PRIVACY POLICY (https://totalenergies.pl/)
This Privacy Policy aims to explain the principles of processing your personal data and provides information about your fundamental rights related to personal data processing.
1. Personal Data Controller
The controller of your personal data is TotalEnergies Marketing Polska sp. z o.o., with its registered office in Warsaw at Al. Jana Pawla II 80 (00 175 Warsaw), entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000019835, NIP: 5220100798, REGON: 010013868 (hereinafter also referred to as “TEMP” or the “Controller”).
2. Contact Information
If you need further information, please contact the Controller by mail at Al. Jana Pawla II 80, 00 175 Warsaw.
If you have any questions regarding the processing of your data, please contact us by e mail at:
[email protected].
3. Personal Data
Personal data is information about an identified or identifiable natural person through one or more specific factors that reveal physical, physiological, genetic, mental, economic, cultural, or social identity. It includes device IP, location data, online identifiers, and information collected through cookies and other similar technologies.
When collecting and using personal data, we strive to be transparent about the basis and methods of processing.
The Controller processes personal data in accordance with the provisions of data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as ‘GDPR’ and Polish regulations issued in connection with the GDPR, including the Act of 10 May 2018 on the Protection of Personal Data.
TEMP takes the security of all data seriously, keeps personal data confidential, and protects it from unauthorized access by third parties in accordance with the above mentioned laws.
4. Purposes and Legal Basis for Processing Personal Data
The Controller processes personal data as part of its business activities for purposes that depend on the specific circumstances:
| Purpose of processing | Legal Basis and Retention Period |
|---|---|
| When you contact us processing of inquiries, including those submitted via contact forms available on the Website. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in providing responses to inquiries and requests. Personal data will be stored for the time necessary to prepare and provide a response to the recipient of the message, but no longer than 3 years. |
| If you have concluded an agreement with us or are preparing to conclude one entering into and performing a contract with a customer or contractor. | Article 6(1)(b) of the GDPR processing is necessary for the performance of a contract to which the data subject is a party in order to take steps at the request of the data subject prior to entering into a contract. Art. 6(1)(c) of the GDPR processing is necessary to fulfill the Controller’s legal obligations, such as accounting or tax obligations. Personal data will be stored for the duration of the contract and after its expiry until the expiry of any claims arising from it, normally 3 years, and up to a maximum of 6 years. |
| If you are an employee, associate of our contractor or supplier and your data has been provided to us in connection with the conclusion or performance of a contract. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in contract administration. The source of the data is your employer. Personal data will be stored for the duration of the contract and after its expiry until the expiry of any claims arising from it, normally 3 years, and up to a maximum of 6 years. We have received your contact information and job title from your employer/client, who is our contractor. |
| If you wish to make a complaint. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in reviewing complaints from the Controller’s suppliers, in particular regarding unpaid invoices, and taking the necessary action following the complaint. Personal data is kept for 6 years from the date of the complaint. |
| When you visit our social media and interact with us, e.g., by sending messages or leaving comments. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in communicating with social media users. Personal data will be kept for as long as you follow our social media, and in the case of an inquiry for the time necessary to respond, and thereafter until the expiration of any claims. |
| When we are in litigation or pursuing claims. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in seeking or defending against claims. Personal data will be stored for the duration of the proceedings concerning the claims pursued, i.e., until their final conclusion and, in the case of enforcement proceedings, until the final satisfaction of the claims. |
| When you enter our premises access control, including monitoring of the Controller's premises to enhance the safety of persons on site, protect property and maintain the confidentiality of information. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in carrying out access control for individuals present on the Controller’s premises. Personal information will be kept until you object, but no longer than one year. Video footage will be processed only for the purposes for which it was collected and will be retained for no more than 3 months from the date of recording, unless the footage is evidence in a legal proceeding, in which case it will be retained until the final conclusion of the proceeding or until an objection is raised. |
| When you participate in contests, promotions or events organized by us. | Article 6(1)(f) of the GDPR as the pursuit of the legitimate interest of the Controller in conducting contests, promotions and organizing events. Article 6(1)(c) of the GDPR as a fulfillment of legal obligations incumbent on TEMP in the case of contests and promotions subject to tax regulations. Personal data will be kept until objection. For the fulfillment of legal obligations 6 years. |
| If you participate in recruitment. | Article 6(1)(c) of the GDPR as a fulfillment of legal obligations incumbent on TEMP in the case of employee recruitment. Article 6(1)(b) of the GDPR processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, in the case of civil law contracts. Article 6(1)(a) of the GDPR based on consent in all cases where the candidate provides TEMP with more information than is necessary for the recruitment process. We will process the data for a period of 6 months from the end of the recruitment process. |
| If you are our employee. | Article 6(1)(b) of the GDPR i.e., processing is necessary for the performance of the employment contract (its conclusion and execution). Article 6(1)(c) of the GDPR i.e., processing is necessary to comply with the employer’s legal obligations, such as maintaining and archiving personnel records, recording working time, fulfilling occupational health and safety duties, and conducting financial and tax settlements. Article 6(1)(c) of the GDPR for the fulfillment of legal obligations, including, among others, personnel file management or Company Social Benefits Fund (ZFŚS). Article 6(1)(f) of the GDPR i.e., processing is necessary for the purposes of the legitimate interests pursued by the Controller, such as possible need to defend against or pursue claims related to the employment contract, video surveillance, email monitoring, Internet usage monitoring, or tracking of company vehicle locations. Article 9(2)(b) of the GDPR where processing is necessary for the employer to comply with obligations and exercise specific rights in the field of employment law, including processing data to assess employee work capacity. We process employees’ personal data for 50 or 10 years following the end of their employment. For ZFŚS data, the need for continued processing is reviewed one year after collection. The data will not be processed for more than 6 years. |
5. Information Regarding Your Rights
To the extent provided by law, individuals whose personal data we process have the right to access their personal data, request its rectification, erasure, or restriction of processing, as well as the right to object to the processing and the right to data portability. You also have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (Personal Data Protection Office, ul. Stawki 2, 00 193 Warsaw).
If the basis for processing your personal data is consent, you have the right to withdraw it at any time and, in any manner, without affecting the lawfulness of processing carried out based on your consent prior to its withdrawal.
6. Recipients of Personal Data
The recipients of your personal data, i.e. the entities to which the Controller may disclose your data, may include:
- government authorities or other entities authorized to access the data under specific legal provisions,
- Poczta Polska and courier companies,
- banks when necessary for financial settlement,
- entities providing services to the Controller in support of its operations in connection with the services provided, including but not limited to IT service providers, audit firms, accounting service providers, recruitment support service providers, and marketing service providers with such entities processing data under a data processing agreement and only in accordance with the Controller’s instructions.
7. Transfer of Data Outside the EEA
The Controller transfers personal data outside the European Economic Area (EEA) only when necessary, and with appropriate safeguards, primarily by:
a. cooperating with entities that process personal data in countries for which an adequacy decision has been issued by the European Commission confirming an adequate level of data protection;
b. applying standard contractual clauses issued by the European Commission;
c. applying binding corporate rules approved by the relevant supervisory authority.
8. Final Provisions
We recognize transparency as a continuous obligation; therefore, we will regularly review and update this document. Any changes we make to the Privacy Policy in the future will be posted on the Website.
Last updated: February 16, 2024