addresses,
b. numbers held in the appropriate registers - NIP or REGON number,
c. contact details: e-mail address, telephone, fax,
d. the subject of the business activity,
e. data on concluded contracts and settlements under these contracts,
f. the position held within the organisation,
g. the bank account number, in the case of sole traders, to whom invoices have been issued,
h. image (if given).
The provision of your personal data is, in general, voluntary, but necessary to the extent that it is required for the purposes of the Joint Controllers in their cooperation with you. It is mandatory for you to provide your personal data in cases where it is necessary for the execution and fulfilment of a contract or the fulfilment by the Joint Administrators of their legal obligations.
Not providing personal data will prevent the Joint Administrators from providing services and products with regard to the purposes of the processing, and in particular will prevent you from participating in sales and marketing processes and from receiving sales and marketing information.
Purpose of processing |
Processing period |
Fulfilment of contractual obligations. |
Duration of contract between Contractor and Joint Controller. |
Archiving of data on the basis of generally applicable laws, such as the Accounting Act and the Tax Ordinance Act. |
Period specified in the relevant legislation; as a general rule, 5 years from the end of the calendar year in which e.g. the invoice was issued or contract was terminated. |
Recovery of claims, defence against claims. |
Limitation period for claims - not longer than 3 years from the occurrence of the event giving rise to the claim. |
Provision of ASTOR Academy training services and participation in the ASTOR Academy training system. |
A period of 15 years from the date of completion of the training or until withdrawal from the ASTOR Academy training system. |
Processing of data for marketing purposes. |
The period for which data are processed in the specific case of consent given. |
Organisation of conferences, webinars, magazine subscriptions, newsletters. |
The period for which the service is provided or until the consent given is withdrawn. |
Your personal data is generally obtained by the Joint Controllers directly from you.
Data of persons representing suppliers or contractors and contact persons designated by suppliers or contractors, as well as personal data of other persons, may be transmitted to the Joint Controllers by suppliers or contractors in the content of contracts concluded, messages and documents transmitted to the Joint Controllers. The scope of such data is in particular: name, surname, e-mail address, telephone number, position in the organisation.
Joint controllers may also obtain data from publicly available sources, such as the Central Information of the National Court Register, the Central Register and Information on Economic Activity, the so-called 'White list of taxpayers', the register of entities performing medical activity, the REGON Internet Database, the system of Electronic Land and Mortgage Registers, other publicly available registers and databases - for the purpose of carrying out business activities, attempting to establish cooperation or verifying the registration details of suppliers or contractors, as well as fulfilling contracts with suppliers or contractors. The scope of data obtained is consistent with the scope of information publicly available in these registers.
This ASTOR Group Personal Data Processing Policy constitutes the essential content of the Joint Controllers' arrangements, within the meaning of Article 26(2) of the GDPR, regarding the processing of your Personal Data.
Under joint management of personal data, each of the Joint Controllers is responsible for processing your personal data in accordance with the principles relating to the processing of personal data set out in Article 5 of the GDPR.
Under joint management of personal data, each Joint Controller is responsible for applying security measures to personal data.
The security methods used are in accordance with applicable laws and regulations relating to privacy and data security. In particular, we use appropriate technical, physical and organisational measures to protect personal data against misuse, accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access.
Employees and co-workers of Joint Controllers are given access to data on the basis of authorisation - they are obliged to observe data processing security rules to protect and keep the data confidential. Employees and co-workers of Joint Controllers are obliged to observe all technical and organisational security measures.
The buildings and systems used for data processing are secure, only high quality hardware and software is used and regularly updated.
Under joint management of personal data, ASTOR Spółka z ograniczoną odpowiedzialnością is additionally responsible for implementing appropriate technical and organisational measures to ensure the security level of IT systems and personal data processed therein, adequate to the risk of violating the rights and freedoms of the persons whose personal data is processed.