top of page

PRIVACY POLICY

European Steel Group sp. z o.o. (hereinafter referred to as “ESG” or the “Controller”) is particularly committed to respecting the privacy of the Users who visit a website administered by ESG (hereinafter referred to as the “Website”). Therefore, ESG is responsible for the control of personal data that are collected and processed as part of our cooperation with you. We respect your privacy and we will protect personal data that we process. All personal data are processed in accordance with the applicable data protection regulations.

The purpose of this Privacy Policy is to inform you about the types of personal data that we collect when you use our Website or cooperate with us, and the steps we take to protect and secure your personal information.

This Policy and its rules apply to personal identification information (personal data) that we can request from you and that we use with your consent. If you would like to cooperate with us, we will need such data in order to perform the contract concluded; you can learn more about this topic further in this Policy.

Upon your request, ESG will provide further information regarding our processing and protection of your personal data during your visits to the Website or during communication via other channels. You can find relevant information on our website, in the “Contact” tab.

1. Information on the Controller
The Controller of your data, within the meaning of Article 4(7) of Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), is European Steel Group sp. z o.o. with its registered office in Katowice, at ul. Jana III Sobieskiego 11, 40-082 Katowice, entered into the Register of Businesses of the National Court Register (KRS) under KRS No. 0000586086, NIP (Tax ID): 6423192406, REGON (Business ID): 363025941.
ESG is not under the obligation to appoint a Personal Data Protection Officer, nor has he/she been appointed on a voluntary basis.


2. Data collection and processing
All information from the Website users (hereinafter referred to as the “User”) is collected as described below.
2.1. When the User opens and/or uses the Website, the Controller collects the following data:
the subpages visited on our website;
IP address or shortened IP address;
information about the website visited, including the URL, the Website visit path (including date and time), such as node data, configuration, and network application performance; response times, download errors, visit lengths and information about whether the links or e-mails have been opened by the User.
2.2 If the User decides, on their own discretion, to complete any of the forms available on the Website, the Controller collects and processes personal data provided by the User, in particular such as first name and surname and e-mail address of the User.
The data specified in this section are collected and used in an anonymised or pseudonymomised form, and the data transmission is unencrypted.
2.3. If the User decides, on their own discretion, to share their personal data for marketing purposes, the scope of the data processed by the Controller will depend only on the scope of data specified directly by the User.


3. Definition of the purposes of the processing
3.1. Personal data provided by the Users are used only within the limits of their consent and for specific purposes, i.e. in order to:
respond to the queries submitted by the User via the contact form on the “Contact” subpage;
carry out the recruitment process after the User sends the completed contact form on the “Contact” subpage.
3.2. By providing the Users with the relevant forms, the Controller collects the data that are adequate, relevant and limited to what is necessary to achieve the purposes for which they are processed; in other words, it acts in accordance with the ‘data minimisation’ rule specified in the GDPR.
In connection with the above, the basic type of data collected from the Users via the Website forms are e-mail addresses, first names and surnames. They are used by the Controller for contact purposes.


4. Profiling
4.1. The Controller does not resort to the User profiling.


5. Data storage and recipients of personal data
5.1. Personal data of the Users, in particular their e-mail addresses and e-mail correspondence are stored on the Controller’s servers.
The privacy policy with regard to the personal data being processed is available at ul. Ogłęczyzna 20, 31-589 Kraków.
5.2. ESG does not transfer or sell personal identification information to other companies or individuals. Subject to the provisions of the GDPR and other relevant regulations, the exchange or transfer of personal data may only take place in the following limited circumstances:
with the User consent;
to the suppliers and other personal data controllers that support our business activity, including IT and communication service providers, external business support, providers of administrative services, entities operating postal or courier businesses, entities operating payment handling businesses (banks, payment institutions), authorities and courts within the scope of procedures carried out before such authorities or courts, and entities cooperating with ESG in handling accounting, tax or legal matters;
law enforcement and regulatory authorities or other competent authorities in accordance with legal requirements or good practice;
your company or organisation in relation to the performance of the contract concluded with ESG;
providers of verification services so that we can meet legal obligations related to crime prevention or protection or anti-money laundering, sanction verification and other required controls.

5.3 Due to the globalisation of electronic services (the Internet), we may store and process personal data collected on our website in every country in which our hosting service providers maintain their systems. By using our services in electronic form, the User agrees to the transfer of their personal data to such entities, including those that are located abroad.


6. Deletion of personal data
6.1 Data of the Users will be stored by the Controller for the following periods:
if the basis for the data processing is the contract concluded with ESG – throughout the term of the contract, and also, to the extent permitted by law, so that ESG could exercise or defend legal claims – until the period of limitation expires; if the basis for the processing of the User data is the legitimate interest pursued by ESG, the data will be processed for as long as it is necessary for the purposes for which they are processed;
if the basis for the processing of personal data is the User consent, the data will be processed until withdrawal thereof; if the basis for the data processing is the necessity of their processing to fulfil the legal obligation imposed on ESG, the data will be processed for as long as required by law;
if the basis for the data processing is the User consent, then, in case of withdrawal thereof, the User data will be processed only to the necessary extent, so that ESG could exercise or defend legal claims – until the period of limitation expires.


7. User rights and personal data security
7.1. The Users who are data subjects have the following rights:
the right to access their personal data (submit an application for information about the processed data and obtain copies thereof, including copies of their personal data that are transferred to a third country) and the right to rectify them (have them corrected), the right to delete the data that are processed without a valid reason, the right to restriction of processing (withhold the operations on data or not have the data deleted – according to the submitted application), as well as the right to data portability, i.e. the right to have the data transferred to another data controller (to the extent specified in Article 20 of the GDPR);

the right to withdraw their personal data processing consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

in specific situations, the Users may at any time object to the processing of personal data by ESG, if the basis for the use of their data is the legitimate interest pursued by ESG or the public interest. In such a situation, after examining the objection, ESG will not be able to process the personal data covered by the objection on that basis unless ESG demonstrates that there are:

compelling legitimate grounds for the processing of data which, according to law, override the interests, rights and freedoms of the data subject; or
grounds for the establishment, exercise or defence of legal claims.

7.2 The person whose personal data are processed as part of direct marketing has the right to object to the processing of their data for marketing purposes at any time.

7.3 The User also has the right to lodge a complaint with the President of the Office for Personal Data Protection if they consider that the processing of personal data by ESG infringes the provisions of the GDPR.

7.4 The scope of each of the abovementioned rights and the situations in which they can be exercised stem from legal regulations. When protecting data against unauthorised access, the Controller may request additional identification of the data subject or additional information.

7.5 A possibility of exercising each of the aforementioned rights results from the applicable legal regulations, e.g. depends on the legal basis of data processing and the purpose of their processing.

8. Will personal data be transferred outside the European Economic Area?

At the moment, ESG does not plan to transfer personal data outside the EEA (i.e. the area that includes the EU, Iceland, Liechtenstein and Norway).

If ESG decides to transfer data outside the EEA, this will only be done on the conditions and to the extent permitted by law, in particular, on the basis of standard contractual clauses the content of which has been approved by the European Commission.


9. Contact details
All demands, requests, notifications and inquiries regarding personal data processed by the Controller, including those regarding access to their content, method of updating or withdrawal of consent to their processing may be sent by e-mail to: office@eurosteelgroup.eu or in writing to the address: European Steel Group sp. z o.o., ul. Jana III Sobieskiego 11, 40-082 Katowice.

INFORMATION FOR CONTRACTORS

On 25 May 2018 the existing personal data protection legislation has changed so that the new general EU regulation on the protection of personal data 2016/679 (the GDPR) will be applied. In view of the foregoing, European Steel Group Sp. z o.o. with its registered office in Katowice would like to communicate the following information about how we process personal data that we collect in the course of our business cooperation
with you.

European Steel Group Sp. z o.o. is responsible for the control of personal data that we collect and process as part of our cooperation with you and your company. We respect your privacy and we will protect personal data that we process. All personal data are processed in accordance with the applicable data protection regulations.

Contact and general information

The Controller of your personal data is European Steel Group Sp. z o.o., with its registered office at ul. Jana III Sobieskiego 11, 40-082 Katowice, entered into the Register of Businesses of the National Court Register (KRS) under KRS No. 0000586086, NIP (Tax ID): 6423192406, REGON (Business ID): 363025941 (hereinafter referred to as “ESG”). This means that we are responsible for the use of personal data in a secure manner in accordance with the applicable regulations. You can contact us at any time via your line managers or by calling to internal extension numbers or writing to the company’s valid e-mail addresses, including a general e-mail: office@eurosteelgroup.eu.

We have not yet made a decision to appoint a Data Protection Officer, i.e. a person who will deal with data protection matters in our group. If such a person is appointed, you will be notified accordingly.

How do we collect and use personal data and for what purposes?

The data we collect include mostly:

  • first names and surnames;

  • business data;

  • contact details (including, but not limited to, addresses, e-mail addresses and telephone numbers);

  • bank account numbers;

  • data from official registers and records (such as PESEL numbers (Personal IDs) or ID card Nos.);

  • registration numbers of vehicles entering the site, as well as the ID card or passport Nos. of the drivers.

Personal data will be processed in the situations where and to the extent to which the applicable law provides us with a legal basis for such processing. Therefore, we will only process personal data:

  • if it is necessary for us to perform the contract that we have concluded with you;

  • if it is necessary to fulfil the legal obligation imposed on us, for example, the obligation to:store the data for future proceedings by authorised bodies; submit and process complaints;settle public levies;

  • if our justified interest so requires, e.g. to document a transaction; establish, defend and exercise legal claims, as well as secure our property and confidentiality of information; create analyses, compilations and statistics, including on the turnover and sales, for internal purposes; verify creditworthiness; perform direct marketing activities; or if you have agreed there to.

Personal data are stored in databases managed by ESG. The data may also be stored by a third party engaged by ESG to assist in the provision of services. Personal data that you have provided will be processed in accordance with the standards of personal data protection required by applicable laws.

The data subjects are contractors, potential contractors, as well as their employees and business partners.

Whom do we transfer personal data to?

ESG transfers personal data to:

  • recipients of personal data, such as entities providing consultancy, consulting, audit, legal assistance, tax or accounting services, acting on behalf of ESG;

  • entities that process personal data on behalf of ESG, such as companies that operate ICT systems, security agencies and entities providing consultancy, consulting, audit, legal assistance, tax or accounting services, acting on behalf of ESG;

  • other personal data controllers that process personal data on their own behalf, such as entities operating postal or courier businesses, entities operating payment handling businesses (banks, payment institutions), authorities and courts within the scope of procedures carried out before such authorities or courts, and entities cooperating with ESG in handling accounting, tax or legal matters, to the extent that they become data controllers; member entities of the ESG capital group.

Will personal data be transferred outside the European Economic Area?

As a rule, the processing of your personal data takes place in the Member States of the European Union (EU) or the European Economic Area (EEA). Your personal data may also be transferred to the countries outside the EU/EEA (‘third countries’). The data will be transferred on the basis of your consent and after we inform you about possible risks of such a transfer of data due to the absence of an adequacy decision and appropriate safeguards in accordance with Article 49(1)(a).

Where do we get personal data from?

The personal data being processed are provided to us directly by data subjects or by other data controllers with which we cooperate or from public sources.

For how long do we process personal data?

The data will be kept for a period not longer than necessary and in accordance with the rules of data storage. Personal data will be stored only for a period necessary to achieve the purposes for which they have been collected and processed, including in order to comply with any legal, regulatory, accounting or reporting requirements.

Due to the statutory limitation periods for civil law claims and the limitation period for public law claims, personal data are deleted after 10 years after the end of the year in which this data processing purpose was achieved.

Do we profile personal data?

We do not make decisions that rely solely on automated processing, including profiling, of personal data.

What are the rights of the data subjects?

The data subjects have the following rights:

d) the right to access their personal data (submit an application for information about the processed data and obtain copies thereof, including copies of their personal data that are transferred to a third country) and the right to rectify them (have them corrected), the right to delete the data that are processed without a valid reason, the right to restriction of processing (withhold the operations on data or not have the data deleted – according to the submitted application), as well as the right to data portability, i.e. the right to have the data transferred to another data controller (to the extent specified in Article 20 of the GDPR).

e) the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

f) in specific situations, the data subjects may at any time object to the processing of personal data by ESG, if the basis for the use of their data is the legitimate interest pursued by ESG or the public interest. In such a situation, after examining the objection, ESG will not be able to process the personal data covered by the objection on that basis unless ESG demonstrates that there are:

compelling legitimate grounds for the processing of data which, according to law, override the interests, rights and freedoms of the data subject; or grounds for the establishment, exercise or defence of legal claims.

The person whose personal data are processed as part of direct marketing has the right to object to the processing of their data for marketing purposes.

The data subject also has the right to lodge a complaint with the President of the Office for Personal Data Protection if they consider that the processing of personal data by ESG infringes the provisions of the GDPR.

The scope of each of the abovementioned rights and the situations in which they can be exercised stem from the legal regulations. When protecting data against unauthorised access, we may request additional identification of the data subject or additional information.

A possibility of exercising each of the aforementioned rights results from the applicable legal regulations, e.g. depends on the legal basis of data processing and the purpose of their processing.

How can you contact us?

All the rights listed above may be exercised by submitting a relevant application to ESG, to the company address: ul. Jana III Sobieskiego 11, 40-082 Katowice or in electronic form, to the e-mail address: office@eurosteelgroup.eu.

bottom of page