Privacy policy Privacy Policy of Hawe Telekom S.A. in restructuring (hereinafter: the “Policy”) Taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: the Regulation), and wishing to maintain full transparency, we hereby inform you how your personal data is collected by Hawe Telekom S.A. in restructuring and how it is processed in accordance with applicable statutory and regulatory provisions. I. Personal Data Controller The controller of your personal data is Hawe Telekom S.A. in restructuring, with its registered office in Warsaw, ul. Naruszewicza 13A, 02-627 Warsaw (hereinafter: the Data Controller), entered into the National Court Register maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division, under number KRS 0000981831, NIP: 691-020-23-18. You may contact the Data Controller by mail or electronically at: iso@hawetelekom.com. The Data Controller has not appointed a Data Protection Officer. However, for all matters related to the processing of personal data, you may contact the Data Controller at the e-mail address: iso@hawetelekom.com or by traditional mail sent to the address of the Data Controller’s registered office indicated above. II. Purpose, Scope, Legal Basis and Period of Processing Below we present information regarding the purposes of processing and their legal bases. Your personal data will be processed in various business situations and in connection with the ongoing operational activities of the Data Controller. Specific purposes and legal bases are provided in separate information clauses addressed to the data subjects. Your data may be processed for the following purposes: Conclusion and performance of a contract and provision of services in accordance with the contract, based on Article 6(1)(b) of the Regulation. Fulfilment of information obligations towards attorneys and persons representing contractors, based on Article 6(1)(b), (c) and (f) of the Regulation. Compliance with legal obligations imposed on the Data Controller, based on Article 6(1)(c) of the Regulation. Evidentiary (archival) purposes related to the legal need to demonstrate facts, based on Article 6(1)(f) of the Regulation. Conducting marketing activities of the Data Controller, including analytical purposes, based on Article 6(1)(a) and (f) of the Regulation. Your personal data is treated by the Data Controller as confidential information and is not visible to unauthorised persons, in accordance with applicable EU or Member State law. Regardless of the legal basis on which we process your personal data, it will be stored until the expiry of claims arising from the contract/service provision or until the expiry of the obligation to store personal data resulting from applicable law (in particular the obligation to retain accounting documents related to the contract). Processing activities carried out on the basis of the legitimate interest of the Data Controller will be performed for a specific purpose until you object to such processing. If the processing of personal data is based on your consent, you have the right to withdraw it at any time. This will result in your personal data being processed only until the moment of withdrawal. III. Information on Data Recipients Your personal data may be shared with: Authorised employees and associates of the Data Controller, Public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes arising directly from national and EU law, Our business partners under relevant agreements concluded with the Data Controller, i.e., companies with which we cooperate (including presenting, describing, and integrating their products or services), for the purposes indicated above (for marketing purposes only if you consent to specific marketing activities requiring the sharing of personal data). Additionally, your personal data may be transferred to our subcontractors (processors), e.g., IT service providers or courier companies, which process data based on data processing agreements and solely according to the instructions of the Data Controller. IV. Rights Related to Personal Data Processing You have the right to access your data and the right to request its rectification, erasure, or restriction of processing. If the processing of your data is based on the legitimate interest of the Data Controller, you may object to the processing of your personal data. In particular, you have the right to object to processing for direct marketing purposes, including analytical purposes. Where the processing of your personal data is based on voluntarily given consent, you have the right to withdraw it. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. Where your data is processed for the purpose of concluding and performing a contract/service or based on voluntarily given consent, you also have the right to data portability. If you choose to exercise this right, you will receive your personal data in a structured, commonly used, machine-readable format. You may transmit the received data to another data controller. If you believe that the processing violates the provisions of the Regulation, you also have the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. You may exercise your rights (except the right to lodge a complaint) by submitting appropriate requests/statements to the Data Controller using the contact details indicated in Section I of the Policy. V. Transfer of Personal Data Outside the European Economic Area Your personal data is not transferred to third countries (i.e., countries outside the European Economic Area) or to any international organisations. VI. Profiling Your personal data is not and will not be used by the Data Controller for automated decision-making, nor is it or will it be subject to profiling. VII. Cookies The Data Controller’s policy regarding access to information on the user’s end device (cookies). The website www.hawetelekom.com uses technology that stores and accesses information on the user’s end device (in particular through the use of cookies). Cookies are data, in particular text files, sent from the website’s server and stored by the web browser or other technological solutions on the end device (e.g., a personal computer or a mobile device such as a smartphone). Cookies make it easier for the user to use websites previously visited. If the user has used the same device and browser before, cookies allow the website to remember their preferences. Cookies used on the Data Controller’s website are primarily intended to collect statistical data on traffic and the number of users in the service, as well as information on how users interact with its content, without collecting any information that would allow their identification. The user may change the way cookies from www.hawetelekom.com are used via their browser settings. Detailed information can be found using the Help function in the respective browser. For example: In Microsoft Edge: Menu → Settings → Cookies and site permissions, and Privacy, search and services. In Mozilla Firefox: Settings → Privacy & Security. In Google Chrome: Settings → Privacy and security → Cookies. Paths may vary depending on the browser version. Information on managing cookies on a mobile phone can be found in the User Manual of the respective device. The Data Controller informs that restricting the use of cookies may affect the proper functioning of the website. Cookies used on the Data Controller’s website: Name: _utma; Type: persistent; Function: counter, unique user; Content: domain, date of first visit, date of previous visit, date of current visit, total number of visits. Name: _utmb; Type: persistent; Function: measures session duration; Content: domain, date of first visit, date of previous visit, date of current visit, started sessions. Name: _utmc; Type: session; Function: measures session duration; Content: domain, date of first visit, date of previous visit, date of current visit, started sessions. Name: _utmz; Type: persistent; Function: identifies traffic source, browser used, clicked link; Content: domain, date cookie was saved, number of visits, traffic sources, source details b
